server:nextcloud:installation:start
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
| server:nextcloud:installation:start [2026/05/28 22:28] – 91.115.82.214 | server:nextcloud:installation:start [2026/05/28 22:34] (aktuell) – 91.115.82.214 | ||
|---|---|---|---|
| Zeile 8: | Zeile 8: | ||
| *[[server: | *[[server: | ||
| *[[server: | *[[server: | ||
| - | |||
| - | Die Schritte werden auf dem Ubuntu Server in der Konsole ausgeführt. Als erstes die Root-Rechte am System einfordern: | ||
| - | <code bash> | ||
| - | Anschließend muss dies noch mit dem Passwort des Users bestätigt werden (der User muss Teil der Gruppe sudoers sein).\\ | ||
| - | ===== Installation der Basiskomponenten ===== | ||
| - | <code bash>apt update && apt install gnupg gnupg2 bzip2 pigz lsb-release wget imagemagick libmagickcore-7.q16-10-extra curl rsyslog dialog apt-utils cron</ | ||
| - | |||
| - | ===== Webserver: nginx ===== | ||
| - | Schlüssel des Hersteller-Repositories hinzufügen: | ||
| - | <code bash> | ||
| - | Paketquelle nginx hinzufügen: | ||
| - | <code bash> | ||
| - | Installation nginx: | ||
| - | <code bash>apt update && apt install nginx</ | ||
| - | Dienst aktivieren und nginx neu starten: | ||
| - | <code bash> | ||
| - | service nginx restart</ | ||
| - | |||
| - | ===== Datenbank: MariaDB ===== | ||
| - | Manuell ausführen: | ||
| - | <code bash> | ||
| - | Inhalt einfügen: | ||
| - | <code bash>deb [arch=amd64 signed-by=/ | ||
| - | Und speichern | ||
| - | GPG‑Key importieren: | ||
| - | <code bash> | ||
| - | curl -fsSL https:// | ||
| - | | gpg --dearmor -o / | ||
| - | Repo‑Datei anpassen: | ||
| - | <code bash>sed -i 's|deb |deb [signed-by=/ | ||
| - | Installation MariaDB: | ||
| - | <code bash>apt update && apt install mariadb-server</ | ||
| - | |||
| - | ===== PHP installieren ===== | ||
| - | Installation aller benötigten PHP-Komponenten: | ||
| - | <code bash>apt update && apt install php-fpm php-gd php-curl php-xml php-zip php-intl php-mbstring php-bz2 php-json php-apcu php-imagick php-gmp php-bcmath php-redis php-mysql</ | ||
| - | |||
| - | ===== acme.sh für Let’s Encrypt Zertifikate ===== | ||
| - | Benutzer letsencrypt anlegen (alle Angaben und die Abfrage zum Passwort des Users sind einfach mit ENTER zu bestätigen): | ||
| - | <code bash> | ||
| - | Den Benutzer letsencrypt der Gruppe www-data hinzufügen: | ||
| - | <code bash> | ||
| - | Benutzer letsencrypt berechtigen, | ||
| - | <code bash> | ||
| - | Hier ist ganz am Ende der Datei folgende Zeile einfügen: | ||
| - | <code bash> | ||
| - | In den Kontext des Benutzers letsencrypt wechseln: | ||
| - | <code bash>su - letsencrypt</ | ||
| - | Webserver mit dem Benutzer letsencrypt neu laden: | ||
| - | <code bash> | ||
| - | acme.sh installieren (im Kontext des Benutzers letsencrypt): | ||
| - | <code bash> | ||
| - | Abmelden des Benutzers letsencrypt: | ||
| - | <code bash> | ||
| - | |||
| - | ===== Redis ===== | ||
| - | Installation Redis: | ||
| - | <code bash>apt install redis-server</ | ||
| - | |||
| - | |||
| - | ====== Software-Konfiguration ====== | ||
| - | |||
| - | |||
| - | Übersicht über Shortcuts des Editors “nano”: | ||
| - | |||
| - | ===== nginx ===== | ||
