tweet:2020:1215_01
差分
このページの2つのバージョン間の差分を表示します。
次のリビジョン | 前のリビジョン | ||
tweet:2020:1215_01 [2020/12/15 03:13] – 作成 seirios | tweet:2020:1215_01 [2023/07/28 19:50] (現在) – 外部編集 127.0.0.1 | ||
---|---|---|---|
行 1: | 行 1: | ||
- | ====== FreeBSD 12.1-RELEASE and OwnCloud | + | ====== FreeBSD 12.1-RELEASE and NextCloud |
- | OwnCloudを利用してファイル共有サービスを建てる。 | + | NextCloudを利用してファイル共有サービスを建てる。 |
例によってFreeBSDで実装するが、今回は DB に PostgreSQL 13を利用することにする。 | 例によってFreeBSDで実装するが、今回は DB に PostgreSQL 13を利用することにする。 | ||
行 7: | 行 7: | ||
Installに関しては [[https:// | Installに関しては [[https:// | ||
- | OwnCloudは更新が早いので、最新版に追従することを考えて、OwnCloud自身はportsを利用しないでInstallすることにする。 | + | NextCloudは更新が早いので、最新版に追従することを考えて、NextCloud自身はportsを利用しないでInstallすることにする。 |
===== FreeBSDの設定 ===== | ===== FreeBSDの設定 ===== | ||
行 15: | 行 15: | ||
==== Binary PackageのInstall ==== | ==== Binary PackageのInstall ==== | ||
- | 標準状態で ZFS を root にして Install する | + | * 標準状態で ZFS を root にして Install する |
- | + | * 必要最小限のPackageを投入 | |
- | < | + | * OLD: <del>< |
# pkg install sudo postgresql12-client postgresql12-server nginx-devel memcached php74 php74-pecl-memcached php74-pdo_pgsql php74-pgsql | # pkg install sudo postgresql12-client postgresql12-server nginx-devel memcached php74 php74-pecl-memcached php74-pdo_pgsql php74-pgsql | ||
+ | </ | ||
+ | * Current: < | ||
+ | # pkg install sudo postgresql13-client postgresql13-server nginx-devel memcached php80 php80-pecl-memcached php80-pdo_pgsql php80-pgsql | ||
</ | </ | ||
- | + | * <del>本当はpostgresql13を利用したかったが、pkgでpdo-pgsqlを利用する関係で、postgresql12を利用することにした。将来更新で面倒なことになる可能性があるので悩ましいが、とりあえず現時点ではどうなるかの確認を兼ねてPGSQL12で試してみる。</ | |
- | 本当はpostgresql13を利用したかったが、pkgでpdo-pgsqlを利用する関係で、postgresql12を利用することにした。将来更新で面倒なことになる可能性があるので悩ましいが、とりあえず現時点ではどうなるかの確認を兼ねてPGSQL12で試してみる。 | + | |
- | + | ||
- | < | + | |
FreeBSDのportsやNetBSDのpkgsrc、RHE系のyum等、Binary Package管理システムはこういうときに融通が効きにくいという辛みがある。 | FreeBSDのportsやNetBSDのpkgsrc、RHE系のyum等、Binary Package管理システムはこういうときに融通が効きにくいという辛みがある。 | ||
しかし、こうしないと派生のBinary Packageが大量に発生するという問題もあるので痛し痒しというところか... | しかし、こうしないと派生のBinary Packageが大量に発生するという問題もあるので痛し痒しというところか... | ||
行 29: | 行 30: | ||
まぁ、そのために、portsでCompileする部分が残っているというのはあるが... | まぁ、そのために、portsでCompileする部分が残っているというのはあるが... | ||
</ | </ | ||
- | + | * NextCloud用の追加Packageを投入 | |
- | 次に、PGSQLおよび格納ファイル用のzpoolを作成する | + | * OLD: < |
- | < | + | # pkg install php74-extensions php74-zip php74-mbstring php74-gd php74-curl php74-openssl php74-fileinfo php74-bz2 php74-intl php74-bcmath php74-ftp php74-gmp php74-exif php74-pecl-memcache php74-pecl-memcached php74-pecl-imagick-im7 php74-pecl-APCu |
+ | </ | ||
+ | * < | ||
+ | # pkg install php80-extensions php80-zip php80-mbstring php80-gd php80-curl php80-fileinfo php80-bz2 php80-intl php80-bcmath php80-ftp php80-gmp php80-exif php80-pecl-memcache php80-pecl-memcached php80-pecl-imagick-im7 php80-pecl-APCu | ||
+ | </ | ||
+ | | ||
+ | | ||
# zpool create -m none zdata /dev/ada1 | # zpool create -m none zdata /dev/ada1 | ||
# zfs create zdata/pgsql | # zfs create zdata/pgsql | ||
行 37: | 行 44: | ||
# zfs set recordsize=8k zdata/pgsql | # zfs set recordsize=8k zdata/pgsql | ||
# chown -R postgres: | # chown -R postgres: | ||
+ | # zfs create zdata/www | ||
+ | # zfs set mountpoint=/ | ||
