Index
use Ubuntu 21.10. install nextcloud setting. cmd list. NextCloud instance hosted on OpenLiteSpeed webserver Apparently,
Ubuntu 21.10のOSにてOpenLiteSpeed Web Server on Nextcloud をインストールして設定するまでのコマンドリスト。
リポジトリについては大まかな必要なものを追加して最終的なものは一番下に残しておく。
| package name | Version |
|---|---|
| Ubuntu | 21.10 |
| OS in PHP | 8.+ |
| openlitespeed | 1.7.+ |
Install and setting
Ubuntu cmd
sudo su
add-apt-repository 'deb http://rpms.litespeedtech.com/debian/ bionic main'
add-apt-repository ppa:ondrej/php
apt install ca-certificates apt-transport-https software-properties-common
apt update
apt -y install mariadb-server
apt install -y software-properties-common
add-apt-repository "deb http://us.archive.ubuntu.com/ubuntu/ saucy universe multiverse"
add-apt-repository "deb http://us.archive.ubuntu.com/ubuntu/ saucy-updates universe multiverse"
add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) universe"
add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main universe restricted multiverse"
add-apt-repository "deb http://archive.canonical.com/ubuntu $(lsb_release -sc) partner"
add-apt-repository universe
apt update
apt install libbz2-dev zlib1g-dev zlib1g libsqlite3-dev libxml2-dev pkg-config build-essential libssl-dev libmcrypt-dev sqlite3 libcurl4-openssl-dev libpng-dev libfreetype6-dev gmp-ecm libgmp-dev gmp-doc gmp-ecm libecm1 libgmp3-dev libgmp-dev libgmp3-dev libgmpxx4ldbl libonig-dev libzip-dev memcached libyaml-perl libpng-dev libzip-dev curl libmagickwand-dev libmagickcore-dev build-essential ca-certificates-mono libmemcached-dev libmagickwand-dev imagemagick libwebp-dev
apt install openlitespeed lsphp73
mysql
# mysql add user start
CREATE USER USERT@'%' IDENTIFIED BY 'PASSWORD';
GRANT ALL ON *.* TO USER@%;
exit
# mysql add user end
cd /Datas
mkdir public_html
cd public_html
wget https://download.nextcloud.com/server/releases/latest.zip
unzip latest
cd ..
chown -R nobody. public_html
ln -fs public_html /usr/local/lsws/public_htmluser mount device hdd. setting this.
<file system> /Datas auto rw 0 0
sources.list
# deb cdrom:[Ubuntu 21.10 _Impish Indri_ - Release amd64 (20211012)]/ impish main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://jp.archive.ubuntu.com/ubuntu/ impish main restricted
# deb-src http://jp.archive.ubuntu.com/ubuntu/ impish main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://jp.archive.ubuntu.com/ubuntu/ impish-updates main restricted
# deb-src http://jp.archive.ubuntu.com/ubuntu/ impish-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://jp.archive.ubuntu.com/ubuntu/ impish universe
# deb-src http://jp.archive.ubuntu.com/ubuntu/ impish universe
deb http://jp.archive.ubuntu.com/ubuntu/ impish-updates universe
# deb-src http://jp.archive.ubuntu.com/ubuntu/ impish-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://jp.archive.ubuntu.com/ubuntu/ impish multiverse
# deb-src http://jp.archive.ubuntu.com/ubuntu/ impish multiverse
deb http://jp.archive.ubuntu.com/ubuntu/ impish-updates multiverse
# deb-src http://jp.archive.ubuntu.com/ubuntu/ impish-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://jp.archive.ubuntu.com/ubuntu/ impish-backports main restricted universe multiverse
# deb-src http://jp.archive.ubuntu.com/ubuntu/ impish-backports main restricted universe multiverse
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb mirror://mirrors.ubuntu.com/mirrors.txt impish partner
# deb-src http://archive.canonical.com/ubuntu impish partner
deb http://security.ubuntu.com/ubuntu impish-security main restricted
# deb-src http://security.ubuntu.com/ubuntu impish-security main restricted
deb http://security.ubuntu.com/ubuntu impish-security universe
# deb-src http://security.ubuntu.com/ubuntu impish-security universe
deb http://security.ubuntu.com/ubuntu impish-security multiverse
# deb-src http://security.ubuntu.com/ubuntu impish-security multiverse
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.
deb http://archive.ubuntu.com/ubuntu impish restricted multiverse main universeCompile PHP
OpenLiteSpeedWebServer php
Tools > Compile PHP > Select PHP Version >Configure Parameters *
'--with-mysqli' '--with-zlib' '--enable-gd' '--enable-shmop' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-mbstring' '--with-iconv' '--with-pdo-mysql' '--enable-ftp' '--with-zip' '--with-curl' '--enable-soap' '--enable-xml' '--with-openssl' '--enable-bcmath' '--enable-litespeed' '--with-mcrypt' '--with-bz2' '--enable-json' '--enable-gd' '--with-freetype' '--enable-intl' '--with-gmp' '--with-zip' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-imagick=/usr/local/lsws/lsphp80' '--with-php-config=/usr/local/lsws/lsphp80/bin/php-config' '--enable-opcache' '--with-xmlrpc' '--with-gettext' '--with-jpeg-dir=/usr/lib64/libjpeg.so' '--enable-pcntl' '--enable-exif' '--with-tidy' '--with-sodium=/usr/local/lsws/lsphp80' --with-webpSSL Setting
Let’s Encrypt : Get and Set SSL
apt -y install snapd
snap install core; sudo snap refresh core
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
certbot certonly --standalone
snap set certbot trust-plugin-with-root=ok #setting worldcord domain.
