転載・引用について

ユーザ用ツール

サイト用ツール


tweet:2020:1215_01

差分

このページの2つのバージョン間の差分を表示します。


前のリビジョン
tweet:2020:1215_01 [2023/07/28 19:50] (現在) – 外部編集 127.0.0.1
行 1: 行 1:
 +====== FreeBSD 12.1-RELEASE and NextCloud ======
  
 +NextCloudを利用してファイル共有サービスを建てる。
 +
 +例によってFreeBSDで実装するが、今回は DB に PostgreSQL 13を利用することにする。
 +
 +Installに関しては [[https://vermaden.wordpress.com/2020/01/04/nextcloud-17-on-freebsd-12-1/]] を参考にしたが、ZFS関連などでいろいろ「本質的には不要」なファイルもあるので、その辺を省く。
 +
 +NextCloudは更新が早いので、最新版に追従することを考えて、NextCloud自身はportsを利用しないでInstallすることにする。
 +
 +===== FreeBSDの設定 =====
 +
 +以下、FreeBSDの設定を行う。
 +
 +==== Binary PackageのInstall ====
 +
 +  * 標準状態で ZFS を root にして Install する
 +  * 必要最小限のPackageを投入
 +    * OLD: <del><code>
 +# pkg install sudo postgresql12-client postgresql12-server nginx-devel memcached php74 php74-pecl-memcached php74-pdo_pgsql php74-pgsql
 +</code></del>
 +    * Current: <code>
 +# pkg install sudo postgresql13-client postgresql13-server nginx-devel memcached php80 php80-pecl-memcached php80-pdo_pgsql php80-pgsql
 +</code>
 +    * <del>本当はpostgresql13を利用したかったが、pkgでpdo-pgsqlを利用する関係で、postgresql12を利用することにした。将来更新で面倒なことになる可能性があるので悩ましいが、とりあえず現時点ではどうなるかの確認を兼ねてPGSQL12で試してみる。</del>
 +      * <WRAP>
 +FreeBSDのportsやNetBSDのpkgsrc、RHE系のyum等、Binary Package管理システムはこういうときに融通が効きにくいという辛みがある。
 +しかし、こうしないと派生のBinary Packageが大量に発生するという問題もあるので痛し痒しというところか...
 +
 +まぁ、そのために、portsでCompileする部分が残っているというのはあるが...
 +</WRAP>
 +  * NextCloud用の追加Packageを投入
 +    * OLD: <del><code>
 +# pkg install php74-extensions php74-zip php74-mbstring php74-gd php74-curl php74-openssl php74-fileinfo php74-bz2 php74-intl php74-bcmath php74-ftp php74-gmp php74-exif php74-pecl-memcache php74-pecl-memcached php74-pecl-imagick-im7 php74-pecl-APCu
 +</code></del>
 +    * <code>
 +# pkg install php80-extensions php80-zip php80-mbstring php80-gd php80-curl php80-fileinfo php80-bz2 php80-intl php80-bcmath php80-ftp php80-gmp php80-exif php80-pecl-memcache php80-pecl-memcached php80-pecl-imagick-im7 php80-pecl-APCu
 +</code>
 +  * 次に、PGSQLおよび格納ファイル用のzpoolを作成する
 +    * <code>
 +# zpool create -m none zdata /dev/ada1
 +# zfs create zdata/pgsql
 +# zfs set mountpoint=/var/db/postgres zdata/pgsql
 +# zfs set recordsize=8k zdata/pgsql
 +# chown -R postgres:postgres /var/db/postgres
 +# zfs create zdata/www
 +# zfs set mountpoint=/home/www zdata/www
 +# chown www:www /home/www
 +# chown -R www:www /home/www
 +</code>
 +
 +==== PostgreSQLに関する設定 ====
 +  * /etc/login.confでpostgresユーザーの各種LOCALE設定を投入する
 +    * <code>
 +# cat /etc/login.conf
 +postgres:\
 +        :lang=en_US.UTF-8:\
 +        :setenv=LC_COLLATE=C:\
 +        :tc=default:
 +
 +# cap_mkdb /etc/login.conf
 +</code>
 +  * PostgreSQLに関する起動時設定を行う。
 +    * 好みもあるが、/etc/rc.conf.localに記述する。/etc/rc.confに記述しても良い。
 +    * <code>
 +postgresql_enable=YES
 +postgresql_class=postgres
 +postgresql_data=/var/db/postgres/data13
 +</code>
 +  * PostgreSQLの初期化を行う
 +    * <code>
 +# /usr/local/etc/rc.d/postgresql initdb
 +</code>
 +  * PostgrSQLを起動
 +    * <code>
 +# service postgresql start
 +</code>
 +  * NextCloud用設定を投入
 +    * <code>
 +# psql -h localhost -U postgres
 +psql (12.5)
 +Type "help" for help.