+ | # chown www:www /home/www | ||
+ | # chown -R www:www /home/www | ||
</ | </ | ||
行 55: | 行 66: | ||
postgresql_enable=YES | postgresql_enable=YES | ||
postgresql_class=postgres | postgresql_class=postgres | ||
- | postgresql_data=/ | + | postgresql_data=/ |
</ | </ | ||
* PostgreSQLの初期化を行う | * PostgreSQLの初期化を行う | ||
行 79: | 行 90: | ||
postgres=# \q | postgres=# \q | ||
</ | </ | ||
- | * PostgreSQLのCleanup(Vacuum)とIndex作成を自動で行うようにする | + | * <del>PostgreSQLのCleanup(Vacuum)とIndex作成を自動で行うようにする</ |
+ | * Vacuumは自動で実施される。Vacuumのタイミングを制御したい場合以外は入れる必要はない | ||
+ | * reindexは壊れた時にのみ行えば良いものなので、cronで定期実行するのは害が大きい模様(壊れるわけではないが、無駄に負荷をかける) | ||
+ | * reindexによってメモリキャッシュが消えてしまい、indexを再度読み込む負荷がかかる可能性が高い | ||
* < | * < | ||
# mkdir -p / | # mkdir -p / | ||
行 102: | 行 116: | ||
==== NGINX ==== | ==== NGINX ==== | ||
- | ==== Service Certificate | + | * NGINXのlogファイルを格納するDirectoryのOwner/ |
+ | * < | ||
+ | # chown www:www / | ||
+ | </ | ||
+ | * / | ||
+ | * <code - nginx.conf> | ||
+ | user www; | ||
+ | worker_processes 4; | ||
+ | worker_rlimit_nofile 51200; | ||
+ | error_log / | ||
+ | |||
+ | events { | ||
+ | worker_connections 1024; | ||
+ | } | ||
+ | |||
+ | http { | ||
+ | include mime.types; | ||
+ | default_type application/ | ||
+ | log_format main ' | ||
+ | access_log / | ||
+ | sendfile on; | ||
+ | keepalive_timeout 65; | ||
+ | |||
+ | upstream php-handler { | ||
+ | server 127.0.0.1: | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | # ENFORCE HTTPS | ||
+ | listen 80; | ||
+ | server_name nextcloud.domain.com; | ||
+ | return 301 https:// | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | listen 443 ssl http2; | ||
+ | server_name nextcloud.domain.com; | ||
+ | ssl_certificate / | ||
+ | ssl_certificate_key / | ||
+ | |||
+ | # HEADERS SECURITY RELATED | ||
+ | add_header Strict-Transport-Security " | ||
+ | add_header Referrer-Policy " | ||
+ | |||
+ | # HEADERS | ||
+ | add_header X-Content-Type-Options nosniff; | ||
+ | add_header X-XSS-Protection "1; mode=block"; | ||
+ | add_header X-Robots-Tag none; | ||
+ | add_header X-Download-Options noopen; | ||
+ | add_header X-Permitted-Cross-Domain-Policies none; | ||
+ | |||
+ | # PATH TO THE ROOT OF YOUR INSTALLATION | ||
+ | root / | ||
+ | |||
+ | location | ||
+ | allow all; | ||
+ | log_not_found off; | ||
+ | access_log off; | ||
+ | } | ||
+ | |||
+ | location | ||
+ | return 301 $scheme:// | ||
+ | } | ||
+ | |||
+ | location | ||
+ | return 301 $scheme:// | ||
+ | } | ||
+ | |||
+ | # BUFFERS TIMEOUTS UPLOAD SIZES | ||
+ | client_max_body_size 16400M; | ||
+ | client_body_buffer_size 1048576k; | ||
+ | send_timeout 3000; | ||
+ | |||
+ | # ENABLE GZIP BUT DO NOT REMOVE ETag HEADERS | ||
+ | gzip on; | ||
+ | gzip_vary on; | ||
+ | gzip_comp_level 4; | ||
+ | gzip_min_length 256; | ||
+ | gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; | ||
+ | gzip_types application/ | ||
+ | |||
+ | location / { | ||
+ | rewrite ^ / | ||
+ | } | ||
+ | |||
+ | location ~ ^/ | ||
+ | deny all; | ||
+ | } | ||
+ | |||
+ | location ~ ^/ | ||
+ | deny all; | ||
+ | } | ||
+ | |||
+ | location ~ ^\/ | ||
+ | fastcgi_split_path_info ^(.+\.php)(/ | ||
+ | include fastcgi_params; | ||
+ | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
+ | fastcgi_param PATH_INFO $fastcgi_path_info; | ||
+ | fastcgi_param HTTPS on; | ||
+ | fastcgi_param modHeadersAvailable true; | ||
+ | fastcgi_param front_controller_active true; | ||
+ | fastcgi_pass php-handler; | ||
+ | fastcgi_intercept_errors on; | ||
+ | fastcgi_request_buffering off; | ||
+ | fastcgi_keep_conn off; | ||
+ | fastcgi_buffers 16 256K; | ||
+ | fastcgi_buffer_size 256k; | ||
+ | fastcgi_busy_buffers_size 256k; | ||
+ | fastcgi_temp_file_write_size 256k; | ||
+ | fastcgi_send_timeout 3000s; | ||
+ | fastcgi_read_timeout 3000s; | ||
+ | fastcgi_connect_timeout 3000s; | ||
+ | } | ||
+ | |||
+ | location ~ ^\/ | ||
+ | try_files $uri/ =404; | ||
+ | index index.php; | ||
+ | } | ||
+ | |||
+ | # ADDING THE CACHE CONTROL HEADER FOR JS AND CSS FILES | ||
+ | # MAKE SURE IT IS BELOW PHP BLOCK | ||
+ | location ~ \.(?: | ||
+ | try_files $uri / | ||
+ | add_header Cache-Control " | ||
+ | # HEADERS SECURITY RELATED | ||
+ | # IT IS INTENDED TO HAVE THOSE DUPLICATED TO ONES ABOVE | ||
+ | add_header Strict-Transport-Security " | ||
+ | # HEADERS | ||
+ | add_header X-Content-Type-Options nosniff; | ||
+ | add_header X-XSS-Protection "1; mode=block"; | ||
+ | add_header X-Robots-Tag none; | ||
+ | add_header X-Download-Options noopen; | ||
+ | add_header X-Permitted-Cross-Domain-Policies none; | ||
+ | # OPTIONAL: DONT LOG ACCESS TO ASSETS | ||
+ | access_log off; | ||
+ | } | ||
+ | |||
+ | location ~ \.(?: | ||
+ | try_files $uri / | ||
+ | # OPTIONAL: DONT LOG ACCESS TO OTHER ASSETS | ||
+ | access_log off; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | ==== サーバ証明書の入手 ==== | ||
+ | * 今時はいろいろな方法があるが、今回はLet' | ||
+ | * 詳細は割愛 | ||
==== PHP configuration ==== | ==== PHP configuration ==== | ||
+ | * php.ini | ||
+ | * <code diff php.ini.diff> | ||
+ | # diff -c php.ini-production php.ini | ||
+ | *** php.ini-production | ||
+ | --- php.ini | ||
+ | *************** | ||
+ | *** 212,218 **** | ||
+ | ; Development Value: 4096 | ||
+ | ; Production Value: 4096 | ||
+ | ; http:// | ||
+ | ! output_buffering = 4096 | ||
- | ==== Collaboration between | + | ; You can redirect all of the output of your scripts to a function. |
+ | ; example, if you set output_handler to " | ||
+ | --- 212,219 ---- | ||
+ | ; Development Value: 4096 | ||
+ | ; Production Value: 4096 | ||
+ | ; http:// | ||
+ | ! ; | ||
+ | ! output_buffering | ||
+ | |||
+ | ; You can redirect all of the output of your scripts to a function. | ||
+ | ; example, if you set output_handler to " | ||
+ | *************** | ||
+ | *** 297,303 **** | ||
+ | ; The value is also used for json_encode when encoding double values. | ||
+ | ; If -1 is used, then dtoa mode 0 is used which automatically select the best | ||
+ | ; precision. | ||
+ | ! serialize_precision | ||
+ | |||
+ | ; open_basedir, | ||
+ | ; and below. | ||
+ | --- 298,305 ---- | ||
+ | ; The value is also used for json_encode when encoding double values. | ||
+ | ; If -1 is used, then dtoa mode 0 is used which automatically select the best | ||
+ | ; precision. | ||
+ | ! ; | ||
+ | ! serialize_precision = 17 | ||
+ | |||
+ | ; open_basedir, | ||
+ | ; and below. | ||
+ | *************** | ||
+ | *** 385,391 **** | ||
