Nextcloud安全检查时报错” HTTP header is not set to “no-referrer””解决方法

发表于2018年12月9日由wooder

Nextcloud安全检查时报错

The “Referrer-Policy” HTTP header is not set to “no-referrer”, “no-referrer-when-downgrade”, “strict-origin” or “strict-origin-when-cross-origin”. This can leak referer information.

这个是NextCloud新版本提升了安全要求，解决方法就是添加对应的标记

server {
# Configuration
add_header Referrer-Policy no-referrer always;
}

完成之后重启nginx，问题解决。

这个官方论坛上有说明，多去看看

https://help.nextcloud.com/t/the-referrer-policy-http-header-is-not-set-to-no-referrer/36613

发表在 Nextcloud | 标签为 nextcloud | 留下评论

Nextcloud报错”You are using a fallback implementation of the intl extension.“解决方法

发表于2018年12月9日由wooder

NextCloud安装最新的14版本报错

You are using a fallback implementation of the intl extension. Installing the native one is highly recommended instead. at /usr/share/nginx/nextcloud/3rdparty/patchwork/utf8/src/Patchwork/Utf8/Bootup/intl.php#18

原因是因为php缺组件intl，装上就可以了

[root@fencatn conf.d]# yum install -y php71w-intl
Loaded plugins: fastestmirror
base | 3.6 kB 00:00
epel/x86_64/metalink | 8.9 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
webtatic | 3.6 kB 00:00
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
* webtatic: uk.repo.webtatic.com
Resolving Dependencies
--> Running transaction check
---> Package php71w-intl.x86_64 0:7.1.24-1.w7 will be installed
--> Processing Dependency: libicuuc.so.50()(64bit) for package: php71w-intl-7.1. 24-1.w7.x86_64
--> Processing Dependency: libicuio.so.50()(64bit) for package: php71w-intl-7.1. 24-1.w7.x86_64
--> Processing Dependency: libicui18n.so.50()(64bit) for package: php71w-intl-7. 1.24-1.w7.x86_64
--> Processing Dependency: libicudata.so.50()(64bit) for package: php71w-intl-7. 1.24-1.w7.x86_64
--> Running transaction check
---> Package libicu.x86_64 0:50.1.2-17.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
php71w-intl x86_64 7.1.24-1.w7 webtatic 183 k
Installing for dependencies:
libicu x86_64 50.1.2-17.el7 base 6.9 M

Transaction Summary
================================================================================
Install 1 Package (+1 Dependent package)

Total download size: 7.0 M
Installed size: 25 M
Downloading packages:
(1/2): libicu-50.1.2-17.el7.x86_64.rpm | 6.9 MB 00:02
(2/2): php71w-intl-7.1.24-1.w7.x86_64.rpm | 183 kB 00:07
--------------------------------------------------------------------------------
Total 971 kB/s | 7.0 MB 00:07
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libicu-50.1.2-17.el7.x86_64 1/2
Installing : php71w-intl-7.1.24-1.w7.x86_64 2/2
Verifying : libicu-50.1.2-17.el7.x86_64 1/2
Verifying : php71w-intl-7.1.24-1.w7.x86_64 2/2

Installed:
php71w-intl.x86_64 0:7.1.24-1.w7

Dependency Installed:
libicu.x86_64 0:50.1.2-17.el7

Complete!

装完之后重启nginx和php-fpm，问题解决

[root@fencatn conf.d]# systemctl restart nginx
[root@fencatn conf.d]# systemctl restart php-fpm

发表在 Nextcloud | 标签为 nextcloud | 2条评论

NextCloud的调优及安全配置

发表于2018年12月8日由wooder

一、添加缓存
缓存你可以选择memcached或者redis，注意选择一种就可以，不是大型实例，多了也没什么用
1、添加memcached
[root@fencatn ~]# yum install -y memcached
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cqu.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
* webtatic: uk.repo.webtatic.com
Resolving Dependencies
–> Running transaction check
—> Package memcached.x86_64 0:1.4.15-10.el7_3.1 will be installed
–> Processing Dependency: libevent-2.0.so.5()(64bit) for package: memcached-1.4.15-10.el7_3.1.x86_64
–> Running transaction check
—> Package libevent.x86_64 0:2.0.21-4.el7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
memcached x86_64 1.4.15-10.el7_3.1 base 85 k
Installing for dependencies:
libevent x86_64 2.0.21-4.el7 base 214 k

Transaction Summary
================================================================================
Install 1 Package (+1 Dependent package)

Total download size: 299 k
Installed size: 901 k
Downloading packages:
(1/2): memcached-1.4.15-10.el7_3.1.x86_64.rpm | 85 kB 00:00
(2/2): libevent-2.0.21-4.el7.x86_64.rpm | 214 kB 00:00
——————————————————————————–
Total 645 kB/s | 299 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libevent-2.0.21-4.el7.x86_64 1/2
Installing : memcached-1.4.15-10.el7_3.1.x86_64 2/2
Verifying : memcached-1.4.15-10.el7_3.1.x86_64 1/2
Verifying : libevent-2.0.21-4.el7.x86_64 2/2

Installed:
memcached.x86_64 0:1.4.15-10.el7_3.1

Dependency Installed:
libevent.x86_64 0:2.0.21-4.el7

Complete!
[root@fencatn ~]# cat /etc/sysconfig/memcached
PORT=”11211″
USER=”memcached”
MAXCONN=”1024″
CACHESIZE=”64″
OPTIONS=””
启用memcached
[root@fencatn ~]# systemctl restart memcached
[root@fencatn ~]# systemctl enable memcached
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
确认memcached已经启用
[root@fencatn ~]# netstat -antup | grep 11211
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 12200/memcached
tcp6 0 0 :::11211 :::* LISTEN 12200/memcached
udp 0 0 0.0.0.0:11211 0.0.0.0:* 12200/memcached
udp6 0 0 :::11211 :::* 12200/memcached

然后修改配置文件，在 ); 内添加
‘memcached_servers’ => array(
array(‘localhost’, 11211),
),
代码如下：
（注意，百度上我搜过了，很多人的配置文件一看就是复制粘贴的，一个人写错了，个个都复制错了，很多人写的是
‘memcache.local’ => ‘\OC\Memcache\APCu’,
‘memcache.distributed’ => ‘\OC\Memcache\Memcached’,
‘memcached_servers’ => array(
array(‘localhost’, 11211),
),
注意，这个本身是官方给的httpd的格式，nginx不是这样）

[root@fencatn config]# pwd
/usr/share/nginx/nextcloud/config
[root@fencatn config]# cat config.php
<?php
$CONFIG = array (
‘instanceid’ => ‘ocaemai81f1w’,
‘passwordsalt’ => ‘7xQYU/kEn0Vbss5XckNEspp1haKKyj’,
‘secret’ => ‘MftfjmfndXaBEfvUsc1+jyyzAOs8NTNheA6E+gsLJdp8wvU0’,
‘trusted_domains’ =>
array (
0 => ‘176.204.100.100’,
),
‘datadirectory’ => ‘/usr/share/nginx/nextcloud/data’,
‘dbtype’ => ‘mysql’,
‘version’ => ‘14.0.4.2’,
‘overwrite.cli.url’ => ‘https://176.204.100.100’,
‘dbname’ => ‘nextcloud_fencatn’,
‘dbhost’ => ‘localhost’,
‘dbport’ => ”,
‘dbtableprefix’ => ‘oc_’,
‘dbuser’ => ‘fencatn’,
‘dbpassword’ => ‘fencatn2018’,
‘installed’ => true,
‘memcached_servers’ => array(
array(‘localhost’, 11211),
),
);

[root@fencatn config]#

2、添加redis缓存
你也可以选择redis
在nextcloud的config配置文件中添加如下，这个是通过TCP连接的：
‘redis’ => array(
‘host’ => ‘localhost’,
‘port’ => 6379,
),

还有性能更好的UNIX连接：
‘redis’ => array(
‘host’ => ‘/var/run/redis/redis.sock’,
‘port’ => 0,
‘dbindex’ => 0,
‘password’ => ‘secret’,
‘timeout’ => 1.5,
),

同时，官方还推荐加入如下，来用于存储文件锁：
‘memcache.locking’ => ‘\OC\Memcache\Redis’,

3、修改上传大小限制，nextcloud默认上传大小时512M，如果要调整，需要操作 php.ini 以及 nginx对应的虚拟主机文件
这个官方也有文档，你可以直接查阅，为了方便，我直接给你们粘贴过来了
https://docs.nextcloud.com/server/14/admin_manual/configuration_files/big_file_upload_configuration.html

Uploading big files > 512MB

The default maximum file size for uploads is 512MB. You can increase this limit up to what your filesystem and operating system allows. There are certain hard limits that cannot be exceeded:

```
< 2GB on 32Bit OS-architecture
```
```
< 2GB with IE6 - IE8
```
```
< 4GB with IE9 - IE11
```

64-bit filesystems have much higher limits; consult the documentation for your filesystem.

Note

The Nextcloud sync client is not affected by these upload limits as it is uploading files in smaller chunks.

System configuration

Make sure that the latest version of PHP is installed
Disable user quotas, which makes them unlimited
Your temp file or partition has to be big enough to hold multiple parallel uploads from multiple users; e.g. if the max upload size is 10GB and the average number of users uploading at the same time is 100: temp space has to hold at least 10×100 GB

Configuring your Web server

Note

Nextcloud comes with its own nextcloud/.htaccess file. Because php-fpm can’t read PHP settings in .htaccess these settings must be set in the nextcloud/.user.ini file.

Set the following two parameters inside the corresponding php.ini file (see the Loaded Configuration File section of PHP version and information to find your relevant php.ini files)

php_value upload_max_filesize 16G
php_value post_max_size 16G

Adjust these values for your needs. If you see PHP timeouts in your logfiles, increase the timeout values, which are in seconds:

php_value max_input_time 3600
php_value max_execution_time 3600

The mod_reqtimeout Apache module could also stop large uploads from completing. If you’re using this module and getting failed uploads of large files either disable it in your Apache config or raise the configured RequestReadTimeout timeouts.

There are also several other configuration options in your Web server config which could prevent the upload of larger files. Please see the manual of your Web server for how to configure those values correctly:

Apache

Apache with mod_fcgid

Note

If you are using Apache/2.4 with mod_fcgid, as of February/March 2016, FcgidMaxRequestInMem still needs to be significantly increased from its default value to avoid the occurrence of segmentation faults when uploading big files. This is not a regular setting but serves as a workaround for Apache with mod_fcgid bug #51747.

Setting FcgidMaxRequestInMem significantly higher than normal may no longer be necessary, once bug #51747 is fixed.

nginx

Since nginx 1.7.11 a new config option fastcgi_request_buffering is availabe. Setting this option to fastcgi_request_buffering off; in your nginx config might help with timeouts during the upload. Furthermore it helps if you’re running out of disc space on the tmp partition of your system.

For more info how to configure nginx to raise the upload limits see also this wiki entry.

Note

Make sure that client_body_temp_path points to a partition with adequate space for your upload file size, and on the same partition as the upload_tmp_dir or tempdirectory (see below). For optimal performance, place these on a separate hard drive that is dedicated to swap and temp storage.

If your site is behind a nginx frontend (for example a loadbalancer):

By default, downloads will be limited to 1GB due to proxy_buffering and proxy_max_temp_file_size on the frontend.

If you can access the frontend’s configuration, disable proxy_buffering or increase proxy_max_temp_file_size from the default 1GB.
If you do not have access to the frontend, set the X-Accel-Buffering header to add_header X-Accel-Buffering no; on your backend server.

Configuring PHP

If you don’t want to use the Nextcloud .htaccess or .user.ini file, you may configure PHP instead. Make sure to comment out any lines .htaccess pertaining to upload size, if you entered any.

If you are running Nextcloud on a 32-bit system, any open_basedir directive in your php.ini file needs to be commented out.

Set the following two parameters inside php.ini, using your own desired file size values:

upload_max_filesize = 16G
post_max_size = 16G

Tell PHP which temp directory you want it to use:

upload_tmp_dir = /var/big_temp_file/

Output Buffering must be turned off in .htaccess or .user.ini or php.ini, or PHP will return memory-related errors:

output_buffering = 0

Configuring Nextcloud

As an alternative to the upload_tmp_dir of PHP (e.g. if you don’t have access to your php.ini) you can also configure a temporary location for uploaded files by using the tempdirectory setting in your config.php (See Configuration Parameters). If you have configured the session_lifetime setting in your config.php (See Configuration Parameters) file then make sure it is not too low. This setting needs to be configured to at least the time (in seconds) that the longest upload will take. If unsure remove this completely from your configuration to reset it to the default shown in the config.sample.php.

Configuring upload limits within the GUI

If all prerequisites described in this documentation are in place an admin can change the upload limits on demand by using the File handling input box within the administrative backend of Nextcloud.  Depending on your environment you might get an insufficient permissions message shown for this input box.  To be able to use this input box you need to make sure that:

your Web server is able to use the .htaccess file shipped by Nextcloud (Apache only)

the user your Web server is running as has write permissions to the files .htaccess and .user.ini

代码如下
（1）、配置 nextcloud/.user.ini
因为php-fpm不能直接读取.htaccess的PHP配置，所以要在nextcloud/.user.ini中配置这些选项
[root@fencatn nextcloud]# pwd
/usr/share/nginx/nextcloud
[root@fencatn nextcloud]# cat .user.ini
upload_max_filesize=511M
post_max_size=511M
memory_limit=512M
mbstring.func_overload=0
always_populate_raw_post_data=-1
default_charset=’UTF-8′
output_buffering=0
把这个配置修改一下，根据你的需要，我修改成16G
[root@fencatn nextcloud]# vim .user.ini
[root@fencatn nextcloud]# cat .user.ini
upload_max_filesize=16G
post_max_size=16G
memory_limit=512M
mbstring.func_overload=0
always_populate_raw_post_data=-1
default_charset=’UTF-8′
output_buffering=0
[root@fencatn nextcloud]#
（2）、修改完大小，别忘了修改超时时间，我这里设置成3600秒,你可以根据自己的需求来修改
[root@fencatn nextcloud]# cat .user.ini
upload_max_filesize=16G
post_max_size=16G
max_input_time 3600
max_execution_time 3600
memory_limit=512M
mbstring.func_overload=0
always_populate_raw_post_data=-1
default_charset=’UTF-8′
output_buffering=0
（3）如果你不想修改nextcloud的配置文件，你也可以修改PHP的配置文件，我这里两个都修改
[root@fencatn nextcloud]# vim /etc/php.ini
799 upload_max_filesize = 16G
656 post_max_size = 16G
但是注意Output Buffering 必须在.htaccess 或者 .user.ini 或者 php.ini 全部关掉，否则报错memory-related errors:
230 output_buffering = 0
（4）完成之后重启PHP和Nginx
[root@fencatn nextcloud]# systemctl restart nginx
[root@fencatn nextcloud]# systemctl restart php-fpm

4、cron计划任务
官方本身有详细说明，你可以根据自己的需求配置，这里我直接选择cron计划任务了，原理很简单，用nginx用户，写个计划任务
再说一遍，是nginx用户执行这个计划任务！
https://docs.nextcloud.com/server/14/admin_manual/configuration_server/background_jobs_configuration.html#cron-jobs

代码如下

[root@fencatn ~]# ll -h /usr/share/nginx/nextcloud/cron.php
-rw-r–r– 1 nginx nginx 4.9K Nov 22 08:14 /usr/share/nginx/nextcloud/cron.php

[root@fencatn ~]# cron -e -u nginx
-bash: cron: command not found
[root@fencatn ~]# crontab -e -u nginx
no crontab for nginx – using an empty one
crontab: installing new crontab

[root@fencatn ~]# crontab -l -u nginx
*/15 * * * * php -f /usr/share/nginx/nextcloud/cron.php

发表在 Nextcloud | 标签为 nextcloud | 留下评论

Nextcloud(CentOS 7)安装与配置(LNMP平台)

发表于2018年12月8日由wooder

这篇文章主要介绍CentOS 7 LNMP平台上部署nextcloud的方法，具体的调优和内网穿透，请参照后面的文章

一、环境准备
1、准备Yum源
先安装必须的yum源，centos自带的BASE/EXTRAS/UPDATES必须齐全，同时安装fedora的epel，源不够的自行百度装好。
[root@ftpserver ~]# yum install -y epel*
Loaded plugins: fastestmirror
base | 3.6 kB 00:00
epel/x86_64/metalink | 8.9 kB 00:00
epel | 3.2 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
(1/6): epel/x86_64/updateinfo | 935 kB 00:00
(2/6): base/7/x86_64/group_gz | 166 kB 00:00
(3/6): extras/7/x86_64/primary_db | 154 kB 00:00
(4/6): updates/7/x86_64/primary_db | 1.3 MB 00:00
(5/6): epel/x86_64/primary | 3.6 MB 00:00
(6/6): base/7/x86_64/primary_db | 6.0 MB 00:01
Loading mirror speeds from cached hostfile
* base: mirrors.cn99.com
* epel: mirrors.aliyun.com
* extras: mirrors.163.com
* updates: mirrors.163.com
epel 12738/12738
Package epel-release-7-11.noarch already installed and latest version
Resolving Dependencies
–> Running transaction check
—> Package epel-rpm-macros.noarch 0:7-19 will be installed
–> Processing Dependency: python2-rpm-macros for package: epel-rpm-macros-7-19.noarch
–> Processing Dependency: python-srpm-macros for package: epel-rpm-macros-7-19.noarch
–> Processing Dependency: python-rpm-macros for package: epel-rpm-macros-7-19.noarch
–> Running transaction check
—> Package python-rpm-macros.noarch 0:3-22.el7 will be installed
—> Package python-srpm-macros.noarch 0:3-22.el7 will be installed
—> Package python2-rpm-macros.noarch 0:3-22.el7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
epel-rpm-macros noarch 7-19 epel 13 k
Installing for dependencies:
python-rpm-macros noarch 3-22.el7 epel 7.5 k
python-srpm-macros noarch 3-22.el7 epel 7.0 k
python2-rpm-macros noarch 3-22.el7 epel 6.3 k

