server:nextcloud:installation:start
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
| server:nextcloud:installation:start [2026/05/28 22:20] – 91.115.82.214 | server:nextcloud:installation:start [2026/05/28 22:34] (aktuell) – 91.115.82.214 | ||
|---|---|---|---|
| Zeile 3: | Zeile 3: | ||
| Nachfolgend werden die Schritte beschrieben, | Nachfolgend werden die Schritte beschrieben, | ||
| - | Die Schritte werden auf dem Ubuntu Server in der Konsole ausgeführt. Als erstes die Root-Rechte am System einfordern: | + | *[[server:nextcloud:installation:installation:start|Installation]] |
| - | <code bash> | + | *[[server:nextcloud:installation:softwarekonfiguration:start|Software-Konfiguration]] |
| - | Anschließend muss dies noch mit dem Passwort des Users bestätigt werden (der User muss Teil der Gruppe sudoers sein).\\ | + | *[[server:nextcloud:installation:zertifikatgenerierung:start|Generierung der TLS-Zertifikate für Nextcloud]] |
| - | ===== Installation der Basiskomponenten ===== | + | |
| - | <code bash>apt update && apt install gnupg gnupg2 bzip2 pigz lsb-release wget imagemagick libmagickcore-7.q16-10-extra curl rsyslog dialog apt-utils cron</ | + | |
| - | + | ||
| - | ===== Webserver: nginx ===== | + | |
| - | Schlüssel des Hersteller-Repositories hinzufügen: | + | |
| - | <code bash> | + | |
| - | Paketquelle nginx hinzufügen: | + | |
| - | <code bash> | + | |
| - | Installation nginx: | + | |
| - | <code bash>apt update && apt install nginx</ | + | |
| - | Dienst aktivieren und nginx neu starten: | + | |
| - | <code bash> | + | |
| - | service nginx restart</ | + | |
| - | + | ||
| - | ===== Datenbank: MariaDB ===== | + | |
| - | Manuell ausführen: | + | |
| - | <code bash> | + | |
| - | Inhalt einfügen: | + | |
| - | <code bash> | + | |
| - | Und speichern | + | |
| - | GPG‑Key importieren: | + | |
| - | <code bash> | + | |
| - | curl -fsSL https:// | + | |
| - | | gpg --dearmor -o / | + | |
| - | Repo‑Datei anpassen: | + | |
| - | <code bash>sed -i 's|deb |deb [signed-by=/ | + | |
| - | Installation MariaDB: | + | |
| - | <code bash>apt update && apt install mariadb-server</ | + | |
| - | + | ||
| - | ===== PHP installieren ===== | + | |
| - | Installation aller benötigten PHP-Komponenten: | + | |
| - | <code bash>apt update && apt install php-fpm php-gd php-curl php-xml php-zip php-intl php-mbstring php-bz2 php-json php-apcu php-imagick php-gmp php-bcmath php-redis php-mysql</ | + | |
| - | + | ||
| - | ===== acme.sh für Let’s Encrypt Zertifikate ===== | + | |
| - | Benutzer letsencrypt anlegen (alle Angaben und die Abfrage zum Passwort des Users sind einfach mit ENTER zu bestätigen): | + | |
| - | <code bash> | + | |
| - | Den Benutzer letsencrypt der Gruppe www-data hinzufügen: | + | |
| - | <code bash> | + | |
| - | Benutzer letsencrypt berechtigen, | + | |
| - | <code bash> | + | |
| - | Hier ist ganz am Ende der Datei folgende Zeile einfügen: | + | |
| - | <code bash> | + | |
| - | In den Kontext des Benutzers letsencrypt wechseln: | + | |
| - | <code bash>su - letsencrypt</ | + | |
| - | Webserver mit dem Benutzer letsencrypt neu laden: | + | |
| - | <code bash> | + | |
| - | acme.sh installieren (im Kontext des Benutzers letsencrypt): | + | |
| - | <code bash> | + | |
| - | Abmelden des Benutzers letsencrypt: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== Redis ===== | + | |
| - | Installation | + | |
| - | <code bash>apt install redis-server</ | + | |