| - | Sicherung der Standard-Konfiguration: | ||
| - | <code bash>cp / | ||
| - | Allgemeine Einstellungen nginx: | ||
| - | <code bash> | ||
| - | Folgende Einstellungen sollten hier gesetzt bzw. kontrolliert werden: | ||
| - | • user www-data; | ||
| - | • worker_processes auto; | ||
| - | • server_tokens off; | ||
| - | Komplette // | ||
| - | <code bash> | ||
| - | worker_processes | ||
| - | error_log | ||
| - | pid / | ||
| - | |||
| - | events { | ||
| - | worker_connections | ||
| - | } | ||
| - | http { | ||
| - | include | ||
| - | default_type | ||
| - | log_format | ||
| - | ' | ||
| - | '" | ||
| - | access_log | ||
| - | sendfile | ||
| - | # | ||
| - | keepalive_timeout | ||
| - | server_tokens off; | ||
| - | #gzip on; | ||
| - | include / | ||
| - | }</ | ||
| - | Deaktivierung der “Dummy-Webseite”: | ||
| - | <code bash>mv / | ||
| - | “Selbsttest” der Konfiguration: | ||
| - | <code bash> | ||
| - | nginx neu starten: | ||
| - | <code bash> | ||
| - | |||
| - | ===== MariaDB ===== | ||
| - | mysql_secure_installation für MariaDB nachinstallieren, | ||
| - | <code bash>apt install mariadb-client-compat</ | ||
| - | Absicherung des Datenbanksystems: | ||
| - | <code bash> | ||
| - | Kopieren der Original-Einstellungen: | ||
| - | <code bash>cp / | ||
| - | Öffnen der allgemeinen Konfiguration von MariaDB: | ||
| - | <code bash> | ||
| - | Fügen Sie folgende Zeilen direkt nach der Definition der Sektion [mysqld] ein: | ||
| - | <code bash> | ||
| - | slave_connections_needed_for_purge=0 | ||
| - | Die komplette Datei 50-server.cnf: | ||
| - | # | ||
| - | # These groups are read by MariaDB server. | ||
| - | # Use it for options that only the server (but not clients) should see | ||
| - | # this is read by the standalone daemon and embedded servers | ||
| - | [server] | ||
| - | # this is only for the mysqld standalone daemon | ||
| - | [mysqld] | ||
| - | # Allow write access to tables with format ' | ||
| - | innodb_read_only_compressed=OFF | ||
| - | slave_connections_needed_for_purge=0 | ||
| - | # | ||
| - | # * Basic Settings | ||
| - | # | ||
| - | #user = mysql | ||
| - | pid-file | ||
| - | basedir | ||
| - | # | ||
| - | # | ||
| - | # Broken reverse DNS slows down connections considerably and name resolve is | ||
| - | # safe to skip if there are no "host by domain name" access grants | ||
| - | # | ||
| - | # Instead of skip-networking the default is now to listen only on | ||
| - | # localhost which is more compatible and is not less secure. | ||
| - | bind-address | ||
| - | # | ||
| - | # * Fine Tuning | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | # This replaces the startup script and checks MyISAM tables if needed | ||
| - | # the first time they are touched | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | # * Logging and Replication | ||
| - | # | ||
| - | # Both location gets rotated by the cronjob. | ||
| - | # Be aware that this log type is a performance killer. | ||
| - | # Recommend only changing this at runtime for short testing periods if needed! | ||
| - | # | ||
| - | # | ||
| - | # When running under systemd, error logging goes via stdout/ | ||
| - | # and when running legacy init error logging goes to syslog due to | ||
| - | # / | ||