Transaction Summary
================================================================================
Install 1 Package (+3 Dependent packages)

Total download size: 34 k
Installed size: 29 k
Downloading packages:
(1/4): epel-rpm-macros-7-19.noarch.rpm | 13 kB 00:00
(2/4): python-rpm-macros-3-22.el7.noarch.rpm | 7.5 kB 00:00
(3/4): python-srpm-macros-3-22.el7.noarch.rpm | 7.0 kB 00:00
(4/4): python2-rpm-macros-3-22.el7.noarch.rpm | 6.3 kB 00:00
——————————————————————————–
Total 48 kB/s | 34 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python-srpm-macros-3-22.el7.noarch 1/4
Installing : python-rpm-macros-3-22.el7.noarch 2/4
Installing : python2-rpm-macros-3-22.el7.noarch 3/4
Installing : epel-rpm-macros-7-19.noarch 4/4
Verifying : epel-rpm-macros-7-19.noarch 1/4
Verifying : python-srpm-macros-3-22.el7.noarch 2/4
Verifying : python-rpm-macros-3-22.el7.noarch 3/4
Verifying : python2-rpm-macros-3-22.el7.noarch 4/4

Installed:
epel-rpm-macros.noarch 0:7-19

Dependency Installed:
python-rpm-macros.noarch 0:3-22.el7 python-srpm-macros.noarch 0:3-22.el7
python2-rpm-macros.noarch 0:3-22.el7

Complete!
[root@ftpserver ~]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cn99.com
* epel: mirrors.aliyun.com
* extras: mirrors.163.com
* updates: mirrors.163.com
repo id repo name status
base/7/x86_64 CentOS-7 – Base 10,019
epel/x86_64 Extra Packages for Enterprise Linux 7 – x86_64 12,738
extras/7/x86_64 CentOS-7 – Extras 314
updates/7/x86_64 CentOS-7 – Updates 598
repolist: 23,669

2、除此之外，还需要安装一个webtatic源用来安装php
[root@ftpserver ~]# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Retrieving https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
warning: /var/tmp/rpm-tmp.NgHqYF: Header V4 RSA/SHA1 Signature, key ID 62e74ca5: NOKEY
Preparing… ################################# [100%]
Updating / installing…
1:webtatic-release-7-3 ################################# [100%]
[root@ftpserver ~]# yum repolist
Loaded plugins: fastestmirror
webtatic | 3.6 kB 00:00
(1/2): webtatic/x86_64/group_gz | 448 B 00:01
(2/2): webtatic/x86_64/primary_db | 424 kB 00:02
Loading mirror speeds from cached hostfile
* base: mirrors.cqu.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
* webtatic: uk.repo.webtatic.com
repo id repo name status
base/7/x86_64 CentOS-7 – Base 10,019
epel/x86_64 Extra Packages for Enterprise Linux 7 – x86_64 12,738
extras/7/x86_64 CentOS-7 – Extras 314
updates/7/x86_64 CentOS-7 – Updates 598
webtatic/x86_64 Webtatic Repository EL7 – x86_64 1,305
repolist: 24,974

3、安装php环境
(注意，截至到我写这个教程之前，php-72w-mcrypt还找到合适的Yum源，所以只好安装php-71w系列，实际上php-72w已经出来了)
yum -y install php71w-fpm php71w-cli php71w-gd php71w-mcrypt php71w-pear php71w-xml php71w-mbstring php71w-pdo php71w-json php71w-pecl-apcu php71w-pecl-apcu-devel
代码如下
[root@fencatn ~]# yum -y install php71w-fpm php71w-cli php71w-gd php71w-mcrypt php71w-pear php71w-xml php71w-mbstring php71w-pdo php71w-json php71w-pecl-apcu php71w-pecl-apcu-devel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cqu.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
* webtatic: uk.repo.webtatic.com
Resolving Dependencies
–> Running transaction check
—> Package php71w-cli.x86_64 0:7.1.24-1.w7 will be installed
—> Package php71w-common.x86_64 0:7.1.24-1.w7 will be installed
—> Package php71w-fpm.x86_64 0:7.1.24-1.w7 will be installed
—> Package php71w-gd.x86_64 0:7.1.24-1.w7 will be installed
—> Package php71w-mbstring.x86_64 0:7.1.24-1.w7 will be installed
—> Package php71w-mcrypt.x86_64 0:7.1.24-1.w7 will be installed
–> Processing Dependency: libmcrypt.so.4()(64bit) for package: php71w-mcrypt-7.1.24-1.w7.x86_64
–> Processing Dependency: libltdl.so.7()(64bit) for package: php71w-mcrypt-7.1.24-1.w7.x86_64
—> Package php71w-pdo.x86_64 0:7.1.24-1.w7 will be installed
—> Package php71w-pear.noarch 1:1.10.4-1.w7 will be installed
–> Processing Dependency: php71w-posix for package: 1:php71w-pear-1.10.4-1.w7.noarch
—> Package php71w-pecl-apcu.x86_64 0:5.1.9-1.w7 will be installed
—> Package php71w-pecl-apcu-devel.x86_64 0:5.1.9-1.w7 will be installed
–> Processing Dependency: php-devel for package: php71w-pecl-apcu-devel-5.1.9-1.w7.x86_64
—> Package php71w-xml.x86_64 0:7.1.24-1.w7 will be installed
–> Running transaction check
—> Package libmcrypt.x86_64 0:2.5.8-13.el7 will be installed
—> Package libtool-ltdl.x86_64 0:2.4.2-22.el7_3 will be installed
—> Package php71w-devel.x86_64 0:7.1.24-1.w7 will be installed
—> Package php71w-process.x86_64 0:7.1.24-1.w7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Installing:
php71w-cli x86_64 7.1.24-1.w7 webtatic 3.0 M
php71w-common x86_64 7.1.24-1.w7 webtatic 1.2 M
php71w-fpm x86_64 7.1.24-1.w7 webtatic 1.5 M
php71w-gd x86_64 7.1.24-1.w7 webtatic 133 k
php71w-mbstring x86_64 7.1.24-1.w7 webtatic 543 k
php71w-mcrypt x86_64 7.1.24-1.w7 webtatic 26 k
php71w-pdo x86_64 7.1.24-1.w7 webtatic 90 k
php71w-pear noarch 1:1.10.4-1.w7 webtatic 340 k
php71w-pecl-apcu x86_64 5.1.9-1.w7 webtatic 81 k
php71w-pecl-apcu-devel x86_64 5.1.9-1.w7 webtatic 22 k
php71w-xml x86_64 7.1.24-1.w7 webtatic 127 k
Installing for dependencies:
libmcrypt x86_64 2.5.8-13.el7 epel 99 k
libtool-ltdl x86_64 2.4.2-22.el7_3 base 49 k
php71w-devel x86_64 7.1.24-1.w7 webtatic 2.6 M
php71w-process x86_64 7.1.24-1.w7 webtatic 39 k

Transaction Summary
========================================================================================================================
Install 11 Packages (+4 Dependent packages)

Total download size: 9.8 M
Installed size: 45 M
Downloading packages:
(1/15): libmcrypt-2.5.8-13.el7.x86_64.rpm | 99 kB 00:00:00
(2/15): libtool-ltdl-2.4.2-22.el7_3.x86_64.rpm | 49 kB 00:00:00
(3/15): php71w-common-7.1.24-1.w7.x86_64.rpm | 1.2 MB 00:00:02
(4/15): php71w-cli-7.1.24-1.w7.x86_64.rpm | 3.0 MB 00:00:02
(5/15): php71w-fpm-7.1.24-1.w7.x86_64.rpm | 1.5 MB 00:00:00
(6/15): php71w-gd-7.1.24-1.w7.x86_64.rpm | 133 kB 00:00:00
(7/15): php71w-mbstring-7.1.24-1.w7.x86_64.rpm | 543 kB 00:00:00
(8/15): php71w-mcrypt-7.1.24-1.w7.x86_64.rpm | 26 kB 00:00:00
(9/15): php71w-pdo-7.1.24-1.w7.x86_64.rpm | 90 kB 00:00:00
(10/15): php71w-pear-1.10.4-1.w7.noarch.rpm | 340 kB 00:00:00
(11/15): php71w-pecl-apcu-5.1.9-1.w7.x86_64.rpm | 81 kB 00:00:00
(12/15): php71w-process-7.1.24-1.w7.x86_64.rpm | 39 kB 00:00:00
(13/15): php71w-pecl-apcu-devel-5.1.9-1.w7.x86_64.rpm | 22 kB 00:00:00
(14/15): php71w-xml-7.1.24-1.w7.x86_64.rpm | 127 kB 00:00:00
(15/15): php71w-devel-7.1.24-1.w7.x86_64.rpm | 2.6 MB 00:00:17
————————————————————————————————————————
Total 578 kB/s | 9.8 MB 00:00:17
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : php71w-common-7.1.24-1.w7.x86_64 1/15
Installing : php71w-cli-7.1.24-1.w7.x86_64 2/15
Installing : php71w-devel-7.1.24-1.w7.x86_64 3/15
Installing : php71w-xml-7.1.24-1.w7.x86_64 4/15
Installing : php71w-process-7.1.24-1.w7.x86_64 5/15
Installing : 1:php71w-pear-1.10.4-1.w7.noarch 6/15
Installing : php71w-pecl-apcu-5.1.9-1.w7.x86_64 7/15
Installing : libmcrypt-2.5.8-13.el7.x86_64 8/15
Installing : libtool-ltdl-2.4.2-22.el7_3.x86_64 9/15
Installing : php71w-mcrypt-7.1.24-1.w7.x86_64 10/15
Installing : php71w-pecl-apcu-devel-5.1.9-1.w7.x86_64 11/15
Installing : php71w-gd-7.1.24-1.w7.x86_64 12/15
Installing : php71w-fpm-7.1.24-1.w7.x86_64 13/15
Installing : php71w-mbstring-7.1.24-1.w7.x86_64 14/15
Installing : php71w-pdo-7.1.24-1.w7.x86_64 15/15
Verifying : php71w-cli-7.1.24-1.w7.x86_64 1/15
Verifying : php71w-gd-7.1.24-1.w7.x86_64 2/15
Verifying : php71w-xml-7.1.24-1.w7.x86_64 3/15
Verifying : php71w-devel-7.1.24-1.w7.x86_64 4/15
Verifying : php71w-mcrypt-7.1.24-1.w7.x86_64 5/15
Verifying : 1:php71w-pear-1.10.4-1.w7.noarch 6/15
Verifying : php71w-fpm-7.1.24-1.w7.x86_64 7/15
Verifying : php71w-mbstring-7.1.24-1.w7.x86_64 8/15
Verifying : libtool-ltdl-2.4.2-22.el7_3.x86_64 9/15
Verifying : php71w-common-7.1.24-1.w7.x86_64 10/15
Verifying : php71w-process-7.1.24-1.w7.x86_64 11/15
Verifying : php71w-pecl-apcu-5.1.9-1.w7.x86_64 12/15
Verifying : libmcrypt-2.5.8-13.el7.x86_64 13/15
Verifying : php71w-pecl-apcu-devel-5.1.9-1.w7.x86_64 14/15
Verifying : php71w-pdo-7.1.24-1.w7.x86_64 15/15

Installed:
php71w-cli.x86_64 0:7.1.24-1.w7 php71w-common.x86_64 0:7.1.24-1.w7 php71w-fpm.x86_64 0:7.1.24-1.w7
php71w-gd.x86_64 0:7.1.24-1.w7 php71w-mbstring.x86_64 0:7.1.24-1.w7 php71w-mcrypt.x86_64 0:7.1.24-1.w7
php71w-pdo.x86_64 0:7.1.24-1.w7 php71w-pear.noarch 1:1.10.4-1.w7 php71w-pecl-apcu.x86_64 0:5.1.9-1.w7
php71w-pecl-apcu-devel.x86_64 0:5.1.9-1.w7 php71w-xml.x86_64 0:7.1.24-1.w7

Dependency Installed:
libmcrypt.x86_64 0:2.5.8-13.el7 libtool-ltdl.x86_64 0:2.4.2-22.el7_3 php71w-devel.x86_64 0:7.1.24-1.w7
php71w-process.x86_64 0:7.1.24-1.w7

Complete!

还有一个php-mysql忘了装了，这里补上
[root@fencatn ~]# yum install -y php71w-mysql
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cqu.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
* webtatic: uk.repo.webtatic.com
Resolving Dependencies
–> Running transaction check
—> Package php71w-mysql.x86_64 0:7.1.24-1.w7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

==================================================================================================================================
Package Arch Version Repository Size
==================================================================================================================================
Installing:
php71w-mysql x86_64 7.1.24-1.w7 webtatic 82 k

Transaction Summary
==================================================================================================================================
Install 1 Package

Total download size: 82 k
Installed size: 347 k
Downloading packages:
php71w-mysql-7.1.24-1.w7.x86_64.rpm | 82 kB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : php71w-mysql-7.1.24-1.w7.x86_64 1/1
Verifying : php71w-mysql-7.1.24-1.w7.x86_64 1/1

Installed:
php71w-mysql.x86_64 0:7.1.24-1.w7

Complete!

检查并确认php版本号
[root@fencatn ~]# php -v
PHP 7.1.24 (cli) (built: Nov 11 2018 08:03:49) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2018 Zend Technologies

