centos 安装 owncloud+nginx+ssl 私有云

原因:

近来笔记本进水了,我老担心这笔记本会挂,然后把图片和以前暂时不用的资料都传到百度云了,可是工作上的文件天天在变,代码在svn倒是不担心,不过日常的word,ppt,这些文档,不方便在svn,百度和qq的云调查了一番如果交费用了,也不支持mac电脑自动同步,于是想到自己弄个云好了。

优势:

owncloud 免费,开源,自带windows,mac,uninx,android,iphone,各种平台自动同步软件,适合自己服务器搭建。自己的云,听起来就牛。其实限制于流量,企业拿来做个私有云还是不错的。个人嘛,我家里有个破笔记本500G,安装了linux,可以架设一个,弄个花生壳,然后我在全世界就可以访问这台笔记本的电影了。

我的需求其实是平时工作的文件,需要自动同步,里面含有一部分密码文件,交给百度云,QQ云心里不踏实,于是自己搭建一个云

看成果
own cloud
登录以后界面
own cloud

配合同步软件可以自动同步文件夹
owncloud mac soft
我的服务器是CentOS

划重点:owncloud搭建的过程如同安装一个wordpress那么简单,其实就是一个网站,不过多了一些奇怪的小配置

https://owncloud.org/download/#owncloud-server-tar-ball
玩这个吧,下载zip包,tar包没玩明白,总之选择熟悉的就好,我就玩zip玩的熟悉。
unzip

我的错误操作:
我按我以前的服务器配置出来的php结构经常出现。

Can't write into config directory!
This can usually be fixed by <a href="https://doc.owncloud.org/server/10.1/go.php?to=admin-dir_permissions" target="_blank" rel="noreferrer">giving the webserver write access to the config directory</a>.
config目录没有权限
 
chmod -R 777 config
mkdir data
chmod -R 777 data

各种无效,如果遇到这个问题,质疑一下nginx 下配置,可能不支持ssl是错误的。于是我转向SSL,最终成功了。

NGINX下官方文档用的SSL

最终我成功的nginx配置文件

配置要点1 .玩SSL,如果没有到我之前申请的Freessl博客里看一下,免费的ssl
配置要点2. 官方的文件用到了http2 我的服务器似乎不支持,删除掉。
配置要点3. ssl_dhparam /backup/www/cloudssl/dh4096.pem;

我去freessl搞得时候,只有一个full_chain_pem,和 private.key

搜索了一会才知道这个东西又是个新的玩意

服务器命令就可以创建这个文件了。

openssl dhparam -out dh4096.pem 4096

我的配置文件cloud.java-er.com.conf

  upstream php-handler {
      server 127.0.0.1:9000;
      # Depending on your used PHP version
      #server unix:/var/run/php5-fpm.sock;
      #server unix:/var/run/php7-fpm.sock;
  }
 
  server {
      listen 80;
      server_name cloud.java-er.com;
 
      # For SSL certificate verifications, this needs to be served via HTTP
      location /.well-known/(acme-challenge|pki-validation)/ {
          root /backup/www/owncloud; # Specify here where the challenge file is placed
      }
 
      # enforce https
      location / {
          return 301 https://$server_name$request_uri;
      }
  }
 
  server {
      listen 443 ssl;
      server_name cloud.java-er.com;
 
        ssl_certificate      /backup/www/cloudssl/full_chain.pem;
        ssl_certificate_key   /backup/www/cloudssl/private.key;
 
      # Example SSL/TLS configuration. Please read into the manual of NGINX before applying these.
      ssl_session_timeout 5m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers "-ALL:EECDH+AES256:EDH+AES256:AES256-SHA:EECDH+AES:EDH+AES:!ADH:!NULL:!aNULL:!eNULL:!EXPORT:!LOW:!MD5:!3DES:!PSK:!SRP:!DSS:!AESGCM:!RC4";
      ssl_dhparam  /backup/www/cloudssl/dh4096.pem;
      ssl_prefer_server_ciphers on;
      keepalive_timeout    70;
      ssl_stapling on;
      ssl_stapling_verify on;
 
      # Add headers to serve security related headers
      # The always parameter ensures that the header is set for all responses, including internally generated error responses.
      # Before enabling Strict-Transport-Security headers please read into this topic first.
      # https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
 
      #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
      add_header X-Content-Type-Options nosniff always;
      add_header X-Frame-Options "SAMEORIGIN" always;
      add_header X-XSS-Protection "1; mode=block" always;
      add_header X-Robots-Tag none always;
      add_header X-Download-Options noopen always;
      add_header X-Permitted-Cross-Domain-Policies none always;
 
      # Path to the root of your installation
      root /backup/www/owncloud/;
 
      location = /robots.txt {
          allow all;
          log_not_found off;
          access_log off;
      }
 
      # The following 2 rules are only needed for the user_webfinger app.
      # Uncomment it if you're planning to use this app.
 
      #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
 
      location = /.well-known/carddav {
          return 301 $scheme://$host/remote.php/dav;
      }
      location = /.well-known/caldav {
          return 301 $scheme://$host/remote.php/dav;
      }
 
      # set max upload size
      client_max_body_size 512M;
      fastcgi_buffers 8 4K;                     # Please see note 1
      fastcgi_ignore_headers X-Accel-Buffering; # Please see note 2
 
      # Disable gzip to avoid the removal of the ETag header
      # Enabling gzip would also make your server vulnerable to BREACH
      # if no additional measures are done. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773332
      gzip off;
 
      # Uncomment if your server is build with the ngx_pagespeed module
      # This module is currently not supported.
      #pagespeed off;
 
      error_page 403 /core/templates/403.php;
      error_page 404 /core/templates/404.php;
 
      location / {
          rewrite ^ /index.php$uri;
      }
 
      location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
          return 404;
      }
      location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
          return 404;
      }
 
      location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|ocm-provider/.+|core/templates/40[34])\.php(?:$|/) {
          fastcgi_split_path_info ^(.+\.php)(/.*)$;
          include fastcgi_params;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_param SCRIPT_NAME $fastcgi_script_name; # necessary for owncloud to detect the contextroot https://github.com/owncloud/core/blob/v10.0.0/lib/private/AppFramework/Http/Request.php#L603
          fastcgi_param PATH_INFO $fastcgi_path_info;
          fastcgi_param HTTPS on;
          fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
          fastcgi_param front_controller_active true;
          fastcgi_read_timeout 180; # increase default timeout e.g. for long running carddav/ caldav syncs with 1000+ entries
          fastcgi_pass php-handler;
          fastcgi_intercept_errors on;
          fastcgi_request_buffering off; #Available since NGINX 1.7.11
      }
 
      location ~ ^/(?:updater|ocs-provider|ocm-provider)(?:$|/) {
          try_files $uri $uri/ =404;
          index index.php;
      }
 
      # Adding the cache control header for js and css files
      # Make sure it is BELOW the PHP block
      location ~ \.(?:css|js)$ {
          try_files $uri /index.php$uri$is_args$args;
          add_header Cache-Control "max-age=15778463" always;
 
          # Add headers to serve security related headers (It is intended to have those duplicated to the ones above)
          # The always parameter ensures that the header is set for all responses, including internally generated error responses.
          # Before enabling Strict-Transport-Security headers please read into this topic first.
          # https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
 
          #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always;
          add_header X-Content-Type-Options nosniff always;
          add_header X-Frame-Options "SAMEORIGIN" always;
          add_header X-XSS-Protection "1; mode=block" always;
          add_header X-Robots-Tag none always;
          add_header X-Download-Options noopen always;
          add_header X-Permitted-Cross-Domain-Policies none always;
          # Optional: Don't log access to assets
          access_log off;
      }
 
      location ~ \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg|map|json)$ {
          add_header Cache-Control "public, max-age=7200" always;
          try_files $uri /index.php$uri$is_args$args;
          # Optional: Don't log access to other assets
          access_log off;
      }
  }

参考文档
https://doc.owncloud.com/server/admin_manual/installation/nginx_configuration.html


This entry was posted in Linux and tagged , , . Bookmark the permalink.
月小升QQ 2651044202, 技术交流QQ群 178491360
首发地址:月小升博客https://java-er.com/blog/centos-install-owncloud-nginx-ssl/
无特殊说明,文章均为月小升原创,欢迎转载,转载请注明本文地址,谢谢
您的评论是我写作的动力

Leave a Reply

Your email address will not be published. Required fields are marked *

*

*

  

  

About Me

静水流深,水滴石穿