Mudanças entre as edições de "Nextcloud"
De MochilaWiki
Ir para navegaçãoIr para pesquisar| Linha 33: | Linha 33: | ||
env[PATH] = /home/user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/ | env[PATH] = /home/user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/ | ||
request_terminate_timeout = 30s | request_terminate_timeout = 30s | ||
| + | |||
| + | no nginx | ||
| + | <source lang="nginx"> | ||
| + | server { | ||
| + | listen 80; | ||
| + | server_name nuvem.elegbara.net; | ||
| + | return 301 https://$server_name$request_uri; | ||
| + | } | ||
| + | server { | ||
| + | listen 443 ssl http2; | ||
| + | server_name nuvem.elegbara.net; | ||
| + | root /home/sftp/elegbara.net/public_html/nextcloud; | ||
| + | ssl on; | ||
| + | ssl_certificate /etc/letsencrypt/live/nuvem.elegbara.net/fullchain.pem; | ||
| + | ssl_certificate_key /etc/letsencrypt/live/nuvem.elegbara.net/privkey.pem; | ||
| + | ssl_session_timeout 5m; | ||
| + | ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL'; | ||
| + | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ||
| + | ssl_prefer_server_ciphers on; | ||
| + | |||
| + | add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | ||
| + | add_header X-Content-Type-Options nosniff; | ||
| + | add_header X-Frame-Options "SAMEORIGIN"; | ||
| + | add_header X-XSS-Protection "1; mode=block"; | ||
| + | add_header X-Robots-Tag none; | ||
| + | add_header X-Download-Options noopen; | ||
| + | add_header X-Permitted-Cross-Domain-Policies none; | ||
| + | |||
| + | access_log /var/log/nginx/nextcloud.access.log; | ||
| + | error_log /var/log/nginx/nextcloud.error.log; | ||
| + | |||
| + | location = /robots.txt { | ||
| + | allow all; | ||
| + | log_not_found off; | ||
| + | access_log off; | ||
| + | } | ||
| + | |||
| + | location = /.well-known/carddav { | ||
| + | return 301 $scheme://$host/remote.php/dav; | ||
| + | } | ||
| + | location = /.well-known/caldav { | ||
| + | return 301 $scheme://$host/remote.php/dav; | ||
| + | } | ||
| + | |||
| + | client_max_body_size 512M; | ||
| + | fastcgi_buffers 64 4K; | ||
| + | gzip off; | ||
| + | |||
| + | error_page 403 /core/templates/403.php; | ||
| + | error_page 404 /core/templates/404.php; | ||
| + | |||
| + | location / { | ||
| + | rewrite ^ /index.php$uri; | ||
| + | } | ||
| + | |||
| + | location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { | ||
| + | deny all; | ||
| + | } | ||
| + | |||
| + | location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { | ||
| + | deny all; | ||
| + | } | ||
| + | |||
| + | location ~^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { | ||
| + | include fastcgi_params; | ||
| + | fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param PATH_INFO $fastcgi_path_info; | ||
| + | fastcgi_param HTTPS on; | ||
| + | #Avoid sending the security headers twice | ||
| + | fastcgi_param modHeadersAvailable true; | ||
| + | fastcgi_param front_controller_active true; | ||
| + | fastcgi_pass 127.0.0.1:9015; | ||
| + | fastcgi_intercept_errors on; | ||
| + | fastcgi_request_buffering off; | ||
| + | } | ||
| + | |||
| + | location ~ ^/(?:updater|ocs-provider)(?:$|/) { | ||
| + | try_files $uri/ =404; | ||
| + | index index.php; | ||
| + | } | ||
| + | |||
| + | location ~* \.(?:css|js)$ { | ||
| + | try_files $uri /index.php$uri$is_args$args; | ||
| + | add_header Cache-Control "public, max-age=7200"; | ||
| + | add_header X-Content-Type-Options nosniff; | ||
| + | add_header X-Frame-Options "SAMEORIGIN"; | ||
| + | add_header X-XSS-Protection "1; mode=block"; | ||
| + | add_header X-Robots-Tag none; | ||
| + | add_header X-Download-Options noopen; | ||
| + | add_header X-Permitted-Cross-Domain-Policies none; | ||
| + | # Optional: Don't log access to assets | ||
| + | access_log off; | ||
| + | } | ||
| + | |||
| + | location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { | ||
| + | try_files $uri /index.php$uri$is_args$args; | ||
| + | access_log off; | ||
| + | } | ||
| + | |||
| + | location ~ /\.ht { | ||
| + | deny all; | ||
| + | } | ||
| + | |||
| + | } | ||
| + | </source> | ||
Edição das 14h09min de 26 de abril de 2017
sudo apt-get install php5-apcu
sudo /etc/init.d/php5-fpm restart
e em config/config.php coloque 'memcache.local' => '\OC\Memcache\APCu',
em /etc/php5/fpm/pool.d/espacognu.net.conf
[elegbara.net] listen = 127.0.0.1:9015 listen.allowed_clients = 127.0.0.1 user = elegbara group = elegbara listen.owner = elegbara listen.group = elegbara listen.mode = 0660 pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 2 pm.max_requests = 100 chdir = / php_admin_value[session.save_path] = /home/sftp/elegbara.net/tmp php_admin_value[upload_tmp_dir] = /home/sftp/elegbara.net/tmp request_slowlog_timeout = 30s request_terminate_timeout = 120s slowlog = /var/log/php-fpm/main.log env[HOSTNAME] = $HOSTNAME env[TMP] = /home/sftp/elegbara.net/tmp env[TMPDIR] = /home/sftp/elegbara.net/tmp env[TEMP] = /home/sftp/elegbara.net/tmp env[PATH] = /home/user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/ request_terminate_timeout = 30s
no nginx
server {
listen 80;
server_name nuvem.elegbara.net;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name nuvem.elegbara.net;
root /home/sftp/elegbara.net/public_html/nextcloud;
ssl on;
ssl_certificate /etc/letsencrypt/live/nuvem.elegbara.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nuvem.elegbara.net/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
access_log /var/log/nginx/nextcloud.access.log;
error_log /var/log/nginx/nextcloud.error.log;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 512M;
fastcgi_buffers 64 4K;
gzip off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass 127.0.0.1:9015;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
}
location ~ /\.ht {
deny all;
}
}