| - | + | ||
| - | + | ||
| - | ====== Software-Konfiguration ====== | + | |
| - | + | ||
| - | + | ||
| - | Übersicht über Shortcuts des Editors “nano”: | + | |
| - | + | ||
| - | ===== nginx ===== | + | |
| - | Sicherung der Standard-Konfiguration: | + | |
| - | <code bash>cp / | + | |
| - | Allgemeine Einstellungen nginx: | + | |
| - | <code bash> | + | |
| - | Folgende Einstellungen sollten hier gesetzt bzw. kontrolliert werden: | + | |
| - | • user www-data; | + | |
| - | • worker_processes auto; | + | |
| - | • server_tokens off; | + | |
| - | Komplette // | + | |
| - | <code bash> | + | |
| - | worker_processes | + | |
| - | error_log | + | |
| - | pid / | + | |
| - | + | ||
| - | events { | + | |
| - | worker_connections | + | |
| - | } | + | |
| - | http { | + | |
| - | include | + | |
| - | default_type | + | |
| - | log_format | + | |
| - | ' | + | |
| - | '" | + | |
| - | access_log | + | |
| - | sendfile | + | |
| - | # | + | |
| - | keepalive_timeout | + | |
| - | server_tokens off; | + | |
| - | #gzip on; | + | |
| - | include / | + | |
| - | }</ | + | |
| - | Deaktivierung der “Dummy-Webseite”: | + | |
| - | <code bash>mv / | + | |
| - | “Selbsttest” der Konfiguration: | + | |
| - | <code bash> | + | |
| - | nginx neu starten: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== MariaDB ===== | + | |
| - | mysql_secure_installation für MariaDB nachinstallieren, | + | |
| - | <code bash>apt install mariadb-client-compat</ | + | |
| - | Absicherung des Datenbanksystems: | + | |
| - | <code bash> | + | |
| - | Kopieren der Original-Einstellungen: | + | |
| - | <code bash>cp / | + | |
| - | Öffnen der allgemeinen Konfiguration von MariaDB: | + | |
| - | <code bash> | + | |
| - | Fügen Sie folgende Zeilen direkt nach der Definition der Sektion | + | |
| - | <code bash> | + | |
| - | slave_connections_needed_for_purge=0 | + | |
| - | Die komplette Datei 50-server.cnf: | + | |
| - | # | + | |
| - | # These groups are read by MariaDB server. | + | |
| - | # Use it for options that only the server (but not clients) should see | + | |
| - | # this is read by the standalone daemon and embedded servers | + | |
| - | [server] | + | |
| - | # this is only for the mysqld standalone daemon | + | |
| - | [mysqld] | + | |
| - | # Allow write access to tables with format ' | + | |
| - | innodb_read_only_compressed=OFF | + | |
| - | slave_connections_needed_for_purge=0 | + | |
| - | # | + | |
| - | # * Basic Settings | + | |
| - | # | + | |
| - | #user = mysql | + | |
| - | pid-file | + | |
| - | basedir | + | |
| - | # | + | |
| - | # | + | |
| - | # Broken reverse DNS slows down connections considerably and name resolve is | + | |
| - | # safe to skip if there are no "host by domain name" access grants | + | |
| - | # | + | |
| - | # Instead of skip-networking the default is now to listen only on | + | |
| - | # localhost which is more compatible and is not less secure. | + | |
| - | bind-address | + | |
| - | # | + | |
| - | # * Fine Tuning | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # This replaces the startup script and checks MyISAM tables if needed | + | |
| - | # the first time they are touched | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # * Logging and Replication | + | |
| - | # | + | |
| - | # Both location gets rotated by the cronjob. | + | |
| - | # Be aware that this log type is a performance killer. | + | |
| - | # Recommend only changing this at runtime for short testing periods if needed! | + | |