4、安装nginx（不建议源码安装，后期维护麻烦,LNMP版本更新很快）
[root@ftpserver ~]# yum install -y nginx
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cqu.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
–> Running transaction check
—> Package nginx.x86_64 1:1.12.2-2.el7 will be installed
–> Processing Dependency: nginx-filesystem = 1:1.12.2-2.el7 for package: 1:nginx-1.12.2-2.el7.x86_64
–> Processing Dependency: nginx-all-modules = 1:1.12.2-2.el7 for package: 1:nginx-1.12.2-2.el7.x86_64
–> Processing Dependency: nginx-filesystem for package: 1:nginx-1.12.2-2.el7.x86_64
–> Processing Dependency: libprofiler.so.0()(64bit) for package: 1:nginx-1.12.2-2.el7.x86_64
–> Running transaction check
—> Package gperftools-libs.x86_64 0:2.6.1-1.el7 will be installed
—> Package nginx-all-modules.noarch 1:1.12.2-2.el7 will be installed
–> Processing Dependency: nginx-mod-stream = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch
–> Processing Dependency: nginx-mod-mail = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch
–> Processing Dependency: nginx-mod-http-xslt-filter = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch
–> Processing Dependency: nginx-mod-http-perl = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch
–> Processing Dependency: nginx-mod-http-image-filter = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch
–> Processing Dependency: nginx-mod-http-geoip = 1:1.12.2-2.el7 for package: 1:nginx-all-modules-1.12.2-2.el7.noarch
—> Package nginx-filesystem.noarch 1:1.12.2-2.el7 will be installed
–> Running transaction check
—> Package nginx-mod-http-geoip.x86_64 1:1.12.2-2.el7 will be installed
—> Package nginx-mod-http-image-filter.x86_64 1:1.12.2-2.el7 will be installed
–> Processing Dependency: gd for package: 1:nginx-mod-http-image-filter-1.12.2-2.el7.x86_64
–> Processing Dependency: libgd.so.2()(64bit) for package: 1:nginx-mod-http-image-filter-1.12.2-2.el7.x86_64
—> Package nginx-mod-http-perl.x86_64 1:1.12.2-2.el7 will be installed
—> Package nginx-mod-http-xslt-filter.x86_64 1:1.12.2-2.el7 will be installed
—> Package nginx-mod-mail.x86_64 1:1.12.2-2.el7 will be installed
—> Package nginx-mod-stream.x86_64 1:1.12.2-2.el7 will be installed
–> Running transaction check
—> Package gd.x86_64 0:2.0.35-26.el7 will be installed
–> Processing Dependency: libpng15.so.15(PNG15_0)(64bit) for package: gd-2.0.35-26.el7.x86_64
–> Processing Dependency: libpng15.so.15()(64bit) for package: gd-2.0.35-26.el7.x86_64
–> Processing Dependency: libfontconfig.so.1()(64bit) for package: gd-2.0.35-26.el7.x86_64
–> Processing Dependency: libXpm.so.4()(64bit) for package: gd-2.0.35-26.el7.x86_64
–> Processing Dependency: libX11.so.6()(64bit) for package: gd-2.0.35-26.el7.x86_64
–> Running transaction check
—> Package fontconfig.x86_64 0:2.13.0-4.3.el7 will be installed
–> Processing Dependency: freetype >= 2.8-7 for package: fontconfig-2.13.0-4.3.el7.x86_64
–> Processing Dependency: fontpackages-filesystem for package: fontconfig-2.13.0-4.3.el7.x86_64
–> Processing Dependency: dejavu-sans-fonts for package: fontconfig-2.13.0-4.3.el7.x86_64
—> Package libX11.x86_64 0:1.6.5-2.el7 will be installed
–> Processing Dependency: libX11-common >= 1.6.5-2.el7 for package: libX11-1.6.5-2.el7.x86_64
–> Processing Dependency: libxcb.so.1()(64bit) for package: libX11-1.6.5-2.el7.x86_64
—> Package libXpm.x86_64 0:3.5.12-1.el7 will be installed
—> Package libpng.x86_64 2:1.5.13-7.el7_2 will be installed
–> Running transaction check
—> Package dejavu-sans-fonts.noarch 0:2.33-6.el7 will be installed
–> Processing Dependency: dejavu-fonts-common = 2.33-6.el7 for package: dejavu-sans-fonts-2.33-6.el7.noarch
—> Package fontpackages-filesystem.noarch 0:1.44-8.el7 will be installed
—> Package freetype.x86_64 0:2.4.11-15.el7 will be updated
—> Package freetype.x86_64 0:2.8-12.el7 will be an update
—> Package libX11-common.noarch 0:1.6.5-2.el7 will be installed
—> Package libxcb.x86_64 0:1.13-1.el7 will be installed
–> Processing Dependency: libXau.so.6()(64bit) for package: libxcb-1.13-1.el7.x86_64
–> Running transaction check
—> Package dejavu-fonts-common.noarch 0:2.33-6.el7 will be installed
—> Package libXau.x86_64 0:1.0.8-2.1.el7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository
Size
================================================================================
Installing:
nginx x86_64 1:1.12.2-2.el7 epel 530 k
Installing for dependencies:
dejavu-fonts-common noarch 2.33-6.el7 base 64 k
dejavu-sans-fonts noarch 2.33-6.el7 base 1.4 M
fontconfig x86_64 2.13.0-4.3.el7 base 254 k
fontpackages-filesystem noarch 1.44-8.el7 base 9.9 k
gd x86_64 2.0.35-26.el7 base 146 k
gperftools-libs x86_64 2.6.1-1.el7 base 272 k
libX11 x86_64 1.6.5-2.el7 base 606 k
libX11-common noarch 1.6.5-2.el7 base 164 k
libXau x86_64 1.0.8-2.1.el7 base 29 k
libXpm x86_64 3.5.12-1.el7 base 55 k
libpng x86_64 2:1.5.13-7.el7_2 base 213 k
libxcb x86_64 1.13-1.el7 base 214 k
nginx-all-modules noarch 1:1.12.2-2.el7 epel 16 k
nginx-filesystem noarch 1:1.12.2-2.el7 epel 17 k
nginx-mod-http-geoip x86_64 1:1.12.2-2.el7 epel 23 k
nginx-mod-http-image-filter x86_64 1:1.12.2-2.el7 epel 26 k
nginx-mod-http-perl x86_64 1:1.12.2-2.el7 epel 36 k
nginx-mod-http-xslt-filter x86_64 1:1.12.2-2.el7 epel 26 k
nginx-mod-mail x86_64 1:1.12.2-2.el7 epel 54 k
nginx-mod-stream x86_64 1:1.12.2-2.el7 epel 76 k
Updating for dependencies:
freetype x86_64 2.8-12.el7 base 380 k

Transaction Summary
================================================================================
Install 1 Package (+20 Dependent packages)
Upgrade ( 1 Dependent package)

Total download size: 4.6 M
Downloading packages:
Delta RP : nginx-mod-stream-1.12.2-2.el7.x86_64.rpm | 76 kB 00:00
——————————————————————————–
Total 2.7 MB/s | 4.6 MB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fontpackages-filesystem-1.44-8.el7.noarch 1/23
Installing : 2:libpng-1.5.13-7.el7_2.x86_64 2/23
Updating : freetype-2.8-12.el7.x86_64 3/23
Installing : dejavu-fonts-common-2.33-6.el7.noarch 4/23
Installing : dejavu-sans-fonts-2.33-6.el7.noarch 5/23
Installing : fontconfig-2.13.0-4.3.el7.x86_64 6/23
Installing : libX11-common-1.6.5-2.el7.noarch 7/23
Installing : gperftools-libs-2.6.1-1.el7.x86_64 8/23
Installing : libXau-1.0.8-2.1.el7.x86_64 9/23
Installing : libxcb-1.13-1.el7.x86_64 10/23
Installing : libX11-1.6.5-2.el7.x86_64 11/23
Installing : libXpm-3.5.12-1.el7.x86_64 12/23
Installing : gd-2.0.35-26.el7.x86_64 13/23
Installing : 1:nginx-filesystem-1.12.2-2.el7.noarch 14/23
Installing : 1:nginx-mod-http-xslt-filter-1.12.2-2.el7.x86_64 15/23
Installing : 1:nginx-mod-http-geoip-1.12.2-2.el7.x86_64 16/23
Installing : 1:nginx-mod-stream-1.12.2-2.el7.x86_64 17/23
Installing : 1:nginx-mod-mail-1.12.2-2.el7.x86_64 18/23
Installing : 1:nginx-mod-http-perl-1.12.2-2.el7.x86_64 19/23
Installing : 1:nginx-1.12.2-2.el7.x86_64 20/23
Installing : 1:nginx-mod-http-image-filter-1.12.2-2.el7.x86_64 21/23
Installing : 1:nginx-all-modules-1.12.2-2.el7.noarch 22/23
Cleanup : freetype-2.4.11-15.el7.x86_64 23/23
Verifying : fontconfig-2.13.0-4.3.el7.x86_64 1/23
Verifying : 1:nginx-mod-http-xslt-filter-1.12.2-2.el7.x86_64 2/23
Verifying : 1:nginx-mod-http-geoip-1.12.2-2.el7.x86_64 3/23
Verifying : 1:nginx-1.12.2-2.el7.x86_64 4/23
Verifying : 2:libpng-1.5.13-7.el7_2.x86_64 5/23
Verifying : fontpackages-filesystem-1.44-8.el7.noarch 6/23
Verifying : 1:nginx-mod-stream-1.12.2-2.el7.x86_64 7/23
Verifying : freetype-2.8-12.el7.x86_64 8/23
Verifying : dejavu-fonts-common-2.33-6.el7.noarch 9/23
Verifying : 1:nginx-all-modules-1.12.2-2.el7.noarch 10/23
Verifying : libxcb-1.13-1.el7.x86_64 11/23
Verifying : libXpm-3.5.12-1.el7.x86_64 12/23
Verifying : 1:nginx-filesystem-1.12.2-2.el7.noarch 13/23
Verifying : libX11-1.6.5-2.el7.x86_64 14/23
Verifying : dejavu-sans-fonts-2.33-6.el7.noarch 15/23
Verifying : 1:nginx-mod-mail-1.12.2-2.el7.x86_64 16/23
Verifying : gd-2.0.35-26.el7.x86_64 17/23
Verifying : libXau-1.0.8-2.1.el7.x86_64 18/23
Verifying : gperftools-libs-2.6.1-1.el7.x86_64 19/23
Verifying : libX11-common-1.6.5-2.el7.noarch 20/23
Verifying : 1:nginx-mod-http-perl-1.12.2-2.el7.x86_64 21/23
Verifying : 1:nginx-mod-http-image-filter-1.12.2-2.el7.x86_64 22/23
Verifying : freetype-2.4.11-15.el7.x86_64 23/23

Installed:
nginx.x86_64 1:1.12.2-2.el7

Dependency Installed:
dejavu-fonts-common.noarch 0:2.33-6.el7
dejavu-sans-fonts.noarch 0:2.33-6.el7
fontconfig.x86_64 0:2.13.0-4.3.el7
fontpackages-filesystem.noarch 0:1.44-8.el7
gd.x86_64 0:2.0.35-26.el7
gperftools-libs.x86_64 0:2.6.1-1.el7
libX11.x86_64 0:1.6.5-2.el7
libX11-common.noarch 0:1.6.5-2.el7
libXau.x86_64 0:1.0.8-2.1.el7
libXpm.x86_64 0:3.5.12-1.el7
libpng.x86_64 2:1.5.13-7.el7_2
libxcb.x86_64 0:1.13-1.el7
nginx-all-modules.noarch 1:1.12.2-2.el7
nginx-filesystem.noarch 1:1.12.2-2.el7
nginx-mod-http-geoip.x86_64 1:1.12.2-2.el7
nginx-mod-http-image-filter.x86_64 1:1.12.2-2.el7
nginx-mod-http-perl.x86_64 1:1.12.2-2.el7
nginx-mod-http-xslt-filter.x86_64 1:1.12.2-2.el7
nginx-mod-mail.x86_64 1:1.12.2-2.el7
nginx-mod-stream.x86_64 1:1.12.2-2.el7

Dependency Updated:
freetype.x86_64 0:2.8-12.el7

Complete!

5、配置php-fpm
修改用户名和组都为nginx
7 ; RPM: apache Choosed to be able to access some dir as httpd
8 user = nginx
9 ; RPM: Keep a group allowed to write in log dir.
10 group = nginx
确认监听端口为9000
22 listen = 127.0.0.1:9000
去掉注释
366 env[HOSTNAME] = $HOSTNAME
367 env[PATH] = /usr/local/bin:/usr/bin:/bin
368 env[TMP] = /tmp
369 env[TMPDIR] = /tmp
370 env[TEMP] = /tmp

6、配置session目录，并授权给nginx
[root@fencatn ~]# mkdir -p /var/lib/php/session
[root@fencatn ~]# chown nginx.nginx /var/lib/php/session/
[root@fencatn ~]# ll -d /var/lib/php/session/
drwxr-xr-x 2 nginx nginx 6 12月 7 21:54 /var/lib/php/session/

7、启动nginx和php-fpm服务，并设置为开机自启。
代码如下
[root@fencatn ~]# systemctl restart nginx
[root@fencatn ~]# systemctl restart php-fpm
[root@fencatn ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@fencatn ~]# systemctl enable php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.

二、配置数据库环境
1、安装mariadb和mariadb-server作为Nextcloud的数据库环境
[root@fencatn ~]# yum install -y mariadb mariadb-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cqu.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
* webtatic: uk.repo.webtatic.com
Resolving Dependencies
–> Running transaction check
—> Package mariadb.x86_64 1:5.5.60-1.el7_5 will be installed
–> Processing Dependency: mariadb-libs(x86-64) = 1:5.5.60-1.el7_5 for package: 1:mariadb-5.5.60-1.el7_5.x86_64
—> Package mariadb-server.x86_64 1:5.5.60-1.el7_5 will be installed
–> Processing Dependency: perl-DBI for package: 1:mariadb-server-5.5.60-1.el7_5.x86_64
–> Processing Dependency: perl-DBD-MySQL for package: 1:mariadb-server-5.5.60-1.el7_5.x86_64
–> Processing Dependency: perl(DBI) for package: 1:mariadb-server-5.5.60-1.el7_5.x86_64
–> Running transaction check
—> Package mariadb-libs.x86_64 1:5.5.56-2.el7 will be updated
—> Package mariadb-libs.x86_64 1:5.5.60-1.el7_5 will be an update
—> Package perl-DBD-MySQL.x86_64 0:4.023-6.el7 will be installed
—> Package perl-DBI.x86_64 0:1.627-4.el7 will be installed
–> Processing Dependency: perl(RPC::PlServer) >= 0.2001 for package: perl-DBI-1.627-4.el7.x86_64
–> Processing Dependency: perl(RPC::PlClient) >= 0.2000 for package: perl-DBI-1.627-4.el7.x86_64
–> Running transaction check
—> Package perl-PlRPC.noarch 0:0.2020-14.el7 will be installed
–> Processing Dependency: perl(Net::Daemon) >= 0.13 for package: perl-PlRPC-0.2020-14.el7.noarch
–> Processing Dependency: perl(Net::Daemon::Test) for package: perl-PlRPC-0.2020-14.el7.noarch
–> Processing Dependency: perl(Net::Daemon::Log) for package: perl-PlRPC-0.2020-14.el7.noarch
–> Processing Dependency: perl(Compress::Zlib) for package: perl-PlRPC-0.2020-14.el7.noarch
–> Running transaction check
—> Package perl-IO-Compress.noarch 0:2.061-2.el7 will be installed
–> Processing Dependency: perl(Compress::Raw::Zlib) >= 2.061 for package: perl-IO-Compress-2.061-2.el7.noarch
–> Processing Dependency: perl(Compress::Raw::Bzip2) >= 2.061 for package: perl-IO-Compress-2.061-2.el7.noarch
—> Package perl-Net-Daemon.noarch 0:0.48-5.el7 will be installed
–> Running transaction check
—> Package perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 will be installed
—> Package perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Installing:
mariadb x86_64 1:5.5.60-1.el7_5 base 8.9 M
mariadb-server x86_64 1:5.5.60-1.el7_5 base 11 M
Installing for dependencies:
perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 base 32 k
perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 base 57 k
perl-DBD-MySQL x86_64 4.023-6.el7 base 140 k
perl-DBI x86_64 1.627-4.el7 base 802 k
perl-IO-Compress noarch 2.061-2.el7 base 260 k
perl-Net-Daemon noarch 0.48-5.el7 base 51 k
perl-PlRPC noarch 0.2020-14.el7 base 36 k
Updating for dependencies:
mariadb-libs x86_64 1:5.5.60-1.el7_5 base 758 k

Transaction Summary
========================================================================================================================
Install 2 Packages (+7 Dependent packages)
Upgrade ( 1 Dependent package)

Total download size: 22 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/10): mariadb-libs-5.5.60-1.el7_5.x86_64.rpm | 758 kB 00:00:00
(2/10): mariadb-5.5.60-1.el7_5.x86_64.rpm | 8.9 MB 00:00:01
(3/10): perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64.rpm | 32 kB 00:00:00
(4/10): perl-Compress-Raw-Zlib-2.061-4.el7.x86_64.rpm | 57 kB 00:00:00
(5/10): perl-DBD-MySQL-4.023-6.el7.x86_64.rpm | 140 kB 00:00:00
(6/10): perl-DBI-1.627-4.el7.x86_64.rpm | 802 kB 00:00:00
(7/10): perl-IO-Compress-2.061-2.el7.noarch.rpm | 260 kB 00:00:00
(8/10): perl-Net-Daemon-0.48-5.el7.noarch.rpm | 51 kB 00:00:00
(9/10): perl-PlRPC-0.2020-14.el7.noarch.rpm | 36 kB 00:00:00
(10/10): mariadb-server-5.5.60-1.el7_5.x86_64.rpm | 11 MB 00:00:02
————————————————————————————————————————
Total 6.8 MB/s | 22 MB 00:00:03
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : 1:mariadb-libs-5.5.60-1.el7_5.x86_64 1/11
Installing : 1:mariadb-5.5.60-1.el7_5.x86_64 2/11
Installing : 1:perl-Compress-Raw-Zlib-2.061-4.el7.x86_64 3/11
Installing : perl-Net-Daemon-0.48-5.el7.noarch 4/11
Installing : perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64 5/11
Installing : perl-IO-Compress-2.061-2.el7.noarch 6/11
Installing : perl-PlRPC-0.2020-14.el7.noarch 7/11
Installing : perl-DBI-1.627-4.el7.x86_64 8/11
Installing : perl-DBD-MySQL-4.023-6.el7.x86_64 9/11
Installing : 1:mariadb-server-5.5.60-1.el7_5.x86_64 10/11
Cleanup : 1:mariadb-libs-5.5.56-2.el7.x86_64 11/11
Verifying : 1:mariadb-server-5.5.60-1.el7_5.x86_64 1/11
Verifying : perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64 2/11
Verifying : perl-Net-Daemon-0.48-5.el7.noarch 3/11
Verifying : perl-DBD-MySQL-4.023-6.el7.x86_64 4/11
Verifying : 1:mariadb-libs-5.5.60-1.el7_5.x86_64 5/11
Verifying : 1:perl-Compress-Raw-Zlib-2.061-4.el7.x86_64 6/11
Verifying : 1:mariadb-5.5.60-1.el7_5.x86_64 7/11
Verifying : perl-DBI-1.627-4.el7.x86_64 8/11
Verifying : perl-IO-Compress-2.061-2.el7.noarch 9/11
Verifying : perl-PlRPC-0.2020-14.el7.noarch 10/11
Verifying : 1:mariadb-libs-5.5.56-2.el7.x86_64 11/11

Installed:
mariadb.x86_64 1:5.5.60-1.el7_5 mariadb-server.x86_64 1:5.5.60-1.el7_5

Dependency Installed:
perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7
perl-DBD-MySQL.x86_64 0:4.023-6.el7 perl-DBI.x86_64 0:1.627-4.el7
perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7
perl-PlRPC.noarch 0:0.2020-14.el7

Dependency Updated:
mariadb-libs.x86_64 1:5.5.60-1.el7_5

Complete!

2、重启mariadb，并设置为开机自启
[root@fencatn ~]# systemctl restart mariadb
[root@fencatn ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.

