搭建私有云——OwnCloud
Owncloud 是一个开源免费专业的私有云存储项目,它能帮你快速在个人电脑或服务器上架设一套专属的私有云文件同步网盘,可以像 Dropbox 那样实现文件跨平台同步、共享、版本控制、团队协作等等。Owncloud 能让你将所有的文件掌握在自己的手中,只要你的设备性能和空间充足,那么用其来几乎没有任何限制。 ——摘自网络
搭建过程
我搭建的环境是 LEMP,关于搭建的过程没什么好说的,上传包解压打开浏览器安装即可。注意chmod
赋予网站根目录读写权限,因为安装过程会创建一个 Data 文件夹用来存放以后上传的东西。
问题解决
用户页面无法设置语言
下拉框中只有英语一项,解决的方法是检查自己的php.ini
是否禁用了 scandir
函数,在文本中输入/disable_functions =
后回车,把scandir
字段删掉,再进入用户页面就可以设置简体中文了。(备注:这个函数比较危险,一般能不启用就不启用)
设置安全相关的请求头后依然报错
这个问题也许只是我的个例,不过我一番搜索后在Github上也发现了一部分人同样有这个情况→传送门,解决的方法也比较蛋疼,我是严格按照官方的示例Nginx配置来配置的,比较奇葩的是文档中header头配置了两次,然后一堆报错,我真的不太懂为什么要两次(喷,哪位大神可以告诉我吗?。。
那么我是怎么解决的呢?
在前面的header头中只保留hsts相关,在后面的保留非hsts相关,重载。问题解决了,你可以说是玄学,反正确实解决了,略略略。
其它问题
缺少 PHP 的fileinfo
模块,按照套路编译就好了,php.ini
里查找:extension_dir
再下面一行添加上 extension = "fileinfo.so"
,重载。另外,HTTPS 很有必要,官方配置你要视情况再增加一些。
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name server.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
server_name server.com;
ssl_certificate /path/server.com_bundle.crt;
ssl_certificate_key /path/server.com.key;
ssl_stapling on;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 1d;
ssl_session_tickets on;
ssl_dhparam /path/server.com/dhparams.pem;
ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers On;
resolver 119.29.29.29 114.114.114.114 valid=300s;
resolver_timeout 10s;
add_header Strict-Transport-Security "max-age=63072000; preload";
# Path to the root of your installation
root /home/wwwroot/server.com/owncloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
include enable-php-pathinfo.conf;
proxy_hide_header X-Powered-By;
server_tokens off;
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/acme-challenge { }
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
return 404;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
return 404;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_param modHeadersAvailable true;
fastcgi_request_buffering off; #Available since nginx 1.7.11
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into this topic first.
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}