Help me install Nextcloud, please. All install correct, but first start say what no right on BD. If Nextcloud create admin user - not work WebDAV, and not load some content. This host - backend becouse HTTPS is off.
VirtualBox (5.1.2 r108956): https://yadi.sk/d/DCfuAcI6xRzau
SSH (192.168.1.12 - DHCP): root | 12345678
My algorithm:
pkg install nano
-------
pkg install nginx
echo 'nginx_enable="YES"' >> /etc/rc.conf
service nginx start
mkdir -p /var/nginx/{client_body_temp,proxy_temp} && chown -R www:www /var/nginx/
mkdir /usr/local/etc/nginx/conf.d
nano /usr/local/etc/nginx/nginx.conf
load_module /usr/local/libexec/nginx/ngx_mail_module.so;
load_module /usr/local/libexec/nginx/ngx_stream_module.so;
user www;
worker_processes auto;
pid /var/run/nginx.pid;
events {
use kqueue;
worker_connections 1024;
multi_accept on;
}
http {
# Basic settings
# ----------
sendfile on;
tcp_nopush on;
tcp_nodelay on;
reset_timedout_connection on;
keepalive_timeout 65;
keepalive_requests 1000;
types_hash_max_size 2048;
server_tokens off;
send_timeout 30;
server_names_hash_max_size 4096;
# Common limits
# ----------
client_max_body_size 100m; # upload size
client_body_buffer_size 1m;
client_header_timeout 3m;
client_body_timeout 3m;
client_body_temp_path /var/nginx/client_body_temp;
proxy_connect_timeout 5;
proxy_send_timeout 10;
proxy_read_timeout 10;
proxy_buffer_size 4k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
include mime.types;
default_type application/octet-stream;
# Logs format
# ----------
log_format main '$remote_addr - $host [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'rt=$request_time ut=$upstream_response_time '
'cs=$upstream_cache_status';
log_format cache '$remote_addr - $host [$time_local] "$request" $status '
'$body_bytes_sent "$http_referer" '
'rt=$request_time ut=$upstream_response_time '
'cs=$upstream_cache_status';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
# GZip config
# ----------
gzip on;
gzip_static on;
gzip_types text/plain text/css text/javascript text/xml application/x-javascript application/javascript application/xml application/json image/x-icon;
gzip_comp_level 9;
gzip_buffers 16 8k;
gzip_proxied expired no-cache no-store private auth;
gzip_min_length 1000;
gzip_disable "msie6"
gzip_vary on;
# Cache config
# ----------
proxy_cache_valid 1m;
# Virtual host config
# ----------
include /usr/local/etc/nginx/conf.d/*.conf;
}
-------
nano /usr/local/etc/nginx/conf.d/nextcloud.conf
server {
listen 80;
charset utf-8;
server_name _;
access_log /var/log/nginx/nextcloud.access.log;
error_log /var/log/nginx/nextcloud.error.log;
# add_header Strict-Transport-Security 'max-age=631138519; includeSubDomains; preload' always;
# add_header X-Content-Type-Options nosniff;
# add_header X-Frame-Options SAMEORIGIN;
# add_header X-XSS-Protection '1; mode=block';
# add_header X-Robots-Tag none;
# add_header X-Download-Options noopen;
# add_header X-Permitted-Cross-Domain-Policies none;
# add_header X-Content-Security-Policy "allow 'self';";
# add_header X-WebKit-CSP "allow 'self';";
root /usr/local/www/;
location = /robots.txt {
deny all;
}
location / {
deny all;
return 404;
}
location ^~ /cloud {
client_max_body_size 10G;
fastcgi_buffers 64 4K;
gzip off;
error_page 403 /cloud/core/templates/403.php;
error_page 404 /cloud/core/templates/404.php;
location ~ ^/cloud/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
location ~* \/cloud\/remote\/(?:.*)$ {
rewrite ^ /cloud/remote.php last;
}
# logo
location ~* \/cloud\/core\/(?:js\/oc\.js|preview\.png).*$ {
rewrite ^ /cloud/index.php last;
}
# WEB download files
location ~* \/cloud\/apps\/(?:files\/ajax\/upload\.php).*$ {
rewrite ^ /cloud/index.php last;
}
# Theme Nextcloud
location ~* \/cloud\/apps\/(?:theming\/styles\.css).*$ {
rewrite ^ /cloud/index.php last;
}
location /cloud {
rewrite ^/cloud/caldav(.*)$ /cloud/remote.php/caldav$1 redirect;
rewrite ^/cloud/carddav(.*)$ /cloud/remote.php/carddav$1 redirect;
rewrite ^/cloud/webdav(.*)$ /cloud/remote.php/webdav$1 redirect;
rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
if ($uri !~* (?:\.(?:css|js|svg|gif|png|html|ttf|woff)$|^\/cloud\/(?:remote|public|cron|status|ocs\/v1|ocs\/v2)\.php)){
rewrite ^ /cloud/index.php last;
}
}
location ~* ^(?!\/cloud\/remote\.php)(?:.*)\.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf|html|svg|ttf|woff)$ {
expires 30d;