3、初始化mariadb的安装
[root@fencatn ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we’ll need the current
password for the root user. If you’ve just installed MariaDB, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

输入当前root用户密码，默认是空，直接按回车
Enter current password for root (enter for none):
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

是否设置root密码，默认回车，选择是
Set root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

是否删除匿名用户，默认回车，选择是
Remove anonymous users? [Y/n]
… Success!

Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.

是否禁止root远程登录，默认回车，选择是（看你自己的实际需求）
Disallow root login remotely? [Y/n]
… Success!

By default, MariaDB comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

是否删除测试数据库，默认回车，选择是
Remove test database and access to it? [Y/n]
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

是否重新加载用户权限表，默认回车，选择是
Reload privilege tables now? [Y/n]
… Success!

Cleaning up…

All done! If you’ve completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

4、进入数据库，为nextcloud配置相应的库和帐号
[root@fencatn ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.60-MariaDB MariaDB Server

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> create database nextcloud_fencatn;
Query OK, 1 row affected (0.00 sec)

我设置的库名叫nextcloud_fencatn，用户叫fencatn，密码是fencatn2018，你可以根据自己的需求设置
MariaDB [(none)]> grant all privileges on nextcloud_fencatn.* to fencatn@localhost identified by “fencatn2018”;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

三、生成自签名证书（因为nextcloud客户端强制要求HTTPS链接），你也可以自己购买商业证书
[root@fencatn ~]# mkdir -p /etc/nginx/cert
[root@fencatn ~]# cd /etc/nginx/cert
[root@fencatn cert]# pwd
/etc/nginx/cert
[root@fencatn cert]# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/nextcloud.crt -keyout /etc/nginx/cert/nextcloud.key
Generating a 2048 bit RSA private key
………………………………………………………………………………………………………………….+++
………………………….+++
writing new private key to ‘/etc/nginx/cert/nextcloud.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
国家
Country Name (2 letter code) [XX]:cn
省份
State or Province Name (full name) []:fencatn
地区
Locality Name (eg, city) [Default City]:fencatn
公司
Organization Name (eg, company) [Default Company Ltd]:fencatn
部门
Organizational Unit Name (eg, section) []:fencatn
CA主机
Common Name (eg, your name or your server’s hostname) []:fencatn
邮箱
Email Address []:[email protected]
证书授权为600,目录给700
[root@fencatn cert]# chmod 700 /etc/nginx/cert
[root@fencatn cert]# chmod 600 /etc/nginx/cert/*
[root@fencatn cert]# ll /etc/nginx/cert/*
-rw——- 1 root root 1419 12月 7 22:12 /etc/nginx/cert/nextcloud.crt
-rw——- 1 root root 1704 12月 7 22:12 /etc/nginx/cert/nextcloud.key
[root@fencatn cert]# ll -d /etc/nginx/cert/
drwx—— 2 root root 48 12月 7 22:12 /etc/nginx/cert/

四、下载安装Nextcloud
（到我写这个教程的时候，Nextcloud官网被墙了，很难打开，不管你怎么下载的，你自己想办法吧）
1、先安装下载、解压程序
[root@fencatn ~]# yum -y install wget unzip
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cqu.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
* webtatic: uk.repo.webtatic.com
Resolving Dependencies
–> Running transaction check
—> Package unzip.x86_64 0:6.0-16.el7 will be updated
—> Package unzip.x86_64 0:6.0-19.el7 will be an update
—> Package wget.x86_64 0:1.14-18.el7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Installing:
wget x86_64 1.14-18.el7 base 547 k
Updating:
unzip x86_64 6.0-19.el7 base 170 k

Transaction Summary
========================================================================================================================
Install 1 Package
Upgrade 1 Package

Total download size: 717 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): unzip-6.0-19.el7.x86_64.rpm | 170 kB 00:00:00
(2/2): wget-1.14-18.el7.x86_64.rpm | 547 kB 00:00:01
————————————————————————————————————————
Total 409 kB/s | 717 kB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : wget-1.14-18.el7.x86_64 1/3
Updating : unzip-6.0-19.el7.x86_64 2/3
Cleanup : unzip-6.0-16.el7.x86_64 3/3
Verifying : unzip-6.0-19.el7.x86_64 1/3
Verifying : wget-1.14-18.el7.x86_64 2/3
Verifying : unzip-6.0-16.el7.x86_64 3/3

Installed:
wget.x86_64 0:1.14-18.el7

Updated:
unzip.x86_64 0:6.0-19.el7

Complete!

2、下载Nextcloud，我这里已经下载好了，你自己想办法吧
[root@fencatn ~]# cd /usr/local/src/
[root@fencatn src]# ll
total 65120
-rw-r–r– 1 root root 66680842 12月 8 01:51 nextcloud-14.0.4.zip

3、解压下载好的压缩包，并移动到web服务器目录
[root@fencatn src]# unzip nextcloud-14.0.4.zip
[root@fencatn src]# ls
nextcloud nextcloud-14.0.4.zip
[root@fencatn src]# mv nextcloud /usr/share/nginx/
[root@fencatn src]# ls /usr/share/nginx/
html modules nextcloud

4、进入nginx的web目录，并创建nextcloud的data目录，并把整个文件夹的用户和组都授权为nginx
（注意，我这里是把单独的一块硬盘挂在到data目录，你可以根据自己的实际需求来做）
[root@fencatn src]# cd /usr/share/nginx/
[root@fencatn html]# pwd
/usr/share/nginx
[root@fencatn html]# mkdir -p nextcloud/data/

我本机另外添加了一块sdb来做data目录
[root@fencatn html]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 465.8G 0 disk
├─sda1 8:1 0 10G 0 part /boot/efi
├─sda2 8:2 0 10G 0 part /boot
└─sda3 8:3 0 445.8G 0 part
├─centos-root 253:0 0 100G 0 lvm /
├─centos-swap 253:1 0 16G 0 lvm [SWAP]
└─centos-var 253:2 0 329.8G 0 lvm /var
sdb 8:16 0 465.8G 0 disk
└─sdb1 8:17 0 465.8G 0 part
挂载sdb1到/usr/share/nginx/html/nextcloud/data/
[root@fencatn html]# mount /dev/sdb1 /usr/share/nginx/nextcloud/data/
[root@fencatn html]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 100G 76G 25G 76% /
devtmpfs 1.8G 0 1.8G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 17M 1.8G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/sda2 10G 135M 9.9G 2% /boot
/dev/sda1 10G 9.8M 10G 1% /boot/efi
/dev/mapper/centos-var 330G 63G 268G 19% /var
tmpfs 370M 0 370M 0% /run/user/0
/dev/sdb1 466G 33M 466G 1% /usr/share/nginx/nextcloud/data
写入开机fstab
[root@fencatn html]# tail /etc/fstab
#
# Accessible filesystems, by reference, are maintained under ‘/dev/disk’
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=1ebba211-2749-4e5c-b9e2-73dd329e8594 /boot xfs defaults 0 0
UUID=19C4-024D /boot/efi vfat umask=0077,shortname=winnt 0 0
/dev/mapper/centos-var /var xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
/dev/sdb1 /usr/share/nginx/nextcloud/data/ xfs defaults 0 0

授权web目录所属用户和组都为nginx
[root@fencatn html]# chown -R nginx.nginx /usr/share/nginx/nextcloud/
[root@fencatn html]# ll -d /usr/share/nginxnextcloud/
drwxr-xr-x 15 nginx nginx 4096 12月 8 01:57 /usr/share/nginx/nextcloud/

五、配置nginx虚拟主机
到nginx配置目录，新建一个虚拟主机配置文件
（我把官网的配置文件拖过来了，你可以参看这个网站的nextcloud目录）
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}

server {
listen 80;
server_name 你自己的域名;
# enforce https
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name 你自己的域名;

ssl_certificate /etc/nginx/cert/nextcloud.crt;
ssl_certificate_key /etc/nginx/cert/nextcloud.key;

# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security “max-age=15768000;
includeSubDomains; preload;”;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options “SAMEORIGIN”;
add_header X-XSS-Protection “1; mode=block”;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

# Path to the root of your installation
root /usr/share/nginx/nextcloud/;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you’re planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;

location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location / {
rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control “public, max-age=7200”;
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security “max-age=15768000;includeSubDomains; preload;”;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options “SAMEORIGIN”;
add_header X-XSS-Protection “1; mode=block”;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don’t log access to assets
access_log off;
}

location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don’t log access to other assets
access_log off;
}
}

完成以后，测试一下配置文件，一切正常就可以重启nginx服务了
[root@fencatn conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@fencatn conf.d]# systemctl restart nginx

六、更改firewalld和selinux
我已经关了这两个玩意，你非要开的话自己找个官方文档改一下
[root@fencatn ~]# systemctl stop firewalld
[root@fencatn ~]# systemctl disable firewalld
[root@fencatn ~]# setenforce 0
[root@fencatn ~]# getenforce
disable
[root@fencatn ~]# cat /etc/sysconfig/selinux
……
SELINUX=disabled

如果打开了防火墙，则需要设置Firewalld和SELinux
首先需要安装SElinux管理工具policycoreutils-python
[root@fencatn ~]# yum -y install policycoreutils-python

接着设置SELinux
[root@fencatn ~]# semanage fcontext -a -t httpd_sys_rw_content_t ‘/usr/share/nginx/html/nextcloud/data(/.*)?’
[root@fencatn ~]# semanage fcontext -a -t httpd_sys_rw_content_t ‘/usr/share/nginx/html/nextcloud/config(/.*)?’
[root@fencatn ~]# semanage fcontext -a -t httpd_sys_rw_content_t ‘/usr/share/nginx/html/nextcloud/apps(/.*)?’
[root@fencatn ~]# semanage fcontext -a -t httpd_sys_rw_content_t ‘/usr/share/nginx/html/nextcloud/assets(/.*)?’
[root@fencatn ~]# semanage fcontext -a -t httpd_sys_rw_content_t ‘/usr/share/nginx/html/nextcloud/.htaccess’
[root@fencatn ~]# semanage fcontext -a -t httpd_sys_rw_content_t ‘/usr/share/nginx/html/nextcloud/.user.ini’
[root@fencatn ~]# restorecon -Rv ‘/usr/share/nginx/html/nextcloud/’

接下来设置Firewlld防火墙，为Nextcloud开放http和https两个端口
[root@fencatn ~]# systemctl start firewalld
[root@fencatn ~]# systemctl enable firewalld
[root@fencatn ~]# firewall-cmd –permanent –add-service=http
[root@fencatn ~]# firewall-cmd –permanent –add-service=https
[root@fencatn ~]# firewall-cmd –reload

七、安装Nextcloud
访问你的域名，我这里是局域网，直接 http://我的ip
（如果你只能用SQLite，那就是你的php-mysql没装成功，重新装一下）
设置管理员和密码，就可以了。

八、调优和使用
这篇文章已经够长了，我另外写了一篇，请参照另一篇文章。

发表在 Nextcloud | 标签为 nextcloud | 留下评论

NextCloud(CentOS7)官方安装手册

发表于2018年12月8日由wooder

来源于https://docs.nextcloud.com/server/14/admin_manual/installation/source_installation.html#

Installation on Linux

If there are no packages for your Linux distribution, you have the option to install Snap Packages. See Installing via Snap packages

In case you prefer installing from the source tarball, you can setup Nextcloud from scratch using a classic LAMP stack (Linux, Apache, MySQL/MariaDB, PHP). This document provides a complete walk-through for installing Nextcloud on Ubuntu 16.04 LTS Server with Apache and MariaDB, using the Nextcloud .tar archive.

Note

Admins of SELinux-enabled distributions such as CentOS, Fedora, and Red Hat Enterprise Linux may need to set new rules to enable installing Nextcloud. See SELinux configuration tips for a suggested configuration.

Installing on Windows (virtual machine)

If you are using Windows, the easiest way to get Nextcloud up and running is using a virtual machine (VM). There are two options:

Enterprise/SME appliance

Nextcloud GmbH maintains a free appliance built on the Univention Corporate Server (UCS) with easy graphical setup and web-based administration. It includes user management via LDAP, can replace an existing Active Directory setup and has optional ONLYOFFICE and Collabora Online integration, with many more applications available for easy and quick install.

It can be installed on hardware or ran in a virtual machine using VirtualBox, VMWare (ESX) and KVM images.

Download the the Appliance here:

Univention Corporate Server (UCS)

Home User/SME appliance

The Nextcloud VM is maintained by T&M Hansson IT and several different versions are offered. Collabora, OnlyOffice, Full Text Search and other apps can easily be installed with the included scripts which you can choose to run during the first setup, or download them later and run it afterwards. You can find all the currently available automated app installations on GitHub.

The VM is made with VMware version 10 and it comes in different sizes and versions:

40 GB (Hyper-V)
500 GB (VMware & VirtualBox)
1 TB (VMware & VirtualBox)
2 TB (VMware & VirtualBox)

You can find all the different version here.

For complete instructions and downloads see:

Note

You can install the VM on several different operating systems as long as you can mount OVA, VMDK, or VHD/VHDX VM in your hypervisor. If you are using KVM then you need to install the VM from the scripts on Github. You can follow the instructions in the README.

Installing via Snap packages

A snap is a zip file containing an application together with its dependencies, and a description of how it should safely be run on your system, especially the different ways it should talk to other software. Most importantly snaps are designed to be secure, sandboxed, containerized applications isolated from the underlying system and from other applications.

To install the Nextcloud Snap Package, run the following command in a terminal:

sudo snap install nextcloud

Note

The snapd technology is the core that powers snaps, and it offers a new way to package, distribute, update and run OS components and applications on a Linux system. See more about snaps on snapcraft.io.

Prerequisites for manual installation

The Nextcloud .tar archive contains all of the required PHP modules. This section lists all required and optional PHP modules. Consult the PHP manual for more information on modules. Your Linux distribution should have packages for all required modules. You can check the presence of a module by typing php -m | grep -i <module_name>. If you get a result, the module is present.

Required:

PHP (>= 7.0, 7.1 or 7.2)
PHP module ctype
PHP module curl
PHP module dom
PHP module GD
PHP module iconv
PHP module JSON
PHP module libxml (Linux package libxml2 must be >=2.7.0)
PHP module mbstring
PHP module openssl
PHP module posix
PHP module session
PHP module SimpleXML
PHP module XMLReader
PHP module XMLWriter
PHP module zip
PHP module zlib

Database connectors (pick the one for your database:)

PHP module pdo_sqlite (>= 3, usually not recommended for performance reasons)
PHP module pdo_mysql (MySQL/MariaDB)
PHP module pdo_pgsql (requires PostgreSQL >= 9.0)

Recommended packages:

PHP module fileinfo (highly recommended, enhances file analysis performance)
PHP module bz2 (recommended, required for extraction of apps)
PHP module intl (increases language translation performance and fixes sorting of non-ASCII characters)

Required for specific apps:

PHP module ldap (for LDAP integration)
PHP module smbclient (SMB/CIFS integration, see SMB/CIFS)
PHP module ftp (for FTP storage / external user authentication)
PHP module imap (for external user authentication)

Recommended for specific apps (optional):

PHP module exif (for image rotation in pictures app)
PHP module gmp (for SFTP storage)

For enhanced server performance (optional) select one of the following memcaches:

PHP module apcu (>= 4.0.6)
PHP module memcached
PHP module redis (>= 2.2.6, required for Transactional File Locking)

See Configuring memory caching to learn how to select and configure a memcache.

For preview generation (optional):

PHP module imagick
avconv or ffmpeg
OpenOffice or LibreOffice

For command line processing (optional):

PHP module pcntl (enables command interruption by pressing ctrl-c)

You don’t need the WebDAV module for your Web server (i.e. Apache’s mod_webdav), as Nextcloud has a built-in WebDAV server of its own, SabreDAV. If mod_webdav is enabled you must disable it for Nextcloud. (See Apache Web server configuration for an example configuration.)

Example installation on Ubuntu 16.04 LTS server

On a machine running a pristine Ubuntu 16.04 LTS server, you have two options:

You can either install the Nextcloud Snap Package, just run the following command in a terminal:

sudo snap install nextcloud

Or you can use .deb packages to install the required and recommended modules for a typical Nextcloud installation, using Apache and MariaDB, by issuing the following commands in a terminal:

apt-get install apache2 mariadb-server libapache2-mod-php7.0
apt-get install php7.0-gd php7.0-json php7.0-mysql php7.0-curl php7.0-mbstring
apt-get install php7.0-intl php7.0-mcrypt php-imagick php7.0-xml php7.0-zip

This installs the packages for the Nextcloud core system. libapache2-mod-php7.0 provides the following PHP extensions: bcmath bz2 calendar Core ctype date dba dom ereg exif fileinfo filter ftp gettext hash iconv libxml mhash openssl pcre Phar posix Reflection session shmop SimpleXML soap sockets SPL standard sysvmsg sysvsem sysvshm tokenizer wddx xmlreader xmlwriter zlib. If you are planning on running additional apps, keep in mind that they might require additional packages. See Prerequisites for manual installation for details.
At the installation of the MySQL/MariaDB server, you will be prompted to create a root password. Be sure to remember your password as you will need it during Nextcloud database setup.

