Différences

Ci-dessous, les différences entre deux révisions de la page.

--- nextcloud_dans_lxc_-_2 [2019/10/29 09:55] – [MariaDB] simon
+++ nextcloud_dans_lxc_-_2 [Date inconnue] (Version actuelle) – supprimée - modification externe (Date inconnue) 127.0.0.1
@@ Ligne 1: / Ligne 1: @@
-====== Nextcloud dans lxc - 2 ======
-<WRAP center round important 60%>
-/10/2019 : Essais d'une installation complète en suivant le tutoriel [[https://www.c-rieger.de/nextcloud-installation-guide-debian-9-10/]] et mes notes sur [[lxc]].
-</WRAP>
-===== lxc =====
-<code bash>
-lxc-create -t download -n nextcloud2 -- --dist debian --release buster --arch amd64
-</code>
-On configure ce qu'il faut pour avoir une IP statique (voir [[lxc]]).
-===== prérequis =====
-<code bash>
-# lxc-attach nextcloud2
-root@nextcloud2:/# apt update
-root@nextcloud2:/# apt install curl wget sudo gnupg2 git lsb-release ssl-cert ca-certificates apt-transport-https tree locate software-properties-common dirmngr htop net-tools zip unzip curl ffmpeg ghostscript libfile-fcntllock-perl -y
-</code>
-===== Dépôts pour Nginx, PHP et MariaDB =====
-==== Nginx ====
-<code bash>
-# cd /etc/apt/sources.list.d
-# echo "deb [arch=amd64] http://nginx.org/packages/mainline/debian $(lsb_release -cs) nginx" | tee nginx.list
-# curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add -
-</code>
-==== PHP ====
-<code bash>
-# cd /etc/apt/sources.list.d
-# echo "deb [arch=amd64] https://packages.sury.org/php/ $(lsb_release -cs) main" | tee php.list
-# root@nextcloud2:/etc/apt/sources.list.d# wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
-OK
-</code>
-==== MariaDB ====
-<code bash>
-# cd /etc/apt/sources.list.d
-# echo "deb [arch=amd64] http://mirror2.hs-esslingen.de/mariadb/repo/10.4/debian $(lsb_release -cs) main" | tee mariadb.list
-# apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
-Executing: /tmp/apt-key-gpghome.RwXWJVNDat/gpg.1.sh --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
-gpg: clef F1656F24C74CD1D8 : clef publique « MariaDB Signing Key <signing-key@mariadb.org> » importée
-gpg:       Quantité totale traitée : 1
-gpg:                     importées : 1
-</code>
-==== Upgrade ====
-On met à jour :
-<code bash>
-# apt update && apt upgrade -y
-# make-ssl-cert generate-default-snakeoil -y
-# apt remove nginx nginx-extras nginx-common nginx-full -y --allow-change-held-packages
-# apt autoremove
-</code>
-===== Installations et configurations =====
-==== Nginx ====
-<code bash>
-# apt install nginx -y
-# nginx -V
-nginx version: nginx/1.17.5
-# systemctl enable nginx.service
-# mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak && touch /etc/nginx/nginx.conf
-root@nextcloud2:/etc/apt/sources.list.d# ip a
-(...)
-: eth0@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
-(...)
-    inet 10.0.3.162/24 brd 10.0.3.255 scope global dynamic eth0
-(...)
-root@nextcloud2:/etc/apt/sources.list.d# vim /etc/nginx/nginx.conf
-root@nextcloud2:/etc/apt/sources.list.d# cat /etc/nginx/nginx.conf
-user www-data;
-worker_processes auto;
-pid /var/run/nginx.pid;
-events {
-	worker_connections 1024;
-	multi_accept on;
-	use epoll;
-}
-http {
-	server_names_hash_bucket_size 64;
-	upstream php-handler {
-		server unix:/run/php/php7.3-fpm.sock;
-	}
-	set_real_ip_from 127.0.0.1;
-	set_real_ip_from 10.0.3.0/24;
-	real_ip_header X-Forwarded-For;
-	real_ip_recursive on;
-	include /etc/nginx/mime.types;
-	#include /etc/nginx/proxy.conf;
-	#include /etc/nginx/ssl.conf;
-	#include /etc/nginx/header.conf;
-	#include /etc/nginx/optimization.conf;
-	default_type application/octet-stream;
-	access_log /var/log/nginx/access.log;
-	error_log /var/log/nginx/error.log warn;
-	sendfile on;
-	send_timeout 3600;
-	tcp_nopush on;
-	tcp_nodelay on;
-	open_file_cache max=500 inactive=10m;
-	open_file_cache_errors on;
-	keepalive_timeout 65;
-	reset_timedout_connection on;
-	server_tokens off;
-	resolver 10.0.3.162 valid=30s;
-	#resolver 127.0.0.53 valid=30s; is recommended but reuqires a valid resolver configuration
-	resolver_timeout 5s;
-	include /etc/nginx/conf.d/*.conf;
-}
-</code>
-On teste la config et on redémarre nginx :
-<code bash>
-# nginx -t && service nginx restart
-</code>
-On crée le dossier nextcloud et on lui met les bons droits :
-<code bash>
-# mkdir -p /var/nextcloud
-# chown -R www-data:www-data /var/nextcloud/
-</code>
-==== PHP ====
-<code bash>
-# apt update && apt install php7.3-fpm php7.3-gd php7.3-mysql php7.3-curl php7.3-xml php7.3-zip php7.3-intl php7.3-mbstring php7.3-json php7.3-bz2 php7.3-ldap php-apcu imagemagick php-imagick php-smbclient -y
-</code>
-<WRAP center round important 60%>
-Je ne mets pas de "#" devant les commandes suivantes pour simplifier les copier/coller de plusieurs lignes. Elles sont à exécuter en root.
