server:nextcloud:installation:start
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
| server:nextcloud:installation:start [2026/05/28 21:51] – angelegt 91.115.82.214 | server:nextcloud:installation:start [2026/05/28 22:34] (aktuell) – 91.115.82.214 | ||
|---|---|---|---|
| Zeile 3: | Zeile 3: | ||
| Nachfolgend werden die Schritte beschrieben, | Nachfolgend werden die Schritte beschrieben, | ||
| - | Die Schritte werden auf dem Ubuntu Server in der Konsole ausgeführt. Als erstes die Root-Rechte am System einfordern: | + | *[[server:nextcloud:installation:installation:start|Installation]] |
| - | <code bash> | + | *[[server:nextcloud:installation:softwarekonfiguration:start|Software-Konfiguration]] |
| - | Anschließend muss dies noch mit dem Passwort des Users bestätigt werden (der User muss Teil der Gruppe sudoers sein).\\ | + | *[[server:nextcloud:installation:zertifikatgenerierung:start|Generierung der TLS-Zertifikate für Nextcloud]] |
| - | ===== Installation der Basiskomponenten ===== | + | |
| - | <code bash>apt update && apt install gnupg gnupg2 bzip2 pigz lsb-release wget imagemagick libmagickcore-7.q16-10-extra curl rsyslog dialog apt-utils cron</ | + | |
| - | + | ||
| - | ===== Webserver: nginx ===== | + | |
| - | Schlüssel des Hersteller-Repositories hinzufügen: | + | |
| - | <code bash> | + | |
| - | Paketquelle nginx hinzufügen: | + | |
| - | <code bash> | + | |
| - | Installation nginx: | + | |
| - | <code bash>apt update && apt install nginx</ | + | |
| - | Dienst aktivieren und nginx neu starten: | + | |
| - | <code bash> | + | |
| - | service nginx restart</ | + | |
| - | + | ||
| - | ===== Datenbank: MariaDB ===== | + | |
| - | Manuell ausführen: | + | |
| - | <code bash> | + | |
| - | Inhalt einfügen: | + | |
| - | <code bash> | + | |
| - | Und speichern | + | |
| - | GPG‑Key importieren: | + | |
| - | <code bash> | + | |
| - | curl -fsSL https:// | + | |
| - | | gpg --dearmor -o / | + | |
| - | Repo‑Datei anpassen: | + | |
| - | <code bash>sed -i 's|deb |deb [signed-by=/ | + | |
| - | Installation MariaDB: | + | |
| - | <code bash>apt update && apt install mariadb-server</ | + | |
| - | + | ||
| - | ===== PHP installieren ===== | + | |
| - | Installation aller benötigten PHP-Komponenten: | + | |
| - | <code bash>apt update && apt install php-fpm php-gd php-curl php-xml php-zip php-intl php-mbstring php-bz2 php-json php-apcu php-imagick php-gmp php-bcmath php-redis php-mysql</ | + | |
| - | + | ||
| - | ===== acme.sh für Let’s Encrypt Zertifikate ===== | + | |
| - | Benutzer letsencrypt anlegen (alle Angaben und die Abfrage zum Passwort des Users sind einfach mit ENTER zu bestätigen): | + | |
| - | <code bash> | + | |
| - | Den Benutzer letsencrypt der Gruppe www-data hinzufügen: | + | |
| - | <code bash> | + | |
| - | Benutzer letsencrypt berechtigen, | + | |
| - | <code bash> | + | |
| - | Hier ist ganz am Ende der Datei folgende Zeile einfügen: | + | |
| - | <code bash> | + | |
| - | In den Kontext des Benutzers letsencrypt wechseln: | + | |
| - | <code bash>su - letsencrypt</ | + | |
| - | Webserver mit dem Benutzer letsencrypt neu laden: | + | |
| - | <code bash> | + | |
| - | acme.sh installieren (im Kontext des Benutzers letsencrypt): | + | |
| - | <code bash> | + | |
| - | Abmelden des Benutzers letsencrypt: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== Redis ===== | + | |
| - | Installation | + | |
| - | <code bash>apt install redis-server</ | + | |
