Установка Nextcloud на CentOS 8 используя скрипт. Nginx.
Для автоматической установки Nextcloud на CentOS 8 необходимо создать скрипт
|
1 |
nano avto_nextcloud_v01.sh |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 |
#!/bin/sh # You MUST set the SERVERNAME here: SERVERNAME=nextcloud.example.com # These values are used to generate a ssl certificate. You can/should replace with LetsEncrypt after the build COUNTRY=RU STATE=- CITY=Kolomna ORG="Test ORG" ORG_UNIT=Nextcloud # This is the name of the database that will get created for nextcloud DBNAME=nextcloud # This is the username that is needed for the nextcloud database. NOTE: This is not a nextcloud user account USER=nextclouduser # This is the name of the nextcloud Admin user ADMIN=administrator # These values increase the limits for nextcloud: # BODY sets the client_max_body_size in the nginx nextcloud.conf file BODY=40960M # FILESIZE sets the upload_max_filesize in /etc/php.ini FILESIZE=102400M # This generates a random password for the root account of mariadb. You can change it if you wish MARIADBPASSWORD=`date +%s | sha256sum | base64 | head -c 16` sleep 1 # We need to sleep 1 to change the password, otherwise we end up with the same hash # This generates a random password for the nextcloud user account in mariadb. You can change it if you wish APPPASSWORD=`date +%s | sha256sum | base64 | head -c 16` sleep 1 # We need to sleep 1 to change the password, otherwise we end up with the same hash # This generates a random password for the admin user account password: ADMINPASS=`date +%s | sha256sum | base64 | head -c 16` # This will save the values that are needed for setup and accessing mariadb in /root/mariadb.txt echo -e "MariaDB root password is $MARIADBPASSWORD" >> /root/mariadb.txt echo -e "App DB is $DBNAME, the Username is $USER and the password is $APPPASSWORD" >> /root/mariadb.txt # This will save the admin username and password for nextcloud echo -e "The admin username is $ADMIN and the password is $ADMINPASS" >> /root/nextcloud_admin.txt ########################################################################## ############## NO CHANGES FROM HERE DOWN SHOULD BE REQUIRED ############## ########################################################################## sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config dnf -y install nginx mariadb-server mariadb php php-mysqlnd php-fpm php-opcache php-gd php-xml php-mbstring wget unzip php-common php-gd php-json php-curl php-zip php-xml php-mbstring php-bz2 php-intl php-process apcu-panel php-pecl-apcu sed -i 's/user\ =\ apache/user\ =\ nginx/g' /etc/php-fpm.d/www.conf sed -i 's/group\ =\ apache/group\ =\ nginx/g' /etc/php-fpm.d/www.conf sed -i "s/upload_max_filesize = 2M/upload_max_filesize = $FILESIZE/g" /etc/php.ini sed -i 's/opcache.max_accelerated_files=4000/opcache.max_accelerated_files=10000/g' /etc/php.d/10-opcache.ini echo "opcache.revalidate_freq=1" >> /etc/php.d/10-opcache.ini sed -i 's/memory_limit\ =\ 128M/memory_limit\ =\ 512M/g' /etc/php.ini echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php-fpm.d/www.conf systemctl enable nginx --now systemctl enable mariadb --now systemctl enable php-fpm --now firewall-cmd --permanent --add-service=https firewall-cmd --reload chown nginx:nginx /usr/share/nginx/html -R mkdir /etc/nginx/ssl openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /etc/nginx/ssl/nextcloud.key -out /etc/nginx/ssl/nextcloud.crt -subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORG/OU=$ORG_UNIT/CN=$SERVERNAME" cat << EOF >> /tmp/setup.sql SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$MARIADBPASSWORD'); DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); DROP DATABASE IF EXISTS test; DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'; CREATE DATABASE $DBNAME DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; CREATE USER $USER@localhost IDENTIFIED BY '$APPPASSWORD'; GRANT ALL PRIVILEGES ON $DBNAME.* TO $USER@localhost; FLUSH PRIVILEGES; quit EOF mysql -u root < /tmp/setup.sql wget https://download.nextcloud.com/server/releases/latest-18.zip unzip latest-18.zip -d /usr/share/nginx/ chown nginx:nginx /usr/share/nginx/nextcloud/ -R cat << EOF >> /etc/nginx/conf.d/nextcloud.conf server { #listen 80; listen 443 ssl; server_name $SERVERNAME; ssl_certificate /etc/nginx/ssl/nextcloud.crt; ssl_certificate_key /etc/nginx/ssl/nextcloud.key; # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; #I found this header is needed on Debian/Ubuntu/CentOS/RHEL, but not on Arch Linux. add_header X-Frame-Options "SAMEORIGIN"; # Path to the root of your installation root /usr/share/nginx/nextcloud/; access_log /var/log/nginx/nextcloud.access; error_log /var/log/nginx/nextcloud.error; location = /robots.txt { allow all; log_not_found off; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json # last; location = /.well-known/carddav { return 301 \$scheme://\$host/remote.php/dav; } location = /.well-known/caldav { return 301 \$scheme://\$host/remote.php/dav; } location ~ /.well-known/acme-challenge { allow all; } # set max upload size client_max_body_size $BODY; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location / { rewrite ^ /index.php\$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; fastcgi_param PATH_INFO \$fastcgi_path_info; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass unix:/run/php-fpm/www.sock; fastcgi_intercept_errors on; fastcgi_request_buffering off; fastcgi_send_timeout 3600; fastcgi_read_timeout 3600; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files \$uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~* \.(?:css|js)$ { try_files \$uri /index.php\$uri\$is_args\$args; add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { try_files \$uri /index.php\$uri\$is_args\$args; # Optional: Don't log access to other assets access_log off; } } EOF systemctl reload nginx setsebool -P httpd_execmem 1 systemctl reload php-fpm chcon -t httpd_sys_rw_content_t /usr/share/nginx/nextcloud/ -R setsebool -P httpd_can_network_connect 1 setfacl -R -m u:nginx:rwx /var/lib/php/opcache/ setfacl -R -m u:nginx:rwx /var/lib/php/session/ setfacl -R -m u:nginx:rwx /var/lib/php/wsdlcache/ mkdir /usr/share/nginx/nextcloud-data chown nginx:nginx /usr/share/nginx/nextcloud-data -R chcon -t httpd_sys_rw_content_t /usr/share/nginx/nextcloud-data/ -R cd /usr/share/nginx/nextcloud/ sudo -u nginx php occ maintenance:install --database "mysql" --database-name "$DBNAME" --database-user "$USER" --database-pass "$APPPASSWORD" --admin-user "$ADMIN" --admin-pass "$ADMINPASS" --data-dir "/usr/share/nginx/nextcloud-data" sed -i '$d' /usr/share/nginx/nextcloud/config/config.php # I put three \\\ in the below echo file because \ needs to be escaped out. The result is two \\ echo " 'memcache.local' => '\\\OC\\\Memcache\\\APCu'," >> /usr/share/nginx/nextcloud/config/config.php echo ");" >> /usr/share/nginx/nextcloud/config/config.php # For some reason, when you configure nextcloud from the command line, you need to modify trusted_domains sed -i "s/0 => 'localhost/0 => '*/g" /usr/share/nginx/nextcloud/config/config.php cat /root/nextcloud_admin.txt |
и запустить скрипт командой
|
1 |
sh avto_nextcloud_v01.sh |