-</WRAP>
-Backup des configurations :
-<code bash>
-cp /etc/php/7.3/fpm/pool.d/www.conf /etc/php/7.3/fpm/pool.d/www.conf.bak
-cp /etc/php/7.3/cli/php.ini /etc/php/7.3/cli/php.ini.bak
-cp /etc/php/7.3/fpm/php.ini /etc/php/7.3/fpm/php.ini.bak
-cp /etc/php/7.3/fpm/php-fpm.conf /etc/php/7.3/fpm/php-fpm.conf.bak
-cp /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak
-</code>
-<code bash>
-cp /etc/php/7.3/fpm/pool.d/www.conf /etc/php/7.3/fpm/pool.d/www.conf.bak
-cp /etc/php/7.3/cli/php.ini /etc/php/7.3/cli/php.ini.bak
-cp /etc/php/7.3/fpm/php.ini /etc/php/7.3/fpm/php.ini.bak
-cp /etc/php/7.3/fpm/php-fpm.conf /etc/php/7.3/fpm/php-fpm.conf.bak
-cp /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak
-sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/7.3/fpm/pool.d/www.conf
-sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/7.3/fpm/pool.d/www.conf
-sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/7.3/fpm/pool.d/www.conf
-sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/7.3/fpm/pool.d/www.conf
-sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/7.3/fpm/pool.d/www.conf
-sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/7.3/cli/php.ini
-sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/7.3/cli/php.ini
-sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/7.3/cli/php.ini
-sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/7.3/cli/php.ini
-sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/7.3/cli/php.ini
-sed -i "s/;date.timezone.*/date.timezone = Europe\/\Brussels/" /etc/php/7.3/cli/php.ini
-sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.3/fpm/php.ini
-sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/7.3/fpm/php.ini
-sed -i "s/max_execution_time =.*/max_execution_time = 3600/" /etc/php/7.3/fpm/php.ini
-sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/7.3/fpm/php.ini
-sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/7.3/fpm/php.ini
-sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/7.3/fpm/php.ini
-sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/7.3/fpm/php.ini
-sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/7.3/fpm/php.ini
-sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/7.3/fpm/php.ini
-sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/7.3/fpm/php.ini
-sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/7.3/fpm/php.ini
-sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/7.3/fpm/php.ini
-sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/7.3/fpm/php.ini
-sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/7.3/fpm/php.ini
-sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/7.3/fpm/php.ini
-sed -i "s/rights=\"none\" pattern=\"PS\"/rights=\"read|write\" pattern=\"PS\"/" /etc/ImageMagick-6/policy.xml
-sed -i "s/rights=\"none\" pattern=\"EPI\"/rights=\"read|write\" pattern=\"EPI\"/" /etc/ImageMagick-6/policy.xml
-sed -i "s/rights=\"none\" pattern=\"PDF\"/rights=\"read|write\" pattern=\"PDF\"/" /etc/ImageMagick-6/policy.xml
-sed -i "s/rights=\"none\" pattern=\"XPS\"/rights=\"read|write\" pattern=\"XPS\"/" /etc/ImageMagick-6/policy.xml
-</code>
-<code bash>
-# service php7.3-fpm restart
-# service nginx restart
-</code>
-==== MariaDB ====
-<code bash>
-# apt update && apt install mariadb-server -y
-# mysql --version
-mysql  Ver 15.1 Distrib 10.4.8-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
-</code>
-Le service ne démarre pas :
-<code bash>
-root@nextcloud2:/etc/apt/sources.list.d# systemctl status mariadb
-● mariadb.service - MariaDB 10.4.8 database server
-   Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
-  Drop-In: /etc/systemd/system/mariadb.service.d
-           └─migrated-from-my.cnf-settings.conf
-   Active: failed (Result: exit-code) since Tue 2019-10-29 09:02:09 UTC; 9min ago
-     Docs: man:mysqld(8)
-           https://mariadb.com/kb/en/library/systemd/
-oct 29 09:02:09 nextcloud2 systemd[1]: Starting MariaDB 10.4.8 database server...
