server:nextcloud:installation:start
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
| server:nextcloud:installation:start [2026/05/28 22:30] – 91.115.82.214 | server:nextcloud:installation:start [2026/05/28 22:34] (aktuell) – 91.115.82.214 | ||
|---|---|---|---|
| Zeile 8: | Zeile 8: | ||
| *[[server: | *[[server: | ||
| *[[server: | *[[server: | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||
| - | ====== Generierung der TLS-Zertifikate für Nextcloud ====== | ||
| - | ===== Verzeichnisse für die Zertifikate anlegen ===== | ||
| - | Bei der Anlage bitte Ihre echte Domain angeben, da diese Teil der Verzeichnisstruktur ist. | ||
| - | <code bash> | ||
| - | mkdir -p / | ||
| - | chown -R www-data: | ||
| - | chmod -R 775 / | ||
| - | |||
| - | ===== Den ersten virtuellen Host für nginx erstellen ===== | ||
| - | Erstellen des Verzeichnisses für die Let’s Encrypt Challenge: | ||
| - | <code bash> | ||
| - | chown -R www-data: | ||
| - | chmod -R 775 / | ||
| - | Anlegen des virtuellen Hosts: | ||
| - | <code bash> | ||
| - | Inhalt des “HTTP-Gateways”: | ||
| - | <code bash> | ||
| - | listen 80 default_server; | ||
| - | listen [::]:80 default_server; | ||
| - | server_name nextcloud.hoeglinger.name; | ||
| - | |||
| - | root /var/www; | ||
| - | |||
| - | location ^~ / | ||
| - | default_type text/plain; | ||
| - | root / | ||
| - | } | ||
| - | |||
| - | location / { | ||
| - | return 301 https:// | ||
| - | } | ||
| - | }</ | ||
| - | nginx Selbsttest und Service neu starten: | ||
| - | <code bash> | ||
| - | service nginx restart</ | ||
| - | |||
| - | ===== Funktion des Webservers zur Zertifikats-Generierung überprüfen ===== | ||
| - | Anlegen einer Text-Datei mit beliebigem Inhalt: | ||
| - | <code bash> | ||
| - | Test-Datei im Browser abrufen: | ||
| - | Test-Datei nach erfolgreichem Test löschen: | ||
| - | <code bash>rm -f / | ||
| - | |||
| - | ===== TLS-Zertifikate für Nextcloud generieren ===== | ||
| - | In den Kontext des Users ’letsencrypt’´wechseln: | ||
| - | <code bash>su - letsencrypt</ | ||
| - | Ausstellen des RSA-Zertifikats: | ||
| - | <code bash> | ||
| - | Ausstellen des ECDSA-Zertifikats: | ||
| - | <code bash> | ||
| - | Abmelden des Benutzers ’letsencrypt' | ||
| - | <code bash> | ||
| - | |||
| - | ===== Diffie-Hellman-Parameter generieren ===== | ||
| - | Das kann schon mal einige Zeit dauern. Nur Geduld. | ||
| - | <code bash> | ||
| - | openssl dhparam -out / | ||
| - | |||
| - | |||
| - | ====== Den Webserver für Nextcloud vorbereiten ====== | ||
| - | ===== SSL konfigurieren ===== | ||
| - | Anlegen der allgemeinen SSL-Konfiguration: | ||
| - | <code bash> | ||
| - | nano / | ||
| - | Inhalt der Datei: | ||
| - | <code bash># | ||
| - | # SSL Configuration | ||
| - | # | ||
| - | ssl_protocols TLSv1.2 TLSv1.3; | ||
| - | # SSL ciphers: RSA + ECDSA | ||
| - | # Two certificate types (ECDSA, RSA) are needed. | ||
| - | ssl_ciphers ' | ||
| - | # Diffie-Hellman parameter for DHE ciphersuites, | ||
| - | ssl_dhparam / | ||
| - | # Use multiple curves. | ||
| - | ssl_ecdh_curve secp521r1: | ||
| - | # Server should determine the ciphers, not the client | ||
| - | ssl_prefer_server_ciphers on; | ||
| - | # SSL session handling | ||
