Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Articulo: https://www.c-rieger.de/nextcloud-installation-guide-debian/
**Preparando:**
Verifica la zona horaria:
timedatectl set-timezone America/Havana
Actualizamos:
apt update && apt upgrade -y
**Nginx:**
apt remove nginx nginx-extras nginx-common nginx-full -y --allow-change-held-
packages
Configurar nginx:
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak && nano /etc/nginx/nginx.conf
Agrega lo siguiente:
user www-data;
worker_processes auto;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
server_names_hash_bucket_size 64;
upstream php-handler {
server unix:/run/php/php7.3-fpm.sock;
}
set_real_ip_from 127.0.0.1;
set_real_ip_from 192.168.2.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
include /etc/nginx/mime.types;
#include /etc/nginx/proxy.conf;
#include /etc/nginx/ssl.conf;
#include /etc/nginx/header.conf;
#include /etc/nginx/optimization.conf;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
sendfile on;
send_timeout 3600;
tcp_nopush on;
tcp_nodelay on;
open_file_cache max=500 inactive=10m;
open_file_cache_errors on;
keepalive_timeout 65;
reset_timedout_connection on;
server_tokens off;
resolver 8.8.8.8 valid=30s;
resolver_timeout 5s;
include /etc/nginx/conf.d/*.conf;
}
Reinicia el servicio:
service nginx restart
**PHP:**
apt install php7.3-fpm php7.3-gd php7.3-mysql php7.3-curl php7.3-xml php7.3-zip
php7.3-intl php7.3-mbstring php7.3-json php7.3-bz2 php7.3-ldap php-apcu imagemagick
php-imagick -y
Configurando PHP:
cp /etc/php/7.3/fpm/pool.d/www.conf /etc/php/7.3/fpm/pool.d/www.conf.bak
cp /etc/php/7.3/cli/php.ini /etc/php/7.3/cli/php.ini.bak
cp /etc/php/7.3/fpm/php.ini /etc/php/7.3/fpm/php.ini.bak
cp /etc/php/7.3/fpm/php-fpm.conf /etc/php/7.3/fpm/php-fpm.conf.bak
Configurando ImageMagick:
cp /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak
**MariaDB**
apt update && apt install mariadb-server -y
Verifica la version:
mysql --version
mysql Ver 15.1 Distrib 10.3.x-MariaDB, for debian-linux-gnu (x86_64) using readline
5.2
Asegura MariaDB:
mysql_secure_installation
Configurando MariaDB:
service mysql stop
mv /etc/mysql/my.cnf /etc/mysql/my.cnf.bak && nano /etc/mysql/my.cnf
Agregue lo siguiente:
[client]
default-character-set = utf8mb4
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld_safe]
log_error=/var/log/mysql/mysql_error.log
nice = 0
socket = /var/run/mysqld/mysqld.sock
[mysqld]
basedir = /usr
bind-address = 127.0.0.1
binlog_format = ROW
bulk_insert_buffer_size = 16M
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
concurrent_insert = 2
connect_timeout = 5
datadir = /var/lib/mysql
default_storage_engine = InnoDB
expire_logs_days = 10
general_log_file = /var/log/mysql/mysql.log
general_log = 0
innodb_buffer_pool_size = 1024M
innodb_buffer_pool_instances = 1
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 32M
innodb_max_dirty_pages_pct = 90
innodb_file_per_table = 1
innodb_open_files = 400
innodb_io_capacity = 4000
innodb_flush_method = O_DIRECT
key_buffer_size = 128M
lc_messages_dir = /usr/share/mysql
lc_messages = en_US
log_bin = /var/log/mysql/mariadb-bin
log_bin_index = /var/log/mysql/mariadb-bin.index
log_error=/var/log/mysql/mysql_error.log
log_slow_verbosity = query_plan
log_warnings = 2
long_query_time = 1
max_allowed_packet = 16M
max_binlog_size = 100M
