Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédenteProchaine révisionLes deux révisions suivantes | ||
fr:kloud [2018/05/24 13:33] – [Partager un dossier] /* ponctuation */ merlin8282 | fr:kloud [2020/06/12 15:17] – [LEMP] Deed | ||
---|---|---|---|
Ligne 39: | Ligne 39: | ||
{{ : | {{ : | ||
+ | ====== Installation Nexcloud ====== | ||
+ | **BROUILLON** | ||
+ | **DEBIAN 10 NEXTCLOUT 16 ** | ||
+ | ===== LEMP ===== | ||
+ | Installation: | ||
+ | apt install nginx | ||
+ | apt install php php-fpm php-curl php-cli | ||
+ | apt install postgresql postgresql-contrib php-pgsql | ||
+ | Configuration: | ||
+ | |||
+ | nano / | ||
+ | |||
+ | pm = dynamic | ||
+ | pm.max_children = 120 | ||
+ | pm.start_servers = 12 | ||
+ | pm.min_spare_servers = 6 | ||
+ | pm.max_spare_servers = 18 | ||
+ | | ||
+ | clear_env = no | ||
+ | | ||
+ | | ||
+ | |||
+ | nano / | ||
+ | | ||
+ | | ||
+ | memory_limit = 512M | ||
+ | upload_max_filesize = 10240M | ||
+ | date.timezone = Europe\Paris | ||
+ | opcache.enable=1 | ||
+ | opcache.interned_strings_buffer=8 | ||
+ | opcache.max_accelerated_files=10000 | ||
+ | opcache.memory_consumption=128 | ||
+ | opcache.save_comments=1 | ||
+ | opcache.revalidate_freq=1 | ||
+ | ===== Nexcloud ===== | ||
+ | Outils: | ||
+ | apt install wget unzip p7zip p7zip-full | ||
+ | Téléchargement de Nextcloud | ||
+ | cd /var/www | ||
+ | wget https:// | ||
+ | 7z x latest.zip | ||
+ | chown -R www-data: | ||
+ | |||
+ | Database: | ||
+ | sudo -u postgres createuser -P kloud_user | ||
+ | sudo -u postgres createdb -O kloud_user kloud_prod | ||
+ | |||
+ | ===== Nginx ===== | ||
+ | ==== Conf ==== | ||
+ | nano / | ||
+ | | ||
+ | <code bash> | ||
+ | upstream php-handler { | ||
+ | server 127.0.0.1: | ||
+ | #server unix:/ | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | listen 80; | ||
+ | listen [::]:80; | ||
+ | server_name kloud.khaganat.net; | ||
+ | # enforce https | ||
+ | return 301 https:// | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | listen 443 ssl http2; | ||
+ | listen [::]:443 ssl http2; | ||
+ | server_name kloud.khaganat.net; | ||
+ | |||
+ | # Use Mozilla' | ||
+ | # https:// | ||
+ | # NOTE: some settings below might be redundant | ||
+ | ssl_certificate / | ||
+ | ssl_certificate_key / | ||
+ | |||
+ | |||
+ | # Add headers to serve security related headers | ||
+ | # Before enabling Strict-Transport-Security headers please read into this | ||
+ | # topic first. | ||
+ | add_header Strict-Transport-Security " | ||
+ | # | ||
+ | # WARNING: Only add the preload option once you read about | ||
+ | # the consequences in https:// | ||
+ | # will add the domain to a hardcoded list that is shipped | ||
+ | # in all major browsers and getting removed from this list | ||
+ | # could take several months. | ||
+ | add_header Referrer-Policy " | ||
+ | add_header X-Content-Type-Options " | ||
+ | add_header X-Download-Options " | ||
+ | add_header X-Frame-Options " | ||
+ | add_header X-Permitted-Cross-Domain-Policies " | ||
+ | add_header X-Robots-Tag " | ||
+ | add_header X-XSS-Protection "1; mode=block" | ||
+ | |||
+ | # Remove X-Powered-By, | ||
+ | fastcgi_hide_header X-Powered-By; | ||
+ | |||
+ | # Path to the root of your installation | ||
+ | root / | ||
+ | |||
+ | location = /robots.txt { | ||
+ | allow all; | ||
+ | log_not_found off; | ||
+ | access_log off; | ||
+ | } | ||
+ | |||
+ | # The following 2 rules are only needed for the user_webfinger app. | ||
+ | # Uncomment it if you're planning to use this app. | ||
+ | #rewrite ^/ | ||
+ | #rewrite ^/ | ||
+ | |||
