Loading... > 一直在用nextcloud作为个人网盘用,前段时间电信赠送了一台vps,重新安装了nextcloud并使用了宝塔面板作为管理工具,安装方法和安装后的报警解决可以参考<div class="preview"> <div class="post-inser post box-shadow-wrap-normal"> <a href="https://www.wsczx.com/22.html" target="_blank" class="post_inser_a no-external-link no-underline-link"> <div class="inner-image bg" style="background-image: url(https://www.wsczx.com/usr/themes/handsome/assets/img/sj/7.jpg);background-size: cover;"></div> <div class="inner-content" > <p class="inser-title">CentOS7安装NextCloud</p> <div class="inster-summary text-muted"> 下载安装包wget https://download.nextcloud.com/server/releases/... </div> </div> </a> <!-- .inner-content #####--> </div> <!-- .post-inser ####--> </div> #### 修改宝塔PHP配置文件<font color=red>【非常重要,必须要改,否则不生效!!!】</font> - 路径:`/www/server/nginx/conf` - 文件名:`enable-php-74.conf` 根据所使用php版本修改相对应文件 原配置文件内容: ``` location ~ [^/]\.php(/|$) { try_files $uri =404; fastcgi_pass unix:/tmp/php-cgi-74.sock; fastcgi_index index.php; include fastcgi.conf; include pathinfo.conf; } ``` 在配置文件最后一行加上`fastcgi_param front_controller_active true;` 完整内容: ``` location ~ [^/]\.php(/|$) { try_files $uri =404; fastcgi_pass unix:/tmp/php-cgi-74.sock; fastcgi_index index.php; include fastcgi.conf; include pathinfo.conf; fastcgi_param front_controller_active true; } ``` #### 添加nginx伪静态规则和一些其它安全配置 - 在宝塔面板的伪静态页面添加,也可直接在配置文件里面添加 ```nginx #(可选)添加如下header主要为了安全 add_header Strict-Transport-Security "max-age=63072000;"; #解析caldav和carddav rewrite /.well-known/carddav /remote.php/dav permanent; rewrite /.well-known/caldav /remote.php/dav permanent; #静态资源重定向1 location ~* \/core\/(?:js\/oc\.js|preview\.png).*$ { rewrite ^ /index.php last; } #webdav和其他所有请求重定向到index.php上 location / { rewrite ^ /index.php$uri; rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; #静态资源重定向2,支持使用acme脚本在申请证书时对域名的验证 if ($uri !~* (?:\.(?:css|js|svg|gif|png|html|ttf|woff)$|^\/(?:remote|public|cron|status|ocs\/v1|ocs\/v2)\.php|^\/\.well-known\/acme-challenge\/.*$)){ rewrite ^ /index.php last; } } #静态资源重定向3 location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; access_log off; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } #caldav和carddav rewrite /.well-known/carddav /remote.php/dav permanent; rewrite /.well-known/caldav /remote.php/dav permanent; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; location = /robots.txt { allow all; log_not_found off; access_log off; } #(可选)为了支持user_webfinger app rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; #支持日历和联系人,建议加上 location = /.well-known/carddav { return 301 $scheme://$host:$server_port/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host:$server_port/remote.php/dav; } #启动Gzip,不要删除ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; #安全设置,禁止访问部分敏感内容 location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; } location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } #这部分吧,默认就有,不过有所不同,所以我合并了下,替换原来的就行 location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; fastcgi_pass unix:/tmp/php-cgi-74.sock; # Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; # Enable pretty urls fastcgi_param front_controller_active true; fastcgi_intercept_errors on; fastcgi_request_buffering off; } # Adding the cache control header for js, css and map files # Make sure it is BELOW the PHP block location ~ \.(?:css|js|woff2?|svg|gif|map)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; # Optional: Don't log access to assets access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { try_files $uri /index.php$request_uri; # Optional: Don't log access to other assets access_log off; } ``` > 最后重启nginx,清除缓存,使用域名访问,发现index.php已经去掉,分享链接也没有index.php了。也可参考 > > [官方文档](https://docs.nextcloud.com/server/19/admin_manual/installation/nginx.html) Last modification:August 28, 2020 © Allow specification reprint Support Appreciate the author AliPayWeChat Like 1 如果觉得我的文章对你有用,请随意赞赏
4 comments
不错不错,我也来试试!
感谢Google 让我找到了这里
感谢,太棒了