| - | + | ||
| - | + | ||
| - | ====== Software-Konfiguration ====== | + | |
| - | + | ||
| - | + | ||
| - | Übersicht über Shortcuts des Editors “nano”: | + | |
| - | + | ||
| - | ===== nginx ===== | + | |
| - | Sicherung der Standard-Konfiguration: | + | |
| - | <code bash>cp / | + | |
| - | Allgemeine Einstellungen nginx: | + | |
| - | <code bash> | + | |
| - | Folgende Einstellungen sollten hier gesetzt bzw. kontrolliert werden: | + | |
| - | • user www-data; | + | |
| - | • worker_processes auto; | + | |
| - | • server_tokens off; | + | |
| - | Komplette // | + | |
| - | <code bash> | + | |
| - | worker_processes | + | |
| - | error_log | + | |
| - | pid / | + | |
| - | + | ||
| - | events { | + | |
| - | worker_connections | + | |
| - | } | + | |
| - | http { | + | |
| - | include | + | |
| - | default_type | + | |
| - | log_format | + | |
| - | ' | + | |
| - | '" | + | |
| - | access_log | + | |
| - | sendfile | + | |
| - | # | + | |
| - | keepalive_timeout | + | |
| - | server_tokens off; | + | |
| - | #gzip on; | + | |
| - | include / | + | |
| - | }</ | + | |
| - | Deaktivierung der “Dummy-Webseite”: | + | |
| - | <code bash>mv / | + | |
| - | “Selbsttest” der Konfiguration: | + | |
| - | <code bash> | + | |
| - | nginx neu starten: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== MariaDB ===== | + | |
| - | mysql_secure_installation für MariaDB nachinstallieren, | + | |
| - | <code bash>apt install mariadb-client-compat</ | + | |
| - | Absicherung des Datenbanksystems: | + | |
| - | <code bash> | + | |
| - | Kopieren der Original-Einstellungen: | + | |
| - | <code bash>cp / | + | |
| - | Öffnen der allgemeinen Konfiguration von MariaDB: | + | |
| - | <code bash> | + | |
| - | Fügen Sie folgende Zeilen direkt nach der Definition der Sektion | + | |
| - | <code bash> | + | |
| - | slave_connections_needed_for_purge=0 | + | |
| - | Die komplette Datei 50-server.cnf: | + | |
| - | # | + | |
| - | # These groups are read by MariaDB server. | + | |
| - | # Use it for options that only the server (but not clients) should see | + | |
| - | # this is read by the standalone daemon and embedded servers | + | |
| - | [server] | + | |
| - | # this is only for the mysqld standalone daemon | + | |
| - | [mysqld] | + | |
| - | # Allow write access to tables with format ' | + | |
| - | innodb_read_only_compressed=OFF | + | |
| - | slave_connections_needed_for_purge=0 | + | |
| - | # | + | |
| - | # * Basic Settings | + | |
| - | # | + | |
| - | #user = mysql | + | |
| - | pid-file | + | |
| - | basedir | + | |
| - | # | + | |
| - | # | + | |
| - | # Broken reverse DNS slows down connections considerably and name resolve is | + | |
| - | # safe to skip if there are no "host by domain name" access grants | + | |
| - | # | + | |
| - | # Instead of skip-networking the default is now to listen only on | + | |
| - | # localhost which is more compatible and is not less secure. | + | |
| - | bind-address | + | |
| - | # | + | |
| - | # * Fine Tuning | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # This replaces the startup script and checks MyISAM tables if needed | + | |
| - | # the first time they are touched | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # * Logging and Replication | + | |
| - | # | + | |
| - | # Both location gets rotated by the cronjob. | + | |
| - | # Be aware that this log type is a performance killer. | + | |