| - | ssl_session_timeout 1d; | ||
| - | ssl_session_cache shared: | ||
| - | ssl_session_tickets off; | ||
| - | # See https:// | ||
| - | # | ||
| - | # | ||
| - | # DNS resolver | ||
| - | resolver 192.168.178.1;</ | ||
| - | |||
| - | ===== Header-Konfiguration vornehmen ===== | ||
| - | Anlegen einer allgemeinen Konfiguration für die vom Webserver auszuliefernden Header: | ||
| - | <code bash> | ||
| - | Inhalt der Datei: | ||
| - | <code bash># | ||
| - | # Header configuration | ||
| - | # | ||
| - | add_header Strict-Transport-Security " | ||
| - | add_header X-Content-Type-Options " | ||
| - | add_header X-XSS-Protection "1; mode=block" | ||
| - | add_header X-Robots-Tag " | ||
| - | add_header X-Download-Options noopen always; | ||
| - | add_header X-Permitted-Cross-Domain-Policies none always; | ||
| - | add_header Referrer-Policy no-referrer always; | ||
| - | add_header X-Frame-Options " | ||
| - | fastcgi_hide_header X-Powered-By;</ | ||
| - | |||
| - | ===== Einen virtuellen Host für Nextcloud anlegen ===== | ||
| - | Virtuellen Host anlegen: | ||
| - | <code bash> | ||
| - | Inhalt des virtuellen Hosts: | ||
| - | <code bash> | ||
| - | server unix:/ | ||
| - | } | ||
| - | # Set the `immutable` cache control options only for assets with a cache busting `v` argument | ||
| - | map $arg_v $asset_immutable { | ||
| - | "" | ||
| - | default " | ||
| - | } | ||
| - | server { | ||
| - | listen 443 ssl; | ||
| - | listen [::]:443 ssl; | ||
| - | http2 on; | ||
| - | server_name nextcloud.hoeglinger.name 192.168.178.55; | ||
| - | # Path to the root of your installation | ||
| - | root / | ||
| - | | ||
| - | # SSL configuration | ||
| - | # RSA certificates | ||
| - | ssl_certificate / | ||
| - | ssl_certificate_key / | ||
| - | # ECC certificates | ||
| - | ssl_certificate / | ||
| - | ssl_certificate_key / | ||
| - | | ||
| - | # This should be ca.pem (certificate with the additional intermediate certificate) | ||
| - | # See here: https:// | ||
| - | # ECC | ||
| - | ssl_trusted_certificate / | ||
| - | | ||
| - | # Include SSL configuration | ||
| - | include / | ||
| - | | ||
| - | # Include headers | ||
| - | include / | ||
| - | |||
| - | # The settings allows you to optimize the HTTP2 bandwidth. | ||
| - | # See https:// | ||
| - | # for tuning hints | ||
| - | client_body_buffer_size 512k; | ||
| - | | ||
| - | include mime.types; | ||
| - | types { | ||
| - | text/ | ||
| - | } | ||
| - | # set max upload size and increase upload timeout: | ||
| - | client_max_body_size 10G; | ||
| - | client_body_timeout 300s; | ||
| - | fastcgi_buffers 64 4K; | ||
| - | # Enable gzip but do not remove ETag headers | ||
| - | gzip on; | ||
| - | gzip_vary on; | ||
| - | gzip_comp_level 4; | ||
| - | gzip_min_length 256; | ||
| - | gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; | ||
| - | gzip_types application/ | ||
| - | # Pagespeed is not supported by Nextcloud, so if your server is built | ||
| - | # with the `ngx_pagespeed` module, uncomment this line to disable it. | ||
| - | #pagespeed off; | ||
| - | # Specify how to handle directories -- specifying `/ | ||
| - | # here as the fallback means that Nginx always exhibits the desired behaviour | ||
