记录一次惨痛的安装经历之 使用 LAMP 在 Linux on Windows 上搭建Nextcloud

先直接上正确的安装教程。

打开 控制面板 程序 添加windows功能 子系统开关。

打开应用商店,搜索Ubuntu 16.04 LTS,等待安装。

安装完点击启动,稍等片刻。系统会分别要求输入用户名、密码、确认密码。

切换到root用户:

1
2
sudo -i
[输入刚才创建的密码]

配置清华镜像源:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
cp /etc/apt/sourceh g h gst /etc/apt/sources.list.bak  //备份原有镜像源
vim /etc/apt/sources.list //修改c
使用以下替换原文件:
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted universe multiverse

# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-proposed main restricted universe multiverse

修改完毕,保存退出。更新安装源缓存:

1
2
apt install update   //更新安装源缓
apt install upgrade //安装更新

安装mysql并确认

1
2
3
apt install mysql-server //安装过程中会提示输入root用户密码
apt install mysql-client
dpkg -l | grep mysql* //查看是否安装成功

启动mysql并确认

1
2
service mysql start
ps -ef | grep mysql* //查看是否有相应程序启动

安装Apache2、PHP7.0及其扩展

1
2
apt install -y apache2 libapache2-mod-php7.0 
apt install -y php7.0-gd php7.0-json php7.0-mysql php7.0-curl php7.0-mbstring php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip php-apcu

下载Nexcloud源码并转移至服务器路径

设定服务器路径为 /var/www/example.com

1
2
3
4
5
wget 'https://download.nextcloud.com/server/releases/latest.zip'
cp latest.zip /var/www/
cd /var/www/
unzip latest.zip
mv nextcloud/ example.com/

设置目录权限

1
chown -R www-data:www-data /var/www/example.com/

创建虚拟主机

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
vim /etc/apache2/sites-available/nextcloud.conf

#将以下内容写入
Alias /nextcloud "/var/www/nextcloud/"
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/nextcloud/
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All

<IfModule mod_dav.c>
Dav on
</IfModule>

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
</VirtualHost>

让虚拟主机生效

1
2
3
4
a2ensite nextcloud.conf
service apache2 reload
a2enmod rewrite headers env dir mime ssl //启用对应模块
service apache2 restart

创建 Nextcloud 所需的数据库和账户

1
2
3
4
5
6
7
mysql -u root -p
[输入之前设置的数据库密码]
create database nextcloud;
create user nextcloud@localhost identified by 'password'; //用实际密码调整password
grant all on *.* to 'nextcloud'@'localhost' identified by 'password' with grant option; //同上
flush privileges; //刷新权限记录
exit; //退出

测试用户是否创建成功

1
2
mysql -u nextcloud -p
[输入之前设置的nextcloud用户密码]

配置NextCloud

若example.com已经解析到本机:
在浏览器中访问http://example.com,打开成功即成功安装。

其他配置

  • 启用https

    安装相应软件

    1
    2
    3
    4
    apt-get install software-properties-common
    add-apt-repository ppa:certbot/certbot
    apt-get update
    apt-get install python-certbot-apache

使用命令启动

1
2
3
4
user@server:~$ sudo certbot --apache
*Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):*

输入自己的邮箱,回车确认:

1
2
3
4
5
6
7
8
9
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel:

键入A同意服务条款,回车确认。
还有一个对话框,是否同意向自己的邮箱发送信息,同意键入y,不同意键入n。

1
2
3
4
5
6
7
8
Starting new HTTPS connection (1): supporters.eff.org

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: example.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

键入1,为example.com 申请证书:

1
2
3
4
5
6
7
8
9
10
Deploying Certificate for aaa.com to VirtualHost /etc/apache2/sites-available/example.com-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

键入2开启强制HTTP跳转到HTTPS,也可键入1:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Congratulations! You have successfully enabled 
https://example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
-------------------------------------------------------------------------------

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2018-11-19. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

这样就安装成功了。

  • 启用PHP缓存组件
    安装过程已经选择了APCu作为其组件,修改文件:vim /var/www/example.com/config/config.php
    在最后一行的 ): 上,加入一句:'memcache.local' => '\OC\Memcache\APCu'

  • 配置分布式存储opcache找到 php.ini 文件,在/etc/php/7.0/apache2/php.ini`处,添加如下代码:

    1
    2
    3
    4
    5
    6
    7
    opcache.enable=1
    opcache.enable_cli=1
    opcache.interned_strings_buffer=8
    opcache.max_accelerated_files=10000
    opcache.memory_consumption=128
    opcache.save_comments=1
    opcache.revalidate_freq=1
  • 提示HTTP 请求头 “Strict-Transport-Security” 没有配置为至少 “15552000” 秒。
    修改/etc/apache-sites-avaliable/example.com.conf,在<Virtual:443>节点内添加如下代码:

    1
    2
    3
    <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
    </IfModule>