- http://deb.sury.org 'dan php7.1 paketini alıyorum
- https://downloads.mariadb.org/mariadb/repositories/ mariadb stable alıyorum
- https://www.dotdeb.org/ dan güncel redis ve nginx'i alıyorum
- https://launchpad.net/~ondrej/+archive/ubuntu/php php7.1 burdan
- https://downloads.mariadb.org/mariadb/repositories/ mariadb stable alıyorum
add-apt-repository ppa:nginx/developmentnginx'i alıyorum- Redis nispeten günceli var zaten repoda
apt-get install nginx mariadb-server mariadb-client
apt-get install php7.1-fpm php7.1-cli php7.1-mysql php7.1-gd php7.1-json php7.1-iconv php7.1-xml php7.1-simplexml php7.1-zip php7.1-xmlwriter php7.1-mbstring php7.1-pdo php7.1-curl php7.1-fileinfo php7.1-bz2 php7.1-intl php7.1-mcrypt php7.1-exif php7.1-imagick
apt-get install redis-server
apt-get install php7.1-redis
/etc/mysql/my.cnf dosyasına
[mysqld]
İçine
binlog_format = MIXED
eklenecek
FPM pool'larda oynama var, bu link takip edilecek:
Redis::connect(): connect() failed: Permission denied
https://central.owncloud.org/t/problems-using-redis-with-socket-for-filelocking/967
Yani redisi gruba ekliyoruz:
usermod -a -G redis www-dataSonra daemonlara restart (komple reboot gerekebilir)?
böyle
cd /home/web/nextcloud
sudo -u www-data php occ maintenance:mode --on
cd ..
service nginx stop
/etc/init.d/nginx stop
mv nextcloud nextcloud-old
wget https://download.nextcloud.com/server/releases/nextcloud-11.0.3.zip
unzip nextcloud-11.0.3.zip
cp nextcloud-old/config/config.php nextcloud/config/config.php
mv nextcloud-old/data nextcloud/
chown -R www-data:www-data nextcloud
find nextcloud/ -type d -exec chmod 750 {} \;
find nextcloud/ -type f -exec chmod 640 {} \;
cd nextcloud
sudo -u www-data php occ upgrade
sudo -u www-data php occ maintenance:mode --off
cd ..
service nginx start
/etc/init.d/nginx start
rm -rf nextcloud-old nextcloud-11.0.3.ziphttps://docs.nextcloud.com/server/11/admin_manual/maintenance/manual_upgrade.html
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/var/run/php/php7.1-fpm.sock;
}
server {
listen 80;
server_name nexcloud.domain.ssl.com;
access_log off;
error_log off;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/nexcloud.domain.ssl.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nexcloud.domain.ssl.com/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# openssl dhparam -out dhparam.pem 2048
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
#add_header Strict-Transport-Security max-age=15768000;
##Added once to prevent multiple additions
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
ssl_trusted_certificate /etc/letsencrypt/live/nexcloud.domain.ssl.com/chain.pem;
resolver 8.8.8.8 8.8.4.4 valid=86400;
resolver_timeout 10;
server_name nexcloud.domain.ssl.com;
# Here we define the web-root for our SSL proof
location /.well-known {
root /home/web/certbot/nexcloud/;
}
access_log off;
#access_log /var/log/nginx/ncd.access_log;
error_log /var/log/nginx/ncd.error.log;
# Add headers to serve security related headers
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /home/web/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; }
location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; }
location /.well-known/acme-challenge { }
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_param HTTP_PROXY ""; # https://httpoxy.org vulnerability fix
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}