-oct 29 09:02:09 nextcloud2 systemd[18087]: mariadb.service: Failed to set up mount namespacing: Permission denied
-oct 29 09:02:09 nextcloud2 systemd[18087]: mariadb.service: Failed at step NAMESPACE spawning /usr/bin/install: Permission denied
-oct 29 09:02:09 nextcloud2 systemd[1]: mariadb.service: Control process exited, code=exited, status=226/NAMESPACE
-oct 29 09:02:09 nextcloud2 systemd[1]: mariadb.service: Failed with result 'exit-code'.
-oct 29 09:02:09 nextcloud2 systemd[1]: Failed to start MariaDB 10.4.8 database server.
-</code>
-Après quelques recherches sur les internets, j'ai vu que le soucis semble causé par AppArmor. Pour le désactiver :
-<code bash>
-# cat /var/lib/lxc/nextcloud2/config
-(...)
-lxc.apparmor.profile = unconfined
-(...)
-</code>
-Il faut ensuite redémarrer le conteneur :
-<code bash>
-# lxc-stop nextcloud2
-# lxc-start nextcloud2
-</code>
-On sécurise l'installation de MariaDB :
-<code bash>
-root@nextcloud2:~# mysql_secure_installation
-NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
-      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
-In order to log into MariaDB to secure it, we'll need the current
-password for the root user. If you've just installed MariaDB, and
-haven't set the root password yet, you should just press enter here.
-Enter current password for root (enter for none):
-OK, successfully used password, moving on...
-Setting the root password or using the unix_socket ensures that nobody
-can log into the MariaDB root user without the proper authorisation.
-You already have your root account protected, so you can safely answer 'n'.
-Switch to unix_socket authentication [Y/n] N
- ... skipping.
-You already have your root account protected, so you can safely answer 'n'.
-Change the root password? [Y/n] n
- ... skipping.
-By default, a MariaDB installation has an anonymous user, allowing anyone
-to log into MariaDB without having to have a user account created for
-them.  This is intended only for testing, and to make the installation
-go a bit smoother.  You should remove them before moving into a
-production environment.
-Remove anonymous users? [Y/n] y
- ... Success!
-Normally, root should only be allowed to connect from 'localhost'.  This
-ensures that someone cannot guess at the root password from the network.
-Disallow root login remotely? [Y/n] y
- ... Success!
-By default, MariaDB comes with a database named 'test' that anyone can
-access.  This is also intended only for testing, and should be removed
-before moving into a production environment.
-Remove test database and access to it? [Y/n] y
- - Dropping test database...
- ... Success!
- - Removing privileges on test database...
- ... Success!
-Reloading the privilege tables will ensure that all changes made so far
-will take effect immediately.
-Reload privilege tables now? [Y/n] y
- ... Success!
-Cleaning up...
-All done!  If you've completed all of the above steps, your MariaDB
-installation should now be secure.
-Thanks for using MariaDB!
-</code>
-<code bash>
-root@nextcloud3:~# systemctl stop mariadb
-root@nextcloud3:~# mv /etc/mysql/my.cnf /etc/mysql/my.cnf.bak
-root@nextcloud3:~# vim /etc/mysql/my.cnf
-root@nextcloud3:~# cat /etc/mysql/my.cnf
-[client]
-	default-character-set = utf8mb4
-	port = 3306
-	socket = /var/run/mysqld/mysqld.sock
-[mysqld_safe]
-	log_error=/var/log/mysql/mysql_error.log
-	nice = 0
-	socket = /var/run/mysqld/mysqld.sock
-[mysqld]
-	basedir = /usr
-	bind-address = 127.0.0.1
-	binlog_format = ROW
-	bulk_insert_buffer_size = 16M
-	character-set-server = utf8mb4
-	collation-server = utf8mb4_general_ci
-	concurrent_insert = 2
-	connect_timeout = 5
-	datadir = /var/lib/mysql
-	default_storage_engine = InnoDB
-	expire_logs_days = 10
-	general_log_file = /var/log/mysql/mysql.log
-	general_log = 0
-	innodb_buffer_pool_size = 1024M
-	innodb_buffer_pool_instances = 1
-	innodb_flush_log_at_trx_commit = 2
-	innodb_log_buffer_size = 32M
-	innodb_max_dirty_pages_pct = 90
-	innodb_file_per_table = 1
-	innodb_open_files = 400
