重新搭建一個 Nextcloud

2019-09-22

上次成功搭建了 Nextcloud 後一直使用正常,爲何又有重新搭一次?因爲我在搭 V2ray 時瞭解到 Caddy 這款服務器軟件。因爲 Caddy 能夠自動開啓 HTTPS,而 Apache 和 Ngnix 都需要另行配置,而且 Let’s Encrypt 需要隔三個月續簽,Caddy 的自動續簽能省些維護事情。於是乎,決定再搭建一個。

配置 Caddy

參考官網 提供的安裝腳本,通過勾選 Plugin 和 Plan 來調整參數,


curl https://getcaddy.com | bash -s personal tls.dns.cloudflare

分別創建一個放 Nextcloud 網頁的文件夾,放 Caddyfile 的文件夾,以及放 Caddy 生成 SSL 的文件夾,接着參考 systemd Service Unit for Caddy 進行配置,


setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy

mkdir /etc/caddy/
chown -R root:root /etc/caddy

mkdir /etc/ssl/caddy
chown -R root:www-data /etc/ssl/caddy
chmod 770 /etc/ssl/caddy

touch /etc/caddy/Caddyfile
chown root:root /etc/caddy/Caddyfile
chmod 644 /etc/caddy/Caddyfile

接着寫 Caddyfile。初次接觸 Caddy 的語法感到很陌生,瀏覽官網的文檔 也不太明白,最後找到了這篇博客 來解決,恰好博主也用 Caddy 來建 Nextcloud。


yours.domain.com {

    root   /var/www/caddy/nextcloud
    log    /var/log/nextcloud_access.log
    errors /var/log/nextcloud_errors.log

    tls {
        dns cloudflare
    }

    fastcgi / 127.0.0.1:9000 php {
        env PATH /bin
        }

    # checks for images
    rewrite {
        ext .svg .gif .png .html .ttf .woff .ico .jpg .jpeg
        r ^/index.php/(.+)$
        to /{1} /index.php?{1}
    }

    rewrite {
        r ^/index.php/.*$
        to /index.php?{query}
    }

    # client support (e.g. os x calendar / contacts)
    redir /.well-known/carddav /remote.php/carddav 301
    redir /.well-known/caldav /remote.php/caldav 301

    # remove trailing / as it causes errors with php-fpm
    rewrite {
        r ^/remote.php/(webdav|caldav|carddav|dav)(\/?)(\/?)$
        to /remote.php/{1}
    }

    rewrite {
        r ^/remote.php/(webdav|caldav|carddav|dav)/(.+?)(\/?)(\/?)$
        to /remote.php/{1}/{2}
    }

    rewrite {
        r ^/public.php/(dav|webdav|caldav|carddav)(\/?)(\/?)$
        to /public.php/{1}
    }

    rewrite {
        r ^/public.php/(dav|webdav|caldav|carddav)/(.+)(\/?)(\/?)$
        to /public.php/{1}/{2}
    }

    # .htaccess / data / config / ... shouldn't be accessible from outside
    status 403 {
        /.htaccess
        /data
        /config
        /db_structure
        /.xml
        /README
    }

    header / Strict-Transport-Security "max-age=31536000;"
}

後面需要通過 systemd 去啓動 Caddy,那麼首先需要下載 caddy.service


wget https://raw.githubusercontent.com/caddyserver/caddy/master/dist/init/linux-systemd/caddy.service
cp caddy.service /etc/systemd/system/
chown root:root /etc/systemd/system/caddy.service
chmod 644 /etc/systemd/system/caddy.service
systemctl daemon-reload
systemctl enable caddy.service

完成到這一步,仍不要去啓動 caddy.service,因爲還沒有弄好 Nextcloud 的網頁。

配置 Nextcloud

在 Caddyfile 中 root 指向的文件位置在 /var/www/caddy/nextcloud,這將是存放 Nextcloud 網頁文件的目錄。從 Nextcloud 官網 下載壓縮包解壓扔進去。


touch /var/log/nextcloud_access.log
touch /var/log/nextcloud_errors.log
chown -R www-data:www-data /var/log/nextcloud_access.log
chown -R www-data:www-data /var/log/nextcloud_errors.log

mkdir -p /var/www/caddy

wget https://download.nextcloud.com/server/releases/nextcloud-16.0.4.tar.bz2
tar -xvf nextcloud-16.0.4.tar.bz2  
cp -r nextcloud /var/www/caddy/

chown -R www-data:www-data /var/www/caddy/nextcloud

安裝 PHP 以及 PHP 相關依賴包……


apt-get install php7.2-bz2 php7.2-curl php7.2-gd php7.2-intl php7.2-mbstring php7.2-xml php7.2-zip php7.2-cli php7.2-fpm php-apcu php-dompdf php7.2-mysql php7.2-json php7.2-imap php7.2-imagick

配置 PHP。在 Caddyfile 中 fastcgi 監聽 127.0.0.1:9000,所以要到 /etc/php/7.2/fpm/pool.d/www.conf,將 listen = /run/php/php7.2-fpm.sock 改爲 listen = 127.0.0.1:9000

創建存放 Nextcloud 數據的目錄,此次放在 /home/nextcloud-data/ 下,


mkdir /home/nextcloud
chown -R www-data:www-data /home/nextcloud

配置 Mysql

下載安裝並完成初步設置進入數據庫,


apt-get install mysql-server
mysql_secure_installation
mysql

創建 Nextcloud 的數據庫,


CREATE DATABASE nextcloud;
CREATE USER nextcloud IDENTIFIED BY 'your_passphrase';
GRANT USAGE ON *.* TO nextcloud@localhost IDENTIFIED BY 'your_passphrase';
GRANT ALL privileges ON nextcloud.* TO nextcloud@localhost;
FLUSH PRIVILEGES;

配置 Redis

又一個很早聽過其名卻沒有具體使用經驗的軟件,依照 Redis 官網 給出的介紹:

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. It supports data structures such as strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs, geospatial indexes with radius queries and streams. Redis has built-in replication, Lua scripting, LRU eviction, transactions and different levels of on-disk persistence, and provides high availability via Redis Sentinel and automatic partitioning with Redis Cluster.

好吧,目前我仍是知道它是一個數據庫,後面再找時間進一步看它的資料吧……

安裝 Redis,


apt-get install redis-server php-redis

接着添加 redis 用戶到 www-data,


usermod -g www-data redis

創建一個文件夾來放 unix socket,


mkdir -p /var/run/redis/

/etc/redis/redis.conf 修改 Redis 的參數,


port 0
unixsocket /var/run/redis/redis-server.sock
unixsocketperm 700
pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 18

去到 /var/www/caddy/nextcloud/config/config.php 下,在末尾 ); 前加入下面幾條語句,


'memcache.local' => '\\OC\\Memcache\\APCu',
'filelocking.enabled' => false, <!-- 如果是 true,將無法變更 Nextcloud 中的文件  -->
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => array (
    'host' => '/var/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 0.0,
),

註冊 Nextcloud

登錄到個人域名,填好帳號密碼,選擇 Nextcloud 的數據庫。等待一會進入新的界面,在 Setting 中的 Overview 處理那些 Warnings,有些能修復,有些暫時還不知道如何修改…… 關於 CDN 與 Caddy 的衝突 ========================

參考了這篇 文章 來解決。在 /etc/systemd/system/caddy.service 下添加


[Service]
Environment=CLOUDFLARE_EMAIL=me@email.org
Environment=CLOUDFLARE_API_KEY=xxxxxxxxxxxxxxxxxxxx

運行 systemctl reload-daemon,重啓 caddy.service