max_connections = 200
max_heap_table_size = 64M
myisam_recover_options = BACKUP
myisam_sort_buffer_size = 512M
port = 3306
pid-file = /var/run/mysqld/mysqld.pid
query_cache_limit = 2M
query_cache_size = 64M
query_cache_type = 1
query_cache_min_res_unit = 2k
read_buffer_size = 2M
read_rnd_buffer_size = 1M
skip-external-locking
skip-name-resolve
slow_query_log_file = /var/log/mysql/mariadb-slow.log
slow-query-log = 1
socket = /var/run/mysqld/mysqld.sock
sort_buffer_size = 4M
table_open_cache = 400
thread_cache_size = 128
tmp_table_size = 64M
tmpdir = /tmp
transaction_isolation = READ-COMMITTED
user = mysql
wait_timeout = 600
[mysqldump]
max_allowed_packet = 16M
quick
quote-names
[isamchk]
key_buffer = 16M
Reinicia y conectate:
service mysql restart && mysql -uroot -p
+---------------------+
| @@TX_ISOLATION |
+---------------------+
| READ-COMMITTED |
+---------------------+
+-----------+---------+--------------------+
| database | charset | collation |
+-----------+---------+--------------------+
| nextcloud | utf8mb4 | utf8mb4_general_ci |
+-----------+---------+--------------------+
**Redis:**
apt update && apt install redis-server php-redis -y
**Nextcloud:**
**Creando nextcloud.conf:**
[ -f /etc/nginx/conf.d/default.conf ] && mv /etc/nginx/conf.d/default.conf
/etc/nginx/conf.d/default.conf.bak
touch /etc/nginx/conf.d/default.conf
nano /etc/nginx/conf.d/nextcloud.conf
Agrega:
server {
server_name nextcloud.dominio.cu;
listen 80 default_server;
#Si lo quieres para IPv6 descomenta
#listen [::]:80 default_server;
location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:81;
proxy_set_header Host $host;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name nextcloud.dominio.cu;
listen 443 ssl http2 default_server;
#Si lo quieres para IPv6 descomenta
#listen [::]:443 ssl http2 default_server;
root /var/www/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 10240M;
location / {
rewrite ^ /index.php$request_uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ^~ /apps/rainloop/app/data {
deny all;
}
location ~ \.(?:flv|mp4|mov|m4a)$ {
mp4;
mp4_buffer_size 100M;
mp4_max_buffer_size 1024M;
fastcgi_split_path_info ^(.+?.php)(\/.*|)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|
updater\/.+|oc[ms]-provider\/.+).php(?:$|\/) {
fastcgi_split_path_info ^(.+?.php)(\/.*|)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ .(?:css|js|woff2?|svg|gif|map|png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
access_log off;
expires 360d;
}
}
Nota: Modifica los 2 parametros "server_name" por el nombre DNS que tendra tu
servidor nextcloud.
Al ejecutar este comando vendrán una serie de preguntas las cuales voy a explicar a
continuación:
En caso de equivocación presionar Ctrl + C para cancelar, introducir el comando
anterior y volver a empezar.
Country Name (2 letter code) = Código de país en formato ISO de dos letras.
State or Province Name (full name) = Estado o provincia.
Locality Name = Localidad o ciudad.
Organization Name = Nombre de la organización.
Organizational Unit Name = Sector de la organización.
Common Name = FQDN del servidor. Introducir el DNS para tu nextcloud
(nextcloud.dominio.cu).
Email Address = Dirección de correo de contacto. (o Enter para no poner nada)
A los campos "A challenge password" y "An optional company name" dale Enter para
dejarlos en blanco.