| - | # when a client requests a path that corresponds to a directory that exists | ||
| - | # on the server. In particular, if that directory contains an index.php file, | ||
| - | # that file is correctly served; if it doesn' | ||
| - | # the front-end controller. This consistent behaviour means that we don't need | ||
| - | # to specify custom rules for certain paths (e.g. images and other assets, | ||
| - | # `/updater`, `/ | ||
| - | # `try_files $uri $uri/ / | ||
| - | # always provides the desired behaviour. | ||
| - | index index.php index.html / | ||
| - | # Rule borrowed from `.htaccess` to handle Microsoft DAV clients | ||
| - | location = / { | ||
| - | if ( $http_user_agent ~ ^DavClnt ) { | ||
| - | return 302 / | ||
| - | } | ||
| - | } | ||
| - | location = /robots.txt { | ||
| - | allow all; | ||
| - | log_not_found off; | ||
| - | access_log off; | ||
| - | } | ||
| - | # Make a regex exception for `/ | ||
| - | # access it despite the existence of the regex rule | ||
| - | # `location ~ / | ||
| - | # for `/ | ||
| - | location ^~ / | ||
| - | # The rules in this block are an adaptation of the rules | ||
| - | # in `.htaccess` that concern `/ | ||
| - | location = / | ||
| - | location = / | ||
| - | location / | ||
| - | location / | ||
| - | # Let Nextcloud' | ||
| - | # requests by passing them to the front-end controller. | ||
| - | return 301 / | ||
| - | } | ||
| - | # Rules borrowed from `.htaccess` to hide certain paths from clients | ||
| - | location ~ ^/ | ||
| - | location ~ ^/ | ||
| - | # Ensure this block, which passes PHP files to the PHP process, is above the blocks | ||
| - | # which handle static assets (as seen below). If this block is not declared first, | ||
| - | # then Nginx will encounter an infinite rewriting loop when it prepends `/ | ||
| - | # to the URI, resulting in a HTTP 500 error response. | ||
| - | location ~ \.php(?: | ||
| - | # Required for legacy support | ||
| - | rewrite ^/ | ||
| - | fastcgi_split_path_info ^(.+? | ||
| - | set $path_info $fastcgi_path_info; | ||
| - | try_files $fastcgi_script_name =404; | ||
| - | include fastcgi_params; | ||
| - | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| - | fastcgi_param PATH_INFO $path_info; | ||
| - | fastcgi_param HTTPS on; | ||
| - | fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice | ||
| - | fastcgi_param front_controller_active true; # Enable pretty urls | ||
| - | fastcgi_pass php-handler; | ||
| - | fastcgi_intercept_errors on; | ||
| - | fastcgi_request_buffering off; | ||
| - | fastcgi_max_temp_file_size 0; | ||
| - | | ||
| - | fastcgi_read_timeout 600; | ||
| - | fastcgi_send_timeout 600; | ||
| - | fastcgi_connect_timeout 600; | ||
| - | fastcgi_param PHP_VALUE " | ||
| - | post_max_size = 10G | ||
| - | max_execution_time = 3600 | ||
| - | output_buffering = off"; | ||
| - | } | ||
| - | location ~ \.(?: | ||
| - | try_files $uri / | ||
| - | add_header Cache-Control " | ||
| - | access_log off; # Optional: Don't log access to assets | ||
| - | location ~ \.wasm$ { | ||
| - | default_type application/ | ||
| - | } | ||
| - | } | ||
| - | location ~ \.woff2?$ { | ||
| - | try_files $uri / | ||
