Nextcloud on Alpine Linux
Nextcloud を Alpine Linux にインストールします。
SSLサーバ証明書
Let's Encrypt のSSLサーバ証明書を取得します。
- apk リポジトリ変更
root@www:/etc/apk# cp -p repositories repositories.original root@www:/etc/apk# vi repositories root@www:/etc/apk# diff repositories.original repositories --- repositories.original +++ repositories @@ -1,6 +1,6 @@ #/media/sda/apks http://alpine.cs.nctu.edu.tw/v3.14/main -#http://alpine.cs.nctu.edu.tw/v3.14/community +http://alpine.cs.nctu.edu.tw/v3.14/community #http://alpine.cs.nctu.edu.tw/edge/main #http://alpine.cs.nctu.edu.tw/edge/community #http://alpine.cs.nctu.edu.tw/edge/testing root@www:/etc/apk# apk update fetch http://alpine.cs.nctu.edu.tw/v3.14/main/x86_64/APKINDEX.tar.gz fetch http://alpine.cs.nctu.edu.tw/v3.14/community/x86_64/APKINDEX.tar.gz v3.14.0-126-g36dbfbf5fc [http://alpine.cs.nctu.edu.tw/v3.14/main] v3.14.0-125-gb228095d59 [http://alpine.cs.nctu.edu.tw/v3.14/community] OK: 14928 distinct packages available root@www:/etc/apk#
- certbotインストール
root@www:/etc/apk# apk add certbot fetch http://alpine.cs.nctu.edu.tw/v3.14/community/x86_64/APKINDEX.tar.gz (1/44) Installing libbz2 (1.0.8-r1) (2/44) Installing expat (2.4.1-r0) (3/44) Installing gdbm (1.19-r0) (4/44) Installing libgcc (10.3.1_git20210424-r2) (5/44) Installing libstdc++ (10.3.1_git20210424-r2) (6/44) Installing mpdecimal (2.5.1-r1) (7/44) Installing readline (8.1.0-r0) (8/44) Installing sqlite-libs (3.35.5-r0) (9/44) Installing python3 (3.9.5-r1) (10/44) Installing py3-ordered-set (4.0.2-r1) (11/44) Installing py3-appdirs (1.4.4-r2) (12/44) Installing py3-parsing (2.4.7-r2) (13/44) Installing py3-six (1.15.0-r1) (14/44) Installing py3-packaging (20.9-r1) (15/44) Installing py3-setuptools (52.0.0-r3) (16/44) Installing py3-cparser (2.20-r1) (17/44) Installing py3-cffi (1.14.5-r1) (18/44) Installing py3-idna (3.2-r0) (19/44) Installing py3-asn1crypto (1.4.0-r1) (20/44) Installing py3-cryptography (3.3.2-r1) (21/44) Installing py3-openssl (20.0.1-r1) (22/44) Installing py3-josepy (1.8.0-r1) (23/44) Installing py3-tz (2021.1-r1) (24/44) Installing py3-pyrfc3339 (1.1-r4) (25/44) Installing py3-chardet (4.0.0-r2) (26/44) Installing py3-urllib3 (1.26.5-r0) (27/44) Installing py3-certifi (2020.12.5-r1) (28/44) Installing py3-requests (2.25.1-r4) (29/44) Installing py3-requests-toolbelt (0.9.1-r2) (30/44) Installing py3-acme (1.16.0-r0) (31/44) Installing py3-configargparse (1.3-r1) (32/44) Installing py3-configobj (5.0.6-r8) (33/44) Installing py3-distro (1.5.0-r3) (34/44) Installing py3-distutils-extra (2.45-r2) (35/44) Installing py3-future (0.18.2-r3) (36/44) Installing py3-parsedatetime (2.6-r2) (37/44) Installing py3-zope-interface (5.2.0-r1) (38/44) Installing py3-zope-proxy (4.3.5-r1) (39/44) Installing py3-zope-deferredimport (4.3.1-r3) (40/44) Installing py3-zope-deprecation (4.4.0-r4) (41/44) Installing py3-zope-event (4.4-r5) (42/44) Installing py3-zope-hookable (5.0.1-r1) (43/44) Installing py3-zope-component (4.6.2-r1) (44/44) Installing certbot (1.16.0-r0) Executing busybox-1.33.1-r3.trigger OK: 204 MiB in 111 packages root@www:/etc/apk#
- 証明書取得
root@www:/etc/apk# certbot certonly --standalone -d www.example.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): mail@example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N Account registered. Requesting a certificate for www.example.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/www.example.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/www.example.com/privkey.pem This certificate expires on 2021-10-13. These files will be updated when the certificate renews. NEXT STEPS: - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - root@www:/etc/apk#
