NextCloud的调优及安全配置

一、添加缓存
缓存你可以选择memcached或者redis,注意选择一种就可以,不是大型实例,多了也没什么用
1、添加memcached
[[email protected] ~]# yum install -y memcached
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cqu.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
* webtatic: uk.repo.webtatic.com
Resolving Dependencies
–> Running transaction check
—> Package memcached.x86_64 0:1.4.15-10.el7_3.1 will be installed
–> Processing Dependency: libevent-2.0.so.5()(64bit) for package: memcached-1.4.15-10.el7_3.1.x86_64
–> Running transaction check
—> Package libevent.x86_64 0:2.0.21-4.el7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
memcached x86_64 1.4.15-10.el7_3.1 base 85 k
Installing for dependencies:
libevent x86_64 2.0.21-4.el7 base 214 k

Transaction Summary
================================================================================
Install 1 Package (+1 Dependent package)

Total download size: 299 k
Installed size: 901 k
Downloading packages:
(1/2): memcached-1.4.15-10.el7_3.1.x86_64.rpm | 85 kB 00:00
(2/2): libevent-2.0.21-4.el7.x86_64.rpm | 214 kB 00:00
——————————————————————————–
Total 645 kB/s | 299 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libevent-2.0.21-4.el7.x86_64 1/2
Installing : memcached-1.4.15-10.el7_3.1.x86_64 2/2
Verifying : memcached-1.4.15-10.el7_3.1.x86_64 1/2
Verifying : libevent-2.0.21-4.el7.x86_64 2/2

Installed:
memcached.x86_64 0:1.4.15-10.el7_3.1

Dependency Installed:
libevent.x86_64 0:2.0.21-4.el7

Complete!
[[email protected] ~]# cat /etc/sysconfig/memcached
PORT=”11211″
USER=”memcached”
MAXCONN=”1024″
CACHESIZE=”64″
OPTIONS=””
启用memcached
[[email protected] ~]# systemctl restart memcached
[[email protected] ~]# systemctl enable memcached
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
确认memcached已经启用
[[email protected] ~]# netstat -antup | grep 11211
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 12200/memcached
tcp6 0 0 :::11211 :::* LISTEN 12200/memcached
udp 0 0 0.0.0.0:11211 0.0.0.0:* 12200/memcached
udp6 0 0 :::11211 :::* 12200/memcached

然后修改配置文件,在 ); 内添加
‘memcached_servers’ => array(
array(‘localhost’, 11211),
),
代码如下:
(注意,百度上我搜过了,很多人的配置文件一看就是复制粘贴的,一个人写错了,个个都复制错了,很多人写的是
‘memcache.local’ => ‘\OC\Memcache\APCu’,
‘memcache.distributed’ => ‘\OC\Memcache\Memcached’,
‘memcached_servers’ => array(
array(‘localhost’, 11211),
),
注意,这个本身是官方给的httpd的格式,nginx不是这样)

[[email protected] config]# pwd
/usr/share/nginx/nextcloud/config
[[email protected] config]# cat config.php
<?php
$CONFIG = array (
‘instanceid’ => ‘ocaemai81f1w’,
‘passwordsalt’ => ‘7xQYU/kEn0Vbss5XckNEspp1haKKyj’,
‘secret’ => ‘MftfjmfndXaBEfvUsc1+jyyzAOs8NTNheA6E+gsLJdp8wvU0’,
‘trusted_domains’ =>
array (
0 => ‘176.204.100.100’,
),
‘datadirectory’ => ‘/usr/share/nginx/nextcloud/data’,
‘dbtype’ => ‘mysql’,
‘version’ => ‘14.0.4.2’,
‘overwrite.cli.url’ => ‘https://176.204.100.100’,
‘dbname’ => ‘nextcloud_fencatn’,
‘dbhost’ => ‘localhost’,
‘dbport’ => ”,
‘dbtableprefix’ => ‘oc_’,
‘dbuser’ => ‘fencatn’,
‘dbpassword’ => ‘fencatn2018’,
‘installed’ => true,
‘memcached_servers’ => array(
array(‘localhost’, 11211),
),
);