| - | # Enable this if you want to have error logging into a separate file | ||
| - | #log_error = / | ||
| - | # Enable the slow query log to see queries with especially long duration | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | # | ||
| - | # The following can be used as easy to replay backup logs or for replication. | ||
| - | # note: if you are setting up a replication slave, see README.Debian about | ||
| - | # other settings you may need to change. | ||
| - | # | ||
| - | # | ||
| - | expire_logs_days | ||
| - | # | ||
| - | # | ||
| - | # * SSL/TLS | ||
| - | # | ||
| - | # For documentation, | ||
| - | # https:// | ||
| - | #ssl-ca = / | ||
| - | #ssl-cert = / | ||
| - | #ssl-key = / | ||
| - | # | ||
| - | # | ||
| - | # * Character sets | ||
| - | # | ||
| - | # MySQL/ | ||
| - | # utf8 4-byte character set. See also client.cnf | ||
| - | character-set-server | ||
| - | collation-server | ||
| - | # | ||
| - | # * InnoDB | ||
| - | # | ||
| - | # InnoDB is enabled by default with a 10MB datafile in / | ||
| - | # Read the manual for more InnoDB related options. There are many! | ||
| - | # Most important is to give InnoDB 80 % of the system RAM for buffer use: | ||
| - | # https:// | ||
| - | # | ||
| - | # this is only for embedded server | ||
| - | [embedded] | ||
| - | # This group is only read by MariaDB servers, not by MySQL. | ||
| - | # If you use the same .cnf file for MySQL and MariaDB, | ||
| - | # you can put MariaDB-only options here | ||
| - | [mariadb] | ||
| - | # This group is only read by MariaDB-10.6 servers. | ||
| - | # If you use the same .cnf file for MariaDB of different versions, | ||
| - | # use this group for options that older servers don't understand | ||
| - | [mariadb-11.8]</ | ||
| - | Neustarten des Datenbank-Dienstes: | ||
| - | <code bash> | ||
| - | |||
| - | ===== PHP ===== | ||
| - | Sichern der originalen Konfigurationsdateien: | ||
| - | <code bash>cp / | ||
| - | cp / | ||
| - | cp / | ||
| - | cp / | ||
| - | Anpassen der Konfiguration des PHP-Thread-Pools mittels sed: | ||
| - | <code bash>sed -i " | ||
| - | sed -i " | ||
| - | sed -i " | ||
| - | sed -i " | ||
| - | sed -i " | ||
| - | Anpassen der FPM-Konfiguration: | ||
| - | <code bash>sed -i " | ||
| - | sed -i " | ||
| - | sed -i " | ||
| - | sed -i " | ||
| - | sed -i " | ||
| - | sed -i " | ||
| - | sed -i " | ||
| - | sed -i " | ||
| - | sed -i " | ||
| - | Anpassen der CLI-Konfiguration: | ||
| - | <code bash>sed -i " | ||
| - | sed -i ' | ||
| - | Neustarten des PHP-Dienstes: | ||
| - | <code bash> | ||
| - | |||
| - | ===== acme.sh ===== | ||
| - | Wechseln in den Kontext des Users “letsencrypt”: | ||
| - | <code bash>su - letsencrypt</ | ||
| - | Let’s Encrypt als Default-Provider für TLS-Zertifikate definieren: | ||
| - | <code bash> | ||
| - | Wechsel auf den normalen User: | ||
| - | <code bash> | ||
| - | |||
| - | ===== Redis ===== | ||
| - | Sichern der originalen Konfiguration: | ||
| - | <code bash>cp / | ||
| - | Öffnen der Redis-Konfiguration: | ||
| - | <code bash> | ||
| - | Konfigurations-Einträge, | ||
| - | <code bash> | ||
| - | unixsocket / | ||
| - | unixsocketperm 770</ | ||
| - | Hinzufügen des Users “www-data” zur Gruppe “redis”: | ||