| - | # Recommend only changing this at runtime for short testing periods if needed! | + | |
| - | # | + | |
| - | # | + | |
| - | # When running under systemd, error logging goes via stdout/ | + | |
| - | # and when running legacy init error logging goes to syslog due to | + | |
| - | # / | + | |
| - | # Enable this if you want to have error logging into a separate file | + | |
| - | #log_error = / | + | |
| - | # Enable the slow query log to see queries with especially long duration | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # The following can be used as easy to replay backup logs or for replication. | + | |
| - | # note: if you are setting up a replication slave, see README.Debian about | + | |
| - | # other settings you may need to change. | + | |
| - | # | + | |
| - | # | + | |
| - | expire_logs_days | + | |
| - | # | + | |
| - | # | + | |
| - | # * SSL/TLS | + | |
| - | # | + | |
| - | # For documentation, | + | |
| - | # https:// | + | |
| - | #ssl-ca = / | + | |
| - | #ssl-cert = / | + | |
| - | #ssl-key = / | + | |
| - | # | + | |
| - | # | + | |
| - | # * Character sets | + | |
| - | # | + | |
| - | # MySQL/ | + | |
| - | # utf8 4-byte character set. See also client.cnf | + | |
| - | character-set-server | + | |
| - | collation-server | + | |
| - | # | + | |
| - | # * InnoDB | + | |
| - | # | + | |
| - | # InnoDB is enabled by default with a 10MB datafile in / | + | |
| - | # Read the manual for more InnoDB related options. There are many! | + | |
| - | # Most important is to give InnoDB 80 % of the system RAM for buffer use: | + | |
| - | # https:// | + | |
| - | # | + | |
| - | # this is only for embedded server | + | |
| - | [embedded] | + | |
| - | # This group is only read by MariaDB servers, not by MySQL. | + | |
| - | # If you use the same .cnf file for MySQL and MariaDB, | + | |
| - | # you can put MariaDB-only options here | + | |
| - | [mariadb] | + | |
| - | # This group is only read by MariaDB-10.6 servers. | + | |
| - | # If you use the same .cnf file for MariaDB of different versions, | + | |
| - | # use this group for options that older servers don't understand | + | |
| - | [mariadb-11.8]</ | + | |
| - | Neustarten des Datenbank-Dienstes: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== PHP ===== | + | |
| - | Sichern der originalen Konfigurationsdateien: | + | |
| - | <code bash>cp / | + | |
| - | cp / | + | |
| - | cp / | + | |
| - | cp / | + | |
| - | Anpassen der Konfiguration | + | |
| - | <code bash>sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | Anpassen der FPM-Konfiguration: | + | |
| - | <code bash>sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | Anpassen der CLI-Konfiguration: | + | |
| - | <code bash>sed -i " | + | |
| - | sed -i ' | + | |
| - | Neustarten des PHP-Dienstes: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== acme.sh ===== | + | |
| - | Wechseln in den Kontext des Users “letsencrypt”: | + | |
| - | <code bash>su - letsencrypt</ | + | |
| - | Let’s Encrypt als Default-Provider für TLS-Zertifikate definieren: | + | |
| - | <code bash> | + | |
| - | Wechsel auf den normalen User: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== Redis ===== | + | |
| - | Sichern der originalen Konfiguration: | + | |
| - | <code bash>cp / | + | |
| - | Öffnen der Redis-Konfiguration: | + | |
| - | <code bash> | + | |
| - | Konfigurations-Einträge, | + | |
| - | <code bash> | + | |
| - | unixsocket / | + | |
| - | unixsocketperm 770</ | + | |
