nginx与apache的强强结合,前者处理高并发和静态页面并反向代理包括apache之类的服务,后者对动态页面的兼容性更好。另外有的应用官方只支持nginx,所以需要一个让两者共存的方案。本身设置并不难,就是由于nextcloud官方并没有二者结合的配置所以踩了些坑。
注意中转影响效率,并不适合单机,适合多对多服务器。但由于第二点的需求故仍然采用了这个方案。
安装配置apache
安装依赖。1
2sudo apt-get install apache2 libapache2-mod-php7.2
sudo apt-get install php7.2-gd php7.2-json php7.2-curl php7.2-mbstring php7.2-intl php-imagick php7.2-xml php7.2-zip libapache2-mod-scgi
启用.htaccess
。修改/etc/apache2/apache2.conf
。1
2<Directory /var/www/>
AllowOverride All
修改/etc/apache2/ports.conf
。将默认的80
和443
端口改成其他以免和nginx冲突。1
2
3
4
5Listen 7080
# 此项可选,若没有就不添加
<IfModule ssl_module>
Listen 7443
</IfModule>
新建http站点配置文件/etc/apache2/sites-available/example.com.conf
。1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25# 限制vhost仅监听本地7080端口
<VirtualHost 127.0.0.1:7080>
Alias / "/var/www/example.com/"
<Directory /var/www/example.com/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/example.com
SetEnv HTTP_HOME /var/www/example.com
#此项可选,为nextcloud专用301跳转,没装不用加。
Redirect 301 /.well-known/carddav https://example.com/nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav https://example.com/nextcloud/remote.php/dav
Redirect 301 /.well-known/webdav https://example.com/nextcloud/remote.php/dav
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
开启apache相关模块。1
sudo a2enmod rewrite headers env dir mime
禁用默认站点,启用本站配置。1
2sudo a2ensite example.com.conf
sudo a2dissite 000-default.conf
修改php上传文件大小上限
以apache为例,修改/etc/php/7.2/apache2/php.ini
。1
2
3upload_max_filesize = 64M
max_file_uploads = 200
post_max_size = 128M
重启apache服务。1
sudo systemctl reload apache2
安装配置nginx
安装。1
sudo apt install nginx
编辑/etc/nginx/nginx.conf
。这里只将用户和用户组改为和apache一致的www-data
。其他设置可以参考这里。1
user www-data www-data;
新建ssl站点配置文件/etc/nginx/sites-available/example.com
。这个配置中80
端口通过301跳转强制https访问,8443
端口为https监听端口,若公网的443
端口没封则可用443
。然后将请求通过proxy_pass
转给apache的7080
。
关于ssl证书的签发见部署Let’s Encrypt。1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
listen 8443 http2;
listen [::]:8443 http2;
server_name example.com;
client_max_body_size 0;
underscores_in_headers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl on;
ssl_certificate /etc/apache2/ssl/fullchain.cer;
ssl_certificate_key /etc/apache2/ssl/private/example.com.key;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 64;
proxy_buffering off;
proxy_redirect off;
proxy_max_temp_file_size 0;
proxy_pass http://127.0.0.1:7080;
}
}
启用站点。1
2sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo systemctl reload nginx
nextcloud相关设置
编辑config.php
。1
2
3
4'overwritehost' => 'example.com:8443',
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://example.com:8443/nextcloud/',
'trusted_proxies' => ['127.0.0.1'],
参考资料
Nextcloud configuration » Reverse proxy
Nginx Full Example Configuration
Nginx开发从入门到精通