**Creando ssl.conf:**
cd ~
nano /etc/nginx/ssl.conf
**Creando proxy.conf:**
nano /etc/nginx/proxy.conf
Agregarle:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
proxy_redirect off;
**Crando header.conf:**
nano /etc/nginx/header.conf
Agregale:
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;
preload;";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "no-referrer" always;
#add_header Feature-Policy "accelerometer 'none'; autoplay 'self'; geolocation
'none'; midi 'none'; sync-xhr 'self' ; microphone 'self'; camera 'self';
magnetometer 'none'; gyroscope 'none'; speaker 'self'; fullscreen 'self'; payment
'none'; usb 'none'";
add_header X-Frame-Options "SAMEORIGIN";
**Creando optimization.conf:**
nano /etc/nginx/optimization.conf
Agregale:
fastcgi_hide_header X-Powered-By;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_connect_timeout 3600;
fastcgi_buffers 64 64K;
fastcgi_buffer_size 256k;
fastcgi_busy_buffers_size 3840K;
fastcgi_cache_key $http_cookie$request_method$host$request_uri;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json
application/ld+json application/manifest+json application/rss+xml
application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf
application/x-web-app-manifest+json application/xhtml+xml application/xml
font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css
text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-
cross-domain-policy;
gzip_disable "MSIE [1-6]\.";
**Creando php_optimization.conf:**
nano /etc/nginx/php_optimization.conf
Agregale:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_cache_valid 404 1m;
fastcgi_cache_valid any 1h;
fastcgi_cache_methods GET HEAD;
Mejora la seguridad:
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
Nota: Por favor, sea paciente, tomara tiempo dependiendo de su hardware.
Reinicia Nginx:
sed -i s/\#\include/\include/g /etc/nginx/nginx.conf && service nginx restart
Si lo tienes en .zip:
cd /var/www
unzip latest.zip ; chown -R www-data:www-data /var/www[[/var/www/|/]]
Apagamos el contenedor:
shutdown -h now
Asumiremos que usted solo tiene conectado el HDD sin montar y el sistema lo nombró
sdb, en caso de tenerlo ya montado desmóntelo y use la ruta /nextcloud-data.
Apagamos el contenedor:
poweroff
Si usted tiene un servidor NFS en su red también puede usarlo para guardar los
datos de su Nextcloud. Para ello realizamos estos pasos.
Asumiremos que usted sabe trabajar con su servidor NFS y que ya creó el directorio
que va a compartir y modificó el archivo “/etc/exports” del NFS donde agrego el IP
de su servidor Nextcloud.
Luego de esto le realizaremos unos cambios al APP ARMOR del host Proxmox donde se
encuentra nuestro Nextcloud para que los Contenedores puedan conectarse al NFS.
Agregarle al “rc.local” el comando para que monte el compartido del NFS cuando se
inicie:
nano /etc/rc.local
Agregarle:
#!/bin/bash
mount -t nfs 192.168.2.1:/nextcloud-data /nextcloud-data
exit 0
Iniciamos el contenedor y revisamos si se montó bien el compartido con el siguiente
comando:
lsblk -fm
NAME FSTYPE LABEL UUID MOUNTPOINT NAME SIZE OWNER GROUP MODE
sdb /nextcloud-data sdb 931.5G
Reinicia servicios:
service php7.3-fpm restart && service redis-server restart && service nginx restart
#!/bin/bash
/usr/sbin/service nginx stop
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/updater/updater.phar'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ status'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ -V'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ db:add-missing-indices'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ db:convert-filecache-
bigint'
sed -i "s/output_buffering=.*/output_buffering='Off'/" /var/www/nextcloud/.user.ini
chown -R www-data:www-data /var/www/nextcloud
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ update:check'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ app:update --all'
/usr/sbin/service php7.3-fpm restart
/usr/sbin/service nginx restart
exit 0
#!/bin/bash
redis-cli -s /var/run/redis/redis.sock <<EOF
FLUSHALL
quit
EOF
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ files:scan --all'
su - www-data -s /bin/bash -c 'php /var/www/nextcloud/occ files:scan-app-data'
exit 0
Ejecutelos:
/root/upgrade.sh && /root/optimize.sh
Agrega:
*/5 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1
Para root:
crontab -e
**Reiniciar el servidor:**
reboot