| - | Hinzufügen des Users “www-data” zur Gruppe “redis”: | + | |
| - | <code bash> | + | |
| - | Neustart des Redis-Dienstes: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== ufw ===== | + | |
| - | Firewall-Regeln festlegen: | + | |
| - | ufw default deny | + | |
| - | ufw allow 22 comment " | + | |
| - | ufw allow 80 comment " | + | |
| - | ufw allow 443 comment " | + | |
| - | Firewall aktivieren: | + | |
| - | ufw enable | + | |
| - | Regeln der Firewall anzeigen: | + | |
| - | ufw status numbered | + | |
| - | + | ||
| - | Generierung der TLS-Zertifikate für Nextcloud | + | |
| - | Verzeichnisse für die Zertifikate anlegen # | + | |
| - | Bei der Anlage bitte Ihre echte Domain angeben, da diese Teil der Verzeichnisstruktur ist. | + | |
| - | mkdir -p / | + | |
| - | mkdir -p / | + | |
| - | chown -R www-data: | + | |
| - | chmod -R 775 / | + | |
| - | + | ||
| - | Den ersten virtuellen Host für nginx erstellen # | + | |
| - | Erstellen des Verzeichnisses für die Let’s Encrypt Challenge: | + | |
| - | mkdir -p / | + | |
| - | chown -R www-data: | + | |
| - | chmod -R 775 / | + | |
| - | Anlegen des virtuellen Hosts: | + | |
| - | nano / | + | |
| - | Inhalt des “HTTP-Gateways”: | + | |
| - | server { | + | |
| - | listen 80 default_server; | + | |
| - | listen [::]:80 default_server; | + | |
| - | | + | |
| - | + | ||
| - | root /var/www; | + | |
| - | + | ||
| - | location ^~ / | + | |
| - | default_type text/ | + | |
| - | root / | + | |
| - | } | + | |
| - | + | ||
| - | location / { | + | |
| - | return 301 https:// | + | |
| - | } | + | |
| - | } | + | |
| - | nginx Selbsttest und Service neu starten: | + | |
| - | nginx -t | + | |
| - | service nginx restart | + | |
| - | + | ||
| - | Funktion des Webservers zur Zertifikats-Generierung überprüfen # | + | |
| - | Anlegen einer Text-Datei mit beliebigem Inhalt: | + | |
| - | echo " | + | |
| - | Test-Datei im Browser abrufen: | + | |
| - | Test-Datei nach erfolgreichem Test löschen: | + | |
| - | rm -f / | + | |
| - | + | ||
| - | TLS-Zertifikate für Nextcloud generieren # | + | |
| - | In den Kontext des Users ’letsencrypt’´wechseln: | + | |
| - | su - letsencrypt | + | |
| - | Ausstellen des RSA-Zertifikats: | + | |
| - | acme.sh --issue -d nextcloud.hoeglinger.name --keylength 4096 -w / | + | |
| - | Ausstellen des ECDSA-Zertifikats: | + | |
| - | acme.sh --issue -d nextcloud.hoeglinger.name --keylength ec-384 -w / | + | |
| - | Abmelden des Benutzers ’letsencrypt' | + | |
| - | exit | + | |
| - | + | ||
| - | Diffie-Hellman-Parameter generieren # | + | |
| - | mkdir -p / | + | |
| - | openssl dhparam -out / | + | |
| - | + | ||
| - | + | ||
| - | Den Webserver für Nextcloud vorbereiten | + | |
| - | SSL konfigurieren # | + | |
| - | Anlegen der allgemeinen SSL-Konfiguration: | + | |
| - | mkdir -p / | + | |
| - | nano / | + | |
| - | Inhalt der Datei: | + | |
| - | # | + | |
| - | # SSL Configuration | + | |
| - | # | + | |
| - | ssl_protocols TLSv1.2 TLSv1.3; | + | |
| - | # SSL ciphers: RSA + ECDSA | + | |
| - | # Two certificate types (ECDSA, RSA) are needed. | + | |
| - | ssl_ciphers ' | + | |
| - | # Diffie-Hellman parameter for DHE ciphersuites, | + | |
| - | ssl_dhparam / | + | |
| - | # Use multiple curves. | + | |
| - | ssl_ecdh_curve secp521r1: | + | |
| - | # Server should determine the ciphers, not the client | + | |
| - | ssl_prefer_server_ciphers on; | + | |
| - | # SSL session handling | + | |
