目前我有一个 nginx 使用 3 个服务:1. 我的网页在 my.example.com/~ignacio,我的 Rstudio 服务器在 my.example.com/rstudio,我的 Shiny 服务器在 my.example.com/shiny。
这是我现在的配置文件:
# Redirect all traffic from port 80 to SSL port
server {
listen 80;
return 301 https://$host$request_uri;
}
# Set reverse proxy to port 443
server {
listen 443 ssl;
server_name my.example.com;
ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY13$
ssl_prefer_server_ciphers on;
index index.php index.html index.htm;
# PHP in home directory
location ~ ^/~(.+?)(/.*\.php)(.*)$ {
alias /home/$1/public_html;
try_files $2 =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
}
# Home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
}
location /shiny/ {
rewrite ^/shiny/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3838;
proxy_redirect http://127.0.0.1:3838/ https://$host/shiny/;
auth_basic "Username and Password are required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /rstudio/ {
proxy_pass http://127.0.0.1:8787/;
}
}
现在我尝试按照以下方法安装 owncloud这教程。我必须更改我的 nginx 配置文件以在 my.example.com/owncloud 上添加 owncloud,但我不确定具体该怎么做(我真的不想破坏我现在的工作)
为了使一切正常运行,我的配置文件中应该包含什么?
这是我尝试添加 owncloud 后现在得到的结果:
upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}
# Redirect all traffic from port 80 to SSL port
server {
listen 80;
return 301 https://$host$request_uri;
}
# Set reverse proxy to port 443
server {
listen 443 ssl;
server_name my.example.com;
ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/owncloud/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
index index.php index.html index.htm;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
# PHP in home directory
location ~ ^/~(.+?)(/.*\.php)(.*)$ {
alias /home/$1/public_html;
try_files $2 =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
}
# Home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
}
location /shiny/ {
rewrite ^/shiny/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3838;
proxy_redirect http://127.0.0.1:3838/ https://$host/;
auth_basic "Username and Password are required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /rstudio/ {
proxy_pass http://127.0.0.1:8787/;
}
location /owncloud/ {
alias /var/www/owncloud/;
try_files $2 =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
}
}
Shiny、Rstudio 和 /~ignacio 正在运行。如果我访问 my.example.com,浏览器会下载一个文件,但无法访问 /owncloud。
我还有一个版本,Shiny、Rstudio 和 owncloud 都可以运行,但是 /~ignacio 不能运行 :(
upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}
# Redirect all traffic from port 80 to SSL port
server {
listen 80;
return 301 https://$host$request_uri;
}
# Set reverse proxy to port 443
server {
listen 443 ssl;
server_name my.example.com;
ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# ownCloud blacklist
location ~ ^/owncloud/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
error_page 403 = /owncloud/core/templates/403.php;
}
location / {
index index.php index.html;
}
location /owncloud/ {
error_page 403 = /owncloud/core/templates/403.php;
error_page 404 = /owncloud/core/templates/404.php;
rewrite ^/owncloud/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/owncloud/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/owncloud/webdav(.*)$ /remote.php/webdav$1 redirect;
rewrite ^(/owncloud/core/doc[^\/]+/)$ $1/index.html;
# The following rules are only needed with webfinger
rewrite ^/owncloud/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/owncloud/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/owncloud/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/owncloud/.well-known/caldav /remote.php/caldav/ redirect;
try_files $uri $uri/ index.php;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
}
# Optional: set long EXPIRES header on static assets
location ~* ^/owncloud(/.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf))$ {
expires 30d;
access_log off; # Optional: Don't log access to assets
}
# Disable gzip to avoid the removal of the ETag header
gzip off;
index index.php index.html index.htm;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
# PHP in home directory
location ~ ^/~(.+?)(/.*\.php)(.*)$ {
alias /home/$1/public_html;
try_files $2 =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
}
# Home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
}
location /shiny/ {
rewrite ^/shiny/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3838;
proxy_redirect http://127.0.0.1:3838/ https://$host/;
auth_basic "Username and Password are required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /rstudio/ {
proxy_pass http://127.0.0.1:8787/;
}
}
答案1
我建议您安装 Owncloud 以与 Apache 一起运行。这是因为 Owncloud 运行大量 PHP,而 Apache 在这方面确实很擅长。使用 prefork 运行它。
在前端使用 Nginx 并代理到 Apache。
如果您要使用 SSL,请让 Nginx 处理 SSL 并让其提供所有静态文件。然后将其余流量转发到 Apache。
答案2
另外,请注意,owncloud 建议使用 apache 服务器。我以前使用的是 nginx,但现在我切换到了 apache。
如果您能够做到这一点,这里有一份您可以遵循的官方详细手册:
https://doc.owncloud.org/server/9.0/admin_manual/installation/source_installation.html?highlight=apache#prerequisites-label