| - | <code bash> | ||
| - | Neustart des Redis-Dienstes: | ||
| - | <code bash> | ||
| - | |||
| - | ===== ufw ===== | ||
| - | Firewall-Regeln festlegen: | ||
| - | <code bash>ufw default deny | ||
| - | ufw allow 22 comment " | ||
| - | ufw allow 80 comment " | ||
| - | ufw allow 443 comment " | ||
| - | Firewall aktivieren: | ||
| - | <code bash>ufw enable</ | ||
| - | Regeln der Firewall anzeigen: | ||
| - | <code bash>ufw status numbered</ | ||
| - | |||
| - | ====== Generierung der TLS-Zertifikate für Nextcloud ====== | ||
| - | ===== Verzeichnisse für die Zertifikate anlegen ===== | ||
| - | Bei der Anlage bitte Ihre echte Domain angeben, da diese Teil der Verzeichnisstruktur ist. | ||
| - | <code bash> | ||
| - | mkdir -p / | ||
| - | chown -R www-data: | ||
| - | chmod -R 775 / | ||
| - | |||
| - | ===== Den ersten virtuellen Host für nginx erstellen ===== | ||
| - | Erstellen des Verzeichnisses für die Let’s Encrypt Challenge: | ||
| - | <code bash> | ||
| - | chown -R www-data: | ||
| - | chmod -R 775 / | ||
| - | Anlegen des virtuellen Hosts: | ||
| - | <code bash> | ||
| - | Inhalt des “HTTP-Gateways”: | ||
| - | <code bash> | ||
| - | listen 80 default_server; | ||
| - | listen [::]:80 default_server; | ||
| - | server_name nextcloud.hoeglinger.name; | ||
| - | |||
| - | root /var/www; | ||
| - | |||
| - | location ^~ / | ||
| - | default_type text/plain; | ||
| - | root / | ||
| - | } | ||
| - | |||
| - | location / { | ||
| - | return 301 https:// | ||
| - | } | ||
| - | }</ | ||
| - | nginx Selbsttest und Service neu starten: | ||
| - | <code bash> | ||
| - | service nginx restart</ | ||
| - | |||
| - | ===== Funktion des Webservers zur Zertifikats-Generierung überprüfen ===== | ||
| - | Anlegen einer Text-Datei mit beliebigem Inhalt: | ||
| - | <code bash> | ||
| - | Test-Datei im Browser abrufen: | ||
| - | Test-Datei nach erfolgreichem Test löschen: | ||
| - | <code bash>rm -f / | ||
| - | |||
| - | ===== TLS-Zertifikate für Nextcloud generieren ===== | ||
| - | In den Kontext des Users ’letsencrypt’´wechseln: | ||
| - | <code bash>su - letsencrypt</ | ||
| - | Ausstellen des RSA-Zertifikats: | ||
| - | <code bash> | ||
| - | Ausstellen des ECDSA-Zertifikats: | ||
| - | <code bash> | ||
| - | Abmelden des Benutzers ’letsencrypt' | ||
| - | <code bash> | ||
| - | |||
| - | ===== Diffie-Hellman-Parameter generieren ===== | ||
| - | Das kann schon mal einige Zeit dauern. Nur Geduld. | ||
| - | <code bash> | ||
| - | openssl dhparam -out / | ||
| - | |||
| - | |||
| - | ====== Den Webserver für Nextcloud vorbereiten ====== | ||
| - | ===== SSL konfigurieren ===== | ||
| - | Anlegen der allgemeinen SSL-Konfiguration: | ||
| - | <code bash> | ||
| - | nano / | ||
| - | Inhalt der Datei: | ||
| - | <code bash># | ||
| - | # SSL Configuration | ||
| - | # | ||
| - | ssl_protocols TLSv1.2 TLSv1.3; | ||
| - | # SSL ciphers: RSA + ECDSA | ||
| - | # Two certificate types (ECDSA, RSA) are needed. | ||
| - | ssl_ciphers ' | ||
| - | # Diffie-Hellman parameter for DHE ciphersuites, | ||
| - | ssl_dhparam / | ||
| - | # Use multiple curves. | ||
| - | ssl_ecdh_curve secp521r1: | ||
| - | # Server should determine the ciphers, not the client | ||