| - | ssl_session_timeout 1d; | + | |
| - | ssl_session_cache shared: | + | |
| - | ssl_session_tickets off; | + | |
| - | # See https:// | + | |
| - | # | + | |
| - | # | + | |
| - | # DNS resolver | + | |
| - | resolver 192.168.178.1; | + | |
| - | + | ||
| - | Header-Konfiguration vornehmen # | + | |
| - | Anlegen einer allgemeinen Konfiguration für die vom Webserver auszuliefernden Header: | + | |
| - | nano / | + | |
| - | Inhalt der Datei: | + | |
| - | # | + | |
| - | # Header configuration | + | |
| - | # | + | |
| - | add_header Strict-Transport-Security " | + | |
| - | add_header X-Content-Type-Options " | + | |
| - | add_header X-XSS-Protection "1; mode=block" | + | |
| - | add_header X-Robots-Tag " | + | |
| - | add_header X-Download-Options noopen always; | + | |
| - | add_header X-Permitted-Cross-Domain-Policies none always; | + | |
| - | add_header Referrer-Policy no-referrer always; | + | |
| - | add_header X-Frame-Options " | + | |
| - | fastcgi_hide_header X-Powered-By; | + | |
| - | + | ||
| - | Einen virtuellen Host für Nextcloud anlegen # | + | |
| - | Virtuellen Host anlegen: | + | |
| - | nano / | + | |
| - | Inhalt des virtuellen Hosts: | + | |
| - | upstream php-handler { | + | |
| - | server unix:/ | + | |
| - | } | + | |
| - | # Set the `immutable` cache control options only for assets with a cache busting `v` argument | + | |
| - | map $arg_v $asset_immutable { | + | |
| - | "" | + | |
| - | default " | + | |
| - | } | + | |
| - | server { | + | |
| - | listen 443 ssl; | + | |
| - | listen [::]:443 ssl; | + | |
| - | http2 on; | + | |
| - | server_name nextcloud.hoeglinger.name 192.168.178.55; | + | |
| - | # Path to the root of your installation | + | |
| - | root / | + | |
| - | + | ||
| - | # SSL configuration | + | |
| - | # RSA certificates | + | |
| - | ssl_certificate / | + | |
| - | ssl_certificate_key / | + | |
| - | # ECC certificates | + | |
| - | ssl_certificate / | + | |
| - | ssl_certificate_key / | + | |
| - | + | ||
| - | # This should be ca.pem (certificate with the additional intermediate certificate) | + | |
| - | # See here: https:// | + | |
| - | # ECC | + | |
| - | ssl_trusted_certificate / | + | |
| - | + | ||
| - | # Include SSL configuration | + | |
| - | include / | + | |
| - | + | ||
| - | # Include headers | + | |
| - | include / | + | |
| - | + | ||
| - | # The settings allows you to optimize the HTTP2 bandwidth. | + | |
| - | # See https:// | + | |
| - | # for tuning hints | + | |
| - | client_body_buffer_size 512k; | + | |
| - | + | ||
| - | include mime.types; | + | |
| - | types { | + | |
| - | text/ | + | |
| - | } | + | |
| - | # set max upload size and increase upload timeout: | + | |
| - | client_max_body_size 10G; | + | |
| - | client_body_timeout 300s; | + | |
| - | fastcgi_buffers 64 4K; | + | |
| - | # Enable gzip but do not remove ETag headers | + | |
| - | gzip on; | + | |
| - | gzip_vary on; | + | |
| - | gzip_comp_level 4; | + | |
| - | gzip_min_length 256; | + | |
| - | gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; | + | |
| - | gzip_types application/ | + | |
| - | # Pagespeed is not supported by Nextcloud, so if your server is built | + | |
| - | # with the `ngx_pagespeed` module, uncomment this line to disable it. | + | |
| - | #pagespeed off; | + | |
| - | # Specify how to handle directories -- specifying `/ | + | |
| - | # here as the fallback means that Nginx always exhibits the desired behaviour | + | |
| - | # when a client requests a path that corresponds to a directory that exists | + | |
| - | # on the server. In particular, if that directory contains an index.php file, | + | |
| - | # that file is correctly served; if it doesn' | + | |
| - | # the front-end controller. This consistent behaviour means that we don't need | + | |
| - | # to specify custom rules for certain paths (e.g. images and other assets, | + | |
| - | # `/updater`, `/ | + | |
| - | # `try_files $uri $uri/ / | + | |
| - | # always provides the desired behaviour. | + | |
| - | index index.php index.html / | + | |
| - | # Rule borrowed from `.htaccess` to handle Microsoft DAV clients | + | |
| - | location = / { | + | |
| - | if ( $http_user_agent ~ ^DavClnt ) { | + | |
| - | return 302 / | + | |
| - | } | + | |
| - | } | + | |
| - | location = /robots.txt { | + | |
| - | allow all; | + | |
| - | log_not_found off; | + | |
| - | access_log off; | + | |
| - | } | + | |
| - | # Make a regex exception for `/ | + | |
| - | # access it despite the existence of the regex rule | + | |
| - | # `location ~ / | + | |
| - | # for `/ | + | |
| - | location ^~ / | + | |
| - | # The rules in this block are an adaptation of the rules | + | |
| - | # in `.htaccess` that concern `/ | + | |
| - | location = / | + | |
| - | location = / | + | |
| - | location / | + | |
| - | location / | + | |
| - | # Let Nextcloud' | + | |
| - | # requests by passing them to the front-end controller. | + | |
| - | return 301 / | + | |
| - | } | + | |
| - | # Rules borrowed from `.htaccess` to hide certain paths from clients | + | |
| - | location ~ ^/ | + | |
| - | location ~ ^/ | + | |
| - | # Ensure this block, which passes PHP files to the PHP process, is above the blocks | + | |
| - | # which handle static assets (as seen below). If this block is not declared first, | + | |
| - | # then Nginx will encounter an infinite rewriting loop when it prepends `/ | + | |
| - | # to the URI, resulting in a HTTP 500 error response. | + | |
| - | location ~ \.php(?: | + | |
| - | # Required for legacy support | + | |
| - | rewrite ^/ | + | |
| - | fastcgi_split_path_info ^(.+? | + | |
| - | set $path_info $fastcgi_path_info; | + | |
| - | try_files $fastcgi_script_name =404; | + | |
| - | include fastcgi_params; | + | |
| - | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | + | |
| - | fastcgi_param PATH_INFO $path_info; | + | |
| - | fastcgi_param HTTPS on; | + | |
| - | fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice | + | |
| - | fastcgi_param front_controller_active true; # Enable pretty urls | + | |
| - | fastcgi_pass php-handler; | + | |
| - | fastcgi_intercept_errors on; | + | |
| - | fastcgi_request_buffering off; | + | |
| - | fastcgi_max_temp_file_size 0; | + | |
| - | + | ||
| - | fastcgi_read_timeout 600; | + | |
| - | fastcgi_send_timeout 600; | + | |
| - | fastcgi_connect_timeout 600; | + | |
| - | fastcgi_param PHP_VALUE " | + | |
| - | post_max_size = 10G | + | |
| - | max_execution_time = 3600 | + | |
| - | output_buffering = off"; | + | |
| - | } | + | |
| - | location ~ \.(?: | + | |
| - | try_files $uri / | + | |
| - | add_header Cache-Control " | + | |
| - | access_log off; # Optional: Don't log access to assets | + | |
| - | location ~ \.wasm$ { | + | |
| - | default_type application/ | + | |
| - | } | + | |
| - | } | + | |
| - | location ~ \.woff2?$ { | + | |
| - | try_files $uri / | + | |