| - | # | + | |
| - | # | + | |
| - | # When running under systemd, error logging goes via stdout/ | + | |
| - | # and when running legacy init error logging goes to syslog due to | + | |
| - | # / | + | |
| - | # Enable this if you want to have error logging into a separate file | + | |
| - | #log_error = / | + | |
| - | # Enable the slow query log to see queries with especially long duration | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # The following can be used as easy to replay backup logs or for replication. | + | |
| - | # note: if you are setting up a replication slave, see README.Debian about | + | |
| - | # other settings you may need to change. | + | |
| - | # | + | |
| - | # | + | |
| - | expire_logs_days | + | |
| - | # | + | |
| - | # | + | |
| - | # * SSL/TLS | + | |
| - | # | + | |
| - | # For documentation, | + | |
| - | # https:// | + | |
| - | #ssl-ca = / | + | |
| - | #ssl-cert = / | + | |
| - | #ssl-key = / | + | |
| - | # | + | |
| - | # | + | |
| - | # * Character sets | + | |
| - | # | + | |
| - | # MySQL/ | + | |
| - | # utf8 4-byte character set. See also client.cnf | + | |
| - | character-set-server | + | |
| - | collation-server | + | |
| - | # | + | |
| - | # * InnoDB | + | |
| - | # | + | |
| - | # InnoDB is enabled by default with a 10MB datafile in / | + | |
| - | # Read the manual for more InnoDB related options. There are many! | + | |
| - | # Most important is to give InnoDB 80 % of the system RAM for buffer use: | + | |
| - | # https:// | + | |
| - | # | + | |
| - | # this is only for embedded server | + | |
| - | [embedded] | + | |
| - | # This group is only read by MariaDB servers, not by MySQL. | + | |
| - | # If you use the same .cnf file for MySQL and MariaDB, | + | |
| - | # you can put MariaDB-only options here | + | |
| - | [mariadb] | + | |
| - | # This group is only read by MariaDB-10.6 servers. | + | |
| - | # If you use the same .cnf file for MariaDB of different versions, | + | |
| - | # use this group for options that older servers don't understand | + | |
| - | [mariadb-11.8]</ | + | |
| - | Neustarten des Datenbank-Dienstes: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== PHP ===== | + | |
| - | Sichern der originalen Konfigurationsdateien: | + | |
| - | <code bash>cp / | + | |
| - | cp / | + | |
| - | cp / | + | |
| - | cp / | + | |
| - | Anpassen der Konfiguration | + | |
| - | <code bash>sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | Anpassen der FPM-Konfiguration: | + | |
| - | <code bash>sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | sed -i " | + | |
| - | Anpassen der CLI-Konfiguration: | + | |
| - | <code bash>sed -i " | + | |
| - | sed -i ' | + | |
| - | Neustarten des PHP-Dienstes: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== acme.sh ===== | + | |
| - | Wechseln in den Kontext des Users “letsencrypt”: | + | |
| - | <code bash>su - letsencrypt</ | + | |
| - | Let’s Encrypt als Default-Provider für TLS-Zertifikate definieren: | + | |
| - | <code bash> | + | |
| - | Wechsel auf den normalen User: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== Redis ===== | + | |
| - | Sichern der originalen Konfiguration: | + | |
| - | <code bash>cp / | + | |
| - | Öffnen der Redis-Konfiguration: | + | |
| - | <code bash> | + | |
| - | Konfigurations-Einträge, | + | |
| - | <code bash> | + | |
| - | unixsocket / | + | |
| - | unixsocketperm 770</ | + | |