-	innodb_io_capacity = 4000
-	innodb_flush_method = O_DIRECT
-	key_buffer_size = 128M
-	lc_messages_dir = /usr/share/mysql
-	lc_messages = en_US
-	log_bin = /var/log/mysql/mariadb-bin
-	log_bin_index = /var/log/mysql/mariadb-bin.index
-	log_error=/var/log/mysql/mysql_error.log
-	log_slow_verbosity = query_plan
-	log_warnings = 2
-	long_query_time = 1
-	max_allowed_packet = 16M
-	max_binlog_size = 100M
-	max_connections = 200
-	max_heap_table_size = 64M
-	myisam_recover_options = BACKUP
-	myisam_sort_buffer_size = 512M
-	port = 3306
-	pid-file = /var/run/mysqld/mysqld.pid
-	query_cache_limit = 2M
-	query_cache_size = 64M
-	query_cache_type = 1
-	query_cache_min_res_unit = 2k
-	read_buffer_size = 2M
-	read_rnd_buffer_size = 1M
-	skip-external-locking
-	skip-name-resolve
-	slow_query_log_file = /var/log/mysql/mariadb-slow.log
-	slow-query-log = 1
-	socket = /var/run/mysqld/mysqld.sock
-	sort_buffer_size = 4M
-	table_open_cache = 400
-	thread_cache_size = 128
-	tmp_table_size = 64M
-	tmpdir = /tmp
-	transaction_isolation = READ-COMMITTED
-	user = mysql
-	wait_timeout = 600
-[mysqldump]
-	max_allowed_packet = 16M
-	quick
-	quote-names
-[isamchk]
-	key_buffer = 16M
-</code>
-<code bash>
-root@nextcloud2:~# systemctl start mariadb
-root@nextcloud2:~# systemctl status mariadb
-● mariadb.service - MariaDB 10.4.8 database server
-   Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
-  Drop-In: /etc/systemd/system/mariadb.service.d
-           └─migrated-from-my.cnf-settings.conf
-   Active: active (running) since Tue 2019-10-29 09:50:36 UTC; 1s ago
-     Docs: man:mysqld(8)
-           https://mariadb.com/kb/en/library/systemd/
-  Process: 474 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, stat
-  Process: 475 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, sta
-  Process: 477 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && VAR= ||   VAR=`/usr/bin/galera
-  Process: 693 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/SUCCESS)
-  Process: 696 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_START_POSITION (code=exited, st
- Main PID: 661 (mysqld)
-   Status: "Taking your SQL requests now..."
-    Tasks: 32 (limit: 4915)
-   Memory: 117.8M
-   CGroup: /system.slice/mariadb.service
-           └─661 /usr/sbin/mysqld
-oct 29 09:50:35 nextcloud2 systemd[1]: Starting MariaDB 10.4.8 database server...
-oct 29 09:50:36 nextcloud2 mysqld[661]: 2019-10-29  9:50:36 0 [Note] /usr/sbin/mysqld (mysqld 10.4.8-Maria
-oct 29 09:50:36 nextcloud2 /etc/mysql/debian-start[699]: Looking for 'mysql' as: /usr/bin/mysql
-oct 29 09:50:36 nextcloud2 /etc/mysql/debian-start[699]: Looking for 'mysqlcheck' as: /usr/bin/mysqlcheck
-oct 29 09:50:36 nextcloud2 /etc/mysql/debian-start[699]: This installation of MariaDB is already upgraded
-oct 29 09:50:36 nextcloud2 systemd[1]: Started MariaDB 10.4.8 database server.
-</code>
-On se connecte à MariaDB et on crée l'utilisateur et la base de données pour nextcloud :
-<code bash>
-# mysql -uroot -p
-MariaDB [(none)]> CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
-Query OK, 1 row affected (0.001 sec)
-MariaDB [(none)]> CREATE USER nextcloud@localhost identified by 'PASSWORD';
-Query OK, 0 rows affected (0.002 sec)
-MariaDB [(none)]> GRANT ALL PRIVILEGES on nextcloud.* to nextcloud@localhost; FLUSH privileges; quit;
-Query OK, 0 rows affected (0.001 sec)
-Query OK, 0 rows affected (0.000 sec)
-Bye
-</code>
-Vérification :
-<code bash>
-root@nextcloud3:~# mysql -h localhost -uroot -p -e "SELECT @@TX_ISOLATION; SELECT SCHEMA_NAME 'database', default_character_set_name 'charset', DEFAULT_COLLATION_NAME 'collation' FROM information_schema.SCHEMATA WHERE SCHEMA_NAME='nextcloud'"
-Enter password:
-+----------------+
-| @@TX_ISOLATION |
-+----------------+
-| READ-COMMITTED |
-+----------------+
-+-----------+---------+--------------------+
-| database  | charset | collation          |
-+-----------+---------+--------------------+
-| nextcloud | utf8mb4 | utf8mb4_general_ci |
-+-----------+---------+--------------------+
-</code>