+ | ; Maximum execution time of each script, in seconds | ||
+ | ; http:// | ||
+ | ; Note: This directive is hardcoded to 0 for the CLI SAPI | ||
+ | ! max_execution_time = 30 | ||
+ | |||
+ | ; Maximum amount of time each script may spend parsing request data. It's a good | ||
+ | ; idea to limit this time on productions servers in order to eliminate unexpectedly | ||
+ | --- 387,394 ---- | ||
+ | ; Maximum execution time of each script, in seconds | ||
+ | ; http:// | ||
+ | ; Note: This directive is hardcoded to 0 for the CLI SAPI | ||
+ | ! ; | ||
+ | ! max_execution_time = 3600 | ||
+ | |||
+ | ; Maximum amount of time each script may spend parsing request data. It's a good | ||
+ | ; idea to limit this time on productions servers in order to eliminate unexpectedly | ||
+ | *************** | ||
+ | *** 395,401 **** | ||
+ | ; Development Value: 60 (60 seconds) | ||
+ | ; Production Value: 60 (60 seconds) | ||
+ | ; http:// | ||
+ | ! max_input_time = 60 | ||
+ | |||
+ | ; Maximum input variable nesting level | ||
+ | ; http:// | ||
+ | --- 398,405 ---- | ||
+ | ; Development Value: 60 (60 seconds) | ||
+ | ; Production Value: 60 (60 seconds) | ||
+ | ; http:// | ||
+ | ! ; | ||
+ | ! max_input_time = 30000 | ||
+ | |||
+ | ; Maximum input variable nesting level | ||
+ | ; http:// | ||
+ | *************** | ||
+ | *** 406,412 **** | ||
+ | |||
+ | ; Maximum amount of memory a script may consume | ||
+ | ; http:// | ||
+ | ! memory_limit = 128M | ||
+ | |||
+ | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ||
+ | ; Error handling and logging ; | ||
+ | --- 410,417 ---- | ||
+ | |||
+ | ; Maximum amount of memory a script may consume | ||
+ | ; http:// | ||
+ | ! ; | ||
+ | ! memory_limit = 1024M | ||
+ | |||
+ | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ||
+ | ; Error handling and logging ; | ||
+ | *************** | ||
+ | *** 536,541 **** | ||
+ | --- 541,547 ---- | ||
+ | ; Production Value: Off | ||
+ | ; http:// | ||
+ | ; | ||
+ | + track_errors = Off | ||
+ | |||
+ | ; Turn off normal error reporting and emit XML-RPC error XML | ||
+ | ; http:// | ||
+ | *************** | ||
+ | *** 550,555 **** | ||
+ | --- 556,562 ---- | ||
+ | ; Note: This directive is hardcoded to Off for the CLI SAPI | ||
+ | ; http:// | ||
+ | ; | ||
+ | + html_errors = On | ||
+ | |||
+ | ; If html_errors is set to On *and* docref_root is not empty, then PHP | ||
+ | ; produces clickable error messages that direct to a page describing the error | ||
+ | *************** | ||
+ | *** 584,589 **** | ||
+ | --- 591,597 ---- | ||
+ | ; http:// | ||
+ | ; Example: | ||
+ | ;error_log = php_errors.log | ||
+ | + error_log = / | ||
+ | ; Log errors to syslog (Event Log on Windows). | ||
+ | ;error_log = syslog | ||
+ | |||
+ | *************** | ||
+ | *** 691,697 **** | ||
+ | ; Its value may be 0 to disable the limit. It is ignored if POST data reading | ||
+ | ; is disabled through enable_post_data_reading. | ||
+ | ; http:// | ||
+ | ! post_max_size = 8M | ||
+ | |||
+ | ; Automatically add files before PHP document. | ||
+ | ; http:// | ||
+ | --- 699,706 ---- | ||
+ | ; Its value may be 0 to disable the limit. It is ignored if POST data reading | ||
+ | ; is disabled through enable_post_data_reading. | ||
