CentOS8.2+PHP7.2+Nginx1.14

写在最前面安装系统与软件系统系统更新、安装小工具关闭防火墙、SELINUX安装Nginx安装PHP安装Mysql Nginx和PHP整合安装NextCloudNextcloud下载生成自签名ssl证书Nextcloud安装 服务启动页面配置后续

写在最前面

读万卷书不如行万里路 之前家里有个群晖DS218+，关机一个多月回来后发现无法开机，返厂维修搞不定直接折价给我退钱了(感谢jd售后)。想着DS720+即将发布就暂未入手老款机型，左等右等，等到花儿都谢了(截至7月2号还未发布新品)。无意间逛咸鱼发现一款100⁺元小主机，甚欢喜。低功耗cpu_双核1037u，千兆网卡，2.5寸SATA。很小巧，金属机身，满意，最最最重要【便宜】，这价格就不用报备了，开心拿下。_{(要不要上张图呢，算了，广告嫌疑)}

安装系统与软件

系统

小主机可以安装Windows _x64嵌入式版本，使用还算流畅。 作为喜欢折腾的我肯定不满现状，于是乎，格盘重装CentOS 重装系统很简单，CentOS8.2 下载地址¹（163下载速度真不赖）

系统更新、安装小工具

8.2的软件包维护使用的dnf命令，使用起来很方便，超级舒心

##更新 dnf update ##安装net-tools 、 unzip dnf install -y net-tools unzip ###################常用dnf命令#################### # dnf search nginx #查找安装包 # # dnf info nginx.x86_64 #查看nginx版本 # #################################################

关闭防火墙、SELINUX

#状态 systemctl status firewalld #停止 systemctl stop firewalld #删除自启动 systemctl disable firewalld #启动 ##systemctl start firewalld #设置自启动 ##systemctl enable firewalld getenforce #临时调整 重启失效 setenforce 0 cd /etc/selinux/ cp config config_`date +%Y%m%d` ##永久关闭SELINUX sed -i 's/SELINUX=enforcing/SELINUX=Permissive/' config getenforce

安装Nginx

#安装nginx dnf install -y nginx cd /etc/nginx #删除nginx.conf中的空行和注释行 mv nginx.conf nginx.conf_`date +%Y%m%d` grep -Ev '#|^%|^$' nginx.conf_`date +%Y%m%d` > nginx.conf ##赋权 chown nginx:nginx -R /usr/share/nginx/html #启动nginx systemctl start nginx #状态 systemctl status nginx ##获取ip地址 ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d '/'

浏览器验证http://ip

安装PHP

#安装php dnf install -y php #启动php-fpm systemctl start php-fpm

安装Mysql

#安装mysql dnf install -y mysql-server #初始化mysql /usr/sbin/mysqld --initialize --user=mysql #启动mysql systemctl start mysqld #查询密码 grep password /var/log/mysql/mysqld.log mysql -uroot -p mysql> alter user 'root'@'localhost' identified by 'new-passwd'; mysql> flush privileges; mysql> quit;

Nginx和PHP整合

##新增index.php用于测试 echo -e "<?php \nphpinfo();\n?>" > /usr/share/nginx/html/index.php chown nginx:nginx /usr/share/nginx/html/index.php ##备份配置文件 cp /etc/nginx/conf.d/php-fpm.conf /etc/nginx/conf.d/php-fpm.conf_`date +%Y%m%d` cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.conf_`date +%Y%m%d`

#vi /etc/nginx/nginx.conf

user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; root /usr/share/nginx/html; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; server { listen 5001 default_server; listen [::]:5001 default_server; server_name _; include /etc/nginx/default.d/*.conf; location / { } #主要是增加这一段以及修改监听端口 location ~ \.php$ { fastcgi_pass unix:/run/php-fpm/www.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } }

#vi /etc/php-fpm.d/www.conf

;修改user、group [www] user = nginx group = nginx ;Nextcloud客户端提及需要新增如下一行 ;env[PATH] = /usr/local/bin:/usr/bin:/bin:/usr/local/php/bin

#重启服务

systemctl restart nginx systemctl restart php-fpm

浏览器验证http://ip:5001/index.php

安装NextCloud

Nextcloud下载

版本自行确认：nextcloud-19.0.0[^{nextcloud-19.0.0}]、nextcloud-20.0.0[^{nextcloud-20.0.0}]

生成自签名ssl证书

如有域名可以自行去域名提供商处下载

mkdir -p /etc/nginx/cert cd /etc/nginx/cert/ openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key ##自用 可以随意填写 Country Name (2 letter code) [XX]:cn #国家 State or Province Name (full name) []:Shanghai #省份 Locality Name (eg, city) [Default City]:Shanghai #地区名字 Organization Name (eg, company) [Default Company Ltd]:Admin #公司名 Organizational Unit Name (eg, section) []:Admin #部门 Common Name (eg, your name or your server's hostname) []:Admin #CA主机名 Email Address []:Admin@Admin.com #Email地址 # 修改证书和文件夹权限 chmod 600 /etc/nginx/cert/* chmod 700 /etc/nginx/cert

Nextcloud安装

以nextcloud-19.0.0版本为例：

ftp上传nextcloud-19.0.0.zip至/usr/share/nginx/html

cd /usr/share/nginx/html unzip nextcloud-19.0.0.zip

#vi /etc/nginx/conf.d/nextcloud.conf³ server、server_name、ssl、root 按需修改

upstream php-handler { #server 127.0.0.1:9000; server unix:/run/php-fpm/www.sock; } server { listen 80; listen [::]:80; server_name cloud.example.com; # enforce https return 301 https://$server_name:443$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name cloud.example.com; ssl_certificate /etc/nginx/cert/nextcloud.crt; ssl_certificate_key /etc/nginx/cert/nextcloud.key; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; # Path to the root of your installation root /usr/share/nginx/html/nextcloud; location = /robots.txt { allow all; log_not_found off; access_log off; } location = /.well-known/carddav { return 301 $scheme://$host:$server_port/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host:$server_port/remote.php/dav; } # set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; location / { rewrite ^ /index.php; } location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; # Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; # Enable pretty urls fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } location ~ \.(?:css|js|woff2?|svg|gif|map)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { try_files $uri /index.php$request_uri; access_log off; } }

#修改nginx.conf，删除server #vi /etc/nginx/nginx.conf

user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { #fastcgi_buffers 8 128k; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; }

服务启动

##先赋权 chown nginx:nginx -R /var/lib/php/session/ chown nginx:nginx -R /usr/share/nginx/html ##重启nginx systemctl restart nginx ##重启php-fpm systemctl restart php-fpm ##重启mysql systemctl restart mysqld

页面配置

https://ip:port/

后续

未完待续，如有以为及时评价留言^^