# 更新並安裝 Nginx + PHP 7
yum update
yum -y install epel-release
yum -y install nginx
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql \
php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json \
php70w-pecl-apcu php70w-pecl-apcu-devel php70w-pecl-memcached \
php70w-opcache php70w-ldap
# 編輯 php-fpm 設定檔
vi /etc/php-fpm.d/www.conf
# 修改下面內容
user = nginx
group = nginx
listen = 127.0.0.1:9000
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
# 建立 session 目錄
mkdir -p /var/lib/php/session
chown nginx:nginx -R /var/lib/php/session/
# 啟動服務並設定開機自動啟動
sudo systemctl start php-fpm
sudo systemctl enable php-fpm
# 安裝 mariadb
yum -y install mariadb mariadb-server
# 啟動服務並設定開機自動啟動
systemctl start mariadb
systemctl enable mariadb
# 設定 mysql 的 root 密碼
mysql_secure_installation
# 建立資料庫
mysql -u root -p
create database nextcloud_db;
create user ncuser@localhost identified by 'password';
grant all privileges on nextcloud_db.* to ncuser@localhost identified by 'password';
flush privileges;
quit
# 建立憑證檔
mkdir -p /etc/nginx/cert/
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nc.crt -keyout /etc/nginx/cert/nc.key
# 安裝 nextcloud
yum -y install wget unzip
cd
wget https://download.nextcloud.com/server/releases/nextcloud-12.0.0.zip
unzip nextcloud-12.0.0.zip
mv nextcloud/ /usr/share/nginx/html/
cd /usr/share/nginx/html/
mkdir -p nextcloud/data/
chown nginx:nginx -R nextcloud/
# 在 nginx 設定 nextcloud
vi /etc/nginx/conf.d/nextcloud.conf
#### nextcloud.conf start ####
server {
listen 80;
server_name nc.test;
return 301 https://$http_host$request_uri;
}
server {
listen 443 ssl;
server_name nc.test;
ssl_certificate /etc/nginx/cert/nc.crt;
ssl_certificate_key /etc/nginx/cert/nc.key;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /usr/share/nginx/html/nextcloud/;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 512M;
fastcgi_buffers 64 4K;
gzip off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location /updater/ {
rewrite ^ /updater/index.php;
}
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass 127.0.0.1:9000;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 120;
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}
#### nextcloud.conf end ####
# 啟動服務
systemctl start nginx
systemctl enable nginx
# 瀏覽 https://nc.test 看看是否正常
# 安裝 memcached 並啟動服務
yum -y install memcached
systemctl start memcached
systemctl enable memcached
vi /usr/share/nginx/html/nextcloud/config/config.php
# 加入下面這行
'memcache.local' => '\OC\Memcache\APCu',
# 設定 opcache
vi /etc/php.d/opcache.ini
# 加入下列內容
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
# 重啟 php-fpm
systemctl restart php-fpm
# 安裝 CODE
rpm --import https://collaboraoffice.com/repos/CollaboraOnline/CODE-centos7/repodata/repomd.xml.key
yum-config-manager --add-repo https://collaboraoffice.com/repos/CollaboraOnline/CODE-centos7
yum -y --nogpgcheck install loolwsd CODE-brand
# 依照 https://nextcloud.com/collaboraonline/ 的官方說明
# 設定 loolwsd 所使用的憑證必須要有效的,不能使用自己簽發的憑證
# 因為除了自己的瀏覽器會去連 loolwsd,NextCloud也會在背後自己去連 loolwsd
# 若使用無效的憑證就會出錯 Internal Server Error
vi /etc/loolwsd/loolwsd.xml
# 修改下列內容 (其中的 code.crt & code.key 請自行換成有效的憑證檔)
<cert_file_path desc="Path to the cert file" relative="false">/etc/nginx/cert/code.crt</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/nginx/cert/code.key</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false"></ca_file_path>
# 啟動服務
systemctl restart loolwsd
systemctl enable loolwsd
進 NextCloud Admin 安裝 APP (Collabora Online)
Collabora Online 設定伺服器 https://nc.test:9980
測試是否可編輯 Office 檔案
vi /etc/nginx/conf.d/nextcloud.conf
# 加入下列內容
server {
listen 443 ssl;
server_name code.test;
ssl_certificate /etc/nginx/cert/code.crt;
ssl_certificate_key /etc/nginx/cert/code.key;
location / {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
# 重啟服務
systemctl restart nginx
進 NextCloud Admin
Collabora Online 設定伺服器 https://code.test
測試是否可編輯 Office 檔案
2017/08/11 補充
# 手動升級 NextCloud 至 12.0.1
cd /usr/share/nginx/html/
wget https://download.nextcloud.com/server/releases/nextcloud-12.0.1.zip
mv nextcloud nextcloud.old
unzip nextcloud-12.0.1.zip
cp nextcloud.old/config/config.php nextcloud/config/
mv nextcloud.old/data/ nextcloud/ #若 data 有另外指定路徑則不需要搬移
chown -R nginx:nginx nextcloud
cd nextcloud
sudo -u nginx php occ upgrade
# 為了使用 External storage support 支援 SMB, 變更 PHP 安裝來源
yum install -y http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum install -y php70-php-fpm php70-php-cli php70-php-gd php70-php-mcrypt php70-php-mysql php70-php-pear php70-php-xml php70-php-mbstring php70-php-pdo php70-php-json php70-php-pecl-apcu php70-php-pecl-apcu-devel php70-php-pecl-memcached php70-php-opcache php70-php-ldap php70-php-pecl-zip php70-php-smbclient
systemctl stop php-fpm
systemctl disable php-fpm
vi /etc/opt/remi/php70/php.d/10-opcache.ini #內容請參考上面
vi /etc/opt/remi/php70/php-fpm.d/www.conf #內容請參考上面
systemctl stop php-fpm
systemctl disable php-fpm
systemctl start php70-php-fpm
systemctl enable php70-php-fpm