我的确遇到很多坑,第一个坑,就是重启之后,系统不能用了。
原因很简单,我的selinux 没有关闭。
坑2、
升级了之后,不知道如何退出维护模式。
这里附上nextcloud的维护模式关闭和开启。
PS:以下命令,需要进入nextcloud的安装目录内,找到occ命令后,执行,如果是centos环境那么要改成 apache php xxxxx即可
sudo -u nginx php occ maintenance:mode --on
sudo -u nginx php occ maintenance:mode --off
然后的坑就是给nextcloud配置缓存。
这里我好像还有报错,听说用ubuntu问题比较少。
我总结一下其它的。
参考这篇博文https://blog.****.net/weixin_41004350/article/details/80479051
里面有一个
opcache
我找了好久,原来是Centos7里面的位置变了,在/etc/php.d/opcache.ini 去改参数。
终于找到隐藏已久的坑,这里要参考nextcloud的官方文档,虽然是全英文,但是看看还是很有价值的。
https://docs.nextcloud.com/server/13/admin_manual/installation/system_requirements.html
这里有很多说明,可以慢慢。
直接说坑吧,就是关于nextcloud里提示X-Frame-Options" 没有配置为 "SAMEORIGIN"
一直报错,
我各种排查,首先检查/usr/share/nginx/html/nextcloud/config/config.php里的配置,里面有SAMEORIGIN这项,一步一步参考官方资料。
官方代码
1 upstream php-handler { 2 server 127.0.0.1:9000; 3 #server unix:/var/run/php5-fpm.sock; 4 } 5 6 server { 7 listen 80; 8 listen [::]:80; 9 server_name cloud.example.com; 10 # enforce https 11 return 301 https://$server_name$request_uri; 12 } 13 14 server { 15 listen 443 ssl http2; 16 listen [::]:443 ssl http2; 17 server_name cloud.example.com; 18 19 ssl_certificate /etc/ssl/nginx/cloud.example.com.crt; 20 ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key; 21 22 # Add headers to serve security related headers 23 # Before enabling Strict-Transport-Security headers please read into this 24 # topic first. 25 #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; 26 add_header X-Content-Type-Options nosniff; 27 add_header X-XSS-Protection "1; mode=block"; 28 add_header X-Robots-Tag none; 29 add_header X-Download-Options noopen; 30 add_header X-Permitted-Cross-Domain-Policies none; 31 32 # Path to the root of your installation 33 root /var/www/; 34 35 location = /robots.txt { 36 allow all; 37 log_not_found off; 38 access_log off; 39 } 40 41 # The following 2 rules are only needed for the user_webfinger app. 42 # Uncomment it if you're planning to use this app. 43 # rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta 44 # last; 45 #rewrite ^/.well-known/host-meta.json 46 # /nextcloud/public.php?service=host-meta-json last; 47 48 location = /.well-known/carddav { 49 return 301 $scheme://$host/nextcloud/remote.php/dav; 50 } 51 location = /.well-known/caldav { 52 return 301 $scheme://$host/nextcloud/remote.php/dav; 53 } 54 55 location /.well-known/acme-challenge { } 56 57 location ^~ /nextcloud { 58 59 # set max upload size 60 client_max_body_size 512M; 61 fastcgi_buffers 64 4K; 62 63 # Enable gzip but do not remove ETag headers 64 gzip on; 65 gzip_vary on; 66 gzip_comp_level 4; 67 gzip_min_length 256; 68 gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; 69 gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; 70 71 # Uncomment if your server is build with the ngx_pagespeed module 72 # This module is currently not supported. 73 #pagespeed off; 74 75 location /nextcloud { 76 rewrite ^ /nextcloud/index.php$request_uri; 77 } 78 79 location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ { 80 deny all; 81 } 82 location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) { 83 deny all; 84 } 85 86 location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { 87 fastcgi_split_path_info ^(.+?\.php)(/.*)$; 88 include fastcgi_params; 89 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 90 fastcgi_param PATH_INFO $fastcgi_path_info; 91 fastcgi_param HTTPS on; 92 #Avoid sending the security headers twice 93 fastcgi_param modHeadersAvailable true; 94 fastcgi_param front_controller_active true; 95 fastcgi_pass php-handler; 96 fastcgi_intercept_errors on; 97 fastcgi_request_buffering off; 98 } 99 100 location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {101 try_files $uri/ =404;102 index index.php;103 }104 105 # Adding the cache control header for js and css files106 # Make sure it is BELOW the PHP block107 location ~ \.