| - | ssl_prefer_server_ciphers on; | ||
| - | # SSL session handling | ||
| - | ssl_session_timeout 1d; | ||
| - | ssl_session_cache shared: | ||
| - | ssl_session_tickets off; | ||
| - | # See https:// | ||
| - | # | ||
| - | # | ||
| - | # DNS resolver | ||
| - | resolver 192.168.178.1;</ | ||
| - | |||
| - | ===== Header-Konfiguration vornehmen ===== | ||
| - | Anlegen einer allgemeinen Konfiguration für die vom Webserver auszuliefernden Header: | ||
| - | <code bash> | ||
| - | Inhalt der Datei: | ||
| - | <code bash># | ||
| - | # Header configuration | ||
| - | # | ||
| - | add_header Strict-Transport-Security " | ||
| - | add_header X-Content-Type-Options " | ||
| - | add_header X-XSS-Protection "1; mode=block" | ||
| - | add_header X-Robots-Tag " | ||
| - | add_header X-Download-Options noopen always; | ||
| - | add_header X-Permitted-Cross-Domain-Policies none always; | ||
| - | add_header Referrer-Policy no-referrer always; | ||
| - | add_header X-Frame-Options " | ||
| - | fastcgi_hide_header X-Powered-By;</ | ||
| - | |||
| - | ===== Einen virtuellen Host für Nextcloud anlegen ===== | ||
| - | Virtuellen Host anlegen: | ||
| - | <code bash> | ||
| - | Inhalt des virtuellen Hosts: | ||
| - | <code bash> | ||
| - | server unix:/ | ||
| - | } | ||
| - | # Set the `immutable` cache control options only for assets with a cache busting `v` argument | ||
| - | map $arg_v $asset_immutable { | ||
| - | "" | ||
| - | default " | ||
| - | } | ||
| - | server { | ||
| - | listen 443 ssl; | ||
| - | listen [::]:443 ssl; | ||
| - | http2 on; | ||
| - | server_name nextcloud.hoeglinger.name 192.168.178.55; | ||
| - | # Path to the root of your installation | ||
| - | root / | ||
| - | | ||
| - | # SSL configuration | ||
| - | # RSA certificates | ||
| - | ssl_certificate / | ||
| - | ssl_certificate_key / | ||
| - | # ECC certificates | ||
| - | ssl_certificate / | ||
| - | ssl_certificate_key / | ||
| - | | ||
| - | # This should be ca.pem (certificate with the additional intermediate certificate) | ||
| - | # See here: https:// | ||
| - | # ECC | ||
| - | ssl_trusted_certificate / | ||
| - | | ||
| - | # Include SSL configuration | ||
| - | include / | ||
| - | | ||
| - | # Include headers | ||
| - | include / | ||
| - | |||
| - | # The settings allows you to optimize the HTTP2 bandwidth. | ||
| - | # See https:// | ||
| - | # for tuning hints | ||
| - | client_body_buffer_size 512k; | ||
| - | | ||
| - | include mime.types; | ||
| - | types { | ||
| - | text/ | ||
| - | } | ||
| - | # set max upload size and increase upload timeout: | ||
| - | client_max_body_size 10G; | ||
| - | client_body_timeout 300s; | ||
| - | fastcgi_buffers 64 4K; | ||
| - | # Enable gzip but do not remove ETag headers | ||
| - | gzip on; | ||
| - | gzip_vary on; | ||
| - | gzip_comp_level 4; | ||
| - | gzip_min_length 256; | ||
| - | gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; | ||
| - | gzip_types application/ | ||
| - | # Pagespeed is not supported by Nextcloud, so if your server is built | ||
| - | # with the `ngx_pagespeed` module, uncomment this line to disable it. | ||
| - | #pagespeed off; | ||
| - | # Specify how to handle directories -- specifying `/ | ||