 +
 +postgres=# CREATE USER ncadm WITH PASSWORD 'NC_DB_PASSWORD';
 +CREATE ROLE
 +postgres=# CREATE DATABASE nc TEMPLATE template0 ENCODING 'UNICODE';
 +CREATE DATABASE
 +postgres=# ALTER DATABASE nc OWNER TO ncadm;
 +ALTER DATABASE
 +postgres=# \q
 +</code>
 +  * <del>PostgreSQLのCleanup(Vacuum)とIndex作成を自動で行うようにする</del>比較的街の方が大きいので削除
 +    * Vacuumは自動で実施される。Vacuumのタイミングを制御したい場合以外は入れる必要はない
 +    * reindexは壊れた時にのみ行えば良いものなので、cronで定期実行するのは害が大きい模様(壊れるわけではないが、無駄に負荷をかける)
 +      * reindexによってメモリキャッシュが消えてしまい、indexを再度読み込む負荷がかかる可能性が高い
 +    * <code>
 +# mkdir -p /var/db/postgres/bin
 +# chown postgres /var/db/postgres/bin
 +# vi /var/db/postgres/bin/vacuum.sh
 +
 +#! /bin/sh
 +
 +/usr/local/bin/vacuumdb -az 1> /dev/null 2> /dev/null
 +/usr/local/bin/reindexdb -a 1> /dev/null 2> /dev/null
 +/usr/local/bin/reindexdb -s 1> /dev/null 2> /dev/null
 +
 +# chown postgres /var/db/postgres/bin/vacuum.sh
 +# chmod +x /var/db/postgres/bin/vacuum.sh
 +
 +# su - postgres -c 'crontab -e'
 +0 0 * * * /var/db/postgres/bin/vacuum.sh
 +
 +# su - postgres -c '/var/db/postgres/bin/vacuum.sh'
 +</code>
 +
 +==== NGINX ====
 +
 +  * NGINXのlogファイルを格納するDirectoryのOwner/Groupをwww:wwwに変更
 +    * <code>
 +# chown www:www /var/log/nginx
 +</code>
 +  * /usr/local/etc/nginx/nginx.confを作成
 +    * <code - nginx.conf>
 +user www;
 +worker_processes 4;
 +worker_rlimit_nofile 51200;
 +error_log /var/log/nginx/error.log;
 +
 +events {
 +  worker_connections 1024;
 +}
 +
 +http {
 +  include mime.types;
 +  default_type application/octet-stream;
 +  log_format main '$remote_addr - $remote_user [$time_local] "$request" ';
 +  access_log /var/log/nginx/access.log main;
 +  sendfile on;
 +  keepalive_timeout 65;
 +
 +  upstream php-handler {
 +    server 127.0.0.1:9000;
 +  }
 +
 +  server {
 +    # ENFORCE HTTPS
 +    listen 80;
 +    server_name nextcloud.domain.com;
 +    return 301 https://$server_name$request_uri;
 +  }
 +
 +  server {
 +    listen 443 ssl http2;
 +    server_name nextcloud.domain.com;
 +    ssl_certificate /usr/local/etc/nginx/ssl/ssl-bundle.crt;
 +    ssl_certificate_key /usr/local/etc/nginx/ssl/server.key;
 +
 +    # HEADERS SECURITY RELATED
 +    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
 +    add_header Referrer-Policy "no-referrer";
 +
 +    # HEADERS
 +    add_header X-Content-Type-Options nosniff;
 +    add_header X-XSS-Protection "1; mode=block";
 +    add_header X-Robots-Tag none;
 +    add_header X-Download-Options noopen;
 +    add_header X-Permitted-Cross-Domain-Policies none;
 +
 +    # PATH TO THE ROOT OF YOUR INSTALLATION
 +    root /usr/local/www/nextcloud/;
 +
 +    location = /robots.txt {
 +      allow all;
 +      log_not_found off;
 +      access_log off;
 +    }
 +
 +    location = /.well-known/carddav {
 +      return 301 $scheme://$host/remote.php/dav;
 +    }
 +
 +    location = /.well-known/caldav {
 +      return 301 $scheme://$host/remote.php/dav;
 +    }
 +
 +    # BUFFERS TIMEOUTS UPLOAD SIZES
 +    client_max_body_size 16400M;
 +    client_body_buffer_size 1048576k;
 +    send_timeout 3000;
 +
 +    # ENABLE GZIP BUT DO NOT REMOVE ETag HEADERS
 +    gzip on;
 +    gzip_vary on;
 +    gzip_comp_level 4;
 +    gzip_min_length 256;
 +    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
