首先开个大坑慢慢填。
其中包含以下内容
- 宝塔面板安装
- LAMP环境部署
- nexcloud部署及优化
- aria2c部署及优化
- collaboraonline部署及优化
1. 宝塔面板安装
首先就是安装宝塔面板了,这能给我省下许多功夫来部署环境。
在安装面板之前要记得进行软件更新
sudo apt update
sudo apt upgrade
宝塔面板官网
安装完成后就是通过面板部署LNMP环境了。
2. 部署LNMP环境
在宝塔面板左手边的软件商店进行安装就行了,特别简单。
然后就是创建网站了,在网站列表中点添加站点。
记得把example.example.com换成你的域名,数据库要创建,php版本按需选择,还有记得进行DNS解析。
3. nexcloud部署及优化
首先要下载nextcloud的zip包
nextcloud社区版 zip包 官网链接
nextcloud官网
将zip包上传到网站根目录下后解压,解压后是个名为nextcloud的文件夹,再将文件夹中的内容剪切到网站根目录。
这时候就能删除网站中的latest.zip文件及nextcloud文件夹。
这时访问你设置的域名对nextcloud进行配置就可以了。
输入你要存放数据的文件夹。(不建议选择默认路径,建议新建文件夹并将权限设为www)
输入前面宝塔自动创建的数据库名,数据库用户名,数据库密码。
配置完成后在next cloud中的管理设置-概览中会发现许多的安全与设置警告,解决方法参见:
(1)、nextcloud官方文档
(2)、BUG侠
这两个网站可以解决你大部分疑问及报错。
我在下方也粘贴出我的nginx配置供参考,是结合nextcloud官方文档nginx配置与宝塔面板进行的优化配置,开启了Http/3,请将example.example.com换为你的域名。
# 定义 PHP 处理的上游服务器,使用 Unix 套接字通信
upstream php-handler {
server unix:/tmp/php-cgi-83.sock; # 修改为你的php版本,php8.2为php-cgi-82.sock;
}
# 根据 URL 参数 v 设置 cache-control 的 immutable 属性,用于带缓存标识参数的资源
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server
{
# 启用不同端口监听(80、443),支持 SSL 和 QUIC
listen 80;
listen 443 ssl;
listen 443 quic reuseport;
listen [::]:443 ssl;
listen [::]:443 quic reuseport;
# 开启 HTTP/2
http2 on;
listen [::]:80;
# 定义服务器的域名
server_name example.example.com;
# 设置网站根目录及默认首页
index index.php index.html /index.php$request_uri;
root /www/wwwroot/example.example.com;
# 禁用 NGINX 的版本号显示,增强安全性
server_tokens off;
# 设置客户端上传的最大文件大小和上传超时时间
client_max_body_size 8192M;
client_body_timeout 3000s;
fastcgi_buffers 64 4K;
# 启用 Gzip 压缩,提高传输效率
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# 如果使用了 ngx_pagespeed 模块,禁用它,因为与 Nextcloud 不兼容
#pagespeed off;
# 设置 HTTP/2 上传优化的缓冲区大小
client_body_buffer_size 512k;
# 添加安全响应头,防止常见攻击
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# 隐藏 X-Powered-By 响应头,防止信息泄露
fastcgi_hide_header X-Powered-By;
# 设置 MIME 类型,添加对 .mjs 和 .wasm 文件的支持
include mime.types;
types {
text/javascript mjs;
application/wasm wasm;
}
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
# 配置目录处理和重写规则,优先处理 PHP 文件
# 当请求路径是目录时,如果有 index.php,则优先处理该文件
location / {
try_files $uri $uri/ /index.php$request_uri;
}
# 处理微软 DAV 客户端的特定规则
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
# 配置特定的路径,如 robots.txt,不记录访问日志
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# 配置对 .well-known 路径的处理规则(如用于 Let's Encrypt 验证)
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# 禁止访问某些敏感的路径,如配置文件和测试文件
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# 处理 PHP 文件的规则,指定 fastcgi 处理 PHP 请求
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
# 处理静态资源文件(如 CSS、JS、图片等) 配置缓存和安全头
location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Cache-Control "public, max-age=15778463$asset_immutable";
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
access_log off; # 可选:不记录静态资源的访问日志
}
# 针对字体文件设置缓存策略
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# 处理 remote.php 的重写规则
location /remote {
return 301 /remote.php$request_uri;
}
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/example.example.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/example.example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
add_header Alt-Svc 'quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443';
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注释或修改
include enable-php-83.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/example.example.com.conf;
#REWRITE-END
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#禁止在证书验证目录放入敏感文件
if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
return 403;
}
access_log /www/wwwlogs/example.example.com.log;
error_log /www/wwwlogs/example.example.com.error.log;
}
未完待续