| - | Hinzufügen des Users “www-data” zur Gruppe “redis”: | + | |
| - | <code bash> | + | |
| - | Neustart des Redis-Dienstes: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== ufw ===== | + | |
| - | Firewall-Regeln festlegen: | + | |
| - | <code bash>ufw default deny | + | |
| - | ufw allow 22 comment " | + | |
| - | ufw allow 80 comment " | + | |
| - | ufw allow 443 comment " | + | |
| - | Firewall aktivieren: | + | |
| - | <code bash>ufw enable</ | + | |
| - | Regeln der Firewall anzeigen: | + | |
| - | <code bash>ufw status numbered</ | + | |
| - | + | ||
| - | ====== | + | |
| - | ===== Verzeichnisse für die Zertifikate anlegen ===== | + | |
| - | Bei der Anlage bitte Ihre echte Domain angeben, da diese Teil der Verzeichnisstruktur ist. | + | |
| - | <code bash> | + | |
| - | mkdir -p / | + | |
| - | chown -R www-data: | + | |
| - | chmod -R 775 / | + | |
| - | + | ||
| - | ===== Den ersten virtuellen Host für nginx erstellen ===== | + | |
| - | Erstellen des Verzeichnisses für die Let’s Encrypt Challenge: | + | |
| - | <code bash> | + | |
| - | chown -R www-data: | + | |
| - | chmod -R 775 / | + | |
| - | Anlegen des virtuellen Hosts: | + | |
| - | <code bash> | + | |
| - | Inhalt des “HTTP-Gateways”: | + | |
| - | <code bash> | + | |
| - | listen 80 default_server; | + | |
| - | listen [::]:80 default_server; | + | |
| - | | + | |
| - | + | ||
| - | root /var/www; | + | |
| - | + | ||
| - | location ^~ / | + | |
| - | default_type text/ | + | |
| - | root / | + | |
| - | } | + | |
| - | + | ||
| - | location / { | + | |
| - | return 301 https:// | + | |
| - | } | + | |
| - | }</ | + | |
| - | nginx Selbsttest und Service neu starten: | + | |
| - | <code bash> | + | |
| - | service nginx restart</ | + | |
| - | + | ||
| - | ===== Funktion des Webservers zur Zertifikats-Generierung überprüfen ===== | + | |
| - | Anlegen einer Text-Datei mit beliebigem Inhalt: | + | |
| - | <code bash> | + | |
| - | Test-Datei im Browser abrufen: | + | |
| - | Test-Datei nach erfolgreichem Test löschen: | + | |
| - | <code bash>rm -f / | + | |
| - | + | ||
| - | ===== TLS-Zertifikate für Nextcloud generieren ===== | + | |
| - | In den Kontext des Users ’letsencrypt’´wechseln: | + | |
| - | <code bash>su - letsencrypt</ | + | |
| - | Ausstellen des RSA-Zertifikats: | + | |
| - | <code bash> | + | |
| - | Ausstellen des ECDSA-Zertifikats: | + | |
| - | <code bash> | + | |
| - | Abmelden des Benutzers ’letsencrypt' | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== Diffie-Hellman-Parameter generieren ===== | + | |
| - | Das kann schon mal einige Zeit dauern. Nur Geduld. | + | |
| - | <code bash> | + | |
| - | openssl dhparam -out / | + | |
| - | + | ||
| - | + | ||
| - | ====== | + | |
| - | ===== SSL konfigurieren ===== | + | |
| - | Anlegen der allgemeinen SSL-Konfiguration: | + | |
| - | <code bash> | + | |
| - | nano / | + | |
| - | Inhalt der Datei: | + | |
| - | <code bash># | + | |
| - | # SSL Configuration | + | |
| - | # | + | |
| - | ssl_protocols TLSv1.2 TLSv1.3; | + | |
| - | # SSL ciphers: RSA + ECDSA | + | |
| - | # Two certificate types (ECDSA, RSA) are needed. | + | |
| - | ssl_ciphers ' | + | |
| - | # Diffie-Hellman parameter for DHE ciphersuites, | + | |
| - | ssl_dhparam / | + | |
| - | # Use multiple curves. | + | |
| - | ssl_ecdh_curve secp521r1: | + | |
| - | # Server should determine the ciphers, not the client | + | |
| - | ssl_prefer_server_ciphers on; | + | |
| - | # SSL session handling | + | |
| - | ssl_session_timeout 1d; | + | |
| - | ssl_session_cache shared: | + | |
| - | ssl_session_tickets off; | + | |
| - | # See https:// | + | |
| - | # | + | |
| - | # | + | |
| - | # DNS resolver | + | |
| - | resolver 192.168.178.1;</ | + | |
| - | + | ||
| - | ===== Header-Konfiguration vornehmen ===== | + | |
| - | Anlegen einer allgemeinen Konfiguration für die vom Webserver auszuliefernden Header: | + | |
| - | <code bash> | + | |
| - | Inhalt der Datei: | + | |
| - | <code bash># | + | |
| - | # Header configuration | + | |
| - | # | + | |
| - | add_header Strict-Transport-Security " | + | |
| - | add_header X-Content-Type-Options " | + | |
| - | add_header X-XSS-Protection "1; mode=block" | + | |
| - | add_header X-Robots-Tag " | + | |
| - | add_header X-Download-Options noopen always; | + | |
| - | add_header X-Permitted-Cross-Domain-Policies none always; | + | |
| - | add_header Referrer-Policy no-referrer always; | + | |
| - | add_header X-Frame-Options " | + | |
| - | fastcgi_hide_header X-Powered-By;</ | + | |
| - | + | ||
| - | ===== Einen virtuellen Host für Nextcloud anlegen ===== | + | |
| - | Virtuellen Host anlegen: | + | |
| - | <code bash> | + | |
| - | Inhalt des virtuellen Hosts: | + | |
| - | <code bash> | + | |
| - | server unix:/ | + | |
| - | } | + | |
| - | # Set the `immutable` cache control options only for assets with a cache busting `v` argument | + | |
| - | map $arg_v $asset_immutable { | + | |
| - | "" | + | |
| - | default " | + | |
| - | } | + | |
| - | server { | + | |
| - | listen 443 ssl; | + | |
| - | listen [::]:443 ssl; | + | |
| - | http2 on; | + | |
| - | server_name nextcloud.hoeglinger.name 192.168.178.55; | + | |
| - | # Path to the root of your installation | + | |
| - | root / | + | |
| - | + | ||
| - | # SSL configuration | + | |
| - | # RSA certificates | + | |
| - | ssl_certificate / | + | |
| - | ssl_certificate_key / | + | |
| - | # ECC certificates | + | |
| - | ssl_certificate / | + | |
| - | ssl_certificate_key / | + | |
| - | + | ||
| - | # This should be ca.pem (certificate with the additional intermediate certificate) | + | |
| - | # See here: https:// | + | |
| - | # ECC | + | |
| - | ssl_trusted_certificate / | + | |
| - | + | ||
| - | # Include SSL configuration | + | |
| - | include / | + | |
| - | + | ||
| - | # Include headers | + | |
| - | include / | + | |
| - | + | ||
| - | # The settings allows you to optimize the HTTP2 bandwidth. | + | |
| - | # See https:// | + | |
| - | # for tuning hints | + | |
| - | client_body_buffer_size 512k; | + | |
| - | + | ||
| - | include mime.types; | + | |
| - | types { | + | |
| - | text/ | + | |
| - | } | + | |
| - | # set max upload size and increase upload timeout: | + | |
| - | client_max_body_size 10G; | + | |
| - | client_body_timeout 300s; | + | |
| - | fastcgi_buffers 64 4K; | + | |
| - | # Enable gzip but do not remove ETag headers | + | |
| - | gzip on; | + | |
| - | gzip_vary on; | + | |
| - | gzip_comp_level 4; | + | |
| - | gzip_min_length 256; | + | |
| - | gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; | + | |
| - | gzip_types application/ | + | |
| - | # Pagespeed is not supported by Nextcloud, so if your server is built | + | |
| - | # with the `ngx_pagespeed` module, uncomment this line to disable it. | + | |
| - | #pagespeed off; | + | |
| - | # Specify how to handle directories -- specifying `/ | + | |