access_log off;
}
location ~ \.php(?:$|/) {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_param HTTPS off;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
}
}
-------
pkg install mariadb101-{server,client}
echo 'mysql_enable="YES"' >> /etc/rc.conf
ls -l /usr/local/share/mysql/my*.cnf
cp /usr/local/share/mysql/my-small.cnf /usr/local/etc/my.cnf
sed -i "" "s/max_allowed_packet = .*/max_allowed_packet = 32M/" /usr/local/etc/my.cnf
service mysql-server start && /usr/local/bin/mysql_secure_installation // all yes
mysql -u root -p // 12345678
CREATE DATABASE nextcloud CHARACTER SET utf8;
CREATE USER cloud@localhost IDENTIFIED BY '12345678';
GRANT ALL PRIVILEGES ON nextcloud.* TO cloud@localhost;
FLUSH PRIVILEGES;
QUIT;
service mysql-server restart
-------
cd /usr/local/www
pkg install ca_root_nss && fetch https://download.nextcloud.com/server/releases/nextcloud-10.0.1.zip
unzip nextcloud-10.0.1.zip
mv /usr/local/www/nextcloud/ /usr/local/www/cloud/
rm -f nextcloud-10.0.1.zip
mkdir /usr/local/www/cloud/data && chown -R www:www /usr/local/www/
-------
pkg install redis
echo 'redis_enable="YES"' >> /etc/rc.conf
sed -i "" "s/port 6379/port 0/" /usr/local/etc/redis.conf
sed -i "" "s/# unixsocket \/tmp\/redis.sock/unixsocket \/tmp\/redis.sock/" /usr/local/etc/redis.conf
sed -i "" "s/# unixsocketperm 700/unixsocketperm 777/" /usr/local/etc/redis.conf
service redis start
redis-cli -s /tmp/redis.sock // проверка работы сокета
-------
pkg search php70
pkg install php70 mod_php70 php70-pdo_mysql php70-mysqli php70-redis php70-gd php70-curl php70-json php70-zip php70-dom php70-xmlwriter php70-xmlreader php70-xml php70-mbstring php70-ctype php70-zlib php70-simplexml php70-hash php70-fileinfo php70-posix php70-iconv php70-filter php70-openssl
echo 'php_fpm_enable="YES"' >> /etc/rc.conf
cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini && rehash
sed -i "" "s/memory_limit = .*/memory_limit = 512M/" /usr/local/etc/php.ini
sed -i "" "s/;date.timezone.*/date.timezone = UTC/" /usr/local/etc/php.ini
sed -i "" "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /usr/local/etc/php.ini
sed -i "" "s/upload_max_filesize = .*/upload_max_filesize = 10240M/" /usr/local/etc/php.ini
sed -i "" "s/post_max_size = .*/post_max_size = 10240M/" /usr/local/etc/php.ini
sed -i "" "s/listen = .*/listen = \/var\/run\/php-fpm.sock/" /usr/local/etc/php-fpm.d/www.conf
sed -i "" "s/;listen.owner = www/listen.owner = www/" /usr/local/etc/php-fpm.d/www.conf
sed -i "" "s/;listen.group = www/listen.group = www/" /usr/local/etc/php-fpm.d/www.conf
sed -i "" "s/;listen.mode = 0660/listen.mode = 0660/" /usr/local/etc/php-fpm.d/www.conf
nano /usr/local/etc/php-fpm.d/www.conf // uncomment
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
php-fpm -t
service php-fpm start
-------
nano /usr/local/www/cloud/config/config.php
<?php
$CONFIG = array(
'trusted_domains' => array (
0 => '192.168.1.*',
),
'datadirectory' => '/usr/local/www/cloud/data',
'dbtype' => 'mysql',
'defaultapp' => 'files',
'knowledgebaseenabled' => false,
'enable_avatars' => false,
'allow_user_to_change_display_name' => true,
'remember_login_cookie_lifetime' => 60*60*24*15,
'session_lifetime' => 60 * 60 * 24,
'session_keepalive' => true,
'token_auth_enforced' => false,
'auth.bruteforce.protection.enabled' => true,
'trashbin_retention_obligation' => 'auto, 30',
'versions_retention_obligation' => 'auto',
'updatechecker' => false,
'check_for_working_webdav' => true,
'check_for_working_htaccess' => false,
'config_is_read_only' => false,
'memcache.local' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'memcache.distributed' => '\OC\Memcache\Redis',
'redis' => array(
'host' => '/tmp/redis.sock',
'port' => 0,
'timeout' => 0.0,
),
);
nano /usr/local/etc/php/ext-30-pdo_mysql.ini
[mysql]
mysql.allow_local_infile=On
mysql.allow_persistent=On
mysql.cache_size=2000
mysql.max_persistent=-1
mysql.max_links=-1
mysql.default_port=
mysql.default_socket=/tmp/mysql.sock
mysql.default_host=
mysql.default_user=
mysql.default_password=
mysql.connect_timeout=60
mysql.trace_mode=Off
-------
service nginx restart && service php-fpm restart
http://192.168.1.*/cloud
tflidd
October 23, 2016, 3:26pm
2
Aside from the paths, your config file should be similar to this example:
https://docs.nextcloud.com/server/10/admin_manual/installation/nginx_nextcloud_9x.html
(e.g. gzip is off!)