[[email protected] config]#

2、添加redis缓存
你也可以选择redis
在nextcloud的config配置文件中添加如下,这个是通过TCP连接的:
‘redis’ => array(
‘host’ => ‘localhost’,
‘port’ => 6379,
),

还有性能更好的UNIX连接:
‘redis’ => array(
‘host’ => ‘/var/run/redis/redis.sock’,
‘port’ => 0,
‘dbindex’ => 0,
‘password’ => ‘secret’,
‘timeout’ => 1.5,
),

同时,官方还推荐加入如下,来用于存储文件锁:
‘memcache.locking’ => ‘\OC\Memcache\Redis’,

3、修改上传大小限制,nextcloud默认上传大小时512M,如果要调整,需要操作 php.ini 以及 nginx对应的虚拟主机文件
这个官方也有文档,你可以直接查阅,为了方便,我直接给你们粘贴过来了
https://docs.nextcloud.com/server/14/admin_manual/configuration_files/big_file_upload_configuration.html

Uploading big files > 512MB

The default maximum file size for uploads is 512MB. You can increase this limit up to what your filesystem and operating system allows. There are certain hard limits that cannot be exceeded:
  • < 2GB on 32Bit OS-architecture
  • < 2GB with IE6 - IE8
  • < 4GB with IE9 - IE11
64-bit filesystems have much higher limits; consult the documentation for your filesystem.

Note

The Nextcloud sync client is not affected by these upload limits as it is uploading files in smaller chunks.


System configuration

  • Make sure that the latest version of PHP is installed
  • Disable user quotas, which makes them unlimited
  • Your temp file or partition has to be big enough to hold multiple parallel uploads from multiple users; e.g. if the max upload size is 10GB and the average number of users uploading at the same time is 100: temp space has to hold at least 10×100 GB

Configuring your Web server

Note

Nextcloud comes with its own nextcloud/.htaccess file. Because php-fpm can’t read PHP settings in .htaccess these settings must be set in the nextcloud/.user.ini file.

Set the following two parameters inside the corresponding php.ini file (see the Loaded Configuration File section of PHP version and information to find your relevant php.ini files)

php_value upload_max_filesize 16G
php_value post_max_size 16G

Adjust these values for your needs. If you see PHP timeouts in your logfiles, increase the timeout values, which are in seconds:

php_value max_input_time 3600
php_value max_execution_time 3600

The mod_reqtimeout Apache module could also stop large uploads from completing. If you’re using this module and getting failed uploads of large files either disable it in your Apache config or raise the configured RequestReadTimeout timeouts.

There are also several other configuration options in your Web server config which could prevent the upload of larger files. Please see the manual of your Web server for how to configure those values correctly:

Apache with mod_fcgid

Note

If you are using Apache/2.4 with mod_fcgid, as of February/March 2016, FcgidMaxRequestInMem still needs to be significantly increased from its default value to avoid the occurrence of segmentation faults when uploading big files. This is not a regular setting but serves as a workaround for Apache with mod_fcgid bug #51747.

Setting FcgidMaxRequestInMem significantly higher than normal may no longer be necessary, once bug #51747 is fixed.

nginx

Since nginx 1.7.11 a new config option fastcgi_request_buffering is availabe. Setting this option to fastcgi_request_buffering off; in your nginx config might help with timeouts during the upload. Furthermore it helps if you’re running out of disc space on the tmp partition of your system.

For more info how to configure nginx to raise the upload limits see also this wiki entry.

Note

Make sure that client_body_temp_path points to a partition with adequate space for your upload file size, and on the same partition as the upload_tmp_dir or tempdirectory (see below). For optimal performance, place these on a separate hard drive that is dedicated to swap and temp storage.

If your site is behind a nginx frontend (for example a loadbalancer):

By default, downloads will be limited to 1GB due to proxy_buffering and proxy_max_temp_file_size on the frontend.


Configuring PHP

If you don’t want to use the Nextcloud .htaccess or .user.ini file, you may configure PHP instead. Make sure to comment out any lines .htaccess pertaining to upload size, if you entered any.

If you are running Nextcloud on a 32-bit system, any open_basedir directive in your php.ini file needs to be commented out.