+ | # The following rule is only needed for the Social app. | ||
+ | # Uncomment it if you're planning to use this app. | ||
+ | #rewrite ^/ | ||
+ | |||
+ | location = / | ||
+ | return 301 $scheme:// | ||
+ | } | ||
+ | location = / | ||
+ | return 301 $scheme:// | ||
+ | } | ||
+ | |||
+ | # set max upload size | ||
+ | client_max_body_size 512M; | ||
+ | fastcgi_buffers 64 4K; | ||
+ | |||
+ | # Enable gzip but do not remove ETag headers | ||
+ | gzip on; | ||
+ | gzip_vary on; | ||
+ | gzip_comp_level 4; | ||
+ | gzip_min_length 256; | ||
+ | gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; | ||
+ | gzip_types application/ | ||
+ | |||
+ | # Uncomment if your server is build with the ngx_pagespeed module | ||
+ | # This module is currently not supported. | ||
+ | #pagespeed off; | ||
+ | |||
+ | location / { | ||
+ | rewrite ^ /index.php; | ||
+ | } | ||
+ | |||
+ | location ~ ^\/ | ||
+ | deny all; | ||
+ | } | ||
+ | location ~ ^\/ | ||
+ | deny all; | ||
+ | } | ||
+ | |||
+ | location ~ ^\/ | ||
+ | fastcgi_split_path_info ^(.+? | ||
+ | set $path_info $fastcgi_path_info; | ||
+ | try_files $fastcgi_script_name =404; | ||
+ | include fastcgi_params; | ||
+ | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
+ | fastcgi_param PATH_INFO $path_info; | ||
+ | fastcgi_param HTTPS on; | ||
+ | # Avoid sending the security headers twice | ||
+ | fastcgi_param modHeadersAvailable true; | ||
+ | # Enable pretty urls | ||
+ | fastcgi_param front_controller_active true; | ||
+ | fastcgi_pass php-handler; | ||
+ | fastcgi_intercept_errors on; | ||
+ | fastcgi_request_buffering off; | ||
+ | } | ||
+ | |||
+ | location ~ ^\/ | ||
+ | try_files $uri/ =404; | ||
+ | index index.php; | ||
+ | } | ||
+ | |||
+ | # Adding the cache control header for js, css and map files | ||
+ | # Make sure it is BELOW the PHP block | ||
+ | location ~ \.(?: | ||
+ | try_files $uri / | ||
+ | add_header Cache-Control " | ||
+ | # Add headers to serve security related headers (It is intended to | ||
+ | # have those duplicated to the ones above) | ||
+ | # Before enabling Strict-Transport-Security headers please read into | ||
+ | # this topic first. | ||
+ | add_header Strict-Transport-Security " | ||
+ | # | ||
+ | # WARNING: Only add the preload option once you read about | ||
+ | # the consequences in https:// | ||
+ | # will add the domain to a hardcoded list that is shipped | ||
+ | # in all major browsers and getting removed from this list | ||
+ | # could take several months. | ||
+ | add_header Referrer-Policy " | ||
+ | add_header X-Content-Type-Options " | ||
+ | add_header X-Download-Options " | ||
+ | add_header X-Frame-Options " | ||
+ | add_header X-Permitted-Cross-Domain-Policies " | ||
+ | add_header X-Robots-Tag " | ||
+ | add_header X-XSS-Protection "1; mode=block" | ||
+ | |||
+ | # Optional: Don't log access to assets | ||
+ | access_log off; | ||
+ | } | ||
+ | |||
+ | location ~ \.(?: | ||
+ | try_files $uri / | ||
+ | # Optional: Don't log access to other assets | ||
+ | access_log off; | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | ln -s / | ||
+ | |||
+ | ==== Certificat ==== | ||
+ | apt install certbot | ||
+ | service nginx stop | ||
+ | certbot certonly --standalone -d kloud.kagouille.fr | ||
+ | service nginx start | ||
+ | |||
+ | Lancer votre Nextcloud sur votre navigateur | ||
+ | |||
+ | ======Cache====== | ||
+ | Ajouter le cache : | ||
+ | nano / | ||
+ | |||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | array ( | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ), | ||
+ | |||
+ | source : https:// | ||
{{tag> | {{tag> |