| - | expires 7d; # Cache-Control policy borrowed from `.htaccess` | ||
| - | access_log off; # Optional: Don't log access to assets | ||
| - | } | ||
| - | # Rule borrowed from `.htaccess` | ||
| - | location /remote { | ||
| - | return 301 / | ||
| - | } | ||
| - | location / { | ||
| - | try_files $uri $uri/ / | ||
| - | } | ||
| - | }</ | ||
| - | Test der nginx-Konfiguration: | ||
| - | <code bash> | ||
| - | Neustart des Webservers: | ||
| - | <code bash> | ||
| - | |||
| - | |||
| - | ====== Installation Nextcloud ====== | ||
| - | ===== Nextcloud herunterladen ===== | ||
| - | Download der aktuellsten Nextcloud-Version, | ||
| - | <code bash>cd | ||
| - | wget https:// | ||
| - | tar -xjf latest.tar.bz2 -C /var/www | ||
| - | rm latest.tar.bz2</ | ||
| - | Verzeichnisrechte setzen: | ||
| - | <code bash> | ||
| - | |||
| - | ===== Anlegen des Datenverzeichnisses ===== | ||
| - | Datenverzeichnis außerhalb des Web-Roots anlegen und entsprechende Verzeichnis-Rechte setzen. | ||
| - | <code bash> | ||
| - | chown -R www-data: | ||
| - | mkdir -p / | ||
| - | chown -R www-data: | ||
| - | |||
| - | ===== Eine Datenbank für Nextcloud erstellen ===== | ||
| - | Anmeldung an die Datenbank: | ||
| - | <code bash> | ||
| - | Nach erfolgreicher Anmeldung stehen Sie dann im Prompt von MariaDB: | ||
| - | <code bash> | ||
| - | Anlegen eines Datenbank-Benutzers für die Nextcloud: | ||
| - | <code bash> | ||
| - | Anlegen einer Datenbank für Nextcloud: | ||
| - | <code bash> | ||
| - | Berechtigungen des Nextcloud-Datenbank-Benutzers für die Datenbank setzen: | ||
| - | <code bash> | ||
| - | Berechtigungen der Datenbank neu laden: | ||
| - | <code bash> | ||
| - | MariaDB-Kommandozeile beenden: | ||
| - | <code bash> | ||
| - | |||
| - | Das Setup von Nextcloud ausführen # | ||
| - | Aufruf der Nextcloud-URL im Browser (nextcloudfuerdummies.decatec.de ist durch eigenen Domain zu ersetzen): | ||
| - | https:// | ||
| - | Daten für das Setup für Nextcloud: | ||
| - | • **Anmelden**: | ||
| - | • **Passwort**: | ||
| - | • **Datenverzeichnis**: | ||
| - | • **Datenbank einrichten**: | ||
| - | • **Datenbankkonto**: | ||
| - | • **Datenbank-Passwort**: | ||
| - | • **Datenbank-Name**: | ||
| - | • **Datenbank-Host**: | ||
| - | Weiter mit einem Klick auf “Installieren” | ||
| - | Die Installation der “Empfohlenen Apps sollte” mit “Überspringen” abgelehnt werden. | ||
| - | |||
| - | ===== Die Nextcloud-Installation optimieren ===== | ||
| - | Sichern der config.php von Nextcloud. Den Benutzernamen ‘jan’ müssen Sie natürlich durch Ihren eigenen Benutzernamen unter Linux ersetzen. | ||
| - | Diese Datei enthält sensible Informationen, | ||
| - | <code bash>cp / | ||
| - | |||
| - | ===== Festlegen einer Startzeit für das Wartungsfenster ===== | ||
| - | Öffnen der Konfigurationsdatei von Nextcloud: | ||
| - | <code bash> | ||
| - | Angabe der Startzeit des Wartungszeitfensters am Ende der Datei, aber noch vor der schließenden Klammer: | ||
| - | <code bash>' | ||
| - | Hinweis: Angabe erfolgt hier in UTC. Ein Wert von ‘1’ bedeutet hier also 01:00 UTC und dementsprechend 02:00 MEZ/03:00 MESZ. | ||
| - | |||
| - | ===== Redis für transaktionale Dateisperren nutzen ===== | ||