certbot certonly --webroot -w /var/www/html/ -d [Domain] -m [MailAddress] --agree-tos -nMySQL password update
MySQL init
sudo su
mysql
SET PASSWORD FOR `[ユーザー名]`@'%' = PASSWORD('[パスワード]');OpenLiteSpeed Config
OpenLiteSpeed
/usr/local/lsws/conf/httpd_config.conf
serverName [ホスト名]
user nobody
group nogroup
priority 0
enableLVE 0
inMemBufSize 60M
swappingDir /tmp/lshttpd/swap
autoFix503 1
enableh2c 1
gracefulRestartTimeout 300
mime conf/mime.properties
showVersionNumber 0
adminEmails root@localhost
errorlog logs/error.log {
logLevel DEBUG
debugLevel 10
rollingSize 10M
enableStderrLog 1
}
accesslog logs/access.log {
logFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"
logHeaders 7
rollingSize 10M
keepDays 30
compressArchive 0
}
indexFiles index.html, index.php
autoIndex 0
expires {
enableExpires 1
expiresByType image/*=A604800,text/css=A604800,application/x-javascript=A604800,application/javascript=A604800,font/*=A604800,application/x-font-ttf=A604800
}
autoLoadHtaccess 1
tuning {
maxConnections 10000
maxSSLConnections 10000
connTimeout 300
maxKeepAliveReq 10000
keepAliveTimeout 5
sndBufSize 0
rcvBufSize 0
maxReqURLLen 32768
maxReqHeaderSize 65536
maxReqBodySize 2047M
maxDynRespHeaderSize 32768
maxDynRespSize 2047M
maxCachedFileSize 4096
totalInMemCacheSize 20M
maxMMapFileSize 256K
totalMMapCacheSize 40M
useSendfile 1
fileETag 28
enableGzipCompress 1
compressibleTypes default
enableDynGzipCompress 1
gzipCompressLevel 6
gzipAutoUpdateStatic 1
gzipStaticCompressLevel 6
brStaticCompressLevel 6
gzipMaxFileSize 10M
gzipMinFileSize 300
quicEnable 1
quicShmDir /dev/shm
}
fileAccessControl {
followSymbolLink 1
checkSymbolLink 0
requiredPermissionMask 000
restrictedPermissionMask 000
}
perClientConnLimit {
staticReqPerSec 0
dynReqPerSec 0
outBandwidth 0
inBandwidth 0
softLimit 10000
hardLimit 10000
gracePeriod 15
banPeriod 300
}
CGIRLimit {
maxCGIInstances 20
minUID 11
minGID 10
priority 0
CPUSoftLimit 10
CPUHardLimit 50
memSoftLimit 1460M
memHardLimit 1470M
procSoftLimit 400
procHardLimit 450
}
accessDenyDir {
dir /
dir /etc/*
dir /dev/*
dir conf/*
dir admin/conf/*
}
accessControl {
allow ALL
}
extprocessor lsphp80 {
type lsapi
address uds://tmp/lshttpd/lsphp80.sock
maxConns 10
env PHP_LSAPI_CHILDREN=10
env LSAPI_AVOID_FORK=200M
initTimeout 60
retryTimeout 0
persistConn 1
respBuffer 0
autoStart 2
path lsphp80/bin/lsphp
backlog 100
instances 1
priority 0
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 1400
procHardLimit 1500
}
extprocessor lsphp73 {
type lsapi
address uds://tmp/lshttpd/lsphp73.sock
maxConns 10
env PHP_LSAPI_CHILDREN=10
env LSAPI_AVOID_FORK=200M
initTimeout 60
retryTimeout 0
persistConn 1
respBuffer 0
autoStart 2
path lsphp73/bin/lsphp
backlog 100
instances 1
priority 0
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 1400
procHardLimit 1500
}
scripthandler {
add lsapi:lsphp80 php
add lsapi:lsphp73 php73
}
railsDefaults {
maxConns 1
env LSAPI_MAX_IDLE=60
initTimeout 60
retryTimeout 0
pcKeepAliveTimeout 60
respBuffer 0
backlog 50
runOnStartUp 3
extMaxIdleTime 300
priority 3
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 500
procHardLimit 600
}
wsgiDefaults {
maxConns 5
env LSAPI_MAX_IDLE=60
initTimeout 60
retryTimeout 0
pcKeepAliveTimeout 60
respBuffer 0
backlog 50
runOnStartUp 3
extMaxIdleTime 300
priority 3
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 500
procHardLimit 600
}
nodeDefaults {
maxConns 5
env LSAPI_MAX_IDLE=60
initTimeout 60
retryTimeout 0
pcKeepAliveTimeout 60
respBuffer 0
backlog 50
runOnStartUp 3
extMaxIdleTime 300
priority 3
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 500