(?:css|js|woff|svg|gif)$ {108 try_files $uri /nextcloud/index.php$request_uri;109 add_header Cache-Control "public, max-age=15778463";110 # Add headers to serve security related headers (It is intended111 # to have those duplicated to the ones above)112 # Before enabling Strict-Transport-Security headers please read113 # into this topic first.114 # add_header Strict-Transport-Security "max-age=15768000;115 # includeSubDomains; preload;";116 add_header X-Content-Type-Options nosniff;117 add_header X-XSS-Protection "1; mode=block";118 add_header X-Robots-Tag none;119 add_header X-Download-Options noopen;120 add_header X-Permitted-Cross-Domain-Policies none;121 # Optional: Don't log access to assets122 access_log off;123 }124 125 location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {126 try_files $uri /nextcloud/index.php$request_uri;127 # Optional: Don't log access to other assets128 access_log off;129 }130 }131 }
View Code
然后去检查nginx的配置,在/etc/nginx/nginx.conf
看到这个代码不要晕,一步一步的对比,里面也有一个SAMEORIGIN这项,注释这项就可以了。附上我的代码
1 #user nobody; 2 worker_processes 1; 3 4 #error_log logs/error.log; 5 #error_log logs/error.log notice; 6 #error_log logs/error.log info; 7 8 #pid logs/nginx.pid; 9 10 11 events { 12 worker_connections 1024; 13 } 14 15 16 http { 17 include mime.types; 18 default_type application/octet-stream; 19 20 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 21 # '$status $body_bytes_sent "$http_referer" ' 22 # '"$http_user_agent" "$http_x_forwarded_for"'; 23 24 #access_log logs/access.log main; 25 26 sendfile on; 27 #tcp_nopush on; 28 29 #keepalive_timeout 0; 30 keepalive_timeout 65; 31 32 #gzip on; 33 34 server { 35 listen 80; 36 server_name 你的域名; 37 38 #charset koi8-r; 39 40 #access_log logs/host.access.log main; 41 42 location / { 43 root html; 44 proxy_read_timeout 300; 45 index index.html index.htm; 46 } 47 48 #error_page 404 /404.html; 49 50 # redirect server error pages to the static page /50x.html 51 # 52 error_page 500 502 503 504 /50x.html; 53 location = /50x.html { 54 root html; 55 } 56 57 # proxy the PHP scripts to Apache listening on 127.0.0.1:80 58 # 59 #location ~ \.php$ { 60 # proxy_pass http://127.0.0.1; 61 #} 62 63 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 64 # 65 #location ~ \.php$ { 66 # root html; 67 # fastcgi_pass 127.0.0.1:9000; 68 # fastcgi_index index.php; 69 # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 70 # include fastcgi_params; 71 #} 72 73 # deny access to .htaccess files, if Apache's document root 74 # concurs with nginx's one 75 # 76 #location ~ /\.ht { 77 # deny all; 78 #} 79 } 80 81 82 # another virtual host using mix of IP-, name-, and port-based configuration 83 # 84 #server { 85 # listen 8000; 86 # listen somename:8080; 87 # server_name somename alias another.alias; 88 89 # location / { 90 # root html; 91 # index index.html index.htm; 92 # } 93 #} 94 95 96 # HTTPS server 97 # 98 #server { 99 # listen 443 ssl;100 # server_name localhost;101 102 # ssl_certificate cert.pem;103 # ssl_certificate_key cert.key;104 105 # ssl_session_cache shared:SSL:1m;106 # ssl_session_timeout 5m;107 108 # ssl_ciphers HIGH:!aNULL:!MD5;109 # ssl_prefer_server_ciphers on;110 111 # location / {112 # root html;113 # index index.html index.htm;114 # }115 #}116 117 118 upstream php-handler {119 server 127.0.0.1:9000;120 #server unix:/var/run/php5-fpm.sock;121 }122 123 124 server {125 # listen 80;126 # server_name 你的域名;127 # enforce https128 rewrite ^(.