Now download the archive of the latest Nextcloud version:

Go to the Nextcloud Download Page.
Go to Download Nextcloud Server > Download > Archive file for server owners and download either the tar.bz2 or .zip archive.
This downloads a file named nextcloud-x.y.z.tar.bz2 or nextcloud-x.y.z.zip (where x.y.z is the version number).
Download its corresponding checksum file, e.g. nextcloud-x.y.z.tar.bz2.md5, or nextcloud-x.y.z.tar.bz2.sha256.

Verify the MD5 or SHA256 sum:

md5sum -c nextcloud-x.y.z.tar.bz2.md5 < nextcloud-x.y.z.tar.bz2
sha256sum -c nextcloud-x.y.z.tar.bz2.sha256 < nextcloud-x.y.z.tar.bz2
md5sum  -c nextcloud-x.y.z.zip.md5 < nextcloud-x.y.z.zip
sha256sum  -c nextcloud-x.y.z.zip.sha256 < nextcloud-x.y.z.zip

You may also verify the PGP signature:

wget https://download.nextcloud.com/server/releases/nextcloud-x.y.z.tar.bz2.asc
wget https://nextcloud.com/nextcloud.asc
gpg --import nextcloud.asc
gpg --verify nextcloud-x.y.z.tar.bz2.asc nextcloud-x.y.z.tar.bz2

Now you can extract the archive contents. Run the appropriate unpacking command for your archive type:
```
tar -xjf nextcloud-x.y.z.tar.bz2
unzip nextcloud-x.y.z.zip
```
This unpacks to a single nextcloud directory. Copy the Nextcloud directory to its final destination. When you are running the Apache HTTP server you may safely install Nextcloud in your Apache document root:
```
cp -r nextcloud /path/to/webserver/document-root
```
where /path/to/webserver/document-root is replaced by the document root of your Web server:
```
cp -r nextcloud /var/www
```

On other HTTP servers it is recommended to install Nextcloud outside of the document root.

Example installation on CentOS 7 server

In this install tutorial we will be deploying CentOS 7.5, PHP 7.2, MariaDB, Redis as memcache and Nextcloud running on Apache.

Start off by installing a CentOS 7 minimal install. This should provide a sufficient platform to run a successful Nextcloud instance.

First install some dependencies you will be needing during installation, but which will also be useful in every day use situations:

yum install -y epel-release yum-utils unzip curl wget \
bash-completion policycoreutils-python mlocate bzip2

Now make sure your system is up to date:

yum update -y

Apache:

yum install -y httpd

Create a virtualhost file and add the following content to it:

vi /etc/httpd/conf.d/nextcloud.conf

<VirtualHost *:80>
  DocumentRoot /var/www/html/
  ServerName  your.server.com

<Directory "/var/www/html/">
  Require all granted
  AllowOverride All
  Options FollowSymLinks MultiViews
</Directory>
</VirtualHost>

Make sure the apache web service is enabled and started:

systemctl enable httpd.service
systemctl start httpd.service

PHP:

Next install the PHP modules needed for this install. Remember, because this is a limited basic install, we only install the neccessary modules, not all of them. If you are making a more complete install, please refer to PHP module list at the top of this page.:

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

yum install -y php72w php72w-cli php72w-common php72w-curl php72w-gd \
php72w-mbstring php72w-mysqlnd php72w-process php72w-xml php72w-zip \
php72w-opcache php72w-pecl-apcu php72w-intl php72w-pecl-redis

Database

As mentioned, we will be using MySQL/MariaDB as our database.:

yum install -y mariadb mariadb-server

Make sure the database service is enabled to start at boot time.:

systemctl enable mariadb.service
systemctl start mariadb.service

There is already an extensive document on database configuration which you can find here: ..admin_manual/configuration_server/automatic_configuration.rst Please follow all instructions there and then head back here.

Installing Nextcloud

Nearly there, so keep at it, you are doing great!

Now download the archive of the latest Nextcloud version:

Go to the Nextcloud Download Page.
Go to Download Nextcloud Server > Download > Archive file for server owners and download either the tar.bz2 or .zip archive.
This downloads a file named nextcloud-x.y.z.tar.bz2 or nextcloud-x.y.z.zip (where x.y.z is the version number).
Download its corresponding checksum file, e.g. nextcloud-x.y.z.tar.bz2.md5, or nextcloud-x.y.z.tar.bz2.sha256.

Verify the MD5 or SHA256 sum:

md5sum -c nextcloud-x.y.z.tar.bz2.md5 < nextcloud-x.y.z.tar.bz2
sha256sum -c nextcloud-x.y.z.tar.bz2.sha256 < nextcloud-x.y.z.tar.bz2
md5sum  -c nextcloud-x.y.z.zip.md5 < nextcloud-x.y.z.zip
sha256sum  -c nextcloud-x.y.z.zip.sha256 < nextcloud-x.y.z.zip

You may also verify the PGP signature:

wget https://download.nextcloud.com/server/releases/nextcloud-x.y.z.tar.bz2.asc
wget https://nextcloud.com/nextcloud.asc
gpg --import nextcloud.asc
gpg --verify nextcloud-x.y.z.tar.bz2.asc nextcloud-x.y.z.tar.bz2

For the sake of the walk-through, we grabbed the latest version of Nextcloud in the form a zip file, confirmed the download with the above-mentioned command, and now we will extract it:

unzip nextcloud-*.zip

Copy the content over to the root directory of your webserver. In our case, we are using apache so it will be /var/www/html/:

cp -R nextcloud/ /var/www/html/

During the install process, no data folder is created, so we will create one manually to help with the installation wizard:

mkdir /var/www/html/nextcloud/data

Make sure that apache has read and write access to the whole nextcloud folder:

chown -R apache.apache /var/www/html/nextcloud

Restart apache:

systemctl restart httpd.service

Create a firewall rule for access to apache:

firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reload

Redis:

yum install -y redis
systemctl enable redis.service
systemctl start redis.service

SELinux

Again, there is an extensive write-up done on SELinux which can be found at SELinux configuration, so if you are using SELinux in Enforcing mode, please run the commands suggested on that page. The following commands only refers to this tutorial:

semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'

restorecon -R '/var/www/html/nextcloud/'

setsebool -P httpd_can_network_connect on

If you need more SELinux configs, refer to the above-mentioned URL, return to this tutorial.

Once done with with SELinux, please head over to http://your.server.com/nextcloud and follow the steps as found Installation wizard, where it will explain to you exactly how to proceed with the final part of the install, which is done as admin user through your web browser.

Note

If you use this tutorial, and you see warnings in the web browser after installation about OPcache not being enabled or configured correctly, you need to make the suggested changes in /etc/php.d/opcache.ini for the errors to disappear. These warnings will be on the Admin page, under Basic settings.

Because we used Redis as a memcache, you will need a config similar to the following example in /var/www/html/nextcloud/config/config.php which is auto-generated when you run the online installation wizard mentioned earlier.

Example config:

'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'memcache.local' => '\OC\Memcache\APCu',
'redis' => array(
  'host' => 'localhost',
  'port' => 6379,
    ),

Remember, this tutorial is only for a basic setup of Nextcloud on CentOS 7, with PHP 7.2. If you are going to use more features like LDAP or Single Sign On, you will need additional PHP modules as well as extra configurations. So please visit the rest of the Admin manual, ..admin_manual/index.rst, for detailed descriptions on how to get this done.

Apache Web server configuration

On Debian, Ubuntu, and their derivatives, Apache installs with a useful configuration so all you have to do is create a /etc/apache2/sites-available/nextcloud.conf file with these lines in it, replacing the Directory and other filepaths with your own filepaths:

Alias /nextcloud "/var/www/nextcloud/"

<Directory /var/www/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud

</Directory>

Then enable the newly created site:

a2ensite nextcloud.conf

Additional Apache configurations

For Nextcloud to work correctly, we need the module mod_rewrite. Enable it by running:
```
a2enmod rewrite
```
Additional recommended modules are mod_headers, mod_env, mod_dir and mod_mime:
```
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mime
```
If you’re running mod_fcgi instead of the standard mod_php also enable:
```
a2enmod setenvif
```
You must disable any server-configured authentication for Nextcloud, as it uses Basic authentication internally for DAV services. If you have turned on authentication on a parent folder (via e.g. an AuthType Basic directive), you can turn off the authentication specifically for the Nextcloud entry. Following the above example configuration file, add the following line in the <Directory> section:
```
Satisfy Any
```
When using SSL, take special note of the ServerName. You should specify one in the server configuration, as well as in the CommonName field of the certificate. If you want your Nextcloud to be reachable via the internet, then set both of these to the domain you want to reach your Nextcloud server.
Now restart Apache:
```
service apache2 restart
```
If you’re running Nextcloud in a subdirectory and want to use CalDAV or CardDAV clients make sure you have configured the correct Service discovery URLs.

Pretty URLs

Pretty URLs remove the index.php-part in all Nextcloud URLs, for example in sharing links like https://example.org/nextcloud/index.php/s/Sv1b7krAUqmF8QQ, making URLs shorter and thus prettier.

mod_env and mod_rewrite must be installed on your webserver and the .htaccess must be writable by the HTTP user. Then you can set in the config.php two variables:

'overwrite.cli.url' => 'https://example.org/nextcloud',
'htaccess.RewriteBase' => '/nextcloud',

if your setup is available on https://example.org/nextcloud or:

'overwrite.cli.url' => 'https://example.org/',
'htaccess.RewriteBase' => '/',

if it isn’t installed in a subfolder. Finally run this occ-command to update your .htaccess file:

sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess

After each update, these changes are automatically applied to the .htaccess-file.

Enabling SSL

Note

You can use Nextcloud over plain HTTP, but we strongly encourage you to use SSL/TLS to encrypt all of your server traffic, and to protect user’s logins and data in transit.

Apache installed under Ubuntu comes already set-up with a simple self-signed certificate. All you have to do is to enable the ssl module and the default site. Open a terminal and run:

a2enmod ssl
a2ensite default-ssl
service apache2 reload

Note

Self-signed certificates have their drawbacks – especially when you plan to make your Nextcloud server publicly accessible. You might want to consider getting a certificate signed by a commercial signing authority. Check with your domain name registrar or hosting service for good deals on commercial certificates.

Installation wizard

After restarting Apache you must complete your installation by running either the graphical Installation Wizard, or on the command line with the occ command. To enable this, change the ownership on your Nextcloud directories to your HTTP user:

chown -R www-data:www-data /var/www/nextcloud/

Note

Admins of SELinux-enabled distributions may need to write new SELinux rules to complete their Nextcloud installation; see SELinux configuration tips.

To use occ see Installing from command line.

To use the graphical Installation Wizard see Installation wizard.

SELinux configuration tips

See SELinux configuration for a suggested configuration for SELinux-enabled distributions such as Fedora and CentOS.

php.ini configuration notes

Keep in mind that changes to php.ini may have to be configured on more than one ini file. This can be the case, for example, for the date.timezone setting.

php.ini – used by the Web server:

  /etc/php5/apache2/php.ini
or
  /etc/php5/fpm/php.ini
or ...

php.ini – used by the php-cli and so by Nextcloud CRON jobs:

/etc/php5/cli/php.ini

php-fpm configuration notes

System environment variables

When you are using php-fpm, system environment variables like PATH, TMP or others are not automatically populated in the same way as when using php-cli. A PHP call like getenv('PATH');can therefore return an empty result. So you may need to manually configure environment variables in the appropropriate php-fpm ini/config file.

Here are some example root paths for these ini/config files:

Ubuntu/Mint	CentOS/Red Hat/Fedora
`/etc/php5/fpm/` or `/etc/php/7.0/fpm/`	`/etc/php-fpm.d/`

In both examples, the ini/config file is called www.conf, and depending on the distro version or customizations you have made, it may be in a subdirectory such as pool.d.

Usually, you will find some or all of the environment variables already in the file, but commented out like this:

;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

Uncomment the appropriate existing entries. Then run printenv PATH to confirm your paths, for example:

$ printenv PATH
/home/user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:
/sbin:/bin:/

If any of your system environment variables are not present in the file then you must add them.

Alternatively it is possible to use the environemt variables of your system by modifying

/etc/php/7.0/fpm/pool.d/www.conf

and uncommenting the line

clear_env = no

When you are using shared hosting or a control panel to manage your Nextcloud VM or server, the configuration files are almost certain to be located somewhere else, for security and flexibility reasons, so check your documentation for the correct locations.

Please keep in mind that it is possible to create different settings for php-cli and php-fpm, and for different domains and Web sites. The best way to check your settings is with PHP version and information.

Maximum upload size

If you want to increase the maximum upload size, you will also have to modify your php-fpmconfiguration and increase the upload_max_filesize and post_max_size values. You will need to restart php5-fpm and your HTTP server in order for these changes to be applied.

.htaccess notes for Apache

Nextcloud comes with its own nextcloud/.htaccess file. Because php-fpm can’t read PHP settings in .htaccess these settings and permissions must be set in the nextcloud/.user.ini file.

发表在 Nextcloud | 标签为 nextcloud | 留下评论

NextCloud(Nginx)官方配置文件

发表于2018年12月8日由felter

来源于https://docs.nextcloud.com/server/14/admin_manual/installation/nginx.html

Nginx configuration

This page covers example Nginx configurations to use with running an Nextcloud server. This page is community-maintained. (Thank you, contributors!)

You need to insert the following code into your Nginx configuration file.
Adjust server_name, root, ssl_certificate and ssl_certificate_key to suit your needs.
Make sure your SSL certificates are readable by the server (see nginx HTTP SSL Module documentation).
add_header statements are only taken from the current level and are not cascaded from or to a different level. All necessary add_header statements must be defined in each level needed. For better readability it is possible to move common add header statements into a separate file and include that file wherever necessary. However, each add_header statement must be written in a single line to prevent connection problems with sync clients.
Be careful about line breaks if you copy the examples, as long lines may be broken for page formatting.
Some environments might need a cgi.fix_pathinfo set to 1 in their php.ini.

Thanks to @josh4trunks for providing / creating these configuration examples.

Nextcloud in the webroot of nginx

The following configuration should be used when Nextcloud is placed in the webroot of your nginx installation. In this example it is /var/www/nextcloud and it is accessed via http(s)://cloud.example.com

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php/php7.0-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name cloud.example.com;
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example.com;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # NOTE: some settings below might be redundant
    ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
    ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    # add_header Strict-Transport-Security "max-age=15768000;
    # includeSubDomains; preload;";
    #
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Referrer-Policy no-referrer;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /var/www/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;

    location / {
        rewrite ^ /index.php$request_uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff2?|svg|gif)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into
        # this topic first.
        # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        add_header Referrer-Policy no-referrer;

        # Optional: Don't log access to assets
        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

Nextcloud in a subdir of nginx

The following config should be used when Nextcloud is placed within a subdir of your nginx installation.

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php/php7.0-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name cloud.example.com;
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example.com;

    # Use Mozilla's guidelines for SSL/TLS settings
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/
    # NOTE: some settings below might be redundant
    ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
    ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    add_header Referrer-Policy no-referrer;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /var/www/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    # rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta
    # last;
    #rewrite ^/.well-known/host-meta.json
    # /nextcloud/public.php?service=host-meta-json last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/nextcloud/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host/nextcloud/remote.php/dav;
    }

    location /.well-known/acme-challenge { }

    location ^~ /nextcloud {

        # set max upload size
        client_max_body_size 512M;
        fastcgi_buffers 64 4K;

        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

        # Uncomment if your server is build with the ngx_pagespeed module
        # This module is currently not supported.
        #pagespeed off;

        location /nextcloud {
            rewrite ^ /nextcloud/index.php$request_uri;
        }

        location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }
        location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }

        location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            #Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }

        location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~ \.(?:css|js|woff2?|svg|gif)$ {
            try_files $uri /nextcloud/index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers  (It is intended
            # to have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read
            # into this topic first.
            # add_header Strict-Transport-Security "max-age=15768000;
            # includeSubDomains; preload;";
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            add_header Referrer-Policy no-referrer;

            # Optional: Don't log access to assets
            access_log off;
        }

        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
            try_files $uri /nextcloud/index.php$request_uri;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
}

Tips and tricks

Suppressing log messages

If you’re seeing meaningless messages in your logfile, for example client denied by server configuration: /var/www/data/htaccesstest.txt, add this section to your nginx configuration to suppress them:

location = /data/htaccesstest.txt {
  allow all;
  log_not_found off;
  access_log off;
}

JavaScript (.js) or CSS (.css) files not served properly

A common issue with custom nginx configs is that JavaScript (.js) or CSS (.css) files are not served properly leading to a 404 (File not found) error on those files and a broken webinterface.

This could be caused by the:

location ~* \.(?:css|js)$ {

block shown above not located below the:

location ~ \.php(?:$|/) {

block. Other custom configurations like caching JavaScript (.js) or CSS (.css) files via gzip could also cause such issues.