+ | ; http:// | ||
+ | ! ; | ||
+ | ! post_max_size = 16400M | ||
+ | |||
+ | ; Automatically add files before PHP document. | ||
+ | ; http:// | ||
+ | *************** | ||
+ | *** 843,852 **** | ||
+ | |||
+ | ; Maximum allowed size for uploaded files. | ||
+ | ; http:// | ||
+ | ! upload_max_filesize = 2M | ||
+ | |||
+ | ; Maximum number of files that can be uploaded via a single request | ||
+ | ! max_file_uploads = 20 | ||
+ | |||
+ | ;;;;;;;;;;;;;;;;;; | ||
+ | ; Fopen wrappers ; | ||
+ | --- 852,863 ---- | ||
+ | |||
+ | ; Maximum allowed size for uploaded files. | ||
+ | ; http:// | ||
+ | ! ; | ||
+ | ! upload_max_filesize = 16400M | ||
+ | |||
+ | ; Maximum number of files that can be uploaded via a single request | ||
+ | ! ; | ||
+ | ! max_file_uploads = 64 | ||
+ | |||
+ | ;;;;;;;;;;;;;;;;;; | ||
+ | ; Fopen wrappers ; | ||
+ | *************** | ||
+ | *** 871,877 **** | ||
+ | |||
+ | ; Default timeout for socket based streams (seconds) | ||
+ | ; http:// | ||
+ | ! default_socket_timeout = 60 | ||
+ | |||
+ | ; If your scripts have to deal with files from Macintosh systems, | ||
+ | ; or you are running on a Mac and need to deal with files from | ||
+ | --- 882,889 ---- | ||
+ | |||
+ | ; Default timeout for socket based streams (seconds) | ||
+ | ; http:// | ||
+ | ! ; | ||
+ | ! default_socket_timeout = 300 | ||
+ | |||
+ | ; If your scripts have to deal with files from Macintosh systems, | ||
+ | ; or you are running on a Mac and need to deal with files from | ||
+ | *************** | ||
+ | *** 960,965 **** | ||
+ | --- 972,978 ---- | ||
+ | ; Defines the default timezone used by the date functions | ||
+ | ; http:// | ||
+ | ; | ||
+ | + date.timezone = Asia/ | ||
+ | |||
+ | ; http:// | ||
+ | ; | ||
+ | *************** | ||
+ | *** 1053,1058 **** | ||
+ | --- 1066,1072 ---- | ||
+ | [Pdo_mysql] | ||
+ | ; Default socket name for local MySQL connects. | ||
+ | ; MySQL defaults. | ||
+ | + pdo_mysql.cache_size = 2000 | ||
+ | pdo_mysql.default_socket= | ||
+ | |||
+ | [Phar] | ||
+ | *************** | ||
+ | *** 1085,1091 **** | ||
+ | ; | ||
+ | |||
+ | ; Add X-PHP-Originating-Script: | ||
+ | ! mail.add_x_header = Off | ||
+ | |||
+ | ; The path to a log file that will log all mail() calls. Log entries include | ||
+ | ; the full path of the script, line number, To address and headers. | ||
+ | --- 1099,1106 ---- | ||
+ | ; | ||
+ | |||
+ | ; Add X-PHP-Originating-Script: | ||
+ | ! ; | ||
+ | ! mail.add_x_header = On | ||
+ | |||
+ | ; The path to a log file that will log all mail() calls. Log entries include | ||
+ | ; the full path of the script, line number, To address and headers. | ||
+ | *************** | ||
+ | *** 1340,1345 **** | ||
+ | --- 1355,1361 ---- | ||
+ | ; does not overwrite the process' | ||
+ | ; http:// | ||
+ | ; | ||
+ | + session.save_path = "/ | ||
+ | |||
+ | ; Whether to use strict session mode. | ||
+ | ; Strict session mode does not accept an uninitialized session ID, and | ||
+ | *************** | ||
+ | *** 1767,1785 **** | ||
+ | --- 1783,1806 ---- | ||
+ | [opcache] | ||
+ | ; Determines if Zend OPCache is enabled | ||
+ | ; | ||
+ | + opcache.enable=1 | ||
+ | |||
+ | ; Determines if Zend OPCache is enabled for the CLI version of PHP | ||