procHardLimit 600
}
module cache {
internal 1
checkPrivateCache 1
checkPublicCache 1
maxCacheObjSize 10000000
maxStaleAge 200
qsCache 1
reqCookieCache 1
respCookieCache 1
ignoreReqCacheCtrl 1
ignoreRespCacheCtrl 0
enableCache 0
expireInSeconds 3600
enablePrivateCache 0
privateExpireInSeconds 3600
ls_enabled 1
}
virtualhost Example {
vhRoot Example/
configFile conf/vhosts/Example/vhconf.conf
allowSymbolLink 1
enableScript 1
restrained 1
setUIDMode 0
user nobody
group nobody
}
virtualhost Cloud {
vhRoot Cloud/
configFile conf/vhosts/Cloud/vhconf.conf
allowSymbolLink 1
enableScript 1
restrained 1
setUIDMode 0
user nobody
group nobody
}
listener HTTPS {
address *:443
binding 15
secure 1
keyFile /etc/letsencrypt/live/[ホスト名]/privkey.pem
certFile /etc/letsencrypt/live/[ホスト名]/fullchain.pem
map Example *
map Cloud cloud.n-n.tokyo
}
vhTemplate centralConfigLog {
templateFile conf/templates/ccl.conf
listeners HTTPS
}
vhTemplate EasyRailsWithSuEXEC {
templateFile conf/templates/rails.conf
listeners HTTPS
}Cloud
/usr/local/lsws/conf/vhosts/Cloud/vhconf.conf
docRoot $VH_ROOT/public_html
vhDomain [ドメイン名]
errorlog error.log {
useServer 1
logLevel ERROR
rollingSize 1M
keepDays 30
}
vhssl {
keyFile /etc/letsencrypt/live/[ドメイン名]/privkey1.pem
certFile /etc/letsencrypt/live/[ドメイン名]/fullchain1.pem
}
context / {
location $DOC_ROOT/
allowBrowse 1
extraHeaders <<<END_extraHeaders
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header onsuccess unset Referrer-Policy
Header always set Referrer-Policy "no-referrer"
Header onsuccess unset X-Content-Type-Options
Header always set X-Content-Type-Options "nosniff"
Header onsuccess unset X-Download-Options
Header always set X-Download-Options "noopen"
Header onsuccess unset X-Frame-Options
Header always set X-Frame-Options "SAMEORIGIN"
Header onsuccess unset X-Permitted-Cross-Domain-Policies
Header always set X-Permitted-Cross-Domain-Policies "none"
Header onsuccess unset X-Robots-Tag
Header always set X-Robots-Tag "none"
Header onsuccess unset X-XSS-Protection
Header always set X-XSS-Protection "1; mode=block"
SetEnv modHeadersAvailable true
END_extraHeaders
rewrite {
RewriteFile .htaccess
RewriteFile $DOC_ROOT/public_html/.htaccess
}
addDefaultCharset off
phpIniOverride {
}
}
rewrite {
enable 1
autoLoadHtaccess 1
rules <<<END_rules
Rewrite Rules:rewriteFile $DOC_ROOT/public_html/.htaccess
rewriteFile $DOC_ROOT/public_html/.htaccess
END_rules
}Cron Setting
Cron Setting
crontab -e -u nobody
*/5 * * * * /usr/local/lsws/lsphp80/bin/php -f /usr/local/lsws/Cloud/public_html/cron.phpcmd ZZ to save.
PHP install extensions
php extensions
apcu, memcached, imagick,
cd /usr/local/lsws/lsphp80/bin
./pecl upgrade
./pecl uninstall imagick
./pecl install imagick
./pecl install memcached
./pecl install apcu
./pecl install memcachedvim /usr/local/lsws/lsphp80/lib/php.ini
extension=imagick.so
extension=memcached.so
extension=apcu.so
zend_extension=opcache.sophp.ini on add this.
apcu on php.ini
apc.enabled=1
apc.shm_size=32M
apc.ttl=7200
apc.enable_cli=1
apc.serializer=phpphp.ini on add this.
Nextcloud config update
見出し
<?php
$CONFIG = array (
'instanceid' => '',
'passwordsalt' => '',
'secret' => '',
'trusted_domains' =>
array (
0 => '[ドメイン]',
),
'datadirectory' => '/Datas/nextcloud/data',
'dbtype' => 'mysql',
'version' => '23.0.0.10',
'overwrite.cli.url' => '[ドメイン]',
'dbname' => '',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => '',
'dbpassword' => '',
'installed' => true,
'default_phone_region' => 'JP', //add.
'auth.bruteforce.protection.enabled' => false,//add
'memcache.local' => '\\OC\\Memcache\\APCu',
);
コメント