Set the following two parameters inside php.ini, using your own desired file size values:

upload_max_filesize = 16G
post_max_size = 16G

Tell PHP which temp directory you want it to use:

upload_tmp_dir = /var/big_temp_file/

Output Buffering must be turned off in .htaccess or .user.ini or php.ini, or PHP will return memory-related errors:

  • output_buffering = 0
Configuring Nextcloud

As an alternative to the upload_tmp_dir of PHP (e.g. if you don’t have access to your php.ini) you can also configure a temporary location for uploaded files by using the tempdirectory setting in your config.php (See Configuration Parameters). If you have configured the session_lifetime setting in your config.php (See Configuration Parameters) file then make sure it is not too low. This setting needs to be configured to at least the time (in seconds) that the longest upload will take. If unsure remove this completely from your configuration to reset it to the default shown in the config.sample.php.
Configuring upload limits within the GUI

If all prerequisites described in this documentation are in place an admin can change the upload limits on demand by using the File handling input box within the administrative backend of Nextcloud. ../_images/admin_filehandling-1.png Depending on your environment you might get an insufficient permissions message shown for this input box. ../_images/admin_filehandling-2.png To be able to use this input box you need to make sure that:
  • your Web server is able to use the .htaccess file shipped by Nextcloud (Apache only)
  • the user your Web server is running as has write permissions to the files .htaccess and .user.ini

代码如下
(1)、配置 nextcloud/.user.ini
因为php-fpm不能直接读取.htaccess的PHP配置,所以要在nextcloud/.user.ini中配置这些选项
[[email protected] nextcloud]# pwd
/usr/share/nginx/nextcloud
[[email protected] nextcloud]# cat .user.ini
upload_max_filesize=511M
post_max_size=511M
memory_limit=512M
mbstring.func_overload=0
always_populate_raw_post_data=-1
default_charset=’UTF-8′
output_buffering=0
把这个配置修改一下,根据你的需要,我修改成16G
[[email protected] nextcloud]# vim .user.ini
[[email protected] nextcloud]# cat .user.ini
upload_max_filesize=16G
post_max_size=16G
memory_limit=512M
mbstring.func_overload=0
always_populate_raw_post_data=-1
default_charset=’UTF-8′
output_buffering=0
[[email protected] nextcloud]#
(2)、修改完大小,别忘了修改超时时间,我这里设置成3600秒,你可以根据自己的需求来修改
[[email protected] nextcloud]# cat .user.ini
upload_max_filesize=16G
post_max_size=16G
max_input_time 3600
max_execution_time 3600
memory_limit=512M
mbstring.func_overload=0
always_populate_raw_post_data=-1
default_charset=’UTF-8′
output_buffering=0
(3)如果你不想修改nextcloud的配置文件,你也可以修改PHP的配置文件,我这里两个都修改
[[email protected] nextcloud]# vim /etc/php.ini
799 upload_max_filesize = 16G
656 post_max_size = 16G
但是注意Output Buffering 必须在.htaccess 或者 .user.ini 或者 php.ini 全部关掉,否则报错memory-related errors:
230 output_buffering = 0
(4)完成之后重启PHP和Nginx
[[email protected] nextcloud]# systemctl restart nginx
[[email protected] nextcloud]# systemctl restart php-fpm

4、cron计划任务
官方本身有详细说明,你可以根据自己的需求配置,这里我直接选择cron计划任务了,原理很简单,用nginx用户,写个计划任务
再说一遍,是nginx用户执行这个计划任务!
https://docs.nextcloud.com/server/14/admin_manual/configuration_server/background_jobs_configuration.html#cron-jobs

代码如下

[[email protected] ~]# ll -h /usr/share/nginx/nextcloud/cron.php
-rw-r–r– 1 nginx nginx 4.9K Nov 22 08:14 /usr/share/nginx/nextcloud/cron.php

[[email protected] ~]# cron -e -u nginx
-bash: cron: command not found
[[email protected] ~]# crontab -e -u nginx
no crontab for nginx – using an empty one
crontab: installing new crontab

[[email protected] ~]# crontab -l -u nginx
*/15 * * * * php -f /usr/share/nginx/nextcloud/cron.php

 

此条目发表在Nextcloud分类目录,贴了标签。将固定链接加入收藏夹。

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注