foi · August 13, 2020 13:25 · Vs1221 · Aug 13, 2020
diff --git a/gistfile1.txt b/gistfile1.txt
 # Устанавливаем зависимости
 sudo su
 apt-get install php zip libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring php-intl php-imagick php-xml php-zip php-mysql php-bcmath php-gmp nginx php-fpm smbclient samba php-apcu php-opcache mariadb-server mariadb-client -y

 #  звдаем пароль для рута 
 mysql_secure_installation
 # Создаем БД и Юзера и даем ему права
 mysql -u root -p
 CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'VsevolodOblako2121';
 GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
 FLUSH PRIVILEGES;
 exit
 # качем nextcloud -  задав в переменной нужную версию
 export NEXTCLOUD_VERSION=19.0.1
 # !!!!!!!!!!!!!!!!!!!!!!!!!!!!! Задаем доменное имя
 export NEXTCLOUD_DOMAIN_NAME=oblako.boblako.ru
 cd /var/www/
 wget https://download.nextcloud.com/server/releases/nextcloud-$NEXTCLOUD_VERSION.zip
 unzip nextcloud-$NEXTCLOUD_VERSION.zip
 sudo chown -R www-data:www-data nextcloud

 # увеличиваем лимит памяти для пхп
 sudo sed -i '/^memory_limit =/s/=.*/= 512M/' /etc/php/7.4/fpm/php-fpm.conf
 # добавляем апстрим
 cat <<EOT > /etc/nginx/conf.d/php-fpm.conf
 upstream php-fpm {
 	server unix:/run/php/php7.4-fpm.sock; 
 }
 EOT

 # включаем и добавляем в автозагрузку php-fpm и nginx и mariadb
 systemctl disable --now apache2
 systemctl enable --now php-fpm nginx mariadb

 # Создаем папку для сертификата и ключей
 mkdir -p /etc/nginx/ssl
 # генерируем деффи хелфмана
 openssl dhparam -dsaparam -out /etc/nginx/ssl/dh4096.pem 4096
 # кладем ключ и сертификат сюда 
 #/etc/nginx/ssl/crt.crt
 #/etc/nginx/ssl/key.key
 # создаем конфигурацию
 cat > /etc/nginx/conf.d/$NEXTCLOUD_DOMAIN_NAME.conf <<- EOM
 server {
  listen 80;
  server_name $NEXTCLOUD_DOMAIN_NAME;
  location /.well-known/acme-challenge/ {
  	alias /var/www/challenges/;
  	try_files \$uri =404;
  }
  location / {
    rewrite ^ https://$NEXTCLOUD_DOMAIN_NAME\$request_uri? permanent;
  }
 }
 server {
    listen 443 http2 ssl;
    root /var/www/nextcloud;
    server_name $NEXTCLOUD_DOMAIN_NAME;
    client_body_timeout  1460s;
    client_header_timeout 1460s;
    send_timeout 1460s;
    keepalive_timeout 1300s;
 	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
 	ssl_prefer_server_ciphers on;
 	ssl_ciphers 'ECDHE-RSA-AES256-CBC-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
 	ssl_dhparam /etc/nginx/ssl/dh4096.pem;
 	ssl_session_cache shared:SSL:10m;
 	ssl_session_timeout 5m;
 	ssl_certificate /etc/nginx/ssl/crt.crt;
 	ssl_certificate_key /etc/nginx/ssl/key.key;


    index index.php index.html index.htm;
        sendfile       on;
        tcp_nopush     on;
        tcp_nodelay    on; 
 	    proxy_buffering off;
        client_max_body_size 5G;
        fastcgi_buffers 64 4K;

 	gzip off;

 	rewrite ^/caldav(.*)\$ /remote.php/caldav\$1 redirect;
 	rewrite ^/carddav(.*)\$ /remote.php/carddav\$1 redirect;
 	rewrite ^/webdav(.*)\$ /remote.php/webdav\$1 redirect;

 	error_page 403 /core/templates/403.php;
 	error_page 404 /core/templates/404.php;

 	location = /robots.txt {
 		allow all;
 		log_not_found off;
 		access_log off;
 	}


 	location / {
 		rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
 		rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
 		rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
 		rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
 		rewrite ^(/core/doc/[^\/]+/)\$ \$1/index.html;
 		try_files \$uri \$uri/ index.php;
 	}

 	location ~ \.php(?:\$|/) {
 		    fastcgi_split_path_info ^(.+\.php)(/.+)\$;
 		    include fastcgi_params;
 		    fastcgi_send_timeout 120m;
 		    fastcgi_read_timeout 120m;
 		    fastcgi_connect_timeout 120m;
 		    fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
 		    fastcgi_param PATH_INFO \$fastcgi_path_info;
 		    fastcgi_pass php-fpm;
 		try_files \$fastcgi_script_name =404;
 	   }


 	location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
 	deny all;
 	}

 	location ~* \.(?:css|js)\$ {
 		add_header Cache-Control "public, max-age=7200";
 		add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
 		add_header X-Content-Type-Options nosniff;
 		add_header X-Frame-Options "SAMEORIGIN";
 		add_header X-XSS-Protection "1; mode=block";
 		add_header X-Robots-Tag none;
 		access_log off;
 	}

 	location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)\$ {
 		access_log off;
 	}
 }

