https://www.linuxbabe.com/ubuntu/install-nextcloud-ubuntu-22-04-nginx-postgresql
https://nextcloud.com/install/#download-server
sudo unzip latest.zip
sudo mv nextcloud/ /var/www/
sudo chown www-data:www-data /var/www/nextcloud/ -R
sudo -u postgres psql
CREATE DATABASE nextcloud TEMPLATE template0 ENCODING 'UNICODE';
CREATE USER nextclouduser WITH PASSWORD 'Nc20260415';
ALTER DATABASE nextcloud OWNER TO nextclouduser;
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextclouduser;
exit
sudo nano /etc/nginx/sites-eneabled/nextcloud.conf
server {
if ($host = nc.fin-tech.su) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name nc.fin-tech.su;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name nc.fin-tech.su;
ssl_certificate /etc/letsencrypt/live/fin-tech.su/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/fin-tech.su/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
access_log /var/log/nginx/nextcloud.access.log;
error_log /var/log/nginx/nextcloud.error.log notice;
add_header Strict-Transport-Security "max-age=31536000" always;
# Add headers to serve security related headers
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
#add_header X-Robots-Tag none;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
#I found this header is needed on Ubuntu, but not on Arch Linux.
add_header X-Frame-Options "SAMEORIGIN";
# Path to the root of your installation
root /var/www/nextcloud/;
#access_log /var/log/nginx/nextcloud.access;
#error_log /var/log/nginx/nextcloud.error;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/host-meta {
return 301 $scheme://$http_hostpublic.php?service=host-meta;
}
location = /.well-known/host-meta.json {
return 301 $scheme://$http_host/public.php?service=host-meta-json;
}
location = /.well-known/carddav {
return 301 $scheme://$http_host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$http_host/remote.php/dav;
}
location = /.well-known/webfinger{
return 301 $scheme://$http_host/index.php/.well-known/webfinger;
}
location = /.well-known/nodeinfo{
return 301 $scheme://$http_host/index.php/.well-known/nodeinfo;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
try_files $fastcgi_script_name =404;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/run/php/php8.3-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js|mjs)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
#add_header X-Robots-Tag none;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
}
}
application/javascript js mjs;
apt install imagemagick php-imagick php8.3-common php8.3-pgsql php8.3-fpm php8.3-gd php8.3-curl php8.3-imagick php8.3-zip php8.3-xml php8.3-mbstring php8.3-bz2 php8.3-intl php8.3-bcmath php8.3-gmp
sudo nginx -t && systemctl restart nginx
Открыть url для конфигурирования
https://nc.fin-tech.su
Задать:
ncadmin
s%WqT7ZrJR
fix ram
sudo nano /etc/php/8.3/fpm/php.ini
memory_limit = 512M
opcache.interned_strings_buffer=16
sudo systemctl restart php8.3-fpm
sudo nano /etc/php/8.3/fpm/pool.d/www.conf
Расскомментировать
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
cd /var/www/nextcloud/
sudo -u www-data php ./occ app:remove electronicsignatures
crontab -u www-data -e
*/5 * * * * php -f /var/www/nextcloud/cron.php
apt update && apt install -y redis-server
redis-server -v
systemctl status redis
apt update && apt install -y php8.3-redis
php8.3 --ri redis
Добавить в /var/www/nextcloud/config/config.php
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.local' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),
/etc/php/8.3/fpm/pool.d/www.conf
[www]
user = www-data
group = www-data
listen = /run/php/php8.2-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 25
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
sudo systemctl restart php8.3-fpm