Mudanças entre as edições de "Nextcloud"

De MochilaWiki
Ir para navegaçãoIr para pesquisar
Linha 33: Linha 33:
 
  env[PATH] = /home/user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/
 
  env[PATH] = /home/user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/
 
  request_terminate_timeout = 30s
 
  request_terminate_timeout = 30s
 +
 +
no nginx
 +
<source lang="nginx">
 +
server {
 +
    listen 80;
 +
    server_name nuvem.elegbara.net;
 +
    return 301 https://$server_name$request_uri;
 +
}
 +
server {
 +
    listen 443 ssl http2;
 +
    server_name nuvem.elegbara.net;
 +
    root /home/sftp/elegbara.net/public_html/nextcloud;
 +
    ssl on;
 +
    ssl_certificate /etc/letsencrypt/live/nuvem.elegbara.net/fullchain.pem;
 +
    ssl_certificate_key /etc/letsencrypt/live/nuvem.elegbara.net/privkey.pem;
 +
    ssl_session_timeout 5m;
 +
    ssl_ciphers              'AES128+EECDH:AES128+EDH:!aNULL';
 +
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
 +
    ssl_prefer_server_ciphers on;
 +
 +
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 +
    add_header X-Content-Type-Options nosniff;
 +
    add_header X-Frame-Options "SAMEORIGIN";
 +
    add_header X-XSS-Protection "1; mode=block";
 +
    add_header X-Robots-Tag none;
 +
    add_header X-Download-Options noopen;
 +
    add_header X-Permitted-Cross-Domain-Policies none;
 +
 +
    access_log  /var/log/nginx/nextcloud.access.log;
 +
    error_log  /var/log/nginx/nextcloud.error.log;
 +
 +
    location = /robots.txt {
 +
        allow all;
 +
        log_not_found off;
 +
        access_log off;
 +
    }
 +
 +
    location = /.well-known/carddav {
 +
        return 301 $scheme://$host/remote.php/dav;
 +
    }
 +
    location = /.well-known/caldav {
 +
        return 301 $scheme://$host/remote.php/dav;
 +
    }
 +
 +
    client_max_body_size 512M;
 +
    fastcgi_buffers 64 4K;
 +
    gzip off;
 +
 +
    error_page 403 /core/templates/403.php;
 +
    error_page 404 /core/templates/404.php;
 +
 +
    location / {
 +
        rewrite ^ /index.php$uri;
 +
    }
 +
 +
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
 +
        deny all;
 +
    }
 +
 +
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
 +
        deny all;
 +
    }
 +
 +
    location ~^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
 +
        include fastcgi_params;
 +
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
 +
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 +
        fastcgi_param PATH_INFO $fastcgi_path_info;
 +
        fastcgi_param HTTPS on;
 +
        #Avoid sending the security headers twice
 +
        fastcgi_param modHeadersAvailable true;
 +
        fastcgi_param front_controller_active true;
 +
        fastcgi_pass 127.0.0.1:9015;
 +
        fastcgi_intercept_errors on;
 +
        fastcgi_request_buffering off;
 +
    }
 +
 +
    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
 +
        try_files $uri/ =404;
 +
        index index.php;
 +
    }
 +
 +
    location ~* \.(?:css|js)$ {
 +
        try_files $uri /index.php$uri$is_args$args;
 +
        add_header Cache-Control "public, max-age=7200";
 +
        add_header X-Content-Type-Options nosniff;
 +
        add_header X-Frame-Options "SAMEORIGIN";
 +
        add_header X-XSS-Protection "1; mode=block";
 +
        add_header X-Robots-Tag none;
 +
        add_header X-Download-Options noopen;
 +
        add_header X-Permitted-Cross-Domain-Policies none;
 +
        # Optional: Don't log access to assets
 +
        access_log off;
 +
    }
 +
 +
    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
 +
        try_files $uri /index.php$uri$is_args$args;
 +
        access_log off;
 +
    }
 +
 +
    location ~ /\.ht {
 +
        deny all;
 +
    }
 +
 +
}
 +
</source>

Edição das 14h09min de 26 de abril de 2017

sudo apt-get install php5-apcu
sudo /etc/init.d/php5-fpm restart

e em config/config.php coloque 'memcache.local' => '\OC\Memcache\APCu',

em /etc/php5/fpm/pool.d/espacognu.net.conf

[elegbara.net]
listen = 127.0.0.1:9015
listen.allowed_clients = 127.0.0.1
user = elegbara
group = elegbara
listen.owner = elegbara
listen.group = elegbara
listen.mode = 0660
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 2
pm.max_requests = 100
chdir = /
php_admin_value[session.save_path] = /home/sftp/elegbara.net/tmp
php_admin_value[upload_tmp_dir] = /home/sftp/elegbara.net/tmp
request_slowlog_timeout = 30s
request_terminate_timeout = 120s
slowlog = /var/log/php-fpm/main.log
env[HOSTNAME] = $HOSTNAME
env[TMP]      = /home/sftp/elegbara.net/tmp
env[TMPDIR]   = /home/sftp/elegbara.net/tmp
env[TEMP]     = /home/sftp/elegbara.net/tmp
env[PATH] = /home/user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/
request_terminate_timeout = 30s

no nginx

server {
    listen 80;
    server_name nuvem.elegbara.net;
    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2;
    server_name nuvem.elegbara.net;
    root /home/sftp/elegbara.net/public_html/nextcloud;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/nuvem.elegbara.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/nuvem.elegbara.net/privkey.pem;
    ssl_session_timeout 5m;
    ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    access_log  /var/log/nginx/nextcloud.access.log;
    error_log   /var/log/nginx/nextcloud.error.log;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav { 
        return 301 $scheme://$host/remote.php/dav; 
    }
    location = /.well-known/caldav { 
        return 301 $scheme://$host/remote.php/dav; 
    }

    client_max_body_size 512M;
    fastcgi_buffers 64 4K;
    gzip off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }

    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass 127.0.0.1:9015;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    }

    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        access_log off;
    }

    location ~ /\.ht {
        deny all;
    }

}