*)$ https://$host$1 permanent;129 }130 131 132 server {133 listen 443 ssl;134 server_name 你的域名;135 136 ssl_certificate /etc/nginx/cert/nextcloud.crt;137 ssl_certificate_key /etc/nginx/cert/nextcloud.key;138 139 # Add headers to serve security related headers140 # Before enabling Strict-Transport-Security headers please read into this141 # topic first.142 add_header Strict-Transport-Security "max-age=15768000;143 # includeSubDomains; preload;";144 add_header X-Content-Type-Options nosniff;145 #add_header X-Frame-Options "SAMEORIGIN"; #这里记得注释,这种没用146 add_header X-XSS-Protection "1; mode=block";147 add_header X-Robots-Tag none;148 add_header X-Download-Options noopen;149 add_header X-Permitted-Cross-Domain-Policies none;150 151 # Path to the root of your installation152 root /usr/share/nginx/html/nextcloud/;153 154 155 location = /robots.txt {156 allow all;157 log_not_found off;158 access_log off;159 }160 161 162 # The following 2 rules are only needed for the user_webfinger app.163 # Uncomment it if you're planning to use this app.164 #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;165 #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json166 # last;167 168 169 location = /.well-known/carddav {170 return 301 $scheme://$host/remote.php/dav;171 }172 location = /.well-known/caldav {173 return 301 $scheme://$host/remote.php/dav;174 }175 176 177 # set max upload size178 client_max_body_size 1024M; # 上传文件最大限制,php.ini中也要修改,最后优化时会提及。179 fastcgi_buffers 64 4K;180 181 # Disable gzip to avoid the removal of the ETag header182 gzip on;183 gzip_vary on;184 gzip_comp_level 4;185 gzip_min_length 256;186 gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;187 gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;188 189 190 # Uncomment if your server is build with the ngx_pagespeed module191 # This module is currently not supported.192 #pagespeed off;193 194 195 error_page 403 /core/templates/403.php;196 error_page 404 /core/templates/404.php;197 198 199 location / {200 rewrite ^ /index.php$uri;201 }202 203 204 location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {205 deny all;206 }207 location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {208 deny all;209 }210 211 location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {212 include fastcgi_params;213 fastcgi_split_path_info ^(.+\.php)(/.*)$;214 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;215 fastcgi_param PATH_INFO $fastcgi_path_info;216 fastcgi_param HTTPS on;217 #Avoid sending the security headers twice218 fastcgi_param modHeadersAvailable true;219 fastcgi_param front_controller_active true;220 fastcgi_pass php-handler;221 fastcgi_intercept_errors on;222 fastcgi_request_buffering off;223 fastcgi_read_timeout 150;224 }225 226 227 location ~ ^/(?:updater|ocs-provider)(?:$|/) {228 try_files $uri/ =404;229 index index.php;230 }231 232 233 # Adding the cache control header for js and css files234 # Make sure it is BELOW the PHP block235 location ~* \.(?:css|js)$ {236 try_files $uri /index.php$uri$is_args$args;237 add_header Cache-Control "public, max-age=7200";238 # Add headers to serve security related headers (It is intended to239 # have those duplicated to the ones above)240 # Before enabling Strict-Transport-Security headers please read into241 # this topic first.242 add_header Strict-Transport-Security "max-age=15768000;includeSubDomains; preload;";243 add_header X-Content-Type-Options nosniff;244 add_header X-Frame-Options "SAMEORIGIN";245 add_header X-XSS-Protection "1; mode=block";246 add_header X-Robots-Tag none;247 add_header X-Download-Options noopen;248 add_header X-Permitted-Cross-Domain-Policies none;249 # Optional: Don't log access to assets250 access_log off;251 }252 253 location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {254 try_files $uri /index.php$uri$is_args$args;255 # Optional: Don't log access to other assets256 access_log off;257 }258 }259 260 }
View Code
虽然看这个代码有点乱,但是能看懂意思就不会乱了,而且我试过,不报错。
这样之后,基本就解决问题了。
值得提的是里面还有一个文件的代码,要看一下,/etc/nginx/conf.d/nextcloud.conf
这几个文件代码差不多一样。仔细看,这里我就放代码了。