| - | # here as the fallback means that Nginx always exhibits the desired behaviour | + | |
| - | # when a client requests a path that corresponds to a directory that exists | + | |
| - | # on the server. In particular, if that directory contains an index.php file, | + | |
| - | # that file is correctly served; if it doesn' | + | |
| - | # the front-end controller. This consistent behaviour means that we don't need | + | |
| - | # to specify custom rules for certain paths (e.g. images and other assets, | + | |
| - | # `/updater`, `/ | + | |
| - | # `try_files $uri $uri/ / | + | |
| - | # always provides the desired behaviour. | + | |
| - | index index.php index.html / | + | |
| - | # Rule borrowed from `.htaccess` to handle Microsoft DAV clients | + | |
| - | location = / { | + | |
| - | if ( $http_user_agent ~ ^DavClnt ) { | + | |
| - | return 302 / | + | |
| - | } | + | |
| - | } | + | |
| - | location = /robots.txt { | + | |
| - | allow all; | + | |
| - | log_not_found off; | + | |
| - | access_log off; | + | |
| - | } | + | |
| - | # Make a regex exception for `/ | + | |
| - | # access it despite the existence of the regex rule | + | |
| - | # `location ~ / | + | |
| - | # for `/ | + | |
| - | location ^~ / | + | |
| - | # The rules in this block are an adaptation of the rules | + | |
| - | # in `.htaccess` that concern `/ | + | |
| - | location = / | + | |
| - | location = / | + | |
| - | location / | + | |
| - | location / | + | |
| - | # Let Nextcloud' | + | |
| - | # requests by passing them to the front-end controller. | + | |
| - | return 301 / | + | |
| - | } | + | |
| - | # Rules borrowed from `.htaccess` to hide certain paths from clients | + | |
| - | location ~ ^/ | + | |
| - | location ~ ^/ | + | |
| - | # Ensure this block, which passes PHP files to the PHP process, is above the blocks | + | |
| - | # which handle static assets (as seen below). If this block is not declared first, | + | |
| - | # then Nginx will encounter an infinite rewriting loop when it prepends `/ | + | |
| - | # to the URI, resulting in a HTTP 500 error response. | + | |
| - | location ~ \.php(?: | + | |
| - | # Required for legacy support | + | |
| - | rewrite ^/ | + | |
| - | fastcgi_split_path_info ^(.+? | + | |
| - | set $path_info $fastcgi_path_info; | + | |
| - | try_files $fastcgi_script_name =404; | + | |
| - | include fastcgi_params; | + | |
| - | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | + | |
| - | fastcgi_param PATH_INFO $path_info; | + | |
| - | fastcgi_param HTTPS on; | + | |
| - | fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice | + | |
| - | fastcgi_param front_controller_active true; # Enable pretty urls | + | |
| - | fastcgi_pass php-handler; | + | |
| - | fastcgi_intercept_errors on; | + | |
| - | fastcgi_request_buffering off; | + | |
| - | fastcgi_max_temp_file_size 0; | + | |
| - | + | ||
| - | fastcgi_read_timeout 600; | + | |
| - | fastcgi_send_timeout 600; | + | |
| - | fastcgi_connect_timeout 600; | + | |
| - | fastcgi_param PHP_VALUE " | + | |
| - | post_max_size = 10G | + | |
| - | max_execution_time = 3600 | + | |
| - | output_buffering = off"; | + | |
| - | } | + | |
| - | location ~ \.(?: | + | |
| - | try_files $uri / | + | |
| - | add_header Cache-Control " | + | |
| - | access_log off; # Optional: Don't log access to assets | + | |
| - | location ~ \.wasm$ { | + | |
| - | default_type application/ | + | |
| - | } | + | |
| - | } | + | |
| - | location ~ \.woff2?$ { | + | |