发表在 Nextcloud | 标签为 nextcloud | 留下评论

Hadoop Day01 安装Hadoop及其配置

发表于2018年12月7日由tim, arc

1 案例1：安装Hadoop
1.1 问题
本案例要求安装单机模式Hadoop：

单机模式安装Hadoop
安装JAVA环境
设置环境变量，启动运行
1.2 步骤
实现此案例需要按照如下步骤进行。

步骤一：环境准备

1）配置主机名为nn01，ip为192.168.1.21，配置yum源（系统源）

备注：由于在之前的案例中这些都已经做过，这里不再重复，不会的学员可以参考之前的案例

2）安装java环境

[root@nn01 ~]# yum -y install java-1.8.0-openjdk-devel
[root@nn01 ~]# java -version
openjdk version “1.8.0_131″
OpenJDK Runtime Environment (build 1.8.0_131-b12)
OpenJDK 64-Bit Server VM (build 25.131-b12, mixed mode)
[root@nn01 ~]# jps
1235 Jps
3）安装hadoop

[root@nn01 ~]# tar -xf hadoop-2.7.6.tar.gz
[root@nn01 ~]# mv hadoop-2.7.6 /usr/local/hadoop
[root@nn01 ~]# cd /usr/local/hadoop/
[root@nn01 hadoop]# ls
bin include libexec NOTICE.txt sbin
etc lib LICENSE.txt README.txt share
[root@nn01 hadoop]# ./bin/hadoop //报错，JAVA_HOME没有找到
Error: JAVA_HOME is not set and could not be found.
[root@nn01 hadoop]#
4）解决报错问题

[root@nn01 hadoop]# rpm -ql java-1.8.0-openjdk
[root@nn01 hadoop]# cd ./etc/hadoop/
[root@nn01 hadoop]# vim hadoop-env.sh
25 export \
JAVA_HOME=”/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-11.b12.el7.x86_64/jre”
33 export HADOOP_CONF_DIR=”/usr/local/hadoop/etc/hadoop”
[root@nn01 ~]# cd /usr/local/hadoop/
[root@nn01 hadoop]# ./bin/hadoop
Usage: hadoop [–config confdir] [COMMAND | CLASSNAME]
CLASSNAME run the class named CLASSNAME
or
where COMMAND is one of:
fs run a generic filesystem user client
version print the version
jar <jar> run a jar file
note: please use “yarn jar” to launch
YARN applications, not this command.
checknative [-a|-h] check native hadoop and compression libraries availability
distcp <srcurl> <desturl> copy file or directories recursively
archive -archiveName NAME -p <parent path> <src>* <dest> create a hadoop archive
classpath prints the class path needed to get the
credential interact with credential providers
Hadoop jar and the required libraries
daemonlog get/set the log level for each daemon
trace view and modify Hadoop tracing settings
Most commands print help when invoked w/o parameters.
[root@nn01 hadoop]# mkdir /usr/local/hadoop/aa
[root@nn01 hadoop]# ls
bin etc include lib libexec LICENSE.txt NOTICE.txt aa README.txt sbin share
[root@nn01 hadoop]# cp *.txt /usr/local/hadoop/aa
[root@nn01 hadoop]# ./bin/hadoop jar \
share/hadoop/mapreduce/hadoop-mapreduce-examples-2.7.6.jar wordcount aa bb //wordcount为参数统计aa这个文件夹，存到bb这个文件里面（这个文件不能存在，要是存在会报错，是为了防止数据覆盖）
[root@nn01 hadoop]# cat bb/part-r-00000 //查看

代码如下：
1、先把虚拟机准备好，IP、主机名配置，yum配置好（我为了省事，直接使用centos本身的源，加上本机的yum）
[root@nn01 ~]# yum repolist
已加载插件：fastestmirror
10local_rhscon-2-main-rpms | 2.9 kB 00:00:00
1local_devtools-rpms | 2.9 kB 00:00:00
2local_optools-rpms | 2.9 kB 00:00:00
3local_rpms | 2.9 kB 00:00:00
4local_tools-rpms | 2.9 kB 00:00:00
5local_mon-rpms | 2.9 kB 00:00:00
6local_osd-rpms | 2.9 kB 00:00:00
7local_rhceph-2-tools-rpms | 2.9 kB 00:00:00
8local_agent-rpms | 2.9 kB 00:00:00
9local_installer-rpms | 2.9 kB 00:00:00
base | 3.6 kB 00:00:00
dvd | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
local_extras | 2.9 kB 00:00:00
local_repo | 3.6 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/19): 10local_rhscon-2-main-rpms/primary_db | 21 kB 00:00:00
(2/19): 1local_devtools-rpms/primary_db | 3.7 kB 00:00:00
(3/19): 4local_tools-rpms/primary_db | 35 kB 00:00:00
(4/19): 2local_optools-rpms/primary_db | 41 kB 00:00:00
(5/19): 5local_mon-rpms/primary_db | 37 kB 00:00:00
(6/19): 6local_osd-rpms/primary_db | 29 kB 00:00:00
(7/19): 7local_rhceph-2-tools-rpms/primary_db | 30 kB 00:00:00
(8/19): 8local_agent-rpms/primary_db | 13 kB 00:00:00
(9/19): 3local_rpms/primary_db | 318 kB 00:00:00
(10/19): 9local_installer-rpms/primary_db | 44 kB 00:00:00
(11/19): dvd/group_gz | 156 kB 00:00:00
(12/19): local_extras/primary_db | 43 kB 00:00:00
(13/19): local_repo/group_gz | 156 kB 00:00:00
(14/19): local_repo/primary_db | 3.1 MB 00:00:00
(15/19): dvd/primary_db | 3.1 MB 00:00:00
base/7/x86_64/primary_db FAILED
http://mirrors.cqu.edu.cn/CentOS/7.5.1804/os/x86_64/repodata/03d0a660eb33174331aee3e077e11d4c017412d761b7f2eaa8555e7898e701e0-primary.sqlite.bz2: [Errno 14] curl#56 – “Recv failure: Connection reset by peer”
正在尝试其它镜像。
(16/19): base/7/x86_64/group_gz | 166 kB 00:00:00
(17/19): base/7/x86_64/primary_db | 5.9 MB 00:00:01
(18/19): extras/7/x86_64/primary_db | 205 kB 00:00:02
(19/19): updates/7/x86_64/primary_db | 6.0 MB 00:00:03
Determining fastest mirrors
* base: mirrors.nwsuaf.edu.cn
* extras: mirrors.163.com
* updates: mirrors.nwsuaf.edu.cn
源标识源名称状态
10local_rhscon-2-main-rpms rhscon-2-main-rpms 29
1local_devtools-rpms devtools-rpms 3
2local_optools-rpms optools-rpms 99
3local_rpms rpms 680
4local_tools-rpms tools-rpms 84
5local_mon-rpms mon-rpms 41
6local_osd-rpms osd-rpms 28
7local_rhceph-2-tools-rpms rhceph-2-tools-rpms 35
8local_agent-rpms agent-rpms 19
9local_installer-rpms installer-rpms 46
base/7/x86_64 CentOS-7 – Base 9,911
dvd dvd 3,894
extras/7/x86_64 CentOS-7 – Extras 434
local_extras extras 76
local_repo CentOS-7 – Base 3,894
updates/7/x86_64 CentOS-7 – Updates 1,614
repolist: 20,887

[root@nn01 hadoop]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::5054:ff:fe2a:6ecf prefixlen 64 scopeid 0x20<link>
ether 52:54:00:2a:6e:cf txqueuelen 1000 (Ethernet)
RX packets 46994 bytes 365892055 (348.9 MiB)
RX errors 0 dropped 1026 overruns 0 frame 0
TX packets 42421 bytes 3085934 (2.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@nn01 hadoop]# hostname
nn01
2、把准备好的HADDP包传到虚拟机上面去
[root@nn01 ~]# ls /root/ /root/hadoop/
/root/:
hadoop Hadoop.zip RPM-GPG-KEY-CentOS-7

/root/hadoop/:
hadoop-2.7.6.tar.gz kafka_2.10-0.10.2.1.tgz zookeeper-3.4.10.tar.gz

3、安装java环境
[root@nn01 ~]# yum install -y java-1.8.0-openjdk-devel
已加载插件：fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.nwsuaf.edu.cn
* extras: mirrors.163.com
* updates: mirrors.nwsuaf.edu.cn
正在解决依赖关系
–> 正在检查事务
—> 软件包 java-1.8.0-openjdk-devel.x86_64.1.1.8.0.191.b12-0.el7_5 将被安装
–> 正在处理依赖关系 java-1.8.0-openjdk(x86-64) = 1:1.8.0.191.b12-0.el7_5，它被软件包 1:java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el7_5.x86_64 需要
#######################################

已安装:
java-1.8.0-openjdk-devel.x86_64 1:1.8.0.191.b12-0.el7_5

作为依赖被安装:
copy-jdk-configs.noarch 0:3.3-10.el7_5
fontconfig.x86_64 0:2.10.95-11.el7
fontpackages-filesystem.noarch 0:1.44-8.el7
giflib.x86_64 0:4.1.6-9.el7
java-1.8.0-openjdk.x86_64 1:1.8.0.191.b12-0.el7_5
java-1.8.0-openjdk-headless.x86_64 1:1.8.0.191.b12-0.el7_5
javapackages-tools.noarch 0:3.4.1-11.el7
libICE.x86_64 0:1.0.9-9.el7
libSM.x86_64 0:1.2.2-2.el7
libX11.x86_64 0:1.6.5-1.el7
libX11-common.noarch 0:1.6.5-1.el7
libXau.x86_64 0:1.0.8-2.1.el7
libXcomposite.x86_64 0:0.4.4-4.1.el7
libXext.x86_64 0:1.3.3-3.el7
libXfont.x86_64 0:1.5.2-1.el7
libXi.x86_64 0:1.7.9-1.el7
libXrender.x86_64 0:0.9.10-1.el7
libXtst.x86_64 0:1.2.3-1.el7
libfontenc.x86_64 0:1.1.3-3.el7
libjpeg-turbo.x86_64 0:1.2.90-5.el7
libpng.x86_64 2:1.5.13-7.el7_2
libxcb.x86_64 0:1.12-1.el7
libxslt.x86_64 0:1.1.28-5.el7
lksctp-tools.x86_64 0:1.0.17-2.el7
python-javapackages.noarch 0:3.4.1-11.el7
python-lxml.x86_64 0:3.2.1-5.el7ost
stix-fonts.noarch 0:1.1.0-5.el7
ttmkfdir.x86_64 0:3.0.9-42.el7
tzdata-java.noarch 0:2018f-2.el7
xorg-x11-font-utils.x86_64 1:7.5-20.el7
xorg-x11-fonts-Type1.noarch 0:7.5-9.el7

作为依赖被升级:
nspr.x86_64 0:4.19.0-1.el7_5 nss.x86_64 0:3.36.0-7.el7_5
nss-softokn.x86_64 0:3.36.0-5.el7_5 nss-softokn-freebl.x86_64 0:3.36.0-5.el7_5
nss-sysinit.x86_64 0:3.36.0-7.el7_5 nss-tools.x86_64 0:3.36.0-7.el7_5
nss-util.x86_64 0:3.36.0-1.el7_5

完毕！

验证JAVA环境
[root@nn01 ~]# java -version
openjdk version “1.8.0_191″
OpenJDK Runtime Environment (build 1.8.0_191-b12)
OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode)
[root@nn01 ~]# jps
988 Jps

4、安装hadoop
[root@nn01 ~]# unzip Hadoop.zip
Archive: Hadoop.zip
inflating: hadoop/hadoop-2.7.6.tar.gz
extracting: hadoop/kafka_2.10-0.10.2.1.tgz
inflating: hadoop/zookeeper-3.4.10.tar.gz
[root@nn01 ~]# ll
总用量 283216
drwxr-xr-x 2 root root 95 11月 30 13:23 hadoop
-rw-r–r– 1 root root 290007891 11月 30 13:22 Hadoop.zip
-rw-r–r–. 1 root root 1690 12月 10 2015 RPM-GPG-KEY-CentOS-7
[root@nn01 ~]# cd hadoop/
[root@nn01 hadoop]# ll
总用量 283416
-rw-r–r– 1 root root 216745683 5月 29 2018 hadoop-2.7.6.tar.gz
-rw-r–r– 1 root root 38424081 4月 27 2017 kafka_2.10-0.10.2.1.tgz
-rw-r–r– 1 root root 35042811 4月 1 2017 zookeeper-3.4.10.tar.gz
[root@nn01 hadoop]# tar -xf hadoop-2.7.6.tar.gz
[root@nn01 hadoop]# ll
总用量 283416
drwxr-xr-x 9 20415 101 149 4月 18 2018 hadoop-2.7.6
-rw-r–r– 1 root root 216745683 5月 29 2018 hadoop-2.7.6.tar.gz
-rw-r–r– 1 root root 38424081 4月 27 2017 kafka_2.10-0.10.2.1.tgz
-rw-r–r– 1 root root 35042811 4月 1 2017 zookeeper-3.4.10.tar.gz
[root@nn01 hadoop]# mv hadoop-2.7.6 /usr/local/hadoop
[root@nn01 hadoop]# cd /usr/local/hadoop/
[root@nn01 hadoop]# ll
总用量 112
drwxr-xr-x 2 20415 101 194 4月 18 2018 bin
drwxr-xr-x 3 20415 101 20 4月 18 2018 etc
drwxr-xr-x 2 20415 101 106 4月 18 2018 include
drwxr-xr-x 3 20415 101 20 4月 18 2018 lib
drwxr-xr-x 2 20415 101 239 4月 18 2018 libexec
-rw-r–r– 1 20415 101 86424 4月 18 2018 LICENSE.txt
-rw-r–r– 1 20415 101 14978 4月 18 2018 NOTICE.txt
-rw-r–r– 1 20415 101 1366 4月 18 2018 README.txt
drwxr-xr-x 2 20415 101 4096 4月 18 2018 sbin
drwxr-xr-x 4 20415 101 31 4月 18 2018 share

5、如果直接运行会报错，因为JAVA目录还没有设置
[root@nn01 hadoop]# ./bin/hadoop
Error: JAVA_HOME is not set and could not be found.
检查一下JAVA的目录在什么地方
[root@nn01 hadoop]# rpm -ql java-1.8.0-openjdk
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64/jre/bin/policytool
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64/jre/lib/amd64/libawt_xawt.so
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64/jre/lib/amd64/libjawt.so
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64/jre/lib/amd64/libjsoundalsa.so
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64/jre/lib/amd64/libsplashscreen.so
/usr/share/applications/java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64-policytool.desktop
/usr/share/icons/hicolor/16×16/apps/java-1.8.0.png
/usr/share/icons/hicolor/24×24/apps/java-1.8.0.png
/usr/share/icons/hicolor/32×32/apps/java-1.8.0.png
/usr/share/icons/hicolor/48×48/apps/java-1.8.0.png
然后重新设置JAVA的路径
[root@nn01 hadoop]# vim etc/hadoop/hadoop-env.sh
25 export JAVA_HOME=”/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-11.b12.el7.x86_64/jre”
33 export HADOOP_CONF_DIR=”/usr/local/hadoop/etc/hadoop”
重新运行就可以了
[root@nn01 hadoop]# ./bin/hadoop
Usage: hadoop [–config confdir] [COMMAND | CLASSNAME]
CLASSNAME run the class named CLASSNAME
or
where COMMAND is one of:
fs run a generic filesystem user client
version print the version
jar <jar> run a jar file
note: please use “yarn jar” to launch
YARN applications, not this command.
checknative [-a|-h] check native hadoop and compression libraries availability
distcp <srcurl> <desturl> copy file or directories recursively
archive -archiveName NAME -p <parent path> <src>* <dest> create a hadoop archive
classpath prints the class path needed to get the
credential interact with credential providers
Hadoop jar and the required libraries
daemonlog get/set the log level for each daemon
trace view and modify Hadoop tracing settings

Most commands print help when invoked w/o parameters.
复制一些文件过去试试
[root@nn01 hadoop]# mkdir /usr/local/hadoop/aa
[root@nn01 hadoop]# ll
总用量 112
drwxr-xr-x 2 root root 6 11月 30 13:26 aa
drwxr-xr-x 2 20415 101 194 4月 18 2018 bin
drwxr-xr-x 3 20415 101 20 4月 18 2018 etc
drwxr-xr-x 2 20415 101 106 4月 18 2018 include
drwxr-xr-x 3 20415 101 20 4月 18 2018 lib
drwxr-xr-x 2 20415 101 239 4月 18 2018 libexec
-rw-r–r– 1 20415 101 86424 4月 18 2018 LICENSE.txt
-rw-r–r– 1 20415 101 14978 4月 18 2018 NOTICE.txt
-rw-r–r– 1 20415 101 1366 4月 18 2018 README.txt
drwxr-xr-x 2 20415 101 4096 4月 18 2018 sbin
drwxr-xr-x 4 20415 101 31 4月 18 2018 share
[root@nn01 hadoop]# cp *.txt ./aa/
[root@nn01 hadoop]# ll aa/
总用量 108
-rw-r–r– 1 root root 86424 11月 30 13:26 LICENSE.txt
-rw-r–r– 1 root root 14978 11月 30 13:26 NOTICE.txt
-rw-r–r– 1 root root 1366 11月 30 13:26 README.txt
[root@nn01 hadoop]# ./bin/hadoop jar share/hadoop/mapreduce/hadoop-mapreduce-examples-2.7.6.jar wordcount aa bb
18/11/30 13:27:13 INFO Configuration.deprecation: session.id is deprecated. Instead, use dfs.metrics.session-id
##################################################
运行完毕，看看统计的单词数
[root@nn01 hadoop]# cat bb/part-r-00000
“”AS 2
“AS 17
“COPYRIGHTS 1
“Contribution” 2
“Contributor” 2
“Derivative 1
“GCC 1
“Legal 1
“License” 1
“License”); 2
“Licensed 1
#####################################################3