 EOM
 # решаем проблему c samba
 sed -i "/;   interfaces = 127.0.0.0\/8 eth0/cclient min protocol = SMB2\n client max protocol = SMB3" /etc/samba/smb.conf
 # перезапускам nginx и php-fpm и самбу
 systemctl restart nginx php-fpm smbd
 # входим через браузер на доменное имя вашего nextcloud и завершаем настройку
	# Устанавливаем зависимости
	sudo su
	apt-get install php zip libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring php-intl php-imagick php-xml php-zip php-mysql php-bcmath php-gmp nginx php-fpm smbclient samba php-apcu php-opcache mariadb-server mariadb-client -y

	# звдаем пароль для рута
	mysql_secure_installation
	# Создаем БД и Юзера и даем ему права
	mysql -u root -p
	CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
	CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'VsevolodOblako2121';
	GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
	FLUSH PRIVILEGES;
	exit
	# качем nextcloud - задав в переменной нужную версию
	export NEXTCLOUD_VERSION=19.0.1
	# !!!!!!!!!!!!!!!!!!!!!!!!!!!!! Задаем доменное имя
	export NEXTCLOUD_DOMAIN_NAME=oblako.boblako.ru
	cd /var/www/
	wget https://download.nextcloud.com/server/releases/nextcloud-$NEXTCLOUD_VERSION.zip
	unzip nextcloud-$NEXTCLOUD_VERSION.zip
	sudo chown -R www-data:www-data nextcloud

	# увеличиваем лимит памяти для пхп
	sudo sed -i '/^memory_limit =/s/=.*/= 512M/' /etc/php/7.4/fpm/php-fpm.conf
	# добавляем апстрим
	cat <<EOT > /etc/nginx/conf.d/php-fpm.conf
	upstream php-fpm {
	server unix:/run/php/php7.4-fpm.sock;
	}
	EOT

	# включаем и добавляем в автозагрузку php-fpm и nginx и mariadb
	systemctl disable --now apache2
	systemctl enable --now php-fpm nginx mariadb

	# Создаем папку для сертификата и ключей
	mkdir -p /etc/nginx/ssl
	# генерируем деффи хелфмана
	openssl dhparam -dsaparam -out /etc/nginx/ssl/dh4096.pem 4096
	# кладем ключ и сертификат сюда
	#/etc/nginx/ssl/crt.crt
	#/etc/nginx/ssl/key.key
	# создаем конфигурацию
	cat > /etc/nginx/conf.d/$NEXTCLOUD_DOMAIN_NAME.conf <<- EOM
	server {
	listen 80;
	server_name $NEXTCLOUD_DOMAIN_NAME;
	location /.well-known/acme-challenge/ {
	alias /var/www/challenges/;
	try_files \$uri =404;
	}
	location / {
	rewrite ^ https://$NEXTCLOUD_DOMAIN_NAME\$request_uri? permanent;
	}
	}
	server {
	listen 443 http2 ssl;
	root /var/www/nextcloud;
	server_name $NEXTCLOUD_DOMAIN_NAME;
	client_body_timeout 1460s;
	client_header_timeout 1460s;
	send_timeout 1460s;
	keepalive_timeout 1300s;
	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'ECDHE-RSA-AES256-CBC-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
	ssl_dhparam /etc/nginx/ssl/dh4096.pem;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;
	ssl_certificate /etc/nginx/ssl/crt.crt;
	ssl_certificate_key /etc/nginx/ssl/key.key;


	index index.php index.html index.htm;
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	proxy_buffering off;
	client_max_body_size 5G;
	fastcgi_buffers 64 4K;

	gzip off;

	rewrite ^/caldav(.*)\$ /remote.php/caldav\$1 redirect;
	rewrite ^/carddav(.*)\$ /remote.php/carddav\$1 redirect;
	rewrite ^/webdav(.*)\$ /remote.php/webdav\$1 redirect;

	error_page 403 /core/templates/403.php;
	error_page 404 /core/templates/404.php;

	location = /robots.txt {
	allow all;
	log_not_found off;
	access_log off;
	}


	location / {
	rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
	rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
	rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
	rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
	rewrite ^(/core/doc/[^\/]+/)\$ \$1/index.html;
	try_files \$uri \$uri/ index.php;
	}

	location ~ \.php(?:\$\|/) {
	fastcgi_split_path_info ^(.+\.php)(/.+)\$;
	include fastcgi_params;
	fastcgi_send_timeout 120m;
	fastcgi_read_timeout 120m;
	fastcgi_connect_timeout 120m;
	fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
	fastcgi_param PATH_INFO \$fastcgi_path_info;
	fastcgi_pass php-fpm;
	try_files \$fastcgi_script_name =404;
	}


	location ~ ^/(?:\.htaccess\|data\|config\|db_structure\.xml\|README){
	deny all;
	}

	location ~* \.(?:css\|js)\$ {
	add_header Cache-Control "public, max-age=7200";
	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
	add_header X-Content-Type-Options nosniff;
	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Robots-Tag none;
	access_log off;
	}

	location ~* \.(?:jpg\|jpeg\|gif\|bmp\|ico\|png\|swf)\$ {
	access_log off;
	}
	}

	EOM
	# решаем проблему c samba
	sed -i "/; interfaces = 127.0.0.0\/8 eth0/cclient min protocol = SMB2\n client max protocol = SMB3" /etc/samba/smb.conf
	# перезапускам nginx и php-fpm и самбу
	systemctl restart nginx php-fpm smbd
	# входим через браузер на доменное имя вашего nextcloud и завершаем настройку