Nextcloud

De MochilaWiki
Revisão de 23h32min de 15 de junho de 2020 por Banto Palmarino (discussão | contribs)
Ir para navegaçãoIr para pesquisar

configurando dominio

nextcloud.occ config:system:set trusted_domains 1 --value=seu.dominio.org.br

sudo systemctl restart snap.nextcloud.apache.service



Nextcloud no Ubuntu 18.04



wget https://download.nextcloud.com/server/releases/nextcloud-11.0.2.zip
unzip nextcloud-11.0.2.zip
./certbot-auto certonly --webroot -w /home/sftp/elegbara.net/public_html/nextcloud -d nuvem.elegbara.net
sudo apt-get install php5-apcu
sudo /etc/init.d/php5-fpm restart

e em config/config.php coloque 'memcache.local' => '\OC\Memcache\APCu',

em /etc/php5/fpm/pool.d/espacognu.net.conf

[elegbara.net]
listen = 127.0.0.1:9015
listen.allowed_clients = 127.0.0.1
user = elegbara
group = elegbara
listen.owner = elegbara
listen.group = elegbara
listen.mode = 0660
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 2
pm.max_requests = 100
chdir = /
php_admin_value[session.save_path] = /home/sftp/elegbara.net/tmp
php_admin_value[upload_tmp_dir] = /home/sftp/elegbara.net/tmp
request_slowlog_timeout = 30s
request_terminate_timeout = 120s
slowlog = /var/log/php-fpm/main.log
env[HOSTNAME] = $HOSTNAME
env[TMP]      = /home/sftp/elegbara.net/tmp
env[TMPDIR]   = /home/sftp/elegbara.net/tmp
env[TEMP]     = /home/sftp/elegbara.net/tmp
env[PATH] = /home/user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/
request_terminate_timeout = 30s

no nginx

server {
    listen 80;
    server_name nuvem.elegbara.net;
    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2;
    server_name nuvem.elegbara.net;
    root /home/sftp/elegbara.net/public_html/nextcloud;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/nuvem.elegbara.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/nuvem.elegbara.net/privkey.pem;
    ssl_session_timeout 5m;
    ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    access_log  /var/log/nginx/nextcloud.access.log;
    error_log   /var/log/nginx/nextcloud.error.log;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav { 
        return 301 $scheme://$host/remote.php/dav; 
    }
    location = /.well-known/caldav { 
        return 301 $scheme://$host/remote.php/dav; 
    }

    client_max_body_size 512M;
    fastcgi_buffers 64 4K;
    gzip off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
        rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
    }

    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        #Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass 127.0.0.1:9015;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    }

    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        access_log off;
    }

    location ~ /\.ht {
        deny all;
    }

}