- 証明書更新ジョブ登録
root@www:/etc/periodic/weekly# vi renew-cert root@www:/etc/periodic/weekly# cat renew-cert #!/bin/sh certbot renew rc-service nginx restart root@www:/etc/periodic/weekly# chmod 755 renew-cert root@www:/etc/periodic/weekly# ls -l total 4 -rwxr-xr-x 1 root root 49 Jul 16 07:01 renew-cert root@www:/etc/periodic/weekly#
MariaDB
MariaDB をインストールし、データベースを初期化します。
- インストール
root@www:~# apk add mariadb fetch http://alpine.cs.nctu.edu.tw/v3.14/main/x86_64/APKINDEX.tar.gz fetch http://alpine.cs.nctu.edu.tw/v3.14/community/x86_64/APKINDEX.tar.gz (1/11) Installing mariadb-common (10.5.11-r0) (2/11) Installing libaio (0.3.112-r1) (3/11) Installing ca-certificates (20191127-r5) (4/11) Installing brotli-libs (1.0.9-r5) (5/11) Installing nghttp2-libs (1.43.0-r0) (6/11) Installing libcurl (7.77.0-r1) (7/11) Installing linux-pam (1.5.1-r1) (8/11) Installing pcre2 (10.36-r0) (9/11) Installing libxml2 (2.9.12-r1) (10/11) Installing mariadb (10.5.11-r0) Executing mariadb-10.5.11-r0.pre-install (11/11) Installing mariadb-openrc (10.5.11-r0) Executing busybox-1.33.1-r3.trigger Executing ca-certificates-20191127-r5.trigger OK: 346 MiB in 122 packages root@www:~# apk add mariadb-client (1/1) Installing mariadb-client (10.5.11-r0) Executing busybox-1.33.1-r3.trigger OK: 374 MiB in 123 packages root@www:~#
- システムテーブル生成
root@www:~# mysql_install_db --user=mysql --datadir=/var/lib/mysql Installing MariaDB/MySQL system tables in '/var/lib/mysql' ... OK To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system Two all-privilege accounts were created. One is root@localhost, it has no password, but you need to be system 'root' user to connect. Use, for example, sudo mysql The second is mysql@localhost, it has no password either, but you need to be the system 'mysql' user to connect. After connecting you can set the password, if you would need to be able to connect as any of these users with a password and without sudo See the MariaDB Knowledgebase at https://mariadb.com/kb or the MySQL manual for more instructions. You can start the MariaDB daemon with: cd '/usr' ; /usr/bin/mysqld_safe --datadir='/var/lib/mysql' You can test the MariaDB daemon with mysql-test-run.pl cd '/usr/mysql-test' ; perl mysql-test-run.pl Please report any problems at https://mariadb.org/jira The latest information about MariaDB is available at https://mariadb.org/. You can find additional information about the MySQL part at: https://dev.mysql.com Consider joining MariaDB's strong and vibrant community: https://mariadb.org/get-involved/ root@www:~#
- セキュリティ初期設定
root@www:~# rc-service mariadb start * Caching service dependencies ... [ ok ] * Starting mariadb ... 210717 09:52:08 mysqld_safe Logging to syslog. 210717 09:52:08 mysqld_safe Starting mariadbd daemon with databases from /var/lib/mysql [ ok ] root@www:~# /usr/bin/mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): password OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. Switch to unix_socket authentication [Y/n] n ... skipping. You already have your root account protected, so you can safely answer 'n'. Change the root password? [Y/n] n ... skipping. By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! root@www:~# - Nextcloud 用のデータベースとユーザを作成
root@www:~# mysql -u root Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 10.5.11-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> create database nextcloud22; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> grant all on nextcloud22.* to 'nextcloud22'@'localhost' identified by 'nextcloud22'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> exit Bye root@www:~# rc-update add mariadb * service mariadb added to runlevel default root@www:~#
NGINX
- インストール
root@www:~# apk add nginx (1/4) Installing pcre (8.44-r0) (2/4) Installing nginx (1.20.1-r3) Executing nginx-1.20.1-r3.pre-install Executing nginx-1.20.1-r3.post-install (3/4) Installing nginx-openrc (1.20.1-r3) (4/4) Installing nginx-vim (1.20.1-r3) Executing busybox-1.33.1-r3.trigger OK: 376 MiB in 127 packages root@www:~#
- /etc/nginx/nginx.conf
root@www:/etc/nginx# cp -p nginx.conf nginx.conf.original root@www:/etc/nginx# vi nginx.conf root@www:/etc/nginx# diff nginx.conf.original nginx.conf --- nginx.conf.original +++ nginx.conf @@ -41,7 +41,7 @@ # indicated by the request header Content-Length. If the stated content # length is greater than this size, then the client receives the HTTP # error code 413. Set to 0 to disable. Default is '1m'. - client_max_body_size 1m; + client_max_body_size 100m; # Sendfile copies data between one FD and other from within the kernel, # which is more efficient than read() + write(). Default is off. root@osaka:/etc/nginx# cd http.d/ - /etc/nginx/http.d/default.conf
root@www:/etc/nginx/http.d# cp -p default.conf default.conf.original root@www:/etc/nginx/http.d# vi default.conf root@www:/etc/nginx/http.d# cat default.conf upstream php-handler { server 127.0.0.1:9000; # server unix:/var/run/php/php7.4-fpm.sock; } server { listen 80; server_name www.example.com; return 301 https://$host$request_uri; } server { listen 443 ssl http2; server_name www.example.com; # Use Mozilla's guidelines for SSL/TLS settings # https://mozilla.github.io/server-side-tls/ssl-config-generator/ ssl_certificate "/etc/letsencrypt/live/www.example.com/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/www.example.com/privkey.pem"; # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. # Path to the root of the domain root /usr/share/webapps; location / { try_files $uri $uri/ /index.html; } location = /robots.txt { allow all; log_not_found off; access_log off; } location ^~ /.well-known { # The rules in this block are an adaptation of the rules # in the Nextcloud `.htaccess` that concern `/.well-known`. location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; } location = /.well-known/caldav { return 301 /nextcloud/remote.php/dav/; } location /.well-known/acme-challenge { try_files $uri $uri/ =404; } location /.well-known/pki-validation { try_files $uri $uri/ =404; } # Let Nextcloud's API for `/.well-known` URIs handle all other # requests by passing them to the front-end controller. return 301 /nextcloud/index.php$request_uri; } location ^~ /nextcloud { # set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; # HTTP response headers borrowed from Nextcloud `.htaccess` add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; add_header Strict-Transport-Security 'max-age=15552000; includeSubDomains; preload' always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; # Specify how to handle directories -- specifying `/nextcloud/index.php$request_uri` # here as the fallback means that Nginx always exhibits the desired behaviour # when a client requests a path that corresponds to a directory that exists # on the server. In particular, if that directory contains an index.php file, # that file is correctly served; if it doesn't, then the request is passed to # the front-end controller. This consistent behaviour means that we don't need # to specify custom rules for certain paths (e.g. images and other assets, # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus # `try_files $uri $uri/ /nextcloud/index.php$request_uri` # always provides the desired behaviour. index index.php index.html /nextcloud/index.php$request_uri; # Rule borrowed from `.htaccess` to handle Microsoft DAV clients location = /nextcloud { if ( $http_user_agent ~ ^DavClnt ) { return 302 /nextcloud/remote.php/webdav/$is_args$args; } } # Rules borrowed from `.htaccess` to hide certain paths from clients location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } # Ensure this block, which passes PHP files to the PHP process, is above the blocks # which handle static assets (as seen below). If this block is not declared first, # then Nginx will encounter an infinite rewriting loop when it prepends # `/nextcloud/index.php` to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ \.(?:css|js|svg|gif)$ { try_files $uri /nextcloud/index.php$request_uri; expires 6M; # Cache-Control policy borrowed from `.htaccess` access_log off; # Optional: Don't log access to assets } location ~ \.woff2?$ { try_files $uri /nextcloud/index.php$request_uri; expires 7d; # Cache-Control policy borrowed from `.htaccess` access_log off; # Optional: Don't log access to assets } # Rule borrowed from `.htaccess` location /nextcloud/remote { return 301 /nextcloud/remote.php$request_uri; } location /nextcloud { try_files $uri $uri/ /nextcloud/index.php$request_uri; } } } root@www:/etc/nginx/http.d#
FastCGI Process Manager - php7-fpm
- インストール
root@www:~# apk add php7-fpm (1/2) Installing php7-common (7.4.21-r0) (2/2) Installing php7-fpm (7.4.21-r0) Executing busybox-1.33.1-r3.trigger OK: 381 MiB in 129 packages root@www:~#
- /etc/php7/php.ini
root@www:/etc/php7# cp -o php.ini php.ini.original root@www:/etc/php7# vi php.ini root@www:/etc/php7# diff php.ini.original php.ini --- php.ini.original +++ php.ini @@ -406,7 +406,7 @@ ; Maximum amount of memory a script may consume ; http://php.net/memory-limit -memory_limit = 128M +memory_limit = 1024M ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; @@ -691,7 +691,7 @@ ; Its value may be 0 to disable the limit. It is ignored if POST data reading ; is disabled through enable_post_data_reading. ; http://php.net/post-max-size -post_max_size = 8M +post_max_size = 100M ; Automatically add files before PHP document. ; http://php.net/auto-prepend-file @@ -843,7 +843,7 @@ ; Maximum allowed size for uploaded files. ; http://php.net/upload-max-filesize -upload_max_filesize = 2M +upload_max_filesize = 100M ; Maximum number of files that can be uploaded via a single request max_file_uploads = 20 @@ -1766,20 +1766,20 @@ [opcache] ; Determines if Zend OPCache is enabled -;opcache.enable=1 +opcache.enable=1 ; Determines if Zend OPCache is enabled for the CLI version of PHP ;opcache.enable_cli=0 ; The OPcache shared memory storage size. -;opcache.memory_consumption=128 +opcache.memory_consumption=128 ; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=8 +opcache.interned_strings_buffer=8 ; The maximum number of keys (scripts) in the OPcache hash table. ; Only numbers between 200 and 1000000 are allowed. -;opcache.max_accelerated_files=10000 +opcache.max_accelerated_files=10000 ; The maximum percentage of "wasted" memory until a restart is scheduled. ;opcache.max_wasted_percentage=5 @@ -1797,14 +1797,14 @@ ; How often (in seconds) to check file timestamps for changes to the shared ; memory storage allocation. ("1" means validate once per second, but only ; once per request. "0" means always validate) -;opcache.revalidate_freq=2 +opcache.revalidate_freq=1 ; Enables or disables file search in include_path optimization ;opcache.revalidate_path=0 ; If disabled, all PHPDoc comments are dropped from the code to reduce the ; size of the optimized code. -;opcache.save_comments=1 +opcache.save_comments=1 ; Allow file existence override (file_exists, etc.) performance feature. ;opcache.enable_file_override=0 @@ -1945,3 +1945,4 @@ ; List of headers files to preload, wildcard patterns allowed. ;ffi.preload= +apc.enable_cli=1 root@www:/etc/php7# - /etc/php7/php-fpm.d/www.conf
root@www:/etc/php7/php-fpm.d# cp -p www.conf www.conf.original root@www:/etc/php7/php-fpm.d# vi www.conf root@www:/etc/php7/php-fpm.d# diff www.conf.original www.conf --- www.conf.original +++ www.conf @@ -20,8 +20,8 @@ ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = nobody -group = nobody +user = nginx +group = www-data ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -407,11 +407,11 @@ ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env -;env[HOSTNAME] = $HOSTNAME -;env[PATH] = /usr/local/bin:/usr/bin:/bin -;env[TMP] = /tmp -;env[TMPDIR] = /tmp -;env[TEMP] = /tmp +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp ; Additional php.ini defines, specific to this pool of workers. These settings ; overwrite the values previously defined in the php.ini. The directives are the root@www:/etc/php7/php-fpm.d#
前提パッケージのインストール
Nextcloud 本体は Nextcloud 公式サイトより最新版をダウンロードしインストールします。しかし、ここでは仮に一度 Nextcloud 本体の apk パッケージをインストールし、前提となるパッケージを確認します。確認後 Nextcloud 本体の apk パッケージは削除し、前提パッケージのみを再びインストールします。また、参考のため設定ファイル config.php をどこかに保存しておきます。
- Nextcloud のインストール
root@www:~# apk add nextcloud-mysql (1/44) Installing php7 (7.4.21-r0) (2/44) Installing php7-bcmath (7.4.21-r0) (3/44) Installing php7-ctype (7.4.21-r0) (4/44) Installing php7-curl (7.4.21-r0) (5/44) Installing php7-dom (7.4.21-r0) (6/44) Installing libxau (1.0.9-r0) (7/44) Installing libmd (1.0.3-r0) (8/44) Installing libbsd (0.11.3-r0) (9/44) Installing libxdmcp (1.1.3-r0) (10/44) Installing libxcb (1.14-r2) (11/44) Installing libx11 (1.7.2-r0) (12/44) Installing libxext (1.3.4-r0) (13/44) Installing libice (1.0.10-r0) (14/44) Installing libsm (1.2.3-r0) (15/44) Installing libxt (1.2.1-r0) (16/44) Installing libxpm (3.5.13-r0) (17/44) Installing libpng (1.6.37-r1) (18/44) Installing freetype (2.10.4-r1) (19/44) Installing libjpeg-turbo (2.1.0-r0) (20/44) Installing libwebp (1.2.0-r2) (21/44) Installing php7-gd (7.4.21-r0) (22/44) Installing php7-fileinfo (7.4.21-r0) (23/44) Installing php7-gmp (7.4.21-r0) (24/44) Installing php7-iconv (7.4.21-r0) (25/44) Installing icu-libs (67.1-r2) (26/44) Installing php7-intl (7.4.21-r0) (27/44) Installing php7-json (7.4.21-r0) (28/44) Installing oniguruma (6.9.7.1-r0) (29/44) Installing php7-mbstring (7.4.21-r0) (30/44) Installing php7-openssl (7.4.21-r0) (31/44) Installing php7-pcntl (7.4.21-r0) (32/44) Installing php7-posix (7.4.21-r0) (33/44) Installing php7-session (7.4.21-r0) (34/44) Installing php7-simplexml (7.4.21-r0) (35/44) Installing php7-xml (7.4.21-r0) (36/44) Installing php7-xmlreader (7.4.21-r0) (37/44) Installing php7-xmlwriter (7.4.21-r0) (38/44) Installing libzip (1.7.3-r2) (39/44) Installing php7-zip (7.4.21-r0) (40/44) Installing nextcloud (21.0.3-r0) Executing nextcloud-21.0.3-r0.pre-install (41/44) Installing php7-pdo (7.4.21-r0) (42/44) Installing php7-mysqlnd (7.4.21-r0) (43/44) Installing php7-pdo_mysql (7.4.21-r0) (44/44) Installing nextcloud-mysql (21.0.3-r0) Executing busybox-1.33.1-r3.trigger OK: 650 MiB in 173 packages root@www:~#
- 前提パッケージの確認
root@www:~# apk info nextcloud-mysql -R nextcloud-mysql-21.0.3-r0 depends on: nextcloud php7-pdo_mysql root@www:~# apk info nextcloud -R nextcloud-21.0.3-r0 depends on: ca-certificates php7 php7-bcmath php7-ctype php7-curl php7-dom php7-gd php7-fileinfo php7-gmp php7-iconv php7-intl php7-json php7-mbstring php7-openssl php7-pcntl php7-posix php7-session php7-simplexml php7-xml php7-xmlreader php7-xmlwriter php7-zip /bin/sh root@www:~#
- Nextcloud のアンインストール
root@www:~# apk del nextcloud-mysql (1/44) Purging nextcloud-mysql (21.0.3-r0) (2/44) Purging nextcloud (21.0.3-r0) (3/44) Purging php7 (7.4.21-r0) (4/44) Purging php7-bcmath (7.4.21-r0) (5/44) Purging php7-ctype (7.4.21-r0) (6/44) Purging php7-curl (7.4.21-r0) (7/44) Purging php7-gd (7.4.21-r0) (8/44) Purging php7-fileinfo (7.4.21-r0) (9/44) Purging php7-gmp (7.4.21-r0) (10/44) Purging php7-iconv (7.4.21-r0) (11/44) Purging php7-intl (7.4.21-r0) (12/44) Purging php7-json (7.4.21-r0) (13/44) Purging php7-mbstring (7.4.21-r0) (14/44) Purging php7-pcntl (7.4.21-r0) (15/44) Purging php7-posix (7.4.21-r0) (16/44) Purging php7-session (7.4.21-r0) (17/44) Purging php7-simplexml (7.4.21-r0) (18/44) Purging php7-xml (7.4.21-r0) (19/44) Purging php7-xmlreader (7.4.21-r0) (20/44) Purging php7-dom (7.4.21-r0) (21/44) Purging php7-xmlwriter (7.4.21-r0) (22/44) Purging php7-zip (7.4.21-r0) (23/44) Purging php7-pdo_mysql (7.4.21-r0) (24/44) Purging php7-pdo (7.4.21-r0) (25/44) Purging php7-mysqlnd (7.4.21-r0) (26/44) Purging php7-openssl (7.4.21-r0) (27/44) Purging libxpm (3.5.13-r0) (28/44) Purging libxext (1.3.4-r0) (29/44) Purging libxt (1.2.1-r0) (30/44) Purging libx11 (1.7.2-r0) (31/44) Purging libxcb (1.14-r2) (32/44) Purging libxau (1.0.9-r0) (33/44) Purging libxdmcp (1.1.3-r0) (34/44) Purging libbsd (0.11.3-r0) (35/44) Purging libmd (1.0.3-r0) (36/44) Purging libsm (1.2.3-r0) (37/44) Purging libice (1.0.10-r0) (38/44) Purging freetype (2.10.4-r1) (39/44) Purging libpng (1.6.37-r1) (40/44) Purging libjpeg-turbo (2.1.0-r0) (41/44) Purging libwebp (1.2.0-r2) (42/44) Purging icu-libs (67.1-r2) (43/44) Purging oniguruma (6.9.7.1-r0) (44/44) Purging libzip (1.7.3-r2) Executing busybox-1.33.1-r3.trigger OK: 381 MiB in 129 packages root@www:~# rm -r /etc/nextcloud rm: can't remove '/etc/nextcloud': No such file or directory root@www:~# rm -r /usr/share/webapps/nextcloud rm: can't remove '/usr/share/webapps/nextcloud': No such file or directory root@www:~# rm -r /var/lib/nextcloud rm: can't remove '/var/lib/nextcloud': No such file or directory root@www:~# rm -r /var/log/nextcloud rm: can't remove '/var/log/nextcloud': No such file or directory root@www:~#
- 前提パッケージのみを再インストール
root@www:~# apk add php7 php7-bcmath php7-ctype php7-curl php7-dom php7-gd php7-fileinfo php7-gmp php7-iconv php7-intl php7-json php7-mbstring php7-openssl php7-pcntl php7-posix php7-session php7-simplexml php7-xml php7-xmlreader php7-xmlwriter php7-zip php7-pdo_mysql (1/42) Installing php7 (7.4.21-r0) (2/42) Installing php7-bcmath (7.4.21-r0) (3/42) Installing php7-ctype (7.4.21-r0) (4/42) Installing php7-curl (7.4.21-r0) (5/42) Installing php7-dom (7.4.21-r0) (6/42) Installing php7-fileinfo (7.4.21-r0) (7/42) Installing libxau (1.0.9-r0) (8/42) Installing libmd (1.0.3-r0) (9/42) Installing libbsd (0.11.3-r0) (10/42) Installing libxdmcp (1.1.3-r0) (11/42) Installing libxcb (1.14-r2) (12/42) Installing libx11 (1.7.2-r0) (13/42) Installing libxext (1.3.4-r0) (14/42) Installing libice (1.0.10-r0) (15/42) Installing libsm (1.2.3-r0) (16/42) Installing libxt (1.2.1-r0) (17/42) Installing libxpm (3.5.13-r0) (18/42) Installing libpng (1.6.37-r1) (19/42) Installing freetype (2.10.4-r1) (20/42) Installing libjpeg-turbo (2.1.0-r0) (21/42) Installing libwebp (1.2.0-r2) (22/42) Installing php7-gd (7.4.21-r0) (23/42) Installing php7-gmp (7.4.21-r0) (24/42) Installing php7-iconv (7.4.21-r0) (25/42) Installing icu-libs (67.1-r2) (26/42) Installing php7-intl (7.4.21-r0) (27/42) Installing php7-json (7.4.21-r0) (28/42) Installing oniguruma (6.9.7.1-r0) (29/42) Installing php7-mbstring (7.4.21-r0) (30/42) Installing php7-openssl (7.4.21-r0) (31/42) Installing php7-pcntl (7.4.21-r0) (32/42) Installing php7-pdo (7.4.21-r0) (33/42) Installing php7-mysqlnd (7.4.21-r0) (34/42) Installing php7-pdo_mysql (7.4.21-r0) (35/42) Installing php7-posix (7.4.21-r0) (36/42) Installing php7-session (7.4.21-r0) (37/42) Installing php7-simplexml (7.4.21-r0) (38/42) Installing php7-xml (7.4.21-r0) (39/42) Installing php7-xmlreader (7.4.21-r0) (40/42) Installing php7-xmlwriter (7.4.21-r0) (41/42) Installing libzip (1.7.3-r2) (42/42) Installing php7-zip (7.4.21-r0) Executing busybox-1.33.1-r3.trigger OK: 435 MiB in 171 packages root@www:~#
- 次の3つのパッケージもインストールしておきます。(「セキュリティ&セットアップ警告」をクリアするために必要になります。)
root@www:~# apk add php7-pecl-apcu (1/1) Installing php7-pecl-apcu (5.1.20-r0) OK: 436 MiB in 172 packages root@www:~# apk add php7-opcache (1/1) Installing php7-opcache (7.4.21-r0) OK: 436 MiB in 173 packages root@www:~# apk add php7-pecl-imagick (1/33) Installing fontconfig (2.13.1-r4) (2/33) Installing lcms2 (2.12-r1) (3/33) Installing libltdl (2.4.6-r7) (4/33) Installing imagemagick-libs (7.0.11.13-r0) (5/33) Installing libxrender (0.9.10-r3) (6/33) Installing pixman (0.40.0-r2) (7/33) Installing cairo (1.16.0-r3) (8/33) Installing libintl (0.21-r0) (9/33) Installing libmount (2.37-r0) (10/33) Installing glib (2.68.2-r0) (11/33) Installing dbus-libs (1.12.20-r2) (12/33) Installing avahi-libs (0.8-r5) (13/33) Installing cups-libs (2.3.3-r2) (14/33) Installing jbig2dec (0.19-r0) (15/33) Installing tiff (4.2.0-r1) (16/33) Installing ghostscript (9.54.0-r0) (17/33) Installing aom-libs (1.0.0-r3) (18/33) Installing libde265 (1.0.8-r1) (19/33) Installing x265-libs (3.4-r0) (20/33) Installing libheif (1.12.0-r0) (21/33) Installing cairo-gobject (1.16.0-r3) (22/33) Installing pkgconf (1.7.4-r0) (23/33) Installing shared-mime-info (2.1-r0) (24/33) Installing gdk-pixbuf (2.42.6-r0) (25/33) Installing libxft (2.3.3-r0) (26/33) Installing fribidi (1.0.10-r0) (27/33) Installing graphite2 (1.3.14-r0) (28/33) Installing harfbuzz (2.8.1-r0) (29/33) Installing pango (1.48.5-r0) (30/33) Installing librsvg (2.50.4-r0) (31/33) Installing imagemagick (7.0.11.13-r0) (32/33) Installing libgomp (10.3.1_git20210424-r2) (33/33) Installing php7-pecl-imagick (3.5.0-r0) Executing busybox-1.33.1-r3.trigger Executing fontconfig-2.13.1-r4.trigger Executing shared-mime-info-2.1-r0.trigger Executing gdk-pixbuf-2.42.6-r0.trigger OK: 535 MiB in 206 packages root@www:~#
Nextcloud のインストール
Nextcloud 公式サイトより最新版をダウンロードしインストールします。
- Nextcloud 最新版のダウンロードと配置
root@www:~# mkdir /usr/share/webapps root@www:~# cd /usr/share/webapps/ root@www:/usr/share/webapps# wget https://download.nextcloud.com/server/releases/nextcloud-22.0.0.zip Connecting to download.nextcloud.com (95.217.64.181:443) saving to 'nextcloud-22.0.0.zip' nextcloud-22.0.0.zip 100% |************************************************************************| 164M 0:00:00 ETA 'nextcloud-22.0.0.zip' saved root@www:/usr/share/webapps# unzip -q nextcloud-22.0.0.zip root@www:/usr/share/webapps# mv nextcloud nextcloud-22.0.0 root@www:/usr/share/webapps# ln -s nextcloud-22.0.0 nextcloud
- /usr/share/webapps/nextcloud/config/config.php
root@www:/usr/share/webapps# cd nextcloud/config root@www:/usr/share/webapps/nextcloud-22.0.0/config# vi config.php root@www:/usr/share/webapps/nextcloud-22.0.0/config# cat config.php <?php $CONFIG = array ( 'default_phone_region' => 'JP', 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/var/lib/nextcloud/data', 'logfile' => '/var/log/nextcloud/nextcloud.log', 'check_for_working_htaccess' => false, 'installed' => false, ); root@www:/usr/share/webapps/nextcloud-22.0.0/config# cp -p config.php config.php.init root@www:/usr/share/webapps/nextcloud-22.0.0/config# cd ../../ root@www:/usr/share/webapps# chown nginx:www-data -R nextcloud-22.0.0 root@www:/usr/share/webapps# rm nextcloud-22.0.0.zip root@www:/usr/share/webapps#
- データ格納用ディレクトリ作成
root@www:/usr/share/webapps# cd /var/lib/ root@www:/var/lib# mkdir -p nextcloud/data root@www:/var/lib# chown nginx:www-data -R nextcloud root@www:/var/lib#
- ログ格納用ディレクトリ作成
root@www:/var/lib# cd /var/log/ root@www:/var/log# mkdir -p nextcloud root@www:/var/log# chown nginx:www-data -R nextcloud root@www:/var/log#
Installation wizard
ブラウザから Installation wizard にアクセスし、インストール作業の最後のステップを実行します。
- nginx と php-fpm7 の起動
root@www:~# rc-service nginx start * Caching service dependencies ... [ ok ] * Starting nginx ... [ ok ] root@www:~# rc-update add nginx * service nginx added to runlevel default root@www:~# rc-service php-fpm7 start * Checking /etc/php7/php-fpm.conf ... * /run/php-fpm7: creating directory * Starting PHP FastCGI Process Manager ... [ ok ] root@www:~# rc-update add php-fpm7 * service php-fpm7 added to runlevel default root@www:~#
- ブラウザから次の URL にアクセスします。
https://www.example.com/nextcloud/
- 管理者アカウントの「ユーザ名」と「パスワード」を入力します。
- 「データベースのユーザ名」、「データベースのパスワード」、「データベース名」それぞれに「nextcloud22」を入力し、「セットアップを完了します」をクリックします。
- インストールが続行し、引き続き推奨アプリのインストールが行われます。
- インストールが完了しました。
- [設定]→[管理]→[概要]→[セキュリティ&セットアップ警告]を確認します。
- 次の要領でcronジョブを登録します。
root@www:~# crontab -u nginx -e root@www:~# crontab -u nginx -l */5 * * * * php -f /usr/share/webapps/nextcloud/cron.php root@www:~#
- [設定]→[管理]→[基本設定]→[バックグラウンドジョブ]で[Cron]を選択します。
以上です。