+ | ; | ||
+ | + opcache.enable_cli=1 | ||
+ | |||
+ | ; The OPcache shared memory storage size. | ||
+ | ; | ||
+ | + opcache.memory_consumption=128 | ||
+ | |||
+ | ; The amount of memory for interned strings in Mbytes. | ||
+ | ; | ||
+ | + opcache.interned_strings_buffer=8 | ||
+ | |||
+ | ; The maximum number of keys (scripts) in the OPcache hash table. | ||
+ | ; Only numbers between 200 and 1000000 are allowed. | ||
+ | ; | ||
+ | + opcache.max_accelerated_files=10000 | ||
+ | |||
+ | ; The maximum percentage of " | ||
+ | ; | ||
+ | *************** | ||
+ | *** 1798,1803 **** | ||
+ | --- 1819,1825 ---- | ||
+ | ; memory storage allocation. (" | ||
+ | ; once per request. " | ||
+ | ; | ||
+ | + opcache.revalidate_freq=1 | ||
+ | |||
+ | ; Enables or disables file search in include_path optimization | ||
+ | ; | ||
+ | *************** | ||
+ | *** 1805,1810 **** | ||
+ | --- 1827,1833 ---- | ||
+ | ; If disabled, all PHPDoc comments are dropped from the code to reduce the | ||
+ | ; size of the optimized code. | ||
+ | ; | ||
+ | + opcache.save_comments=1 | ||
+ | |||
+ | ; Allow file existence override (file_exists, | ||
+ | ; | ||
+ | </ | ||
==== PHP FPM ==== | ==== PHP FPM ==== | ||
+ | * php-fpm.confの修正 | ||
+ | * <code diff php-fpm.conf.diff> | ||
+ | *** php-fpm.conf.default | ||
+ | --- php-fpm.conf | ||
+ | *************** | ||
+ | *** 22,27 **** | ||
+ | --- 22,28 ---- | ||
+ | ; Note: the default prefix is /var | ||
+ | ; Default Value: log/ | ||
+ | ;error_log = log/ | ||
+ | + error_log = log/ | ||
+ | |||
+ | ; syslog_facility is used to specify what type of program is logging the | ||
+ | ; message. This lets syslogd specify that messages from different facilities | ||
+ | *************** | ||
+ | *** 29,34 **** | ||
+ | --- 30,36 ---- | ||
+ | ; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) | ||
+ | ; Default Value: daemon | ||
+ | ; | ||
+ | + syslog.facility = daemon | ||
+ | |||
+ | ; syslog_ident is prepended to every message. If you have multiple FPM | ||
+ | ; instances running on the same server, you can change the default value | ||
+ | </ | ||
+ | * 以下を実行 | ||
+ | * < | ||
+ | # touch / | ||
+ | # chown www:www / | ||
+ | </ | ||
+ | * php-fpm.d/ | ||
+ | * <code diff php-fpm.d/ | ||
+ | # diff -c www.conf www.conf.default | ||
+ | *** www.conf | ||
+ | --- www.conf.default | ||
+ | *************** | ||
+ | *** 42,48 **** | ||
+ | ; Set listen(2) backlog. | ||
+ | ; Default Value: 511 (-1 on FreeBSD and OpenBSD) | ||
+ | ; | ||
+ | - listen.backlog = -1 | ||
+ | |||
+ | ; Set permissions for unix socket, if one is used. In Linux, read/write | ||
+ | ; permissions must be set in order to allow connections from a web server. Many | ||
+ | --- 42,47 ---- | ||
+ | *************** | ||
+ | *** 51,61 **** | ||
+ | ; Default Values: user and group are set as the running user | ||
+ | ; mode is set to 0660 | ||
+ | ; | ||
+ | - listen.owner = www | ||
+ | ; | ||
+ | - listen.group = www | ||
+ | ; | ||
+ | - listen.mode = 0660 | ||
+ | ; When POSIX Access Control Lists are supported you can set them using | ||
+ | ; these options, value is a comma separated list of user/group names. | ||
+ | ; When set, listen.owner and listen.group are ignored | ||