 +    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
 +
 +    location / {
 +      rewrite ^ /index.php$request_uri;
 +    }
 +
 +    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
 +      deny all;
 +    }
 +
 +    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
 +      deny all;
 +    }
 +
 +    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
 +      fastcgi_split_path_info ^(.+\.php)(/.*)$;
 +      include fastcgi_params;
 +      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 +      fastcgi_param PATH_INFO $fastcgi_path_info;
 +      fastcgi_param HTTPS on;
 +      fastcgi_param modHeadersAvailable true;
 +      fastcgi_param front_controller_active true;
 +      fastcgi_pass php-handler;
 +      fastcgi_intercept_errors on;
 +      fastcgi_request_buffering off;
 +      fastcgi_keep_conn off;
 +      fastcgi_buffers 16 256K;
 +      fastcgi_buffer_size 256k;
 +      fastcgi_busy_buffers_size 256k;
 +      fastcgi_temp_file_write_size 256k;
 +      fastcgi_send_timeout 3000s;
 +      fastcgi_read_timeout 3000s;
 +      fastcgi_connect_timeout 3000s;
 +    }
 +
 +    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
 +      try_files $uri/ =404;
 +      index index.php;
 +    }
 +
 +    # ADDING THE CACHE CONTROL HEADER FOR JS AND CSS FILES
 +    # MAKE SURE IT IS BELOW PHP BLOCK
 +    location ~ \.(?:css|js|woff2?|svg|gif)$ {
 +      try_files $uri /index.php$uri$is_args$args;
 +      add_header Cache-Control "public, max-age=15778463";
 +      # HEADERS SECURITY RELATED
 +      # IT IS INTENDED TO HAVE THOSE DUPLICATED TO ONES ABOVE
 +      add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
 +      # HEADERS
 +      add_header X-Content-Type-Options nosniff;
 +      add_header X-XSS-Protection "1; mode=block";
 +      add_header X-Robots-Tag none;
 +      add_header X-Download-Options noopen;
 +      add_header X-Permitted-Cross-Domain-Policies none;
 +      # OPTIONAL: DONT LOG ACCESS TO ASSETS
 +      access_log off;
 +    }
 +
 +    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
 +      try_files $uri /index.php$uri$is_args$args;
 +      # OPTIONAL: DONT LOG ACCESS TO OTHER ASSETS
 +      access_log off;
 +    }
 +  }
 +}
 +</code>
 +
 +==== サーバ証明書の入手 ====
 +  * 今時はいろいろな方法があるが、今回はLet's Encryptで取得した。
 +  * 詳細は割愛
 +
 +==== PHP configuration ====
 +  * php.ini
 +    * <code diff php.ini.diff>
 +# diff -c php.ini-production php.ini
 +*** php.ini-production  Tue Dec  8 10:31:04 2020
 +--- php.ini     Wed Dec 16 00:49:45 2020
 +***************
 +*** 212,218 ****
 +  ; Development Value: 4096
 +  ; Production Value: 4096
 +  ; http://php.net/output-buffering
 +! output_buffering = 4096
 +
 +  ; You can redirect all of the output of your scripts to a function.  For
 +  ; example, if you set output_handler to "mb_output_handler", character
 +--- 212,219 ----
 +  ; Development Value: 4096
 +  ; Production Value: 4096
 +  ; http://php.net/output-buffering
 +! ;output_buffering = 4096
 +! output_buffering = Off
 +
 +  ; You can redirect all of the output of your scripts to a function.  For
 +  ; example, if you set output_handler to "mb_output_handler", character
 +***************
 +*** 297,303 ****
 +  ; The value is also used for json_encode when encoding double values.
