C : Country Name # 国家 ST :State or Province Name # 省/州 L :Locality Name # 城市 O :Organization Name # 组织名称 OU :Organizational Unit Name # 组织单位名称 CN :Common Name # 名称
[root@localhost CA]# openssl req -x509 -new -nodes -sha256 -days 720 -key root-ca.key -out root-ca.crt \ > Enter pass phrase for root-ca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Zhejiang Locality Name (eg, city) [Default City]:Hangzhou Organization Name (eg, company) [Default Company Ltd]:root Organizational Unit Name (eg, section) []:root Common Name (eg, your name or your server's hostname) []:root Email Address []:@root.com [root@localhost CA]#
server { listen8080; #listen [::]:443 ssl http2; server_namecloud.mdzz.wang;
# Path to the root of your installation root/usr/share/nginx/nextcloud;
# Use Mozilla's guidelines for SSL/TLS settings # https://mozilla.github.io/server-side-tls/ssl-config-generator/ #ssl_certificate /etc/ssl/nginx/cloud.example.com.crt; #ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
# Prevent nginx HTTP Server Detection server_tokensoff;
# HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
# set max upload size and increase upload timeout: client_max_body_size512M; client_body_timeout300s; fastcgi_buffers644K;
# Enable gzip but do not remove ETag headers gzipon; gzip_varyon; gzip_comp_level4; gzip_min_length256; gzip_proxiedexpiredno-cacheno-storeprivateno_last_modifiedno_etagauth; gzip_typesapplication/atom+xmlapplication/javascriptapplication/jsonapplication/ld+jsonapplication/manifest+jsonapplication/rss+xmlapplication/vnd.geo+jsonapplication/vnd.ms-fontobjectapplication/wasmapplication/x-font-ttfapplication/x-web-app-manifest+jsonapplication/xhtml+xmlapplication/xmlfont/opentypeimage/bmpimage/svg+xmlimage/x-icontext/cache-manifesttext/csstext/plaintext/vcardtext/vnd.rim.location.xloctext/vtttext/x-componenttext/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off;
# The settings allows you to optimize the HTTP2 bandwitdth. # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ # for tunning hints client_body_buffer_size512k;
# Remove X-Powered-By, which is an information leak fastcgi_hide_headerX-Powered-By;
# Specify how to handle directories -- specifying `/index.php$request_uri` # here as the fallback means that Nginx always exhibits the desired behaviour # when a client requests a path that corresponds to a directory that exists # on the server. In particular, if that directory contains an index.php file, # that file is correctly served; if it doesn't, then the request is passed to # the front-end controller. This consistent behaviour means that we don't need # to specify custom rules for certain paths (e.g. images and other assets, # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus # `try_files $uri $uri/ /index.php$request_uri` # always provides the desired behaviour. indexindex.phpindex.html/index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients location=/ { if($http_user_agent~^DavClnt) { return302/remote.php/webdav/$is_args$args; } }
# Make a regex exception for `/.well-known` so that clients can still # access it despite the existence of the regex rule # `location ~ /(\.|autotest|...)` which would otherwise handle requests # for `/.well-known`. location^~/.well-known { # The rules in this block are an adaptation of the rules # in `.htaccess` that concern `/.well-known`.
# Let Nextcloud's API for `/.well-known` URIs handle all other # requests by passing them to the front-end controller. return301/index.php$request_uri; }
# Rules borrowed from `.htaccess` to hide certain paths from clients location~^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return404; } location~^/(?:\.|autotest|occ|issue|indie|db_|console) { return404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks # which handle static assets (as seen below). If this block is not declared first, # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` # to the URI, resulting in a HTTP 500 error response. location~\.php(?:$|/) { # Required for legacy support rewrite^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)/index.php$request_uri;
# # /etc/fstab # Created by anaconda on Fri Sep 20 02:38:45 2019 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 0 0 UUID=c4af2fac-7587-42c6-881b-1d4c0dc2d3fb /boot xfs defaults 0 0 /dev/mapper/centos-swap swap swap defaults 0 0