+ | --- 50,57 ---- | ||
+ | *************** | ||
+ | *** 69,75 **** | ||
+ | ; accepted from any ip address. | ||
+ | ; Default Value: any | ||
+ | ; | ||
+ | - listen.allowed_clients = 127.0.0.1 | ||
+ | |||
+ | ; Specify the nice(2) priority to apply to the pool processes (only if set) | ||
+ | ; The value can vary from -19 (highest priority) to 20 (lower priority) | ||
+ | --- 65,70 ---- | ||
+ | *************** | ||
+ | *** 109,116 **** | ||
+ | ; | ||
+ | ; an idle process will be killed. | ||
+ | ; Note: This value is mandatory. | ||
+ | ! ;pm = dynamic | ||
+ | ! pm = static | ||
+ | |||
+ | ; The number of child processes to be created when pm is set to ' | ||
+ | ; maximum number of child processes when pm is set to ' | ||
+ | --- 104,110 ---- | ||
+ | ; | ||
+ | ; an idle process will be killed. | ||
+ | ; Note: This value is mandatory. | ||
+ | ! pm = dynamic | ||
+ | |||
+ | ; The number of child processes to be created when pm is set to ' | ||
+ | ; maximum number of child processes when pm is set to ' | ||
+ | *************** | ||
+ | *** 121,159 **** | ||
+ | ; forget to tweak pm.* to fit your needs. | ||
+ | ; Note: Used when pm is set to ' | ||
+ | ; Note: This value is mandatory. | ||
+ | ! ; | ||
+ | ! pm.max_children = 8 | ||
+ | |||
+ | ; The number of child processes created on startup. | ||
+ | ; Note: Used only when pm is set to ' | ||
+ | ; Default Value: (min_spare_servers + max_spare_servers) / 2 | ||
+ | ! ; | ||
+ | ! pm.start_servers = 4 | ||
+ | |||
+ | ; The desired minimum number of idle server processes. | ||
+ | ; Note: Used only when pm is set to ' | ||
+ | ; Note: Mandatory when pm is set to ' | ||
+ | ! ; | ||
+ | ! pm.min_spare_servers = 4 | ||
+ | |||
+ | ; The desired maximum number of idle server processes. | ||
+ | ; Note: Used only when pm is set to ' | ||
+ | ; Note: Mandatory when pm is set to ' | ||
+ | ! ; | ||
+ | ! pm.max_spare_servers = 32 | ||
+ | |||
+ | ; The number of seconds after which an idle process will be killed. | ||
+ | ; Note: Used only when pm is set to ' | ||
+ | ; Default Value: 10s | ||
+ | ; | ||
+ | - pm.process_idle_timeout = 1000s; | ||
+ | |||
+ | ; The number of requests each child process should execute before respawning. | ||
+ | ; This can be useful to work around memory leaks in 3rd party libraries. For | ||
+ | ; endless request processing specify ' | ||
+ | ; Default Value: 0 | ||
+ | ; | ||
+ | - pm.max_requests = 500 | ||
+ | |||
+ | ; The URI to view the FPM status page. If this value is not set, no URI will be | ||
+ | ; recognized as a status page. It shows the following informations: | ||
+ | --- 115,147 ---- | ||
+ | ; forget to tweak pm.* to fit your needs. | ||
+ | ; Note: Used when pm is set to ' | ||
+ | ; Note: This value is mandatory. | ||
+ | ! pm.max_children = 5 | ||
+ | |||
+ | ; The number of child processes created on startup. | ||
+ | ; Note: Used only when pm is set to ' | ||
+ | ; Default Value: (min_spare_servers + max_spare_servers) / 2 | ||
+ | ! pm.start_servers = 2 | ||
+ | |||
+ | ; The desired minimum number of idle server processes. | ||
+ | ; Note: Used only when pm is set to ' | ||
+ | ; Note: Mandatory when pm is set to ' | ||
+ | ! pm.min_spare_servers = 1 | ||
