折腾の前
很早之前就想利用富余的VPS磁盘空间搭建一个私有云,在多设备之间不用网线,也能快速交换数据;还能方便的将文件分享给朋友们,而不受百度云50kb/s的限制。
不多说了,开干!
网络上此类的私有云软件很多,有seafile,nextcloud,还有今天的主角ownCloud,为什么要选择ownCloud?seafile是国产的私有云软件,虽然是国产良心,但并不是开源软件,折腾过程较为复杂,在大概20天前我尝试了不少次,都已失败告终。随后的期末考试(保守估计挂一科,555)以及程序设计实训,让我把搭建私有云的事情也放到了一边。nextCloud较新,据说酷安老哥说,这个软件不够成熟,bug还较多,推荐使用ownCloud社区版。这就是选择ownCloud社区版的原因。
折腾历程
我之前已经使用oneinstack搭建好了lnmp环境,并且配置好了MySQL数据库。于是,就可以直接下载ownCLoud服务端进行安装了。
- 先去ownCloud官网下载压缩包https://owncloud.org/download/,下载Tarball版本的压缩包到服务器。
cd /home/wwwroot/
wget https://download.owncloud.org/community/owncloud-10.2.1.tar.bz2
tar -jxvf owncloud-10.2.1.tar.bz2
cp -r owncloud cloud.xmgspace.me
rm -rf owncloud
- 在新建一个虚拟主机,我的域名是cloud.xmgspae.me,其中的rewrite规则留空,我们一会要自己写。
- 编辑nginx配置文件:
cd /usr/local/nginx/conf/vhost/
cp cloud.xmgspace.me.conf cloud.xmgspace.me.conf.bak #备份原配置文件
vim cloud.xmgspace.me.conf
ownCloud官方有一份nginx配置文件示例,地址:https://doc.owncloud.org/server/9.0/admin_manual/installation/nginx_examples.html
我们需要按需更改,能让nginx正常使用php,还能让rewrite规则正常使用。
我的配置文件如下,如果你使用oneinstack可以参考下:
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /usr/local/nginx/conf/ssl/cloud.xmgspace.me.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/cloud.xmgspace.me.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name cloud.xmgspace.me;
access_log off;
index index.html index.htm index.php;
root /home/wwwroot/cloud.xmgspace.me;
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this topic first.
#add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/acme-challenge { }
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
#error_page 403 /core/templates/403.php;
#error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
return 404;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
return 404;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_param front_controller_active true;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_request_buffering off; #Available since nginx 1.7.11
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
#add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into this topic first.
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
#add_header X-Content-Type-Options nosniff;
#add_header X-Frame-Options "SAMEORIGIN";
#add_header X-XSS-Protection "1; mode=block";
#add_header X-Robots-Tag none;
#add_header X-Download-Options noopen;
#add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|jpg|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
配置好nginx配置文件后,重启nginx:service nginx restart
- 进入你的phpmydamin,新建一个数据库,名字可以就叫做
ownCloud
,下面的步骤需要用到。 - 访问你的ownCloud域名,填好相应的信息,进行管理员注册。
- Enjoy It!你可以下载客户端,方便管理文件,也能快捷的将文件分享给亲朋好友了。
在你打开ownCloud控制台后,可能会出现各种错误,这是我的踩坑笔记:
Q1. 注册管理员后再打开显示重定向过多。
A1. 步骤3出现了错误,rewrite规则错误,请重新编辑配置文件。
Q2. 打开控制台后下载index.php源代码,而不是打开页面。
A2. nginx无法正常调用php,去配置文件备份中把相关配置复制到配置文件中吧。
Q3. 打开控制台,上面有一个黄条,一些文件没有通过完整性检查。
A3. 这里有一份官方文档https://doc.owncloud.org/server/9.1/admin_manual/issues/code_signing.html.
一般经常遇到的是EXTRA_FILE,指ownCloud文件夹下有多余的文件,删除即可。
Q4. php模块“文件信息”丢失。
A4. 你的php没有安装拓展fileinfo
,按照以下即可。