| - | config.php öffnen: | ||
| - | <code bash> | ||
| - | Folgende Zeilen am Ende der Datei (aber vor der letzten schließenden Klammer) einfügen: | ||
| - | <code bash>' | ||
| - | ' | ||
| - | ' | ||
| - | ' | ||
| - | ' | ||
| - | ' | ||
| - | ),</ | ||
| - | Die Änderungen werden mit dem Speichern der // | ||
| - | |||
| - | ===== Konfiguration eines Speichercaches ===== | ||
| - | config.php öffnen: | ||
| - | <code bash> | ||
| - | Am Ende (aber wieder vor der letzten schließenden Klammer) folgende Zeile einfügen: | ||
| - | <code bash>' | ||
| - | ' | ||
| - | |||
| - | ===== Standard-Telefonregion festlegen ===== | ||
| - | Öffnen der Konfigurationsdatei von Nextcloud: | ||
| - | <code bash> | ||
| - | Angabe der Standard-Telefonregion am Ende der Datei, aber noch vor der schließenden Klammer: | ||
| - | <code bash>' | ||
| - | |||
| - | ===== Einstellungen zum E-Mail-Server ===== | ||
| - | Tragen Sie zunächst in den persönlichen Einstellungen Ihre private Mail-Adresse unter “E-Mail-Adresse” ein. | ||
| - | Anschließend legen Sie ein neues E-Mail-Postfach an, welches nur für den Versand von Mail über die Nextcloud dient. Dazu können Sie auch einen beliebigen Freemail-Service nutzen. | ||
| - | In den Admin-Einstellungen unter “Grundeinstellungen” muss anschließend der SMTP-Zugang konfiguriert werden. Hier eine Auswahl an SMTP-Einstellungen einiger Freemail-Anbieter: | ||
| - | • Google Mail: https:// | ||
| - | • GMX: https:// | ||
| - | • web.de: | ||
| - | |||
| - | ===== Einen Cronjob für Nextcloud einrichten ===== | ||
| - | Crontab des Users www-data bearbeiten: | ||
| - | <code bash> | ||
| - | Fügen Sie folgende Zeile ein: | ||
| - | <code bash>*/5 * * * * php -f / | ||
| - | In den Admin-Einstellungen unter ‘Grundeinstellungen’ sollte in der Nextcloud nun automatisch der Eintrag ‘Cron (Empfohlen)’ | ||
| - | |||
| - | ===== Die Nextcloud-Installation anpassen, wenn am Server auch andere Programme laufen sollen ===== | ||
| - | Die Configuration von Nextcloud verschieben | ||
| - | <code bash>mv / | ||
| - | Oder wenn die nicht existiert, dann | ||
| - | <code bash>mv / | ||
| - | Symlink setzen | ||
| - | <code bash>ln -s / | ||
| - | Nginx testen und neu laden | ||
| - | <code bash> | ||
| - | systemctl reload nginx</ | ||
| - | |||
| - | ===== Fehlende Include‑Zeile einfügen ===== | ||
| - | Datei öffnen | ||
| - | <code bash> | ||
| - | Und füge innerhalb des http { ... }‑Blocks, direkt unter der Zeile: | ||
| - | <code bash> | ||
| - | diese Zeile ein: | ||
| - | <code bash> | ||
| - | Der Block muss danach so aussehen: | ||
| - | <code bash> | ||
| - | include | ||
| - | default_type | ||
| - | log_format | ||
| - | ' | ||
| - | '" | ||
| - | access_log | ||
| - | sendfile | ||
| - | keepalive_timeout | ||
| - | server_tokens off; | ||
| - | include / | ||
| - | include / | ||
| - | }</ | ||
| - | Speichern: **CTRL+O** | ||
| - | Enter Beenden: **CTRL+X** | ||
| - | Nginx testen | ||
| - | <code bash> | ||
| - | Muss „successful“ melden. | ||
| - | Nginx neu laden | ||
| - | <code bash> | ||
| - | Port 443 testen | ||
| - | <code bash> | ||
| - | |||
server/nextcloud/installation/start.1780007454.txt.gz · Zuletzt geändert: von 91.115.82.214