| - | # here as the fallback means that Nginx always exhibits the desired behaviour | ||
| - | # when a client requests a path that corresponds to a directory that exists | ||
| - | # on the server. In particular, if that directory contains an index.php file, | ||
| - | # that file is correctly served; if it doesn' | ||
| - | # the front-end controller. This consistent behaviour means that we don't need | ||
| - | # to specify custom rules for certain paths (e.g. images and other assets, | ||
| - | # `/updater`, `/ | ||
| - | # `try_files $uri $uri/ / | ||
| - | # always provides the desired behaviour. | ||
| - | index index.php index.html / | ||
| - | # Rule borrowed from `.htaccess` to handle Microsoft DAV clients | ||
| - | location = / { | ||
| - | if ( $http_user_agent ~ ^DavClnt ) { | ||
| - | return 302 / | ||
| - | } | ||
| - | } | ||
| - | location = /robots.txt { | ||
| - | allow all; | ||
| - | log_not_found off; | ||
| - | access_log off; | ||
| - | } | ||
| - | # Make a regex exception for `/ | ||
| - | # access it despite the existence of the regex rule | ||
| - | # `location ~ / | ||
| - | # for `/ | ||
| - | location ^~ / | ||
| - | # The rules in this block are an adaptation of the rules | ||
| - | # in `.htaccess` that concern `/ | ||
| - | location = / | ||
| - | location = / | ||
| - | location / | ||
| - | location / | ||
| - | # Let Nextcloud' | ||
| - | # requests by passing them to the front-end controller. | ||
| - | return 301 / | ||
| - | } | ||
| - | # Rules borrowed from `.htaccess` to hide certain paths from clients | ||
| - | location ~ ^/ | ||
| - | location ~ ^/ | ||
| - | # Ensure this block, which passes PHP files to the PHP process, is above the blocks | ||
| - | # which handle static assets (as seen below). If this block is not declared first, | ||
| - | # then Nginx will encounter an infinite rewriting loop when it prepends `/ | ||
| - | # to the URI, resulting in a HTTP 500 error response. | ||
| - | location ~ \.php(?: | ||
| - | # Required for legacy support | ||
| - | rewrite ^/ | ||
| - | fastcgi_split_path_info ^(.+? | ||
| - | set $path_info $fastcgi_path_info; | ||
| - | try_files $fastcgi_script_name =404; | ||
| - | include fastcgi_params; | ||
| - | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| - | fastcgi_param PATH_INFO $path_info; | ||
| - | fastcgi_param HTTPS on; | ||
| - | fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice | ||
| - | fastcgi_param front_controller_active true; # Enable pretty urls | ||
| - | fastcgi_pass php-handler; | ||
| - | fastcgi_intercept_errors on; | ||
| - | fastcgi_request_buffering off; | ||
| - | fastcgi_max_temp_file_size 0; | ||
| - | | ||
| - | fastcgi_read_timeout 600; | ||
| - | fastcgi_send_timeout 600; | ||
| - | fastcgi_connect_timeout 600; | ||
| - | fastcgi_param PHP_VALUE " | ||
| - | post_max_size = 10G | ||
| - | max_execution_time = 3600 | ||
| - | output_buffering = off"; | ||
| - | } | ||
| - | location ~ \.(?: | ||
| - | try_files $uri / | ||
| - | add_header Cache-Control " | ||
| - | access_log off; # Optional: Don't log access to assets | ||
| - | location ~ \.wasm$ { | ||
| - | default_type application/ | ||
| - | } | ||
| - | } | ||
| - | location ~ \.woff2?$ { | ||