 +  ; If -1 is used, then dtoa mode 0 is used which automatically select the best
 +  ; precision.
 +! serialize_precision = -1
 +
 +  ; open_basedir, if set, limits all file operations to the defined directory
 +  ; and below.  This directive makes most sense if used in a per-directory
 +--- 298,305 ----
 +  ; The value is also used for json_encode when encoding double values.
 +  ; If -1 is used, then dtoa mode 0 is used which automatically select the best
 +  ; precision.
 +! ;serialize_precision = -1
 +! serialize_precision = 17
 +
 +  ; open_basedir, if set, limits all file operations to the defined directory
 +  ; and below.  This directive makes most sense if used in a per-directory
 +***************
 +*** 385,391 ****
 +  ; Maximum execution time of each script, in seconds
 +  ; http://php.net/max-execution-time
 +  ; Note: This directive is hardcoded to 0 for the CLI SAPI
 +! max_execution_time = 30
 +
 +  ; Maximum amount of time each script may spend parsing request data. It's a good
 +  ; idea to limit this time on productions servers in order to eliminate unexpectedly
 +--- 387,394 ----
 +  ; Maximum execution time of each script, in seconds
 +  ; http://php.net/max-execution-time
 +  ; Note: This directive is hardcoded to 0 for the CLI SAPI
 +! ;max_execution_time = 60
 +! max_execution_time = 3600
 +
 +  ; Maximum amount of time each script may spend parsing request data. It's a good
 +  ; idea to limit this time on productions servers in order to eliminate unexpectedly
 +***************
 +*** 395,401 ****
 +  ; Development Value: 60 (60 seconds)
 +  ; Production Value: 60 (60 seconds)
 +  ; http://php.net/max-input-time
 +! max_input_time = 60
 +
 +  ; Maximum input variable nesting level
 +  ; http://php.net/max-input-nesting-level
 +--- 398,405 ----
 +  ; Development Value: 60 (60 seconds)
 +  ; Production Value: 60 (60 seconds)
 +  ; http://php.net/max-input-time
 +! ;max_input_time = 60
 +! max_input_time = 30000
 +
 +  ; Maximum input variable nesting level
 +  ; http://php.net/max-input-nesting-level
 +***************
 +*** 406,412 ****
 +
 +  ; Maximum amount of memory a script may consume
 +  ; http://php.net/memory-limit
 +! memory_limit = 128M
 +
 +  ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 +  ; Error handling and logging ;
 +--- 410,417 ----
 +
 +  ; Maximum amount of memory a script may consume
 +  ; http://php.net/memory-limit
 +! ;memory_limit = 128M
 +! memory_limit = 1024M
 +
 +  ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 +  ; Error handling and logging ;
 +***************
 +*** 536,541 ****
 +--- 541,547 ----
 +  ; Production Value: Off
 +  ; http://php.net/track-errors
 +  ;track_errors = Off
 ++ track_errors = Off
 +
 +  ; Turn off normal error reporting and emit XML-RPC error XML
 +  ; http://php.net/xmlrpc-errors
 +***************
 +*** 550,555 ****
 +--- 556,562 ----
 +  ; Note: This directive is hardcoded to Off for the CLI SAPI
 +  ; http://php.net/html-errors
 +  ;html_errors = On
 ++ html_errors = On
 +
 +  ; If html_errors is set to On *and* docref_root is not empty, then PHP
 +  ; produces clickable error messages that direct to a page describing the error
 +***************
 +*** 584,589 ****
 +--- 591,597 ----
 +  ; http://php.net/error-log
 +  ; Example:
 +  ;error_log = php_errors.log
 ++ error_log = /var/log/php.log
 +  ; Log errors to syslog (Event Log on Windows).