2 案例2：安装配置Hadoop
2.1 问题
本案例要求：

另备三台虚拟机，安装Hadoop
使所有节点能够ping通，配置SSH信任关系
节点验证
2.2 方案
准备四台虚拟机，由于之前已经准备过一台，所以只需再准备三台新的虚拟机即可，安装hadoop，使所有节点可以ping通，配置SSH信任关系
主机角色软件
192.168.1.21 nn01 NameNode /Secondary NameNode HDFS
192.168.1.22 node1 DataNode HDFS
192.168.1.23 node2 DataNode HDFS
192.168.1.24 node3 DataNode HDFS

2.3 步骤
实现此案例需要按照如下步骤进行。

步骤一：环境准备

1）三台机器配置主机名为node1、node2、node3，配置ip地址（ip如图-1所示），yum源（系统源）

2）编辑/etc/hosts（四台主机同样操作，以nn01为例）

[root@nn01 ~]# vim /etc/hosts
192.168.1.21 nn01
192.168.1.22 node1
192.168.1.23 node2
192.168.1.24 node3
3）安装java环境，在node1，node2，node3上面操作（以node1为例）

[root@node1 ~]# yum -y install java-1.8.0-openjdk-devel
4）布置SSH信任关系

[root@nn01 ~]# vim /etc/ssh/ssh_config //第一次登陆不需要输入yes
Host *
GSSAPIAuthentication yes
StrictHostKeyChecking no
[root@nn01 .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Ucl8OCezw92aArY5+zPtOrJ9ol1ojRE3EAZ1mgndYQM root@nn01
The key’s randomart image is:
+—[RSA 2048]—-+
| o*E*=. |
| +XB+. |
| ..=Oo. |
| o.+o… |
| .S+.. o |
| + .=o |
| o+oo |
| o+=.o |
| o==O. |
+—-[SHA256]—–+
[root@nn01 .ssh]# for i in 21 22 23 24 ; do ssh-copy-id 192.168.1.$i; done
//部署公钥给nn01，node1，node2，node3
5）测试信任关系

[root@nn01 .ssh]# ssh node1
Last login: Fri Sep 7 16:52:00 2018 from 192.168.1.21
[root@node1 ~]# exit
logout
Connection to node1 closed.
[root@nn01 .ssh]# ssh node2
Last login: Fri Sep 7 16:52:05 2018 from 192.168.1.21
[root@node2 ~]# exit
logout
Connection to node2 closed.
[root@nn01 .ssh]# ssh node3

代码如下：
以node1为例子，其余是一样的
[root@node1 ~]# hostname
node1
[root@node1 ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.22 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::5054:ff:feb3:4f9 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:b3:04:f9 txqueuelen 1000 (Ethernet)
RX packets 208 bytes 18908 (18.4 KiB)
RX errors 0 dropped 36 overruns 0 frame 0
TX packets 90 bytes 10323 (10.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@node1 ~]# ll /etc/yum.repos.d/
总用量 36
drwxr-xr-x. 2 root root 187 11月 25 17:13 bak
-rw-r–r– 1 root root 1664 11月 25 17:32 CentOS-Base.repo
-rw-r–r– 1 root root 1309 11月 25 17:32 CentOS-CR.repo
-rw-r–r– 1 root root 649 11月 25 17:32 CentOS-Debuginfo.repo
-rw-r–r– 1 root root 314 11月 25 17:32 CentOS-fasttrack.repo
-rw-r–r– 1 root root 630 11月 25 17:32 CentOS-Media.repo
-rw-r–r– 1 root root 1331 11月 25 17:32 CentOS-Sources.repo
-rw-r–r– 1 root root 3830 11月 25 17:32 CentOS-Vault.repo
-rw-r–r–. 1 root root 71 11月 25 17:16 dvd.repo
-rw-r–r– 1 root root 1524 11月 30 14:21 local.repo

[root@node1 ~]# yum repolist
已加载插件：fastestmirror
10local_rhscon-2-main-rpms | 2.9 kB 00:00:00
1local_devtools-rpms | 2.9 kB 00:00:00
2local_optools-rpms | 2.9 kB 00:00:00
3local_rpms | 2.9 kB 00:00:00
4local_tools-rpms | 2.9 kB 00:00:00
5local_mon-rpms | 2.9 kB 00:00:00
6local_osd-rpms | 2.9 kB 00:00:00
7local_rhceph-2-tools-rpms | 2.9 kB 00:00:00
8local_agent-rpms | 2.9 kB 00:00:00
9local_installer-rpms | 2.9 kB 00:00:00
base | 3.6 kB 00:00:00
dvd | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
local_extras | 2.9 kB 00:00:00
local_repo | 3.6 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/19): 10local_rhscon-2-main-rpms/primary_db | 21 kB 00:00:00
(2/19): 1local_devtools-rpms/primary_db | 3.7 kB 00:00:00
(3/19): 2local_optools-rpms/primary_db | 41 kB 00:00:00
(4/19): 5local_mon-rpms/primary_db | 37 kB 00:00:00
(5/19): 3local_rpms/primary_db | 318 kB 00:00:00
(6/19): 6local_osd-rpms/primary_db | 29 kB 00:00:00
(7/19): 4local_tools-rpms/primary_db | 35 kB 00:00:00
(8/19): 8local_agent-rpms/primary_db | 13 kB 00:00:00
(9/19): dvd/group_gz | 156 kB 00:00:00
(10/19): 7local_rhceph-2-tools-rpms/primary_db | 30 kB 00:00:00
(11/19): 9local_installer-rpms/primary_db | 44 kB 00:00:00
(12/19): dvd/primary_db | 3.1 MB 00:00:00
(13/19): local_extras/primary_db | 43 kB 00:00:00
(14/19): local_repo/group_gz | 156 kB 00:00:00
(15/19): local_repo/primary_db | 3.1 MB 00:00:00
(16/19): base/7/x86_64/group_gz | 166 kB 00:00:00
(17/19): extras/7/x86_64/primary_db | 205 kB 00:00:01
(18/19): updates/7/x86_64/primary_db | 6.0 MB 00:00:02
base/7/x86_64/primary_db FAILED MB 01:13:54 ETA
http://ftp.sjtu.edu.cn/centos/7.5.1804/os/x86_64/repodata/03d0a660eb33174331aee3e077e11d4c017412d761b7f2eaa8555e7898e701e0-primary.sqlite.bz2: [Errno 12] Timeout on http://ftp.sjtu.edu.cn/centos/7.5.1804/os/x86_64/repodata/03d0a660eb33174331aee3e077e11d4c017412d761b7f2eaa8555e7898e701e0-primary.sqlite.bz2: (28, ‘Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds’)
正在尝试其它镜像。
(19/19): base/7/x86_64/primary_db | 5.9 MB 00:00:09
Determining fastest mirrors
* base: mirror.lzu.edu.cn
* extras: mirrors.cn99.com
* updates: mirrors.163.com
源标识源名称状态
10local_rhscon-2-main-rpms rhscon-2-main-rpms 29
1local_devtools-rpms devtools-rpms 3
2local_optools-rpms optools-rpms 99
3local_rpms rpms 680
4local_tools-rpms tools-rpms 84
5local_mon-rpms mon-rpms 41
6local_osd-rpms osd-rpms 28
7local_rhceph-2-tools-rpms rhceph-2-tools-rpms 35
8local_agent-rpms agent-rpms 19
9local_installer-rpms installer-rpms 46
base/7/x86_64 CentOS-7 – Base 9,911
dvd dvd 3,894
extras/7/x86_64 CentOS-7 – Extras 434
local_extras extras 76
local_repo CentOS-7 – Base 3,894
updates/7/x86_64 CentOS-7 – Updates 1,614
repolist: 20,887

2、4台机器都写本地HOSTS
[root@node1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.21 nn01
192.168.1.22 node1
192.168.1.23 node2
192.168.1.24 node3

3、安装JAVA环境
[root@node1 ~]# yum install -y java-1.8.0-openjdk-devel
已加载插件：fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.lzu.edu.cn
* extras: mirrors.cn99.com
* updates: mirrors.163.com
正在解决依赖关系
–> 正在检查事务
—> 软件包 java-1.8.0-openjdk-devel.x86_64.1.1.8.0.191.b12-0.el7_5 将被安装
–> 正在处理依赖关系 java-1.8.0-openjdk(x86-64) = 1:1.8.0.191.b12-0.el7_5，它被软件包 1:java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el7_5.x86_64 需要
–> 正在处理依赖关系 libjvm.so()(64bit)，它被软件包 1:java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el7_5.x86_64 需要
–> 正在处理依赖关系 libjava.so()(64bit)，它被软件包 1:java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el7_5.x86_64 需要
–> 正在处理依赖关系 libX11.so.6()(64bit)，它被软件包 1:java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el7_5.x86_64 需要
##################################
已安装:
java-1.8.0-openjdk-devel.x86_64 1:1.8.0.191.b12-0.el7_5

4、配置SSH免密登录
[root@node1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:eLC1ivkxGX3LviFW3kHvs+Ds/v3DiSRhfQzNZ0SZoYE root@node1
The key’s randomart image is:
+—[RSA 2048]—-+
| ..o+*|
| E .o=o|
| . . o.o..|
| * . + o o |
| + S + o o |
| o = = + + |
| o = o = = = .|
| . + o + o B |
| . o+=.o =|
+—-[SHA256]—–+
[root@node1 ~]#
[root@node1 ~]# for i in {nn01,node1,node2,node3} ; do ssh-copy-id $i ;done
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/root/.ssh/id_rsa.pub”
The authenticity of host ‘nn01 (192.168.1.21)’ can’t be established.
ECDSA key fingerprint is SHA256:OGu5BChujFALtDvZ860w673bww507mEzfcTAP5CHXpA.
ECDSA key fingerprint is MD5:91:52:6e:2a:24:f3:94:1b:fc:4a:41:71:b6:c1:e2:b6.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
root@nn01’s password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘nn01′”
and check to make sure that only the key(s) you wanted were added.

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/root/.ssh/id_rsa.pub”
The authenticity of host ‘node1 (192.168.1.22)’ can’t be established.
ECDSA key fingerprint is SHA256:Nw0LMMvdUx1oOws/2DI6D1PaZrAotg+HnUiO7sBzAz4.
ECDSA key fingerprint is MD5:21:59:ad:29:77:65:11:ff:e0:d6:4a:5e:ab:4f:a7:01.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
root@node1’s password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘node1′”
and check to make sure that only the key(s) you wanted were added.

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/root/.ssh/id_rsa.pub”
The authenticity of host ‘node2 (192.168.1.23)’ can’t be established.
ECDSA key fingerprint is SHA256:3PyPHaUstzjL2HpmZ+UllCW19ZaeBYJ9bn9Fsp64NlI.
ECDSA key fingerprint is MD5:b7:7e:27:bf:fd:f4:d0:2c:00:d3:e3:25:a7:66:b5:91.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
root@node2’s password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘node2′”
and check to make sure that only the key(s) you wanted were added.

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/root/.ssh/id_rsa.pub”
The authenticity of host ‘node3 (192.168.1.24)’ can’t be established.
ECDSA key fingerprint is SHA256:7Cj7gj3IyiZXuzcrERWKEpxJd+CA3B9z5TCeh5lh/kc.
ECDSA key fingerprint is MD5:26:e1:5b:f5:d2:6c:c8:b9:c6:20:4e:16:30:d3:4f:ae.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
root@node3’s password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘node3′”
and check to make sure that only the key(s) you wanted were added.

5、测试信任关系
[root@node1 ~]# ssh node3
Last login: Fri Nov 30 14:22:51 2018 from 192.168.1.254
[root@node3 ~]# exit
登出
Connection to node3 closed.

步骤二：配置hadoop

1）修改slaves文件

[root@nn01 ~]# cd /usr/local/hadoop/etc/hadoop
[root@nn01 hadoop]# vim slaves
node1
node2
node3
2）hadoop的核心配置文件core-site

[root@nn01 hadoop]# vim core-site.xml
<configuration>
<property>
<name>fs.defaultFS</name>
<value>hdfs://nn01:9000</value>
</property>
<property>
<name>hadoop.tmp.dir</name>
<value>/var/hadoop</value>
</property>
</configuration>
[root@nn01 hadoop]# mkdir /var/hadoop //hadoop的数据根目录
[root@nn01 hadoop]# ssh node1 mkdir /var/hadoop
[root@nn01 hadoop]# ssh node2 mkdir /var/hadoop
[root@nn01 hadoop]# ssh node3 mkdir /var/hadoop
3）配置hdfs-site文件

[root@nn01 hadoop]# vim hdfs-site.xml
<configuration>
<property>
<name>dfs.namenode.http-address</name>
<value>nn01:50070</value>
</property>
<property>
<name>dfs.namenode.secondary.http-address</name>
<value>nn01:50090</value>
</property>
<property>
<name>dfs.replication</name>
<value>2</value>
</property>
</configuration>
4）同步配置到node1，node2，node3

[root@nn01 hadoop]# yum –y install rsync //同步的主机都要安装rsync
[root@nn01 hadoop]# for i in 22 23 24 ; do rsync -aSH –delete /usr/local/hadoop/
\ 192.168.1.$i:/usr/local/hadoop/ -e ‘ssh’ & done
[1] 23260
[2] 23261
[3] 23262
5）查看是否同步成功

[root@nn01 hadoop]# ssh node1 ls /usr/local/hadoop/
bin
etc
include
lib
libexec
LICENSE.txt
NOTICE.txt
bb
README.txt
sbin
share
aa
[root@nn01 hadoop]# ssh node2 ls /usr/local/hadoop/
bin
etc
include
lib
libexec
LICENSE.txt
NOTICE.txt
bb
README.txt
sbin
share
aa
[root@nn01 hadoop]# ssh node3 ls /usr/local/hadoop/
bin
etc
include
lib
libexec
LICENSE.txt
NOTICE.txt
bb
README.txt
sbin
share
aa

代码如下：
1、参照NN01，把包装好，先把包挨个传过去
[root@nn01 ~]# ll
总用量 283216
drwxr-xr-x 2 root root 95 11月 30 13:23 hadoop
-rw-r–r– 1 root root 290007891 11月 30 13:22 Hadoop.zip
-rw-r–r–. 1 root root 1690 12月 10 2015 RPM-GPG-KEY-CentOS-7
[root@nn01 ~]# for i in {node1,node2,node3} ;do scp Hadoop.zip $i:/root/ ;done
Hadoop.zip 100% 277MB 165.4MB/s 00:01
Hadoop.zip 100% 277MB 167.6MB/s 00:01
Hadoop.zip 100% 277MB 162.9MB/s 00:01
[root@nn01 ~]#

2、回到nn01，然后修改slaves文件
[root@nn01 hadoop]# cat slaves
node1
node2
node3
[root@nn01 hadoop]# cat core-site.xml

3、在nn01上面，修改core-site
[root@nn01 hadoop]# cat core-site.xml
<?xml version=”1.0″ encoding=”UTF-8″?>
<?xml-stylesheet type=”text/xsl” href=”configuration.xsl”?>
<!–
Licensed under the Apache License, Version 2.0 (the “License”);
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an “AS IS” BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License. See accompanying LICENSE file.
–>

<!– Put site-specific property overrides in this file. –>

<configuration>
<property>
<name>fs.defaultFS</name>
<value>hdfs://nn01:9000</value>
</property>
<property>
<name>hadoop.tmp.dir</name>
<value>/var/hadoop</value>
</property>
</configuration>
[root@nn01 hadoop]#

4、还是配置hdfs-site.xml文件
[root@nn01 hadoop]# vim hdfs-site.xml
[root@nn01 hadoop]# cat hdfs-site.xml
<?xml version=”1.0″ encoding=”UTF-8″?>
<?xml-stylesheet type=”text/xsl” href=”configuration.xsl”?>
<!–
Licensed under the Apache License, Version 2.0 (the “License”);
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an “AS IS” BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License. See accompanying LICENSE file.
–>

<!– Put site-specific property overrides in this file. –>

<configuration>
<property>
<name>dfs.namenode.http-address</name>
<value>nn01:50070</value>
</property>
<property>
<name>dfs.namenode.secondary.http-address</name>
<value>nn01:50090</value>
</property>
<property>
<name>dfs.replication</name>
<value>2</value>
</property>
</configuration>

5、在4台机器上面都安装RSYNC，然后同步配置文件
[root@nn01 hadoop]# yum install -y rsync
已加载插件：fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.nwsuaf.edu.cn
* extras: mirrors.163.com
* updates: mirrors.nwsuaf.edu.cn
正在解决依赖关系
–> 正在检查事务
—> 软件包 rsync.x86_64.0.3.1.2-4.el7 将被安装
–> 解决依赖关系完成

依赖关系解决

====================================================================================================
Package 架构版本源大小
====================================================================================================
正在安装:
rsync x86_64 3.1.2-4.el7 base 403 k

事务概要
====================================================================================================
安装 1 软件包