| - | try_files $uri / | + | |
| - | expires 7d; # Cache-Control policy borrowed from `.htaccess` | + | |
| - | access_log off; # Optional: Don't log access to assets | + | |
| - | } | + | |
| - | # Rule borrowed from `.htaccess` | + | |
| - | location /remote { | + | |
| - | return 301 / | + | |
| - | } | + | |
| - | location / { | + | |
| - | try_files $uri $uri/ / | + | |
| - | } | + | |
| - | }</ | + | |
| - | Test der nginx-Konfiguration: | + | |
| - | <code bash> | + | |
| - | Neustart des Webservers: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | + | ||
| - | ====== Installation Nextcloud ====== | + | |
| - | ===== Nextcloud herunterladen ===== | + | |
| - | Download der aktuellsten Nextcloud-Version, | + | |
| - | <code bash> | + | |
| - | wget https:// | + | |
| - | tar -xjf latest.tar.bz2 -C /var/www | + | |
| - | rm latest.tar.bz2</ | + | |
| - | Verzeichnisrechte setzen: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | ===== Anlegen des Datenverzeichnisses ===== | + | |
| - | Datenverzeichnis außerhalb des Web-Roots anlegen und entsprechende Verzeichnis-Rechte setzen. | + | |
| - | <code bash> | + | |
| - | chown -R www-data:www-data / | + | |
| - | mkdir -p / | + | |
| - | chown -R www-data:www-data / | + | |
| - | + | ||
| - | ===== Eine Datenbank für Nextcloud erstellen ===== | + | |
| - | Anmeldung an die Datenbank: | + | |
| - | <code bash> | + | |
| - | Nach erfolgreicher Anmeldung stehen Sie dann im Prompt von MariaDB: | + | |
| - | <code bash> | + | |
| - | Anlegen eines Datenbank-Benutzers für die Nextcloud: | + | |
| - | <code bash> | + | |
| - | Anlegen einer Datenbank für Nextcloud: | + | |
| - | <code bash> | + | |
| - | Berechtigungen des Nextcloud-Datenbank-Benutzers für die Datenbank setzen: | + | |
| - | <code bash> | + | |
| - | Berechtigungen der Datenbank neu laden: | + | |
| - | <code bash> | + | |
| - | MariaDB-Kommandozeile beenden: | + | |
| - | <code bash> | + | |
| - | + | ||
| - | Das Setup von Nextcloud ausführen # | + | |
| - | Aufruf der Nextcloud-URL im Browser (nextcloudfuerdummies.decatec.de ist durch eigenen Domain zu ersetzen): | + | |
| - | https:// | + | |
| - | Daten für das Setup für Nextcloud: | + | |
| - | • **Anmelden**: | + | |
| - | • **Passwort**: | + | |
| - | • **Datenverzeichnis**: | + | |
| - | • **Datenbank einrichten**: | + | |
| - | • **Datenbankkonto**: | + | |
| - | • **Datenbank-Passwort**: | + | |
| - | • **Datenbank-Name**: | + | |
| - | • **Datenbank-Host**: | + | |
| - | Weiter mit einem Klick auf “Installieren” | + | |
| - | Die Installation | + | |
| - | + | ||
| - | ===== Die Nextcloud-Installation optimieren ===== | + | |
| - | Sichern der config.php von Nextcloud. Den Benutzernamen ‘jan’ müssen Sie natürlich durch Ihren eigenen Benutzernamen unter Linux ersetzen. | + | |
| - | Diese Datei enthält sensible Informationen, | + | |
| - | <code bash>cp / | + | |
| - | + | ||
| - | ===== Festlegen einer Startzeit für das Wartungsfenster ===== | + | |
| - | Öffnen der Konfigurationsdatei von Nextcloud: | + | |
| - | <code bash> | + | |
| - | Angabe der Startzeit des Wartungszeitfensters am Ende der Datei, aber noch vor der schließenden Klammer: | + | |
| - | <code bash>' | + | |
| - | Hinweis: Angabe erfolgt hier in UTC. Ein Wert von ‘1’ bedeutet hier also 01:00 UTC und dementsprechend 02:00 MEZ/03:00 MESZ. | + | |
| - | + | ||
| - | ===== Redis für transaktionale Dateisperren nutzen ===== | + | |