 +  ;error_log = syslog
 +
 +***************
 +*** 691,697 ****
 +  ; Its value may be 0 to disable the limit. It is ignored if POST data reading
 +  ; is disabled through enable_post_data_reading.
 +  ; http://php.net/post-max-size
 +! post_max_size = 8M
 +
 +  ; Automatically add files before PHP document.
 +  ; http://php.net/auto-prepend-file
 +--- 699,706 ----
 +  ; Its value may be 0 to disable the limit. It is ignored if POST data reading
 +  ; is disabled through enable_post_data_reading.
 +  ; http://php.net/post-max-size
 +! ;post_max_size = 8M
 +! post_max_size = 16400M
 +
 +  ; Automatically add files before PHP document.
 +  ; http://php.net/auto-prepend-file
 +***************
 +*** 843,852 ****
 +
 +  ; Maximum allowed size for uploaded files.
 +  ; http://php.net/upload-max-filesize
 +! upload_max_filesize = 2M
 +
 +  ; Maximum number of files that can be uploaded via a single request
 +! max_file_uploads = 20
 +
 +  ;;;;;;;;;;;;;;;;;;
 +  ; Fopen wrappers ;
 +--- 852,863 ----
 +
 +  ; Maximum allowed size for uploaded files.
 +  ; http://php.net/upload-max-filesize
 +! ;upload_max_filesize = 2M
 +! upload_max_filesize = 16400M
 +
 +  ; Maximum number of files that can be uploaded via a single request
 +! ;max_file_uploads = 20
 +! max_file_uploads = 64
 +
 +  ;;;;;;;;;;;;;;;;;;
 +  ; Fopen wrappers ;
 +***************
 +*** 871,877 ****
 +
 +  ; Default timeout for socket based streams (seconds)
 +  ; http://php.net/default-socket-timeout
 +! default_socket_timeout = 60
 +
 +  ; If your scripts have to deal with files from Macintosh systems,
 +  ; or you are running on a Mac and need to deal with files from
 +--- 882,889 ----
 +
 +  ; Default timeout for socket based streams (seconds)
 +  ; http://php.net/default-socket-timeout
 +! ;default_socket_timeout = 60
 +! default_socket_timeout = 300
 +
 +  ; If your scripts have to deal with files from Macintosh systems,
 +  ; or you are running on a Mac and need to deal with files from
 +***************
 +*** 960,965 ****
 +--- 972,978 ----
 +  ; Defines the default timezone used by the date functions
 +  ; http://php.net/date.timezone
 +  ;date.timezone =
 ++ date.timezone = Asia/Tokyo
 +
 +  ; http://php.net/date.default-latitude
 +  ;date.default_latitude = 31.7667
 +***************
 +*** 1053,1058 ****
 +--- 1066,1072 ----
 +  [Pdo_mysql]
 +  ; Default socket name for local MySQL connects.  If empty, uses the built-in
 +  ; MySQL defaults.
 ++ pdo_mysql.cache_size = 2000
 +  pdo_mysql.default_socket=
 +
 +  [Phar]
 +***************
 +*** 1085,1091 ****
 +  ;mail.force_extra_parameters =
 +
 +  ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
 +! mail.add_x_header = Off
 +
 +  ; The path to a log file that will log all mail() calls. Log entries include
 +  ; the full path of the script, line number, To address and headers.
 +--- 1099,1106 ----
 +  ;mail.force_extra_parameters =
 +
 +  ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
 +! ;mail.add_x_header = Off
 +! mail.add_x_header = On
 +
 +  ; The path to a log file that will log all mail() calls. Log entries include
 +  ; the full path of the script, line number, To address and headers.
 +***************
 +*** 1340,1345 ****
 +--- 1355,1361 ----
 +  ; does not overwrite the process's umask.
 +  ; http://php.net/session.save-path
 +  ;session.save_path = "/tmp"
 ++ session.save_path = "/tmp"
 +
 +  ; Whether to use strict session mode.