| - | expires 7d; # Cache-Control policy borrowed from `.htaccess` | + | |
| - | access_log off; # Optional: Don't log access to assets | + | |
| - | } | + | |
| - | # Rule borrowed from `.htaccess` | + | |
| - | location /remote { | + | |
| - | return 301 / | + | |
| - | } | + | |
| - | location / { | + | |
| - | try_files $uri $uri/ / | + | |
| - | } | + | |
| - | } | + | |
| - | Test der nginx-Konfiguration: | + | |
| - | nginx -t | + | |
| - | Neustart des Webservers: | + | |
| - | service nginx restart | + | |
| - | + | ||
| - | + | ||
| - | Installation Nextcloud # | + | |
| - | Nextcloud herunterladen # | + | |
| - | Download der aktuellsten Nextcloud-Version, | + | |
| - | cd | + | |
| - | wget https:// | + | |
| - | tar -xjf latest.tar.bz2 -C /var/www | + | |
| - | rm latest.tar.bz2 | + | |
| - | Verzeichnisrechte setzen: | + | |
| - | chown -R www-data: | + | |
| - | + | ||
| - | Anlegen des Datenverzeichnisses # | + | |
| - | Datenverzeichnis außerhalb des Web-Roots anlegen und entsprechende Verzeichnis-Rechte setzen. | + | |
| - | #mkdir -p / | + | |
| - | #chown -R www-data:www-data / | + | |
| - | mkdir -p / | + | |
| - | chown -R www-data:www-data / | + | |
| - | + | ||
| - | Eine Datenbank für Nextcloud erstellen # | + | |
| - | Anmeldung an die Datenbank: | + | |
| - | mysql -u root -p | + | |
| - | Nach erfolgreicher Anmeldung stehen Sie dann im Prompt von MariaDB: | + | |
| - | MariaDB [(none)]> | + | |
| - | Anlegen eines Datenbank-Benutzers für die Nextcloud: | + | |
| - | CREATE USER nextclouduser@localhost IDENTIFIED BY ' | + | |
| - | Anlegen einer Datenbank für Nextcloud: | + | |
| - | CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci; | + | |
| - | Berechtigungen des Nextcloud-Datenbank-Benutzers für die Datenbank setzen: | + | |
| - | GRANT ALL PRIVILEGES on nextcloud.* to nextclouduser@localhost; | + | |
| - | Berechtigungen der Datenbank neu laden: | + | |
| - | FLUSH privileges; | + | |
| - | MariaDB-Kommandozeile beenden: | + | |
| - | exit; | + | |
| - | + | ||
| - | Das Setup von Nextcloud ausführen # | + | |
| - | Aufruf der Nextcloud-URL im Browser (nextcloudfuerdummies.decatec.de ist durch eigenen Domain zu ersetzen): | + | |
| - | https:// | + | |
| - | Daten für das Setup für Nextcloud: | + | |
| - | • Anmelden: beliebiger Benutzername (automatisch Benutzer mit Admin-Rechten in der Cloud) | + | |
| - | • Passwort: Ein beliebiges, sicheres Passwort | + | |
| - | • Datenverzeichnis: | + | |
| - | • Datenbank einrichten: MySQL/ | + | |
| - | • Datenbankkonto: | + | |
| - | • Datenbank-Passwort: | + | |
| - | • Datenbank-Name: | + | |
| - | • Datenbank-Host: | + | |
| - | Weiter mit einem Klick auf “Installieren” | + | |
| - | Die Installation | + | |
| - | + | ||
| - | Die Nextcloud-Installation optimieren # | + | |
| - | Sichern der config.php von Nextcloud. Den Benutzernamen ‘jan’ müssen Sie natürlich durch Ihren eigenen Benutzernamen unter Linux ersetzen. | + | |
| - | Diese Datei enthält sensible Informationen, | + | |
| - | cp / | + | |
| - | + | ||
| - | Festlegen einer Startzeit für das Wartungsfenster # | + | |
| - | Öffnen der Konfigurationsdatei von Nextcloud: | + | |
| - | nano / | + | |
| - | Angabe der Startzeit des Wartungszeitfensters am Ende der Datei, aber noch vor der schließenden Klammer: | + | |
| - | ' | + | |
| - | Hinweis: Angabe erfolgt hier in UTC. Ein Wert von ‘1’ bedeutet hier also 01:00 UTC und dementsprechend 02:00 MEZ/03:00 MESZ. | + | |