| - | try_files $uri / | ||
| - | expires 7d; # Cache-Control policy borrowed from `.htaccess` | ||
| - | access_log off; # Optional: Don't log access to assets | ||
| - | } | ||
| - | # Rule borrowed from `.htaccess` | ||
| - | location /remote { | ||
| - | return 301 / | ||
| - | } | ||
| - | location / { | ||
| - | try_files $uri $uri/ / | ||
| - | } | ||
| - | }</ | ||
| - | Test der nginx-Konfiguration: | ||
| - | <code bash> | ||
| - | Neustart des Webservers: | ||
| - | <code bash> | ||
| - | |||
| - | |||
| - | ====== Installation Nextcloud ====== | ||
| - | ===== Nextcloud herunterladen ===== | ||
| - | Download der aktuellsten Nextcloud-Version, | ||
| - | <code bash>cd | ||
| - | wget https:// | ||
| - | tar -xjf latest.tar.bz2 -C /var/www | ||
| - | rm latest.tar.bz2</ | ||
| - | Verzeichnisrechte setzen: | ||
| - | <code bash> | ||
| - | |||
| - | ===== Anlegen des Datenverzeichnisses ===== | ||
| - | Datenverzeichnis außerhalb des Web-Roots anlegen und entsprechende Verzeichnis-Rechte setzen. | ||
| - | <code bash> | ||
| - | chown -R www-data: | ||
| - | mkdir -p / | ||
| - | chown -R www-data: | ||
| - | |||
| - | ===== Eine Datenbank für Nextcloud erstellen ===== | ||
| - | Anmeldung an die Datenbank: | ||
| - | <code bash> | ||
| - | Nach erfolgreicher Anmeldung stehen Sie dann im Prompt von MariaDB: | ||
| - | <code bash> | ||
| - | Anlegen eines Datenbank-Benutzers für die Nextcloud: | ||
| - | <code bash> | ||
| - | Anlegen einer Datenbank für Nextcloud: | ||
| - | <code bash> | ||
| - | Berechtigungen des Nextcloud-Datenbank-Benutzers für die Datenbank setzen: | ||
| - | <code bash> | ||
| - | Berechtigungen der Datenbank neu laden: | ||
| - | <code bash> | ||
| - | MariaDB-Kommandozeile beenden: | ||
| - | <code bash> | ||
| - | |||
| - | Das Setup von Nextcloud ausführen # | ||
| - | Aufruf der Nextcloud-URL im Browser (nextcloudfuerdummies.decatec.de ist durch eigenen Domain zu ersetzen): | ||
| - | https:// | ||
| - | Daten für das Setup für Nextcloud: | ||
| - | • **Anmelden**: | ||
| - | • **Passwort**: | ||
| - | • **Datenverzeichnis**: | ||
| - | • **Datenbank einrichten**: | ||
| - | • **Datenbankkonto**: | ||
| - | • **Datenbank-Passwort**: | ||
| - | • **Datenbank-Name**: | ||
| - | • **Datenbank-Host**: | ||
| - | Weiter mit einem Klick auf “Installieren” | ||
| - | Die Installation der “Empfohlenen Apps sollte” mit “Überspringen” abgelehnt werden. | ||
| - | |||
| - | ===== Die Nextcloud-Installation optimieren ===== | ||
| - | Sichern der config.php von Nextcloud. Den Benutzernamen ‘jan’ müssen Sie natürlich durch Ihren eigenen Benutzernamen unter Linux ersetzen. | ||
| - | Diese Datei enthält sensible Informationen, | ||
| - | <code bash>cp / | ||
| - | |||
| - | ===== Festlegen einer Startzeit für das Wartungsfenster ===== | ||
| - | Öffnen der Konfigurationsdatei von Nextcloud: | ||
| - | <code bash> | ||
| - | Angabe der Startzeit des Wartungszeitfensters am Ende der Datei, aber noch vor der schließenden Klammer: | ||
| - | <code bash>' | ||
| - | Hinweis: Angabe erfolgt hier in UTC. Ein Wert von ‘1’ bedeutet hier also 01:00 UTC und dementsprechend 02:00 MEZ/03:00 MESZ. | ||
| - | |||
| - | ===== Redis für transaktionale Dateisperren nutzen ===== | ||