gzip is off in a file /usr/local/etc/nginx/conf.d/nextcloud.conf
Hi,
As a fellow FreeBSD admin, here are my suggestions for your nginx.conf, and nextcloud.conf files. Some of this is drawn directly from the configuration I use.
File: nginx.conf
1: You don’t need the mail_module, or stream module enabled.
2: Don’t use multi_accept with kqueue. See http://nginx.org/en/docs/ngx_core_module.html#multi_accept
3: Unless you’re running a large amount of sites, you don’t need to edit server_names_hash_max_size.
4: The Nginx configuration is for Nextcloud hosting. None of the proxy_* settings are necessary. You can safely delete them all.
5: You should have a default server entry here that catches any inbound traffic not designated to a separately defined server entry. Something like this should work,
# Default Server
server {
# General configuration
listen 80 default_server accept_filter=httpready;
server_name -;
root /usr/local/www/nginx/;
return 444;
}
You can include that in your nginx.conf, or add it to a separate include file.
File: nextcloud.conf
1: The server_name for individual servers should be set to the domain name being hosted.
2: The location / does not need to be here. Nginx will default to 403, if there is nothing in the folder.
3: It’s better to run Nextcloud at the root of the hosted domain instead of a subfolder. The entire configuration should be adjusted to reflect this.
Here is a simple server example for your nextcloud.conf file.
server {
# General configuration
server_name www.example.com;
root /usr/local/www/example.com/public_html;
# Logging
access_log /usr/local/www/example.com/logs/nginx-access.log main;
error_log /usr/local/www/example.com/logs/nginx-error.log;
# Literal locations #
# Default location
location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
}
# Regex locations #
# Caldav and Carddav rewrites
location ~ /.well-known/(cal|card)dav {
return 301 $scheme://$host/remote.php/dav;
}
# Deny access to the following folders
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
# Deny access to the following files
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
# PHP location block #
location ~ [^/]\.php(/|$) {
try_files $fastcgi_script_name =404;
include /path/to/your/fastcgi_params;
fastcgi_pass unix:/path/to/your/socket.socket; # This needs to match your PHP-FPM setting.
}
# Cache css and javascript
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
access_log off;
}
# Do not log media files
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
# End Configuration
}
Since you are using FreeBSD, you might find this repository useful. https://devops.knthost.com/diffusion/NWH/repository/master/
1 Like
Make this nginx config, but browser load 404, and loging only in /var/log/nginx/nextcloud.access.log this line:
192.168.1.22 - - [25/Oct/2016:09:19:09 +0000] “GET / HTTP/1.1” 404 564 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”
/usr/local/etc/nginx/nginx.conf
user www;
worker_processes auto;
pid /var/run/nginx.pid;
events {
use kqueue;
worker_connections 1024;
}
http {
# Basic settings
# ----------
sendfile on;
tcp_nopush on;
tcp_nodelay on;
reset_timedout_connection on;
keepalive_timeout 65;
keepalive_requests 1000;
types_hash_max_size 2048;
server_tokens off;
send_timeout 30;
server_names_hash_max_size 4096;
# Common limits
# ----------
client_body_buffer_size 1m;
client_header_timeout 3m;
client_body_timeout 3m;
client_body_temp_path /var/nginx/client_body_temp;
include mime.types;
default_type application/octet-stream;
# Logs format
# ----------
log_format main '$remote_addr - $host [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'rt=$request_time ut=$upstream_response_time '
'cs=$upstream_cache_status';
log_format cache '$remote_addr - $host [$time_local] "$request" $status '
'$body_bytes_sent "$http_referer" '
'rt=$request_time ut=$upstream_response_time '
'cs=$upstream_cache_status';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
# Virtual host config
# ----------
include /usr/local/etc/nginx/conf.d/*.conf;
}
/usr/local/etc/nginx/conf.d/nextcloud.conf
server {
listen 80 default_server;
server_name _;
access_log /var/log/nginx/nextcloud.access.log;
error_log /var/log/nginx/nextcloud.error.log;
# add_header Strict-Transport-Security 'max-age=631138519; includeSubDomains; preload' always;
# add_header X-Content-Type-Options nosniff;
# add_header X-Frame-Options SAMEORIGIN;
# add_header X-XSS-Protection '1; mode=block';
# add_header X-Robots-Tag none;
# add_header X-Download-Options noopen;
# add_header X-Permitted-Cross-Domain-Policies none;
# add_header X-Content-Security-Policy "allow 'self';";
# add_header X-WebKit-CSP "allow 'self';";
index index.php
root /usr/local/www/cloud/;
client_max_body_size 10G;
fastcgi_buffers 64 4K;
gzip off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
deny all;
}
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
location ~* \/remote\/(?:.*)$ {
rewrite ^ /remote.php last;
}
location ~* \/core\/(?:js\/oc\.js|preview\.png).*$ {
rewrite ^ /index.php last;
}
location ~* \/apps\/(?:files\/ajax\/upload\.php).*$ {
rewrite ^ /index.php last;
}
location ~* \/apps\/(?:theming\/styles\.css).*$ {
rewrite ^ /index.php last;
}
location / {
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
if ($uri !~* (?:\.(?:css|js|svg|gif|png|html|ttf|woff)$|^\/(?:remote|public|cron|status|ocs\/v1|ocs\/v2)\.php|^\/\.well-known\/acme-challenge\/.*$)){
rewrite ^ /index.php last;
}
}
location ~* ^(?!\/remote\.php)(?:.*)\.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf|html|svg|ttf|woff)$ {
expires 30d;
access_log off;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $fastcgi_script_name =404;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_param HTTPS off;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
}
If remove line try_files $fastcgi_script_name =404; from location ~ .php(?:$|/)
Log changed:
192.168.1.22 - - [25/Oct/2016:09:57:15 +0000] “GET / HTTP/1.1” 200 5 “-” “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”
Theme closed: answer ;
xandcg
October 29, 2016, 6:24am
7
This is what I am using here, also FreeBSD:
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php-fpm.pid;
}
fastcgi_cache_path /usr/local/tmp/cache levels=1:2 keys_zone=NEXTCLOUD:100m inactive=60m;
fastcgi_cache_key $scheme$request_method$host$request_uri;
map $request_uri $skip_cache {
default 1;
~*/thumbnail.php 0;
~*/apps/galleryplus/ 0;
~*/apps/gallery/ 0;
}
server {
listen 80;
listen 127.0.0.254:80 accept_filter=httpready;
server_name example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen 127.0.0.254:443 ssl accept_filter=dataready;
server_name example.com;
ssl_certificate /usr/local/etc/ssl/nextcloud/cert.crt;
ssl_certificate_key /usr/local/etc/ssl/nextcloud/cert.key;
ssl_dhparam /usr/local/etc/ssl/certs/dhparam.pem;
ssl_ecdh_curve x25519:secp521r1:secp384r1;
ssl_protocols TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /usr/local/www/nextcloud;
location ^~ /.well-known/acme-challenge/ {
proxy_redirect off;
default_type "text/plain";
root /usr/local/www/.well-known/acme-challenge;
allow all;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 512M;
fastcgi_buffers 64 4K;
gzip off;
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ \.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 300;
fastcgi_send_timeout 300;
fastcgi_connect_timeout 300;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache NEXTCLOUD;
fastcgi_cache_valid 60m;
fastcgi_cache_methods GET HEAD;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
}
You may also want to take a look here , here , here , and here .
Cheers!
EDIT:
1 - This configuration is for Nginx-1.11.x, for Nginx-1.10.x there is the need to make some changes;
2 - LibreSSL still does not support x25519 ;
2a - neither cipher list (x25519:secp521r1:secp384r1). You may want to use prime256v1 for maximum compatibility, or simple comment out ssl_ecdh_curve .