NextCloudのインストール

CentOS7.4
Nginx (php-fpm)
MariaDB 5.5.56
PHP7.1
NextCloud 13

EPELリポジトリのインストール
# yum install epel-release

REMIリポジトリのインストール
#rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

PHP7.1のインストール
# yum install --enablerepo=remi-php71 php php-xml php-gd php-process php-mbstring php-intl php-mysqlnd php-json php-curl php-mcrypt php-imagick php-apcu php-opcache php-zip php-fpm

httpd(apache)がインストールされるが無視する。

nginxのインストール
リポジトリを手動で追加する
# vi /etc/yum.repos.d/nginx.repo

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

# yum install nginx
自動起動の設定
# systemctl enable nginx

MariaDBのインストール
# yum install mariadb mariadb-server

php.iniの修正

[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
;date.timezone =
date.timezone = "Asia/Tokyo"

php-fpmの編集
# vi /etc/php-fpm.d/www.conf

line 24
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
; user = apache
user = nginx
; RPM: Keep a group allowed to write in log dir.
; group = apache
group = nginx
line 40
; Note: This value is mandatory.
; listen = 127.0.0.1:9000
listen = /var/run/php-fpm/php-fpm.sock
line 60
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0660
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
line 392
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
security.limit_extensions = .php .html

opcache.ini の設定
vi /etc/php.d/10-opcache.ini

8 line
;opcache.enable_cli=0
opcache.enable_cli=1
19 line
;opcache.max_accelerated_files=4000
opcache.max_accelerated_files=10000
38 line
;opcache.revalidate_freq=2
opcache.revalidate_freq=1

phpワ−クディレクトリ所有権設定
# chown -R root:nginx /var/lib/php/*

php-fpmサ−ビス起動及び自動起動設定
# systemctl start php-fpm
# systemctl enable php-fpm

MariaDBの設定
vi /etc/my.cnf.d/server.cnf
line 12

[mysqld]
innodb_large_prefix=on
innodb_file_format=barracuda
innodb_file_per_table=true

/etc/my.cnfの設定
文字コードを設定する
vi /etc/my.cnf

[mysqld]
character-set-server = utf8
innodb_large_prefix = on
innodb_file_format = barracuda
innodb_file_per_table = true

自動起動の設定
# systemctl start mariadb
# systemctl enable mariadb

下記コマンドを実行して、MariaDB の初期設定をする。
# mysql_secure_installation
※ root のパスワ−ド設定や、デフォルトで設定されている匿名ユ−ザ−、テスト DB の削除実施を対話ダイアログで問われる。

mysql -u root
> CREATE DATABASE nextcloud;
> GRANT ALL ON nextcloud.* to 'owncloud'@'localhost' IDENTIFIED BY 'nextcloud';
> exit

vi /etc/nginx/conf.d/default.conf

upstream php-handler {
server unix:/var/run/php-fpm/php-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name localhost;
return 301 https://$server_name$request_uri;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation (NextCloudのドキュメントルート)
root /usr/share/nginx/html/nextcloud;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
#fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}

サービスの自動起動
# systemctl start nginx
# systemctl enable nginx

# firewall-cmd --permanent --add-service=http
# firewall-cmd --reload

NextCloudのインストール
# yum install wget
# wget https://download.nextcloud.com/server/releases/nextcloud-13.0.1.tar.bz2
# wget https://download.nextcloud.com/server/releases/nextcloud-13.0.1.tar.bz2.sha256
# wget https://download.nextcloud.com/server/releases/nextcloud-13.0.1.tar.bz2.asc
# wget https://nextcloud.com/nextcloud.asc

チェックサムの確認
# sha256sum -c nextcloud-13.0.1.tar.bz2.sha256 < nextcloud-13.0.1.tar.bz2
nextcloud-13.0.1.tar.bz2: 完了

PGP公開鍵のインポート
# gpg --import nextcloud.asc

# gpg --verify nextcloud-13.0.1.tar.bz2.asc nextcloud-13.0.1.tar.bz2
gpg: 2018年03月14日 03時58分49秒 JSTにRSA鍵ID A724937Aで施された署名
gpg: "Nextcloud Security "からの正しい署名
gpg: *警告*: この鍵は信用できる署名で証明されていません!
gpg: この署名が所有者のものかどうかの検証手段がありません。
主鍵のフィンガー・プリント: 2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A

Nextcloud 展開・配置
Nextcloud を展開する。
# yum install bzip2
# tar -xvjf nextcloud-13.0.1.tar.bz2
# mv ./nextcloud /usr/share/nginx/html
# chown -R nginx:nginx /usr/share/nginx/html/nextcloud
## restorecon -R /usr/share/nginx/html/nextcloud

- enablerepoで明示しないとEPELを使用しないようにする

vi /etc/yum.repos.d/epel.repo

[epel]
enable=0

うまく開かない
# cd /var/lib/php　
# chown -R nginx:nginx session/