| - | config.php öffnen: | ||
| - | <code bash> | ||
| - | Folgende Zeilen am Ende der Datei (aber vor der letzten schließenden Klammer) einfügen: | ||
| - | <code bash>' | ||
| - | ' | ||
| - | ' | ||
| - | ' | ||
| - | ' | ||
| - | ' | ||
| - | ),</ | ||
| - | Die Änderungen werden mit dem Speichern der // | ||
| - | |||
| - | ===== Konfiguration eines Speichercaches ===== | ||
| - | config.php öffnen: | ||
| - | <code bash> | ||
| - | Am Ende (aber wieder vor der letzten schließenden Klammer) folgende Zeile einfügen: | ||
| - | <code bash>' | ||
| - | ' | ||
| - | |||
| - | ===== Standard-Telefonregion festlegen ===== | ||
| - | Öffnen der Konfigurationsdatei von Nextcloud: | ||
| - | <code bash> | ||
| - | Angabe der Standard-Telefonregion am Ende der Datei, aber noch vor der schließenden Klammer: | ||
| - | <code bash>' | ||
| - | |||
| - | ===== Einstellungen zum E-Mail-Server ===== | ||
| - | Tragen Sie zunächst in den persönlichen Einstellungen Ihre private Mail-Adresse unter “E-Mail-Adresse” ein. | ||
| - | Anschließend legen Sie ein neues E-Mail-Postfach an, welches nur für den Versand von Mail über die Nextcloud dient. Dazu können Sie auch einen beliebigen Freemail-Service nutzen. | ||
| - | In den Admin-Einstellungen unter “Grundeinstellungen” muss anschließend der SMTP-Zugang konfiguriert werden. Hier eine Auswahl an SMTP-Einstellungen einiger Freemail-Anbieter: | ||
| - | • Google Mail: https:// | ||
| - | • GMX: https:// | ||
| - | • web.de: | ||
| - | |||
| - | ===== Einen Cronjob für Nextcloud einrichten ===== | ||
| - | Crontab des Users www-data bearbeiten: | ||
| - | <code bash> | ||
| - | Fügen Sie folgende Zeile ein: | ||
| - | <code bash>*/5 * * * * php -f / | ||
| - | In den Admin-Einstellungen unter ‘Grundeinstellungen’ sollte in der Nextcloud nun automatisch der Eintrag ‘Cron (Empfohlen)’ | ||
| - | |||
| - | ===== Die Nextcloud-Installation anpassen, wenn am Server auch andere Programme laufen sollen ===== | ||
| - | Die Configuration von Nextcloud verschieben | ||
| - | <code bash>mv / | ||
| - | Oder wenn die nicht existiert, dann | ||
| - | <code bash>mv / | ||
| - | Symlink setzen | ||
| - | <code bash>ln -s / | ||
| - | Nginx testen und neu laden | ||
| - | <code bash> | ||
| - | systemctl reload nginx</ | ||
| - | |||
| - | ===== Fehlende Include‑Zeile einfügen ===== | ||
| - | Datei öffnen | ||
| - | <code bash> | ||
| - | Und füge innerhalb des http { ... }‑Blocks, direkt unter der Zeile: | ||
| - | <code bash> | ||
| - | diese Zeile ein: | ||
| - | <code bash> | ||
| - | Der Block muss danach so aussehen: | ||
| - | <code bash> | ||
| - | include | ||
| - | default_type | ||
| - | log_format | ||
| - | ' | ||
| - | '" | ||
| - | access_log | ||
| - | sendfile | ||
| - | keepalive_timeout | ||
| - | server_tokens off; | ||
| - | include / | ||
| - | include / | ||
| - | }</ | ||
| - | Speichern: **CTRL+O** | ||
| - | Enter Beenden: **CTRL+X** | ||
| - | Nginx testen | ||
| - | <code bash> | ||
| - | Muss „successful“ melden. | ||
| - | Nginx neu laden | ||
| - | <code bash> | ||
| - | Port 443 testen | ||
| - | <code bash> | ||
| - | |||
server/nextcloud/installation/start.1780007281.txt.gz · Zuletzt geändert: von 91.115.82.214
