NextCloud是一个免费的开源文件托管和文件共享服务器,由ownCloud项目创建。它与其他文件共享服务(例如Google Drive,Dropbox和iCloud)非常相似。NextCloud允许您从中央位置存储文件,文档,图片,电影和视频。使用NextCloud,您可以与朋友和客户共享文件,联系人和任何其他媒体。NextCloud与邮件,日历,联系人和其他功能集成在一起,这将帮助您的团队更快,更轻松地完成工作。您可以在台式机上安装NextCloud客户端,以与Nextcloud服务器同步文件。桌面客户端可用于大多数操作系统,包括Windows,macOS,FreeBSD和Linux。
在本教程中,我们将说明如何安装NextCloud并使用Debian 10上的Let’s Encrypt SSL对其进行保护。
先决条件
- 运行Debian 10的服务器。
- 指向服务器IP的有效域名。在本教程中,我们将使用nextcloud.example.com域。
- 在您的服务器上配置了root密码。
安装Apache,MariaDB和PHP
NextCloud在使用PHP编写的Web服务器上运行,并使用MariaDB存储其数据。因此,您将需要在系统上安装Apache,MariaDB,PHP和其他必需的软件包。您可以通过运行以下命令来安装所有它们:
apt-get install apache2 libapache2-mod-php mariadb-server php-xml php-cli php-cgi php-mysql php-mbstring php-gd php-curl php-zip wget unzip -y安装完所有软件包后,打开php.ini文件并进行一些建议的设置调整:
nano /etc/php/7.3/apache2/php.ini更改以下设置:
memory_limit = 512M upload_max_filesize = 500M post_max_size = 500M max_execution_time = 300 date.timezone = Asia/Kolkata
完成后保存并关闭文件。然后,启动Apache和MariaDB服务,并使用以下命令使它们在系统重启后启动:
systemctl start apache2
systemctl start mariadb
systemctl enable apache2
systemctl enable mariadb完成后,您可以继续下一步。
为NextCloud配置数据库
接下来,您将需要为NextCloud创建数据库和数据库用户。为此,请使用以下命令登录到MariaDB shell:
mysql -u root -p在询问时提供您的root密码,然后使用以下命令创建数据库和用户:
MariaDB [(none)]> CREATE DATABASE nextclouddb;
MariaDB [(none)]> CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'password';接下来,使用以下命令将所有特权授予nextclouddb:
MariaDB [(none)]> GRANT ALL ON nextclouddb.* TO 'nextclouduser'@'localhost';接下来,刷新特权并使用以下命令从MariaDB shell退出:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;完成后,您可以继续下一步。
下载NextCloud
首先,访问NextCloud下载页面,并在您的系统上下载NextCloud的最新版本。在撰写本文时,NextCloud的最新版本是17.0.1。您可以使用以下命令下载它:
wget https://download.nextcloud.com/server/releases/nextcloud-17.0.1.zip下载完成后,使用以下命令解压缩下载的文件:
unzip nextcloud-17.0.1.zip接下来,将提取的目录移动到Apache Web根目录:
mv nextcloud /var/www/html/接下来,使用以下命令为nextcloud目录赋予适当的权限:
chown -R www-data:www-data /var/www/html/nextcloud/
chmod -R 755 /var/www/html/nextcloud/完成后,您可以继续下一步。
为NextCloud配置Apache
接下来,您将需要创建一个Apache虚拟主机配置文件来服务NextCloud。您可以使用以下命令创建它:
nano /etc/apache2/sites-available/nextcloud.conf添加以下行:
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/html/nextcloud/
ServerName nextcloud.example.com
Alias /nextcloud "/var/www/html/nextcloud/"
<Directory /var/www/html/nextcloud/>
Options +FollowSymlinks
AllowOverride All
Require all granted
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
完成后保存并关闭文件。然后,使用以下命令启用Apache虚拟主机文件和其他必需的模块:
a2ensite nextcloud.conf
a2enmod rewrite
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mime最后,重新启动Apache服务以应用新配置:
systemctl restart apache2让我们加密免费SSL来保护NextCloud
现在已安装并配置NextCloud。接下来,建议使用“让我们加密免费的SSL”保护它的安全。为此,请首先使用以下命令安装Certbot客户端:
apt-get install python-certbot-apache -y安装完成后,您可以运行以下命令为您的域nextcloud.example.com安装“让我们加密证书”。
certbot --apache -d nextcloud.example.com在安装过程中,系统将要求您提供电子邮件地址并接受服务条款,如下所示:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): admin@example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for nextcloud.example.com Enabled Apache rewrite module Waiting for verification... Cleaning up challenges Created an SSL vhost at /etc/apache2/sites-available/nextcloud-le-ssl.conf Deploying Certificate to VirtualHost /etc/apache2/sites-available/nextcloud-le-ssl.conf Enabling available site: /etc/apache2/sites-available/nextcloud-le-ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
接下来,键入2并按Enter键以下载并为您的域安装免费的SSL证书。一旦成功完成安装。您应该获得以下输出:
Enabled Apache rewrite module Redirecting vhost in /etc/apache2/sites-enabled/nextcloud.conf to ssl vhost in /etc/apache2/sites-available/ nextcloud-le-ssl.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://nextcloud.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=nextcloud.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem Your cert will expire on 2019-10-22. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
完成后,您可以继续下一步。
访问NextCloud Web界面
现在,我们已使用“让我们加密SSL”对NextCloud进行配置和保护。接下来,打开您的Web浏览器并输入URL https://nextcloud.example.com。您将被重定向到以下页面:
现在,提供您的管理员用户名和密码,数据文件夹,更正数据库凭据,然后单击完成 设置按钮。您将在以下页面中重定向到NextCloud仪表板:
现在就这样。
