# Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this # topic first. # add_header Strict-Transport-Security "max-age=15768000; # includeSubDomains; preload;"; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation root /var/www/nextcloud/;
# The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json # last;
location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; }
# Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~ \.(?:css|js|woff|svg|gif)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; # # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; }
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$request_uri; # Optional: Don't log access to other assets access_log off; } }
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have a root password set, so you can safely answer 'n'. Change the root password? [Y/n] n ... skipping. By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure.
Thanks for using MariaDB!
完成之後登入DB
1 2
mysql -u root -p # 輸入password
創建一個nextcloud用的數據庫
1
CREATE DATABASE nextclouddb;
創建一個用戶
1 2
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'mypassword'; # 將'mypassword'換為自己的密碼
賦予用戶管理數據庫的權限
1
GRANT ALL PRIVILEGES ON nextclouddb.* TO 'nextcloud'@'localhost';
刷新數據庫
1
FLUSH PRIVILEGES
登出數據庫console
1
exit;
安裝nextcloud
安裝所需軟件
1
apt-get install wget unzip -y
下載最新版
1 2 3
cd /tmp wget https://download.nextcloud.com/server/releases/latest.zip unzip latest.zip
# partition刪除(指令d) Command (m forhelp): d Selected partition 1 Partition 1 has been deleted.
# partition新建(指令n) Command (m forhelp): n Partition number (1-128, default 1): First sector (34-225112380, default 2048): Last sector, +sectors or +size{K,M,G,T,P} (2048-225112380, default 225112380):
Created a new partition 1 of type'Linux filesystem' and of size 107.3GiB.
# 確認硬盤信息(指令p) Command (m forhelp): p Disk /dev/sda: 107.4 GiB, 115257538560 bytes, 225112380 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0xc3ffc3ff
Device Boot Start End Sectors Size Id Type /dev/sda1 2048 225110015 225107968 107.3G 7 HPFS/NTFS/exFAT
# 保存操作(指令w) Command (m forhelp): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks.