NextCloud : インストール2022/07/27 |
|
クラウドストレージサーバー NextCloud をインストールします。
|
|
| [1] | |
| [2] |
こちらを参考に Apache httpd に SSL/TLS の設定を適用しておきます。
(Web ミーティングで使用する カメラ/通話 の機能や 画面共有 の機能等は SSL/TLS 必須) |
| [3] | |
| [4] | |
| [5] | 必要な PHP モジュールを追加インストールして、NextCloud 用に PHP の設定を調整します。 |
|
# EPEL を有効にしてインストール
[root@dlp ~]#
dnf --enablerepo=epel -y install php-pear php-mbstring php-pdo php-intl php-xml php-gd php-mysqlnd php-bcmath php-gmp php-soap php-sodium php-opcache php-devel php-pecl-zip php-pecl-json-post php-pecl-apcu php-pecl-redis5 php-pecl-imagick redis
[root@dlp ~]#
vi /etc/php-fpm.d/nextcloud.conf ;; 新規作成
[nextcloud]
user = apache
group = apache
listen = /run/php-fpm/nextcloud.sock
listen.acl_users = apache
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
;; 以下はサーバースペックや NextCloud の使用状況に応じて要調整
php_value[max_execution_time] = 3600
php_value[memory_limit] = 2G
php_value[post_max_size] = 2G
php_value[upload_max_filesize] = 2G
php_value[max_input_time] = 3600
php_value[max_input_vars] = 2000
php_value[date.timezone] = Asia/Tokyo
php_value[opcache.memory_consumption] = 128
php_value[opcache.interned_strings_buffer] = 32
php_value[opcache.max_accelerated_files] = 10000
php_value[opcache.revalidate_freq] = 1
php_value[opcache.save_comments] = 1
php_value[opcache.jit] = 1255
php_value[opcache.jit_buffer_size] = 128M
systemctl restart php-fpm |
| [6] | NextCloud 用のユーザーとデータベースを作成しておきます。 |
|
[root@dlp ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 10.5.16-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> create database nextcloud; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all privileges on nextcloud.* to nextcloud@'localhost' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit Bye |
| [7] | Apache httpd に NextCloud サイトの設定をします。 ダウンロードする NextCloud のバージョンは以下から確認できます。 ⇒ https://download.nextcloud.com/server/releases/ |
|
[root@dlp ~]#
vi /etc/httpd/conf.d/nextcloud.conf # 新規作成 # サーバ名や SSL/TLS 証明書のパスは自身の環境に合わせて変更
Timeout 3600
ProxyTimeout 3600
DirectoryIndex index.php index.html
Header set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
<VirtualHost *:80>
DocumentRoot /var/www/nextcloud
ServerName dlp.srv.world
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/nextcloud
ServerName dlp.srv.world
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/dlp.srv.world/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dlp.srv.world/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/dlp.srv.world/chain.pem
</VirtualHost>
<Directory "/var/www/nextcloud">
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/run/php-fpm/nextcloud.sock|fcgi://localhost"
</FilesMatch>
</Directory>
wget https://download.nextcloud.com/server/releases/latest.zip -P /var/www/ [root@dlp ~]# unzip /var/www/latest.zip -d /var/www/ [root@dlp ~]# chown -R apache:apache /var/www/nextcloud [root@dlp ~]# systemctl restart httpd |
| [8] | SELinux を有効にしている場合は、許可ルールの追加が必要です。 |
|
[root@dlp ~]# setsebool -P httpd_can_network_connect on [root@dlp ~]# setsebool -P httpd_unified on [root@dlp ~]# setsebool -P httpd_execmem on [root@dlp ~]# setsebool -P httpd_use_fusefs on [root@dlp ~]# setsebool -P nis_enabled on
[root@dlp ~]#
vi nextcloud.te # 以下の内容で新規作成
module nextcloud 1.0;
require {
type configfs_t;
type httpd_t;
type redis_t;
type rpm_t;
type fusefs_t;
type httpd_sys_script_t;
type fuse_device_t;
type httpd_sys_rw_content_t;
type kernel_t;
type lib_t;
type init_t;
type unconfined_t;
type local_login_t;
type crond_t;
type policykit_t;
type lsmd_t;
type mcelog_t;
type firewalld_t;
type systemd_logind_t;
type irqbalance_t;
type udev_t;
type sshd_t;
type NetworkManager_t;
type virt_qemu_ga_t;
type unconfined_service_t;
type syslogd_t;
type setroubleshootd_t;
type rhsmcertd_t;
type getty_t;
type mysqld_t;
type auditd_t;
type chronyd_t;
type system_dbusd_t;
class file { create unlink write open read execute execute_no_trans getattr };
class dir { add_name write read remove_name rmdir getattr setattr mounton search };
class lnk_file unlink;
class chr_file { open read write };
class process setrlimit;
class system module_request;
class capability dac_read_search;
class filesystem { mount unmount };
}
#============= httpd_t ==============
allow httpd_t configfs_t:dir getattr;
allow httpd_t lib_t:dir { add_name remove_name setattr write };
allow httpd_t lib_t:file { create unlink write };
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t fuse_device_t:chr_file { open read write };
allow httpd_sys_script_t httpd_sys_rw_content_t:dir mounton;
allow httpd_sys_script_t httpd_sys_rw_content_t:file { execute execute_no_trans };
allow httpd_sys_script_t lib_t:dir setattr;
allow httpd_sys_script_t self:process setrlimit;
allow httpd_sys_script_t kernel_t:system module_request;
allow httpd_sys_script_t NetworkManager_t:dir search;
allow httpd_sys_script_t NetworkManager_t:file { getattr open read };
allow httpd_sys_script_t auditd_t:dir search;
allow httpd_sys_script_t auditd_t:file { getattr open read };
allow httpd_sys_script_t chronyd_t:dir search;
allow httpd_sys_script_t chronyd_t:file { getattr open read };
allow httpd_sys_script_t crond_t:dir search;
allow httpd_sys_script_t crond_t:file { getattr open read };
allow httpd_sys_script_t firewalld_t:dir search;
allow httpd_sys_script_t firewalld_t:file { getattr open read };
allow httpd_sys_script_t getty_t:dir search;
allow httpd_sys_script_t getty_t:file { getattr open read };
allow httpd_sys_script_t httpd_t:dir search;
allow httpd_sys_script_t httpd_t:file { getattr open read };
allow httpd_sys_script_t init_t:dir search;
allow httpd_sys_script_t init_t:file { getattr open read };
allow httpd_sys_script_t irqbalance_t:dir search;
allow httpd_sys_script_t irqbalance_t:file { getattr open read };
allow httpd_sys_script_t kernel_t:dir search;
allow httpd_sys_script_t kernel_t:file { getattr open read };
allow httpd_sys_script_t local_login_t:dir search;
allow httpd_sys_script_t local_login_t:file { getattr open read };
allow httpd_sys_script_t lsmd_t:dir search;
allow httpd_sys_script_t lsmd_t:file { getattr open read };
allow httpd_sys_script_t mcelog_t:dir search;
allow httpd_sys_script_t mcelog_t:file { getattr open read };
allow httpd_sys_script_t mysqld_t:dir search;
allow httpd_sys_script_t mysqld_t:file { getattr open read };
allow httpd_sys_script_t policykit_t:dir search;
allow httpd_sys_script_t policykit_t:file { getattr open read };
allow httpd_sys_script_t rhsmcertd_t:dir search;
allow httpd_sys_script_t rhsmcertd_t:file { getattr open read };
allow httpd_sys_script_t setroubleshootd_t:dir search;
allow httpd_sys_script_t setroubleshootd_t:file { getattr open read };
allow httpd_sys_script_t sshd_t:dir search;
allow httpd_sys_script_t sshd_t:file { getattr open read };
allow httpd_sys_script_t syslogd_t:dir search;
allow httpd_sys_script_t syslogd_t:file { getattr open read };
allow httpd_sys_script_t system_dbusd_t:dir search;
allow httpd_sys_script_t system_dbusd_t:file { getattr open read };
allow httpd_sys_script_t systemd_logind_t:dir search;
allow httpd_sys_script_t systemd_logind_t:file { getattr open read };
allow httpd_sys_script_t udev_t:dir search;
allow httpd_sys_script_t udev_t:file { getattr open read };
allow httpd_sys_script_t unconfined_service_t:dir search;
allow httpd_sys_script_t unconfined_service_t:file { getattr open read };
allow httpd_sys_script_t unconfined_t:dir search;
allow httpd_sys_script_t unconfined_t:file { getattr open read };
allow httpd_sys_script_t virt_qemu_ga_t:dir search;
allow httpd_sys_script_t virt_qemu_ga_t:file { getattr open read };
allow httpd_sys_script_t redis_t:dir search;
allow httpd_sys_script_t redis_t:file { getattr open read };
allow httpd_sys_script_t rpm_t:dir search;
allow httpd_sys_script_t rpm_t:file { getattr open read };
allow httpd_sys_script_t fusefs_t:file { execute execute_no_trans };
allow httpd_sys_script_t fusefs_t:filesystem mount;
allow httpd_sys_script_t fusefs_t:filesystem unmount;
allow httpd_sys_script_t self:capability dac_read_search;
#============= init_t ==============
allow init_t httpd_sys_rw_content_t:dir { read remove_name rmdir write };
allow init_t httpd_sys_rw_content_t:file unlink;
allow init_t httpd_sys_rw_content_t:lnk_file unlink;
checkmodule -m -M -o nextcloud.mod nextcloud.te [root@dlp ~]# semodule_package --outfile nextcloud.pp --module nextcloud.mod [root@dlp ~]# semodule -i nextcloud.pp |
| [9] | 任意のクライアントコンピューターから Webブラウザーで [https://(サーバーのホスト名)/] へアクセスすると以下のような画面が表示されます。 管理者アカウントとデータベース接続の設定をします。 任意の管理者ユーザー名とパスワードを入力します。 データベースは [6] で作成した MariaDB データベースを指定します。 入力後、画面下部の [Install] をクリックします。 なお、以下の画面例は英語表示となっていますが、日本語 OS でアクセスすれば日本語で表示されます。 |
|
| [10] | NextCloud 推奨のアプリケーションをインストールするか選択します。 当例ではインストールで進めます。 |
|
| [11] | スタートページが表示されます。 |
|
| [12] | セットアップ完了後は [https://(サーバーのホスト名)/] へアクセスすることで、ログイン画面から利用可能となります。 |
|
| [13] | 日本語 OS でアクセスすれば自動で日本語表示になります。自動で切り替わらなない場合でも、設定から日本語表示に切り替えることもできます。 |
|
| [14] | 初期セットアップ後、NextCloud 推奨要件であるメモリーキャッシュを有効にしておきます。 また、推奨設定である [default_phone_region] 設定も追加しておきます。 |
|
[root@dlp ~]#
vi /var/www/nextcloud/config/config.php ..... ..... // セクション内の最終行に追記 // [default_phone_region] には自身の国コードを指定 (ISO 3166-1) 'installed' => true, 'memcache.local' => '\OC\Memcache\APCu', 'default_phone_region' => 'JP', 'maintenance_window_start' => 1, 'memcache.locking' => '\OC\Memcache\Redis', 'memcache.distributed' => '\OC\Memcache\Redis', 'redis' => array( 'host' => 'localhost', 'port' => 6379, 'timeout' => 0.0, ), );[root@dlp ~]# sudo -u apache php --define apc.enable_cli=1 /var/www/nextcloud/occ db:add-missing-indices The current PHP memory limit is below the recommended value of 512MB. Adding additional mail_messages_strucanalyz_idx index to the oc_mail_messages table, this can take some time... oc_mail_messages table updated successfully. Adding additional mail_class_creat_idx index to the oc_mail_classifiers table, this can take some time... oc_mail_classifiers table updated successfully. Adding additional mail_acc_prov_idx index to the oc_mail_accounts table, this can take some time... oc_mail_accounts table updated successfully. Adding additional mail_alias_accid_idx index to the oc_mail_aliases table, this can take some time... oc_mail_aliases table updated successfully. Adding additional mail_messages_mb_id_uid_uidx index to the oc_mail_messages table, this can take some time... Removing mail_messages_mb_id_uid index from the oc_mail_messages table oc_mail_messages table updated successfully. Adding additional mail_smime_certs_uid_email_idx index to the oc_mail_smime_certificates table, this can take some time... Removing mail_smime_certs_uid_idx index from the oc_mail_smime_certificates table oc_mail_smime_certificates table updated successfully. Adding additional mail_trusted_senders_idx index to the oc_mail_trusted_senders table, this can take some time... Removing mail_trusted_senders_type index from the oc_mail_trusted_senders table oc_mail_trusted_senders table updated successfully. Adding additional mail_coll_idx index to the oc_mail_coll_addresses table, this can take some time... Removing mail_coll_addr_userid_index index from the oc_mail_coll_addresses table Removing mail_coll_addr_email_index index from the oc_mail_coll_addresses table oc_mail_coll_addresses table updated successfully.[root@dlp ~]# systemctl enable --now redis [root@dlp ~]# systemctl reload httpd |
関連コンテンツ