julian/raspberry-pi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Nextcloud-Anleitung angepasst

Browse Source
This commit is contained in:
Julian Braasch
2017-08-29 09:00:46 +02:00
parent 6525f8be4d
commit 89e328a0b9
1 changed files with 50 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
nextcloud.md
View File

@ -62,7 +62,7 @@ upstream php-handler {
server { server {
listen 80; listen 80;
server_name IP-Adresse oder dynamische DNS; server_name IP-Adresse oder dynamische DNS;
# Enforce HTTPS # enforce https
return 301 https://$server_name$request_uri; return 301 https://$server_name$request_uri;
} }
@ -76,20 +76,17 @@ server {
# Security Headers # Security Headers
add_header Strict-Transport-Security "max-age=15768000"; add_header Strict-Transport-Security "max-age=15768000";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_dhparam /path/to/dh-params ssl_dhparam /path/to/dhparams.pem;
ssl_session_cache shared:ssl_session_cache:10m; ssl_session_cache shared:ssl_session_cache:10m;
# Path to the root of your installation # Path to the root of your installation
root /var/www; root /var/www;
@ -99,9 +96,21 @@ server {
access_log off; access_log off;
} }
location ~ \.php(?:$|/) {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
}
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host/nextcloud/remote.php/dav; return 301 $scheme://$host/nextcloud/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host/nextcloud/remote.php/dav; return 301 $scheme://$host/nextcloud/remote.php/dav;
} }
@ -109,8 +118,6 @@ server {
location /.well-known/acme-challenge { } location /.well-known/acme-challenge { }
location ^~ /nextcloud { location ^~ /nextcloud {
# set max upload size
client_max_body_size 20148M;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header # Disable gzip to avoid the removal of the ETag header
@ -126,6 +133,7 @@ server {
location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ { location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all; deny all;
} }
location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
@ -136,12 +144,10 @@ server {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on; fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true; fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true; fastcgi_param front_controller_active true;
fastcgi_pass php-handler; fastcgi_pass php-handler;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
# fastcgi_request_buffering off;
} }
location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) { location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
@ -154,19 +160,12 @@ server {
location ~* \.(?:css|js|woff|svg|gif)$ { location ~* \.(?:css|js|woff|svg|gif)$ {
try_files $uri /nextcloud/index.php$uri$is_args$args; try_files $uri /nextcloud/index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200"; add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended
# to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read
# into this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off; access_log off;
} }
@ -179,6 +178,18 @@ server {
} }
``` ```
**Nginx-Dateilimits für Upoads anheben**
```xml
sudo nano /etc/nginx/nginx.conf
```
-> Dort im "http"-Abschnitt einfügen (oder verändern, wenn bereits vorhanden)
```xml
client_max_body_size 2048M;
```
**PHP-conf bearbeiten** **PHP-conf bearbeiten**
```xml ```xml
@ -208,16 +219,10 @@ sudo reboot
sudo -s sudo -s
``` ```
**Ordner erstellen**
```xml
mkdir -p /var/www/nextcloud
```
**Verzeichnis wechseln** **Verzeichnis wechseln**
```xml ```xml
cd /var/www/ cd /var/www
``` ```
**Nextcloud laden** **Nextcloud laden**
@ -328,13 +333,30 @@ exit
## Anpassungen ## Anpassungen
**Cache konfigurieren** **Caches konfigurieren**
```xml ```xml
sudo nano /var/www/nextcloud/config/config.php sudo nano /var/www/nextcloud/config/config.php
``` ```
-> Unten einfügen: 'memcache.local' => '\OC\Memcache\APC', -> Unten einfügen: 'memcache.local' => '\OC\Memcache\APCu',
```xml
sudo nano /etc/php5/mods-available/opcache.ini
```
-> Dort hinzufügen:
```xml
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
zend_extension=opcache.so
```
**PHP-Path Variablen** **PHP-Path Variablen**