 +  ; Strict session mode does not accept an uninitialized session ID, and
 +***************
 +*** 1767,1785 ****
 +--- 1783,1806 ----
 +  [opcache]
 +  ; Determines if Zend OPCache is enabled
 +  ;opcache.enable=1
 ++ opcache.enable=1
 +
 +  ; Determines if Zend OPCache is enabled for the CLI version of PHP
 +  ;opcache.enable_cli=0
 ++ opcache.enable_cli=1
 +
 +  ; The OPcache shared memory storage size.
 +  ;opcache.memory_consumption=128
 ++ opcache.memory_consumption=128
 +
 +  ; The amount of memory for interned strings in Mbytes.
 +  ;opcache.interned_strings_buffer=8
 ++ opcache.interned_strings_buffer=8
 +
 +  ; The maximum number of keys (scripts) in the OPcache hash table.
 +  ; Only numbers between 200 and 1000000 are allowed.
 +  ;opcache.max_accelerated_files=10000
 ++ opcache.max_accelerated_files=10000
 +
 +  ; The maximum percentage of "wasted" memory until a restart is scheduled.
 +  ;opcache.max_wasted_percentage=5
 +***************
 +*** 1798,1803 ****
 +--- 1819,1825 ----
 +  ; memory storage allocation. ("1" means validate once per second, but only
 +  ; once per request. "0" means always validate)
 +  ;opcache.revalidate_freq=2
 ++ opcache.revalidate_freq=1
 +
 +  ; Enables or disables file search in include_path optimization
 +  ;opcache.revalidate_path=0
 +***************
 +*** 1805,1810 ****
 +--- 1827,1833 ----
 +  ; If disabled, all PHPDoc comments are dropped from the code to reduce the
 +  ; size of the optimized code.
 +  ;opcache.save_comments=1
 ++ opcache.save_comments=1
 +
 +  ; Allow file existence override (file_exists, etc.) performance feature.
 +  ;opcache.enable_file_override=0
 +</code>
 +
 +==== PHP FPM ====
 +  * php-fpm.confの修正
 +    * <code diff php-fpm.conf.diff>
 +*** php-fpm.conf.default        Tue Dec  8 10:30:57 2020
 +--- php-fpm.conf        Wed Dec 16 00:59:40 2020
 +***************
 +*** 22,27 ****
 +--- 22,28 ----
 +  ; Note: the default prefix is /var
 +  ; Default Value: log/php-fpm.log
 +  ;error_log = log/php-fpm.log
 ++ error_log = log/php-fpm.log
 +
 +  ; syslog_facility is used to specify what type of program is logging the
 +  ; message. This lets syslogd specify that messages from different facilities
 +***************
 +*** 29,34 ****
 +--- 30,36 ----
 +  ; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
 +  ; Default Value: daemon
 +  ;syslog.facility = daemon
 ++ syslog.facility = daemon
 +
 +  ; syslog_ident is prepended to every message. If you have multiple FPM
 +  ; instances running on the same server, you can change the default value
 +</code>
 +  * 以下を実行
 +    * <code>
 +# touch /var/log/php-fpm.log
 +# chown www:www /var/log/php-fpm.log
 +</code>
 +  * php-fpm.d/www.confを変更
 +    * <code diff php-fpm.d/www.conf.diff>
 +# diff -c www.conf www.conf.default
 +*** www.conf    Wed Dec 16 01:05:44 2020
 +--- www.conf.default    Tue Dec  8 10:30:57 2020
 +***************
 +*** 42,48 ****
 +  ; Set listen(2) backlog.
 +  ; Default Value: 511 (-1 on FreeBSD and OpenBSD)
 +  ;listen.backlog = 511
 +- listen.backlog = -1
 +
 +  ; Set permissions for unix socket, if one is used. In Linux, read/write
 +  ; permissions must be set in order to allow connections from a web server. Many
 +--- 42,47 ----
 +***************
 +*** 51,61 ****
 +  ; Default Values: user and group are set as the running user
 +  ;                 mode is set to 0660
 +  ;listen.owner = www
 +- listen.owner = www
 +  ;listen.group = www
 +- listen.group = www
 +  ;listen.mode = 0660
 +- listen.mode = 0660
 +  ; When POSIX Access Control Lists are supported you can set them using
 +  ; these options, value is a comma separated list of user/group names.
