技术教程 · 2020年1月21日 1

如何在Debian 10上安装NextCloud

NextCloud是一个免费的开源文件托管和文件共享服务器,由ownCloud项目创建。它与其他文件共享服务(例如Google Drive,Dropbox和iCloud)非常相似。NextCloud允许您从中央位置存储文件,文档,图片,电影和视频。使用NextCloud,您可以与朋友和客户共享文件,联系人和任何其他媒体。NextCloud与邮件,日历,联系人和其他功能集成在一起,这将帮助您的团队更快,更轻松地完成工作。您可以在台式机上安装NextCloud客户端,以与Nextcloud服务器同步文件。桌面客户端可用于大多数操作系统,包括Windows,macOS,FreeBSD和Linux。

在本教程中,我们将说明如何安装NextCloud并使用Debian 10上的Let’s Encrypt SSL对其进行保护。

先决条件

  • 运行Debian 10的服务器。
  • 指向服务器IP的有效域名。在本教程中,我们将使用nextcloud.example.com域。
  • 在您的服务器上配置了root密码。

安装Apache,MariaDB和PHP

NextCloud在使用PHP编写的Web服务器上运行,并使用MariaDB存储其数据。因此,您将需要在系统上安装Apache,MariaDB,PHP和其他必需的软件包。您可以通过运行以下命令来安装所有它们:

apt-get install apache2 libapache2-mod-php mariadb-server php-xml php-cli php-cgi php-mysql php-mbstring php-gd php-curl php-zip wget unzip -y

安装完所有软件包后,打开php.ini文件并进行一些建议的设置调整:

nano /etc/php/7.3/apache2/php.ini

更改以下设置:

memory_limit = 512M
upload_max_filesize = 500M
post_max_size = 500M
max_execution_time = 300
date.timezone = Asia/Kolkata

完成后保存并关闭文件。然后,启动Apache和MariaDB服务,并使用以下命令使它们在系统重启后启动:

systemctl start apache2
 systemctl start mariadb
 systemctl enable apache2
 systemctl enable mariadb

完成后,您可以继续下一步。

为NextCloud配置数据库

接下来,您将需要为NextCloud创建数据库和数据库用户。为此,请使用以下命令登录到MariaDB shell:

mysql -u root -p

在询问时提供您的root密码,然后使用以下命令创建数据库和用户:

MariaDB [(none)]> CREATE DATABASE nextclouddb;
MariaDB [(none)]> CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'password';

接下来,使用以下命令将所有特权授予nextclouddb:

MariaDB [(none)]> GRANT ALL ON nextclouddb.* TO 'nextclouduser'@'localhost';

接下来,刷新特权并使用以下命令从MariaDB shell退出:

MariaDB [(none)]> FLUSH PRIVILEGES;
 MariaDB [(none)]> EXIT;

完成后,您可以继续下一步。

下载NextCloud

首先,访问NextCloud下载页面,并在您的系统上下载NextCloud的最新版本。在撰写本文时,NextCloud的最新版本是17.0.1。您可以使用以下命令下载它:

wget https://download.nextcloud.com/server/releases/nextcloud-17.0.1.zip

下载完成后,使用以下命令解压缩下载的文件:

unzip nextcloud-17.0.1.zip

接下来,将提取的目录移动到Apache Web根目录:

mv nextcloud /var/www/html/

接下来,使用以下命令为nextcloud目录赋予适当的权限:

chown -R www-data:www-data /var/www/html/nextcloud/
 chmod -R 755 /var/www/html/nextcloud/

完成后,您可以继续下一步。

为NextCloud配置Apache

接下来,您将需要创建一个Apache虚拟主机配置文件来服务NextCloud。您可以使用以下命令创建它:

nano /etc/apache2/sites-available/nextcloud.conf

添加以下行:

<VirtualHost *:80>
     ServerAdmin admin@example.com
     DocumentRoot /var/www/html/nextcloud/
     ServerName nextcloud.example.com

     Alias /nextcloud "/var/www/html/nextcloud/"

     <Directory /var/www/html/nextcloud/>
        Options +FollowSymlinks
        AllowOverride All
        Require all granted
          <IfModule mod_dav.c>
            Dav off
          </IfModule>
        SetEnv HOME /var/www/html/nextcloud
        SetEnv HTTP_HOME /var/www/html/nextcloud
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

完成后保存并关闭文件。然后,使用以下命令启用Apache虚拟主机文件和其他必需的模块:

a2ensite nextcloud.conf
 a2enmod rewrite
 a2enmod headers
 a2enmod env
 a2enmod dir
 a2enmod mime

最后,重新启动Apache服务以应用新配置:

systemctl restart apache2

让我们加密免费SSL来保护NextCloud

现在已安装并配置NextCloud。接下来,建议使用“让我们加密免费的SSL”保护它的安全。为此,请首先使用以下命令安装Certbot客户端:

apt-get install python-certbot-apache -y

安装完成后,您可以运行以下命令为您的域nextcloud.example.com安装“让我们加密证书”。

certbot --apache -d nextcloud.example.com

在安装过程中,系统将要求您提供电子邮件地址并接受服务条款,如下所示:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@example.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nextcloud.example.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/nextcloud-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/nextcloud-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/nextcloud-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

接下来,键入2并按Enter键以下载并为您的域安装免费的SSL证书。一旦成功完成安装。您应该获得以下输出:

Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/nextcloud.conf to ssl vhost in /etc/apache2/sites-available/
nextcloud-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://nextcloud.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=nextcloud.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
 /etc/letsencrypt/live/example.com/fullchain.pem
 Your key file has been saved at:
 /etc/letsencrypt/live/example.com/privkey.pem
 Your cert will expire on 2019-10-22. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot again
 with the "certonly" option. To non-interactively renew *all* of
 your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
 configuration directory at /etc/letsencrypt. You should make a
 secure backup of this folder now. This configuration directory will
 also contain certificates and private keys obtained by Certbot so
 making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:
 Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
 Donating to EFF: https://eff.org/donate-le

完成后,您可以继续下一步。

访问NextCloud Web界面

现在,我们已使用“让我们加密SSL”对NextCloud进行配置和保护。接下来,打开您的Web浏览器并输入URL https://nextcloud.example.com。您将被重定向到以下页面:

NextCloud登录

配置数据库

现在,提供您的管理员用户名和密码,数据文件夹,更正数据库凭据,然后单击完成 设置按钮。您将在以下页面中重定向到NextCloud仪表板:

NextCloud仪表板

现在就这样。