+ | |||
+ | ; The desired maximum number of idle server processes. | ||
+ | ; Note: Used only when pm is set to ' | ||
+ | ; Note: Mandatory when pm is set to ' | ||
+ | ! pm.max_spare_servers = 3 | ||
+ | |||
+ | ; The number of seconds after which an idle process will be killed. | ||
+ | ; Note: Used only when pm is set to ' | ||
+ | ; Default Value: 10s | ||
+ | ; | ||
+ | |||
+ | ; The number of requests each child process should execute before respawning. | ||
+ | ; This can be useful to work around memory leaks in 3rd party libraries. For | ||
+ | ; endless request processing specify ' | ||
+ | ; Default Value: 0 | ||
+ | ; | ||
+ | |||
+ | ; The URI to view the FPM status page. If this value is not set, no URI will be | ||
+ | ; recognized as a status page. It shows the following informations: | ||
+ | *************** | ||
+ | *** 355,361 **** | ||
+ | ; Available units: s(econds)(default), | ||
+ | ; Default Value: 0 | ||
+ | ; | ||
+ | - request_terminate_timeout = 0 | ||
+ | |||
+ | ; The timeout set by ' | ||
+ | ; application calls ' | ||
+ | --- 343,348 ---- | ||
+ | *************** | ||
+ | *** 368,374 **** | ||
+ | ; Set open file descriptor rlimit. | ||
+ | ; Default Value: system defined value | ||
+ | ; | ||
+ | - rlimit_files = 51200 | ||
+ | |||
+ | ; Set max core size rlimit. | ||
+ | ; Possible Values: ' | ||
+ | --- 355,360 ---- | ||
+ | *************** | ||
+ | *** 426,440 **** | ||
+ | ; the current environment. | ||
+ | ; Default Value: clean env | ||
+ | ; | ||
+ | - env[HOSTNAME] = $HOSTNAME | ||
+ | ;env[PATH] = / | ||
+ | - env[PATH] = / | ||
+ | ;env[TMP] = /tmp | ||
+ | - env[TMP] = /tmp | ||
+ | ; | ||
+ | - env[TMPDIR] = /tmp | ||
+ | ;env[TEMP] = /tmp | ||
+ | - env[TEMP] = /tmp | ||
+ | |||
+ | ; Additional php.ini defines, specific to this pool of workers. These settings | ||
+ | ; overwrite the values previously defined in the php.ini. The directives are the | ||
+ | --- 412,421 ---- | ||
+ | </ | ||
==== Start Backend service ==== | ==== Start Backend service ==== | ||
+ | * Backend Service を開始する | ||
+ | < | ||
+ | # service postgresql start | ||
+ | # service postgresql status | ||
+ | # service php-fpm start | ||
+ | # service php-fpm status | ||
+ | # service memcached start | ||
+ | # service memcached status | ||
+ | # service nginx start | ||
+ | </ | ||
===== Nextcloud Configuration ===== | ===== Nextcloud Configuration ===== | ||
+ | * nextcloud/ | ||
+ | * < | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | [ ' | ||
+ | ], | ||
+ | </ | ||
+ | * BrowserからNextCloudにアクセスする | ||
+ | * Top Pageに初期設定の画面が出力される | ||
+ | * DB設定をPgSQLに変更する | ||
+ | * Administrator Accountを作成する | ||
+ | * loginしたら、設定から各種設定を確認し、挙動確認を行う | ||
+ | ==== Log rotation ==== | ||
+ | * newsyslogでlogをRotationする設定を投入 | ||
+ | < | ||
+ | # mkdir / | ||
+ | # cd / | ||
+ | # vi nextcloud.conf nginx.conf php-fpm.conf | ||
+ | </ | ||
- | ==== Config trusted domains ==== | + | <code - nextcloud.conf> |
+ | / | ||
+ | </ | ||
+ | <code - nginx.conf> | ||
+ | / | ||
+ | / | ||
- | ==== Log rotation ==== | + | / |
+ | / | ||
+ | </ | ||
+ | <code - php-fpm.conf> | ||
+ | / | ||
+ | </ |
tweet/2020/1215_01.1607969597.txt.gz · 最終更新: 2020/12/15 03:13 by seirios