| - | config.php öffnen: | + | |
| - | <code bash> | + | |
| - | Folgende Zeilen am Ende der Datei (aber vor der letzten schließenden Klammer) einfügen: | + | |
| - | <code bash>' | + | |
| - | ' | + | |
| - | ' | + | |
| - | ' | + | |
| - | ' | + | |
| - | ' | + | |
| - | ),</ | + | |
| - | Die Änderungen werden mit dem Speichern der // | + | |
| - | + | ||
| - | ===== Konfiguration eines Speichercaches ===== | + | |
| - | config.php öffnen: | + | |
| - | <code bash> | + | |
| - | Am Ende (aber wieder vor der letzten schließenden Klammer) folgende Zeile einfügen: | + | |
| - | <code bash>' | + | |
| - | ' | + | |
| - | + | ||
| - | ===== Standard-Telefonregion festlegen ===== | + | |
| - | Öffnen der Konfigurationsdatei von Nextcloud: | + | |
| - | <code bash> | + | |
| - | Angabe der Standard-Telefonregion am Ende der Datei, aber noch vor der schließenden Klammer: | + | |
| - | <code bash>' | + | |
| - | + | ||
| - | ===== Einstellungen zum E-Mail-Server ===== | + | |
| - | Tragen Sie zunächst in den persönlichen Einstellungen Ihre private Mail-Adresse unter “E-Mail-Adresse” ein. | + | |
| - | Anschließend legen Sie ein neues E-Mail-Postfach an, welches nur für den Versand von Mail über die Nextcloud dient. Dazu können Sie auch einen beliebigen Freemail-Service nutzen. | + | |
| - | In den Admin-Einstellungen unter “Grundeinstellungen” muss anschließend der SMTP-Zugang konfiguriert werden. Hier eine Auswahl an SMTP-Einstellungen einiger Freemail-Anbieter: | + | |
| - | • Google Mail: https:// | + | |
| - | • GMX: https:// | + | |
| - | • web.de: | + | |
| - | + | ||
| - | ===== Einen Cronjob für Nextcloud einrichten ===== | + | |
| - | Crontab des Users www-data bearbeiten: | + | |
| - | <code bash> | + | |
| - | Fügen Sie folgende Zeile ein: | + | |
| - | <code bash>*/5 * * * * php -f / | + | |
| - | In den Admin-Einstellungen unter ‘Grundeinstellungen’ sollte in der Nextcloud nun automatisch der Eintrag ‘Cron (Empfohlen)’ | + | |
| - | + | ||
| - | ===== Die Nextcloud-Installation anpassen, wenn am Server auch andere Programme laufen sollen ===== | + | |
| - | Die Configuration von Nextcloud verschieben | + | |
| - | <code bash>mv / | + | |
| - | Oder wenn die nicht existiert, dann | + | |
| - | <code bash>mv / | + | |
| - | Symlink setzen | + | |
| - | <code bash>ln -s / | + | |
| - | Nginx testen und neu laden | + | |
| - | <code bash> | + | |
| - | systemctl reload nginx</ | + | |
| - | + | ||
| - | ===== Fehlende Include‑Zeile einfügen ===== | + | |
| - | Datei öffnen | + | |
| - | <code bash> | + | |
| - | Und füge innerhalb des http { ... }‑Blocks, direkt unter der Zeile: | + | |
| - | <code bash> | + | |
| - | diese Zeile ein: | + | |
| - | <code bash> | + | |
| - | Der Block muss danach so aussehen: | + | |
| - | <code bash> | + | |
| - | include | + | |
| - | default_type | + | |
| - | log_format | + | |
| - | ' | + | |
| - | '" | + | |
| - | access_log | + | |
| - | sendfile | + | |
| - | keepalive_timeout | + | |
| - | server_tokens off; | + | |
| - | include / | + | |
| - | include / | + | |
| - | }</ | + | |
| - | Speichern: **CTRL+O** | + | |
| - | Enter Beenden: **CTRL+X** | + | |
| - | Nginx testen | + | |
| - | <code bash> | + | |
| - | Muss „successful“ melden. | + | |
| - | Nginx neu laden | + | |
| - | <code bash> | + | |
| - | Port 443 testen | + | |
| - | <code bash> | + | |
server/nextcloud/installation/start.1780006801.txt.gz · Zuletzt geändert: von 91.115.82.214