总下载量：403 k
安装大小：815 k
Downloading packages:
rsync-3.1.2-4.el7.x86_64.rpm | 403 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : rsync-3.1.2-4.el7.x86_64 1/1
验证中 : rsync-3.1.2-4.el7.x86_64 1/1

已安装:
rsync.x86_64 0:3.1.2-4.el7

完毕！

[root@nn01 hadoop]# for i in {22,23,24};do rsync -aSH –delete /usr/local/hadoop/ 192.168.1.$i:/usr/local/hadoop/ -e ‘ssh’&done
[1] 10993
[2] 10994
[3] 10995
[root@nn01 hadoop]#
[1] 完成 rsync -aSH –delete /usr/local/hadoop/ 192.168.1.$i:/usr/local/hadoop/ -e ‘ssh’
[2]- 完成 rsync -aSH –delete /usr/local/hadoop/ 192.168.1.$i:/usr/local/hadoop/ -e ‘ssh’
[3]+ 完成 rsync -aSH –delete /usr/local/hadoop/ 192.168.1.$i:/usr/local/hadoop/ -e ‘ssh’

6、随便找台机器验证一下是否同步成功
[root@node3 ~]# ll /usr/local/hadoop/
总用量 112
drwxr-xr-x 2 root root 61 11月 30 13:26 aa
drwxr-xr-x 2 root root 88 11月 30 13:27 bb
drwxr-xr-x 2 20415 101 194 4月 18 2018 bin
drwxr-xr-x 3 20415 101 20 4月 18 2018 etc
drwxr-xr-x 2 20415 101 106 4月 18 2018 include
drwxr-xr-x 3 20415 101 20 4月 18 2018 lib
drwxr-xr-x 2 20415 101 239 4月 18 2018 libexec
-rw-r–r– 1 20415 101 86424 4月 18 2018 LICENSE.txt
-rw-r–r– 1 20415 101 14978 4月 18 2018 NOTICE.txt
-rw-r–r– 1 20415 101 1366 4月 18 2018 README.txt
drwxr-xr-x 2 20415 101 4096 4月 18 2018 sbin
drwxr-xr-x 4 20415 101 31 4月 18 2018 share

6、格式化Hadoop，都在NN01上面操作
[root@nn01 hadoop]# cd /usr/local/hadoop/
[root@nn01 hadoop]# pwd
/usr/local/hadoop
[root@nn01 hadoop]# ls
aa bb bin etc include lib libexec LICENSE.txt NOTICE.txt README.txt sbin share
[root@nn01 hadoop]# ./bin/hdfs namenode -format
18/11/30 14:57:43 INFO namenode.NameNode: STARTUP_MSG:
/************************************************************
STARTUP_MSG: Starting NameNode
STARTUP_MSG: host = nn01/192.168.1.21
STARTUP_MSG: args = [-format]
STARTUP_MSG: version = 2.7.6
#######################################################################
18/11/30 14:57:44 INFO namenode.NNStorageRetentionManager: Going to retain 1 images with txid >= 0
18/11/30 14:57:44 INFO util.ExitUtil: Exiting with status 0
18/11/30 14:57:44 INFO namenode.NameNode: SHUTDOWN_MSG:
/************************************************************
SHUTDOWN_MSG: Shutting down NameNode at nn01/192.168.1.21
************************************************************/

启动集群
[root@nn01 hadoop]# ./sbin/start-dfs.sh
Starting namenodes on [nn01]
nn01: starting namenode, logging to /usr/local/hadoop/logs/hadoop-root-namenode-nn01.out
node1: starting datanode, logging to /usr/local/hadoop/logs/hadoop-root-datanode-node1.out
node2: starting datanode, logging to /usr/local/hadoop/logs/hadoop-root-datanode-node2.out
node3: starting datanode, logging to /usr/local/hadoop/logs/hadoop-root-datanode-node3.out
Starting secondary namenodes [nn01]
nn01: starting secondarynamenode, logging to /usr/local/hadoop/logs/hadoop-root-secondarynamenode-nn01.out

验证角色，每台机器都看一眼
[root@nn01 hadoop]# jps
11333 SecondaryNameNode
11448 Jps
11146 NameNode

其他3台机器都是DataNode
[root@node1 ~]# jps
1360 DataNode
1434 Jps
[root@node1 ~]#

[root@node2 ~]# jps
1417 Jps
1342 DataNode

[root@node3 ~]# jps
1360 DataNode
1435 Jps

报告集群状态，可以看到有3个角色成功了
[root@nn01 hadoop]# ./bin/hdfs dfsadmin -report
Configured Capacity: 51505004544 (47.97 GB)
Present Capacity: 45306929152 (42.20 GB)
DFS Remaining: 45306916864 (42.20 GB)
DFS Used: 12288 (12 KB)
DFS Used%: 0.00%
Under replicated blocks: 0
Blocks with corrupt replicas: 0
Missing blocks: 0
Missing blocks (with replication factor 1): 0

————————————————-
Live datanodes (3):

Name: 192.168.1.24:50010 (node3)
Hostname: node3
Decommission Status : Normal
Configured Capacity: 17168334848 (15.99 GB)
DFS Used: 4096 (4 KB)
Non DFS Used: 2066079744 (1.92 GB)
DFS Remaining: 15102251008 (14.07 GB)
DFS Used%: 0.00%
DFS Remaining%: 87.97%
Configured Cache Capacity: 0 (0 B)
Cache Used: 0 (0 B)
Cache Remaining: 0 (0 B)
Cache Used%: 100.00%
Cache Remaining%: 0.00%
Xceivers: 1
Last contact: Fri Nov 30 14:58:43 CST 2018

Name: 192.168.1.22:50010 (node1)
Hostname: node1
Decommission Status : Normal
Configured Capacity: 17168334848 (15.99 GB)
DFS Used: 4096 (4 KB)
Non DFS Used: 2065956864 (1.92 GB)
DFS Remaining: 15102373888 (14.07 GB)
DFS Used%: 0.00%
DFS Remaining%: 87.97%
Configured Cache Capacity: 0 (0 B)
Cache Used: 0 (0 B)
Cache Remaining: 0 (0 B)
Cache Used%: 100.00%
Cache Remaining%: 0.00%
Xceivers: 1
Last contact: Fri Nov 30 14:58:43 CST 2018

Name: 192.168.1.23:50010 (node2)
Hostname: node2
Decommission Status : Normal
Configured Capacity: 17168334848 (15.99 GB)
DFS Used: 4096 (4 KB)
Non DFS Used: 2066038784 (1.92 GB)
DFS Remaining: 15102291968 (14.07 GB)
DFS Used%: 0.00%
DFS Remaining%: 87.97%
Configured Cache Capacity: 0 (0 B)
Cache Used: 0 (0 B)
Cache Remaining: 0 (0 B)
Cache Used%: 100.00%
Cache Remaining%: 0.00%
Xceivers: 1
Last contact: Fri Nov 30 14:58:43 CST 2018

今天的实验到此完毕

实验改进：由于手贱升级了JAVA，造成无法找到目录，现在尝试恢复
[root@nn01 ~]# jps
823 Jps
[root@nn01 ~]# cd /usr/local/hadoop/
[root@nn01 hadoop]# ./sbin/start-dfs.sh
Starting namenodes on [nn01]
nn01: starting namenode, logging to /usr/local/hadoop/logs/hadoop-root-namenode-nn01.out
node2: starting datanode, logging to /usr/local/hadoop/logs/hadoop-root-datanode-node2.out
node3: starting datanode, logging to /usr/local/hadoop/logs/hadoop-root-datanode-node3.out
node1: starting datanode, logging to /usr/local/hadoop/logs/hadoop-root-datanode-node1.out
node2: /usr/local/hadoop/bin/hdfs: line 304: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64/jre/bin/java: No such file or directory
node3: /usr/local/hadoop/bin/hdfs: line 304: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64/jre/bin/java: No such file or directory
node1: /usr/local/hadoop/bin/hdfs: line 304: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el7_5.x86_64/jre/bin/java: No such file or directory
Starting secondary namenodes [nn01]
nn01: starting secondarynamenode, logging to /usr/local/hadoop/logs/hadoop-root-secondarynamenode-nn01.out
可以看到，JAVA找不到目录
重新确认一下目录，可以看到，目录变成了/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre
[root@node1 ~]# rpm -ql java-1.8.0-openjdk
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre/bin/policytool
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre/lib/amd64/libawt_xawt.so
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre/lib/amd64/libjawt.so
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre/lib/amd64/libjsoundalsa.so
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre/lib/amd64/libsplashscreen.so
/usr/share/applications/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64-policytool.desktop
/usr/share/icons/hicolor/16×16/apps/java-1.8.0.png
/usr/share/icons/hicolor/24×24/apps/java-1.8.0.png
/usr/share/icons/hicolor/32×32/apps/java-1.8.0.png
/usr/share/icons/hicolor/48×48/apps/java-1.8.0.png

所以，把目录重新指定一下，所有机器都要做，注意，我的NN01由于没有升级JAVA，所以目录还是原来的不懂
[root@node1 hadoop]# vim etc/hadoop/hadoop-env.sh
[root@node1 hadoop]# pwd
/usr/local/hadoop
[root@node1 hadoop]# grep “JAVA_HOME” etc/hadoop/hadoop-env.sh
# The only required environment variable is JAVA_HOME. All others are
# set JAVA_HOME in this file, so that it is correctly defined on
export JAVA_HOME=”/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre”
[root@node1 hadoop]#

再次重新启动，就一切正常了
[root@nn01 hadoop]# ./sbin/start-dfs.sh
Starting namenodes on [nn01]
nn01: starting namenode, logging to /usr/local/hadoop/logs/hadoop-root-namenode-nn01.out
node2: starting datanode, logging to /usr/local/hadoop/logs/hadoop-root-datanode-node2.out
node1: starting datanode, logging to /usr/local/hadoop/logs/hadoop-root-datanode-node1.out
node3: starting datanode, logging to /usr/local/hadoop/logs/hadoop-root-datanode-node3.out
Starting secondary namenodes [nn01]
nn01: starting secondarynamenode, logging to /usr/local/hadoop/logs/hadoop-root-secondarynamenode-nn01.out
[root@nn01 hadoop]# ./bin/hdfs dfsadmin -report
Configured Capacity: 51505004544 (47.97 GB)
Present Capacity: 45398556672 (42.28 GB)
DFS Remaining: 45398532096 (42.28 GB)
DFS Used: 24576 (24 KB)
DFS Used%: 0.00%
Under replicated blocks: 0
Blocks with corrupt replicas: 0
Missing blocks: 0
Missing blocks (with replication factor 1): 0

————————————————-
Live datanodes (3):

Name: 192.168.1.24:50010 (node3)
Hostname: node3
Decommission Status : Normal
Configured Capacity: 17168334848 (15.99 GB)
DFS Used: 8192 (8 KB)
Non DFS Used: 2035486720 (1.90 GB)
DFS Remaining: 15132839936 (14.09 GB)
DFS Used%: 0.00%
DFS Remaining%: 88.14%
Configured Cache Capacity: 0 (0 B)
Cache Used: 0 (0 B)
Cache Remaining: 0 (0 B)
Cache Used%: 100.00%
Cache Remaining%: 0.00%
Xceivers: 1
Last contact: Fri Dec 07 10:41:46 CST 2018

Name: 192.168.1.22:50010 (node1)
Hostname: node1
Decommission Status : Normal
Configured Capacity: 17168334848 (15.99 GB)
DFS Used: 8192 (8 KB)
Non DFS Used: 2035470336 (1.90 GB)
DFS Remaining: 15132856320 (14.09 GB)
DFS Used%: 0.00%
DFS Remaining%: 88.14%
Configured Cache Capacity: 0 (0 B)
Cache Used: 0 (0 B)
Cache Remaining: 0 (0 B)
Cache Used%: 100.00%
Cache Remaining%: 0.00%
Xceivers: 1
Last contact: Fri Dec 07 10:41:47 CST 2018

Name: 192.168.1.23:50010 (node2)
Hostname: node2
Decommission Status : Normal
Configured Capacity: 17168334848 (15.99 GB)
DFS Used: 8192 (8 KB)
Non DFS Used: 2035490816 (1.90 GB)
DFS Remaining: 15132835840 (14.09 GB)
DFS Used%: 0.00%
DFS Remaining%: 88.14%
Configured Cache Capacity: 0 (0 B)
Cache Used: 0 (0 B)
Cache Remaining: 0 (0 B)
Cache Used%: 100.00%
Cache Remaining%: 0.00%
Xceivers: 1
Last contact: Fri Dec 07 10:41:47 CST 2018

发表在 hadoop | 标签为 Hadoop | 留下评论

ELK发送数据报错 curl: (35) Encountered end of file

发表于2018年11月29日由tim, arc

[root@kibana ~]# curl -X “POST” “https://192.168.1.61:9200/_bulk” –data-binary @shakespeare.json
curl: (35) Encountered end of file

这个原因完全是疏忽大意了，很简单，因为服务器443端口没开放。

其实就是因为我把http打成了https。改成http发送就对了

发表在 ELK | 标签为 ELK | 留下评论

qemu-kvm: CPU feature spec-ctrl not found

发表于2018年11月29日由toky, jim

今天我在准备虚拟机环境的时候，遇到了一个故障，kmv报错如下

internal error: process exited while connecting to monitor: 2018-11-28T16:04:46.324652Z qemu-kvm: CPU feature spec-ctrl not found

具体的意思，就是CPU架构不支持spec-ctrl，于时我各种查资料，抱着一线希望查了一下百度，那么结果可能大家都知道，百度没什么卵用，最后还是去google上面去查，找到了答案：

原因就是我之前更新了linux，但是新版本的KVM/LIBVIRT/QEMU之间的版本兼容性出现了问题，之前旧版本的XML文件，新版本居然不认识了，重现修改CPU的配置如下：

修改前

  <cpu mode='custom' match='exact' check='partial'>
    <model fallback='allow'>Haswell-noTSX-IBRS</model>
  </cpu>

修改后

  <cpu mode='custom' match='exact' check='partial'>
    <model fallback='allow'>Haswell-noTSX</model>
  </cpu>

改完，收工，重新define，一切正常。

以下是这个小哥的原文，链接是

http://blog.lick-me.org/2018/05/failed-to-start-domain-host-cpu-does-not-provide-required-features-spec-ctrl/

“Failed to start domain – Host CPU does not provide required features: spec-ctrl”

[root@foo ~]# virsh start bar
error: Failed to start domain bar
error: the CPU is incompatible with host CPU: Host CPU does not provide required features: spec-ctrl

After a recent CentOS update and reboot, certain VMs refused to start, bailing out with the error message above. The interwebz didn’t really offer much in terms of advice. After talking to people with more clue, a working theory was formed: the version combination of kernel/libvirt/kvm/qemu is messed up. Rolling back to an older version was not an option.

The root cause is Intel’s Spectre vulnerability and its mitigation. The fix proved to be surprisingly simple. Simply edit the VM definition (“virsh edit foo”) and remove “-IBRS” from the CPU definition. Bear in mind that this does disable the Indirect Branch Restricted Speculation mitigation, so consider this a security disclaimer.

To recap:

  <cpu mode='custom' match='exact' check='partial'>
    <model fallback='allow'>Haswell-noTSX-IBRS</model>
  </cpu>

becomes

  <cpu mode='custom' match='exact' check='partial'>
    <model fallback='allow'>Haswell-noTSX</model>
  </cpu>

I’m not sure how this CPU model definition came to be. Did updating libvirt update the definition? Was the definition automatically detected when the VM was created, and did it stop working after an upgrade?

发表在 kvm | 标签为 kvm | 留下评论

磁盘扩容时报错 unexpected output in sfdisk

发表于2018年11月25日由toky, jim

在给主机扩容时报错

[root@openstack network-scripts]# /usr/bin/growpart /dev/vda 1
unexpected output in sfdisk –version [sfdisk，来自 util-linux 2.23.2]

解决办法：重新设置语言

[root@openstack network-scripts]# LANG=en_US.UTF-8

再次扩容就可以了

[root@openstack network-scripts]# /usr/bin/growpart /dev/vda 1
CHANGED: partition=1 start=2048 old: size=33552384 end=33554432 new: size=104855519,end=104857567

[root@openstack network-scripts]# xfs_growfs /dev/vda1
meta-data=/dev/vda1 isize=512 agcount=4, agsize=1048512 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0 spinodes=0
data = bsize=4096 blocks=4194048, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
data blocks changed from 4194048 to 13106939

发表在 kvm | 标签为 kvm | 留下评论

2025 年 5 月
一	二	三	四	五	六	日
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

System configuration

Configuring your Web server

Apache

Apache with mod_fcgid

nginx

Configuring PHP

Installation on Linux

Installing on Windows (virtual machine)

Installing via Snap packages

Prerequisites for manual installation

Example installation on Ubuntu 16.04 LTS server

Example installation on CentOS 7 server

Apache Web server configuration

Additional Apache configurations

Pretty URLs

Enabling SSL

Installation wizard

SELinux configuration tips

php.ini configuration notes

php-fpm configuration notes

Nginx configuration

Nextcloud in the webroot of nginx

Nextcloud in a subdir of nginx

Tips and tricks

Suppressing log messages

JavaScript (.js) or CSS (.css) files not served properly

查找内容

分类

近期文章

归档

页面

点击

标签