| - | + | ||
| - | Redis für transaktionale Dateisperren nutzen # | + | |
| - | config.php öffnen: | + | |
| - | nano / | + | |
| - | Folgende Zeilen am Ende der Datei (aber vor der letzten schließenden Klammer) einfügen: | + | |
| - | ' | + | |
| - | ' | + | |
| - | ' | + | |
| - | ' | + | |
| - | ' | + | |
| - | ' | + | |
| - | ), | + | |
| - | Die Änderungen werden mit dem Speichern der config.php aktiv. | + | |
| - | + | ||
| - | Konfiguration eines Speichercaches # | + | |
| - | config.php öffnen: | + | |
| - | nano / | + | |
| - | Am Ende (aber wieder vor der letzten schließenden Klammer) folgende Zeile einfügen: | + | |
| - | ' | + | |
| - | ' | + | |
| - | + | ||
| - | Standard-Telefonregion festlegen # | + | |
| - | Öffnen der Konfigurationsdatei von Nextcloud: | + | |
| - | nano / | + | |
| - | Angabe der Standard-Telefonregion am Ende der Datei, aber noch vor der schließenden Klammer: | + | |
| - | ' | + | |
| - | + | ||
| - | Einstellungen zum E-Mail-Server # | + | |
| - | Tragen Sie zunächst in den persönlichen Einstellungen Ihre private Mail-Adresse unter “E-Mail-Adresse” ein. | + | |
| - | Anschließend legen Sie ein neues E-Mail-Postfach an, welches nur für den Versand von Mail über die Nextcloud dient. Dazu können Sie auch einen beliebigen Freemail-Service nutzen. | + | |
| - | In den Admin-Einstellungen unter “Grundeinstellungen” muss anschließend der SMTP-Zugang konfiguriert werden. Hier eine Auswahl an SMTP-Einstellungen einiger Freemail-Anbieter: | + | |
| - | • Google Mail: https:// | + | |
| - | • GMX: https:// | + | |
| - | • web.de: | + | |
| - | + | ||
| - | Einen Cronjob für Nextcloud einrichten # | + | |
| - | Crontab des Users www-data bearbeiten: | + | |
| - | crontab -u www-data -e | + | |
| - | Fügen Sie folgende Zeile ein: | + | |
| - | */5 * * * * php -f / | + | |
| - | In den Admin-Einstellungen unter ‘Grundeinstellungen’ sollte in der Nextcloud nun automatisch der Eintrag ‘Cron (Empfohlen)’ | + | |
| - | + | ||
| - | Die Nextcloud-Installation anpassen, wenn am Server auch andere Programme laufen sollen | + | |
| - | Die Configuration von Nextcloud verschieben | + | |
| - | mv / | + | |
| - | Oder wenn die nicht existiert, dann | + | |
| - | mv / | + | |
| - | Symlink setzen | + | |
| - | ln -s / | + | |
| - | Nginx testen und neu laden | + | |
| - | nginx -t | + | |
| - | systemctl reload nginx | + | |
| - | + | ||
| - | Fehlende Include‑Zeile einfügen | + | |
| - | Datei öffnen | + | |
| - | nano / | + | |
| - | Und füge innerhalb des http { ... }‑Blocks, direkt unter der Zeile: | + | |
| - | include / | + | |
| - | diese Zeile ein: | + | |
| - | include / | + | |
| - | Der Block muss danach so aussehen: | + | |
| - | http { | + | |
| - | include | + | |
| - | default_type | + | |
| - | log_format | + | |
| - | ' | + | |
| - | '" | + | |
| - | access_log | + | |
| - | sendfile | + | |
| - | keepalive_timeout | + | |
| - | server_tokens off; | + | |
| - | include / | + | |
| - | include / | + | |
| - | } | + | |
| - | Speichern: CTRL+O | + | |
| - | Enter Beenden: CTRL+X | + | |
| - | Nginx testen | + | |
| - | nginx -t | + | |
| - | Muss „successful“ melden. | + | |
| - | Nginx neu laden | + | |
| - | systemctl reload nginx | + | |
| - | Port 443 testen | + | |
| - | openssl s_client -connect wiki.hoeglinger.name: | + | |
server/nextcloud/installation/start.1780005108.txt.gz · Zuletzt geändert: von 91.115.82.214
