赞
踩
建议使用centos8部署(因为centos7的php7.4有问题)如果担心centos后期问题
可以使用rocky os 8.4
#修改镜像源(仓库—中科大的) #centos8+ 源 sed -e 's|^mirrorlist=|#mirrorlist=|g' \ -e 's|^#baseurl=http://mirror.centos.org/$contentdir|baseurl=https://mirrors.ustc.edu.cn/centos|g' \ -i.bak \ /etc/yum.repos.d/CentOS-Linux-AppStream.repo \ /etc/yum.repos.d/CentOS-Linux-BaseOS.repo \ /etc/yum.repos.d/CentOS-Linux-Extras.repo \ /etc/yum.repos.d/CentOS-Linux-PowerTools.repo \ /etc/yum.repos.d/CentOS-Linux-Plus.repo #rocky os8.3+源 (交通大学源不要搞错咯,当前国内rocky的源比较少) sed -e 's|^mirrorlist=|#mirrorlist=|g' \ -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.sjtug.sjtu.edu.cn/rocky|g' \ -i.bak \ /etc/yum.repos.d/Rocky-*.repo dnf makecache #更新当前已有的组件(不要使用update会导致系统更新到最新版本,造成软件不兼容) dnf upgrade -y #安装必要组件 dnf install -y epel-release yum-utils unzip curl wget \ bash-completion policycoreutils-python-utils mlocate bzip2 #安装php源 重置php 指定安装7.4版本 dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm dnf install -y yum-utils dnf module reset php dnf module install php:remi-7.4 -y #安装数据库/php/nginx并启动 dnf install -y php php-gd php-mbstring php-intl php-pecl-apcu\ php-mysqlnd php-opcache php-json php-zip nginx mariadb mariadb-server #设置开机启动,并启动 systemctl enable mariadb nginx php-fpm systemctl start mariadb nginx php-fpm #配置php-fpm vi /etc/php-fpm.d/www.conf ..... user = nginx //将用户和组都改为nginx group = nginx ..... #listen = 127.0.0.1:9000 //php-fpm所监听的端口为9000 (centos8.0以上不需要配置默认80直接代理出去) ...... env[HOSTNAME] = $HOSTNAME //去掉下面几行注释 env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp systemctl restart php-fpm #在/var/lib目录下为session路径创建一个新的文件夹,并将用户名和组设为nginx mkdir -p /var/lib/php/session chown nginx:nginx -R /var/lib/php/session/ #数据库定义设置root密码ldkj@123 创建数据库名称 ,新建并授权新用户到新数据库 mysql -uroot -p set password =password('nextcloud'); create database nextcloud_db; create user nextcloud@localhost identified by 'nextcloud'; grant all privileges on nextcloud_db.* to nextcloud@localhost identified by 'nextcloud'; flush privileges; #下载nas安装包(官方一般就是直接最新版本的包,如果你的系统不支持,建议使用老的安装包)下载好了就解压 https://nextcloud.com/install/ wget https://download.nextcloud.com/server/releases/nextcloud-21.0.3.zip && unzip nextcloud-*.zip #由于我使用的不是apache而是nginx,所以权限设置上有点不一样 cp -a ~/nextcloud /usr/share/nginx/html/ cd /usr/share/nginx/html/ mkdir -p nextcloud/data/ chown -R nginx:nginx nextcloud/ #分两种(一种是简单代理,没有安全性,另一种是有证书) 1. vi /etc/nginx/nging.conf #将/usr/share/nginx/html/改成 /usr/share/nginx/html/nextcloud/ nginx -t systemctl restart nginx 2. mkdir -p /etc/nginx/cert/ cd /etc/nginx/cert/ openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key #..... #Country Name (2 letter code) [XX]:cn //国家 #State or Province Name (full name) []:zhejiang //省份 #Locality Name (eg, city) [Default City]:wenzhou //地区名字 #Organization Name (eg, company) [Default Company Ltd]:lidig //公司名 #Organizational Unit Name (eg, section) []:Technology //部门 #Common Name (eg, your name or your server's hostname) []:nas //CA主机名 #Email Address []:panyifang@lidig.com //邮箱 #将证书的权限设置成系统权限可读写 chmod 700 /etc/nginx/cert chmod 600 /etc/nginx/cert/* #记录以下这两个证书的内容,等下后面要建立onlyoffice的证书时需要使用(如果不需要在线编辑功能则不需要) cat /etc/nginx/cert/nextcloud.key cat /etc/nginx/cert/nextcloud.crt vi /etc/nginx/conf.d/nextcloud.conf #.........(其中server_name可以改成你现在有的域名,如果没有,那么将直改成本地IP地址) upstream php-handler { server unix:/run/php-fpm/www.sock; #server 127.0.0.1:9000; #server unix:/var/run/php-fpm.sock; } server { listen 80; server_name 192.168.254.51; # enforce https return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name 192.168.254.51; #域名等于防盗链,所以这里务必写好,避免无法打开 ssl_certificate /etc/nginx/cert/nextcloud.crt; ssl_certificate_key /etc/nginx/cert/nextcloud.key; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Path to the root of your installation root /usr/share/nginx/html/nextcloud/; location = /robots.txt { allow all; log_not_found off; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json # last; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } # set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location / { rewrite ^ /index.php$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~* \.(?:css|js)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don't log access to other assets access_log off; } } #(防盗链)由于跳转地址,需要修改默认配置 trusted_domains 允许访问的本地地址 vi /usr/share/nginx/html/nextcloud/config/config.php #............... array ( 0 => '192.168.254.51', 1 => '127.0.0.1', #根据你自己的实际情况增加地址,包含外网映射地址. 2 => 'xxx.xxx.com', #overwrite.cli.url 表示你现在使用的域名,视情况修改 #修改完成后重启nginx\php 即可
#在线文档编辑ONLYOFFICE安装
第一件事情肯定是安装docker拉,这个在centos8上有点不一样,好在执行代码都一毛一样 dnf install -y podman //你也可以执行dnf install -y docker 其实下载下来都是一样的 //登录nextcloud后右上角点击头像-左边精品应用下面office&text找到ONLYOFFICE点击下载启用 //由于docker默认使用的是国外源,我们将其改成中科大的万兆源(以前都是用阿里的.但是自从它维护已经接近一年了) vi /etc/containers/registries.conf --------------------------------------------------------------------------------- [registries.search] registries = ['docker.mirrors.ustc.edu.cn', 'registry.redhat.io', 'docker.io'] --------------------------------------------------------------------------------- #官方给的下载容器并运行命令(由于系统本身没有容器则从服务器端主动下载) #docker run -i -t -d -p 8080:80 --restart=always onlyoffice/documentserver #下载镜像(提前下载好,避免多次下载镜像) docker pull onlyoffice/documentserver #由于我们需要https所以使用(如果不需要http下面可以直接去掉-p 8080:80) docker run --name -i -t -d -p 8080:80 -p 8443:443 onlyoffice/documentserver #登录docker内进行设置 docker exec -it onlyoffice /bin/bash root@8c28f537acec:/# //你会发现你的root右边多了一串dockerID说明你进入docker了 #下面这一步可以略过,因为上面我们已经创建过证书,直接复制上面的证书赋予权限即可(这样打开office文件时不需要重复验证,也可以避免打开失败) ----------------------------------------------------------------------------------------------- #创建本机证书 #openssl genrsa -out onlyoffice.key 2048 #创建CSR #openssl req -new -key onlyoffice.key -out onlyoffice.csr #用私枂和CSR签发证书 #openssl x509 -req -days 365 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt #用dhparam加密服务器密钥 #openssl dhparam -out dhparam.pem 2048 ----------------------------------------------------------------------------------------------- //由于docker内没有vi命令,所以我们使用nano编辑(不会的同学自己百度下教程)最后按ctrl+x退出选y回车保存 //将之前保存的key值复制到以下两个文件中,别搞错了名称是不一样的 nano /etc/nginx/cert/onlyoffice.key nano /etc/nginx/cert/onlyoffice.crt #降权 chmod 400 /etc/nginx/cert/onlyoffice.key #修改https cd /etc/onlyoffice/documentserver/nginx/ cp -a ds-ssl.conf.tmpl ds-ssl.conf.tmpl.bak nano ds-ssl.conf.tmpl #将ssl on;注释并补充证书路径(这里说明下,由于这个docker不支持ssl on;) ................................................. ssl on; ssl_certificate {{SSL_CERTIFICATE_PATH}}; ssl_certificate_key {{SSL_KEY_PATH}}; ................................................. #ssl on; ssl_certificate /etc/nginx/cert/onlyoffice.crt; ssl_certificate_key /etc/nginx/cert/onlyoffice.key; ................................................. cd /etc/nginx/conf.d/ #删除旧的配置软连接 rm -rf ds.conf #创建新的软连接 ln -s /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl ./ds.conf #由于默认需要验证,会导致nextcloud无法加载 nano /etc/onlyoffice/documentserver/default.json #找到rejectUnauthorized将后面的true改成false ............................................ "requestDefaults": { "headers": { "User-Agent": "Node.js/6.13", "Connection": "Keep-Alive" }, "gzip": true, "rejectUnauthorized": false ............................................ #以上是docker要操作的内容. #完成配置后退出docker并重启docker(不要问为什么这样操作,因为实测restart会导致nginx起不来,不知道为啥) docker stop onlyoffice &&docker start onlyoffice #设置防火墙,并关闭selinux firewall-cmd --permanent --add-service=https firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-port=8443/tcp firewall-cmd --permanent --add-port=8080/tcp firewall-cmd --rel vi /etc/selinux/config #将 SELINUX=enforcing 改成SELINUX=disabled setenforce 0
以上是我根据各种官方文档实验整合出来的,系统基于centos8.3 本来是在博客园发布的,但是那个页面输入代码时直接操作懵逼,故来此发布,转载请注明出处,谢谢.
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。