 +  ; When set, listen.owner and listen.group are ignored
 +--- 50,57 ----
 +***************
 +*** 69,75 ****
 +  ; accepted from any ip address.
 +  ; Default Value: any
 +  ;listen.allowed_clients = 127.0.0.1
 +- listen.allowed_clients = 127.0.0.1
 +
 +  ; Specify the nice(2) priority to apply to the pool processes (only if set)
 +  ; The value can vary from -19 (highest priority) to 20 (lower priority)
 +--- 65,70 ----
 +***************
 +*** 109,116 ****
 +  ;             pm.process_idle_timeout   - The number of seconds after which
 +  ;                                         an idle process will be killed.
 +  ; Note: This value is mandatory.
 +! ;pm = dynamic
 +! pm = static
 +
 +  ; The number of child processes to be created when pm is set to 'static' and the
 +  ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
 +--- 104,110 ----
 +  ;             pm.process_idle_timeout   - The number of seconds after which
 +  ;                                         an idle process will be killed.
 +  ; Note: This value is mandatory.
 +! pm = dynamic
 +
 +  ; The number of child processes to be created when pm is set to 'static' and the
 +  ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
 +***************
 +*** 121,159 ****
 +  ; forget to tweak pm.* to fit your needs.
 +  ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
 +  ; Note: This value is mandatory.
 +! ;pm.max_children = 5
 +! pm.max_children = 8
 +
 +  ; The number of child processes created on startup.
 +  ; Note: Used only when pm is set to 'dynamic'
 +  ; Default Value: (min_spare_servers + max_spare_servers) / 2
 +! ;pm.start_servers = 2
 +! pm.start_servers = 4
 +
 +  ; The desired minimum number of idle server processes.
 +  ; Note: Used only when pm is set to 'dynamic'
 +  ; Note: Mandatory when pm is set to 'dynamic'
 +! ;pm.min_spare_servers = 1
 +! pm.min_spare_servers = 4
 +
 +  ; The desired maximum number of idle server processes.
 +  ; Note: Used only when pm is set to 'dynamic'
 +  ; Note: Mandatory when pm is set to 'dynamic'
 +! ;pm.max_spare_servers = 3
 +! pm.max_spare_servers = 32
 +
 +  ; The number of seconds after which an idle process will be killed.
 +  ; Note: Used only when pm is set to 'ondemand'
 +  ; Default Value: 10s
 +  ;pm.process_idle_timeout = 10s;
 +- pm.process_idle_timeout = 1000s;
 +
 +  ; The number of requests each child process should execute before respawning.
 +  ; This can be useful to work around memory leaks in 3rd party libraries. For
 +  ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
 +  ; Default Value: 0
 +  ;pm.max_requests = 500
 +- pm.max_requests = 500
 +
 +  ; The URI to view the FPM status page. If this value is not set, no URI will be
 +  ; recognized as a status page. It shows the following informations:
 +--- 115,147 ----
 +  ; forget to tweak pm.* to fit your needs.
 +  ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
 +  ; Note: This value is mandatory.
 +! pm.max_children = 5
 +
 +  ; The number of child processes created on startup.
 +  ; Note: Used only when pm is set to 'dynamic'
 +  ; Default Value: (min_spare_servers + max_spare_servers) / 2
 +! pm.start_servers = 2
 +
 +  ; The desired minimum number of idle server processes.
 +  ; Note: Used only when pm is set to 'dynamic'
 +  ; Note: Mandatory when pm is set to 'dynamic'
 +! pm.min_spare_servers = 1
 +
 +  ; The desired maximum number of idle server processes.
 +  ; Note: Used only when pm is set to 'dynamic'
 +  ; Note: Mandatory when pm is set to 'dynamic'
 +! pm.max_spare_servers = 3
 +
 +  ; The number of seconds after which an idle process will be killed.
 +  ; Note: Used only when pm is set to 'ondemand'
 +  ; Default Value: 10s
 +  ;pm.process_idle_timeout = 10s;
 +
 +  ; The number of requests each child process should execute before respawning.
 +  ; This can be useful to work around memory leaks in 3rd party libraries. For
 +  ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
 +  ; Default Value: 0
 +  ;pm.max_requests = 500
 +
 +  ; The URI to view the FPM status page. If this value is not set, no URI will be
 +  ; recognized as a status page. It shows the following informations:
 +***************
 +*** 355,361 ****
 +  ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 +  ; Default Value: 0
 +  ;request_terminate_timeout = 0
 +- request_terminate_timeout = 0
 +
 +  ; The timeout set by 'request_terminate_timeout' ini option is not engaged after
 +  ; application calls 'fastcgi_finish_request' or when application has finished and
 +--- 343,348 ----
 +***************
 +*** 368,374 ****
 +  ; Set open file descriptor rlimit.
 +  ; Default Value: system defined value
 +  ;rlimit_files = 1024
 +- rlimit_files = 51200
 +
 +  ; Set max core size rlimit.
 +  ; Possible Values: 'unlimited' or an integer greater or equal to 0
 +--- 355,360 ----
 +***************
 +*** 426,440 ****
 +  ; the current environment.
 +  ; Default Value: clean env
 +  ;env[HOSTNAME] = $HOSTNAME
 +- env[HOSTNAME] = $HOSTNAME
 +  ;env[PATH] = /usr/local/bin:/usr/bin:/bin
 +- env[PATH] = /usr/local/bin:/usr/bin:/bin
 +  ;env[TMP] = /tmp
 +- env[TMP] = /tmp
 +  ;env[TMPDIR] = /tmp
 +- env[TMPDIR] = /tmp
 +  ;env[TEMP] = /tmp
 +- env[TEMP] = /tmp
 +
 +  ; Additional php.ini defines, specific to this pool of workers. These settings
 +  ; overwrite the values previously defined in the php.ini. The directives are the
 +--- 412,421 ----
 +</code>
 +
 +==== Start Backend service ====
 +  * Backend Service を開始する
 +<code>
 +# service postgresql start
 +# service postgresql status
 +# service php-fpm start
 +# service php-fpm status
 +# service memcached start
 +# service memcached status
 +# service nginx start
 +</code>
 +
 +===== Nextcloud Configuration =====
 +
 +  * nextcloud/config/config.phpを編集(以下を追加)
 +    * <code>
 +  'trusted_proxies'   => ['10.1.201.128','10.1.201.129','10.1.201.130'],
 +  'overwriteprotocol' => 'https',
 +  'overwritehost'     => 'hostname',
 +  'memcache.local'       => '\OC\Memcache\APCu',
 +  'memcache.distributed' => '\OC\Memcache\Memcached',
 +  'memcached_servers'    => [
 +       [ '127.0.0.1', 11211 ],
 +  ],
 +</code>
 +  * BrowserからNextCloudにアクセスする
 +  * Top Pageに初期設定の画面が出力される
 +    * DB設定をPgSQLに変更する
 +    * Administrator Accountを作成する
 +  * loginしたら、設定から各種設定を確認し、挙動確認を行う
 +
 +==== Log rotation ====
 +  * newsyslogでlogをRotationする設定を投入
 +<code>
 +# mkdir /usr/local/etc/newsyslog.conf.d
 +# cd /usr/local/etc/newsyslog.conf.d
 +# vi nextcloud.conf nginx.conf php-fpm.conf
 +</code>
 +
 +<code - nextcloud.conf>
 +/some/where/nextcloud/data/nextcloud.log www:www 640 7 * @T00  JC
 +</code>
 +<code - nginx.conf>
 +/var/log/nginx/error.log          www:www     640  7        @T00  JC
 +/var/log/nginx/access.log         www:www     640  7        @T00  JC
 +
 +/var/log/nginx/nextcloud.err      www:www     640  7        @T00  JC
 +/var/log/nginx/nextcloud.acc      www:www     640  7        @T00  JC
 +</code>
 +
 +<code - php-fpm.conf>
 +/var/log/php-fpm.log                         www:www     640  7        @T00  JC
 +</code>
tweet/2020/1215_01.1654621009.txt.gz · 最終更新: 2022/06/08 02:00 (外部編集)

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki