yann/yannstatic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6c68c69ce4
yannstatic/static/2021/12/24/Nginx-Compile_PHP8_MariaDB_Nextcloud.html

2685 lines
247 KiB
HTML
Raw Normal View History

first commit
2024-10-31 20:18:37 +01:00
<!DOCTYPE html><html lang="fr">
<head><meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"><title>Nginx compilation, PHP8, MariaDB et Nextcloud (cloud.ouestyan.xyz) - YannStatic</title>
<meta name="description" content="Nextcloud peut être installé sur nimporte quel serveur supportant une version récente de PHP et supportant MariaDB (base de données par défaut), MySQL ou Po...">
<link rel="canonical" href="https://static.rnmkcy.eu/2021/12/24/Nginx-Compile_PHP8_MariaDB_Nextcloud.html"><link rel="alternate" type="application/rss+xml" title="YannStatic" href="/feed.xml">
<!-- - include head/favicon.html - -->
<link rel="shortcut icon" type="image/png" href="/assets/favicon/favicon.png"><link rel="stylesheet" href="/assets/css/main.css"><link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.13/css/all.css" ><!-- start custom head snippets --><link rel="stylesheet" href="/assets/css/expand.css">
<!-- end custom head snippets --><script>(function() {
window.isArray = function(val) {
return Object.prototype.toString.call(val) === '[object Array]';
};
window.isString = function(val) {
return typeof val === 'string';
};
window.hasEvent = function(event) {
return 'on'.concat(event) in window.document;
};
window.isOverallScroller = function(node) {
return node === document.documentElement || node === document.body || node === window;
};
window.isFormElement = function(node) {
var tagName = node.tagName;
return tagName === 'INPUT' || tagName === 'SELECT' || tagName === 'TEXTAREA';
};
window.pageLoad = (function () {
var loaded = false, cbs = [];
window.addEventListener('load', function () {
var i;
loaded = true;
if (cbs.length > 0) {
for (i = 0; i < cbs.length; i++) {
cbs[i]();
}
}
});
return {
then: function(cb) {
cb && (loaded ? cb() : (cbs.push(cb)));
}
};
})();
})();
(function() {
window.throttle = function(func, wait) {
var args, result, thisArg, timeoutId, lastCalled = 0;
function trailingCall() {
lastCalled = new Date;
timeoutId = null;
result = func.apply(thisArg, args);
}
return function() {
var now = new Date,
remaining = wait - (now - lastCalled);
args = arguments;
thisArg = this;
if (remaining <= 0) {
clearTimeout(timeoutId);
timeoutId = null;
lastCalled = now;
result = func.apply(thisArg, args);
} else if (!timeoutId) {
timeoutId = setTimeout(trailingCall, remaining);
}
return result;
};
};
})();
(function() {
var Set = (function() {
var add = function(item) {
var i, data = this._data;
for (i = 0; i < data.length; i++) {
if (data[i] === item) {
return;
}
}
this.size ++;
data.push(item);
return data;
};
var Set = function(data) {
this.size = 0;
this._data = [];
var i;
if (data.length > 0) {
for (i = 0; i < data.length; i++) {
add.call(this, data[i]);
}
}
};
Set.prototype.add = add;
Set.prototype.get = function(index) { return this._data[index]; };
Set.prototype.has = function(item) {
var i, data = this._data;
for (i = 0; i < data.length; i++) {
if (this.get(i) === item) {
return true;
}
}
return false;
};
Set.prototype.is = function(map) {
if (map._data.length !== this._data.length) { return false; }
var i, j, flag, tData = this._data, mData = map._data;
for (i = 0; i < tData.length; i++) {
for (flag = false, j = 0; j < mData.length; j++) {
if (tData[i] === mData[j]) {
flag = true;
break;
}
}
if (!flag) { return false; }
}
return true;
};
Set.prototype.values = function() {
return this._data;
};
return Set;
})();
window.Lazyload = (function(doc) {
var queue = {js: [], css: []}, sources = {js: {}, css: {}}, context = this;
var createNode = function(name, attrs) {
var node = doc.createElement(name), attr;
for (attr in attrs) {
if (attrs.hasOwnProperty(attr)) {
node.setAttribute(attr, attrs[attr]);
}
}
return node;
};
var end = function(type, url) {
var s, q, qi, cbs, i, j, cur, val, flag;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
s[url] = true;
for (i = 0; i < q.length; i++) {
cur = q[i];
if (cur.urls.has(url)) {
qi = cur, val = qi.urls.values();
qi && (cbs = qi.callbacks);
for (flag = true, j = 0; j < val.length; j++) {
cur = val[j];
if (!s[cur]) {
flag = false;
}
}
if (flag && cbs && cbs.length > 0) {
for (j = 0; j < cbs.length; j++) {
cbs[j].call(context);
}
qi.load = true;
}
}
}
}
};
var load = function(type, urls, callback) {
var s, q, qi, node, i, cur,
_urls = typeof urls === 'string' ? new Set([urls]) : new Set(urls), val, url;
if (type === 'js' || type ==='css') {
s = sources[type], q = queue[type];
for (i = 0; i < q.length; i++) {
cur = q[i];
if (_urls.is(cur.urls)) {
qi = cur;
break;
}
}
val = _urls.values();
if (qi) {
callback && (qi.load || qi.callbacks.push(callback));
callback && (qi.load && callback());
} else {
q.push({
urls: _urls,
callbacks: callback ? [callback] : [],
load: false
});
for (i = 0; i < val.length; i++) {
node = null, url = val[i];
if (s[url] === undefined) {
(type === 'js' ) && (node = createNode('script', { src: url }));
(type === 'css') && (node = createNode('link', { rel: 'stylesheet', href: url }));
if (node) {
node.onload = (function(type, url) {
return function() {
end(type, url);
};
})(type, url);
(doc.head || doc.body).appendChild(node);
s[url] = false;
}
}
}
}
}
};
return {
js: function(url, callback) {
load('js', url, callback);
},
css: function(url, callback) {
load('css', url, callback);
}
};
})(this.document);
})();
</script><script>
(function() {
var TEXT_VARIABLES = {
version: '2.2.6',
sources: {
font_awesome: 'https://use.fontawesome.com/releases/v5.0.13/css/all.css',
jquery: '/assets/js/jquery.min.js',
leancloud_js_sdk: '//cdn.jsdelivr.net/npm/leancloud-storage@3.13.2/dist/av-min.js',
chart: 'https://cdn.bootcss.com/Chart.js/2.7.2/Chart.bundle.min.js',
gitalk: {
js: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.js',
css: 'https://cdn.bootcss.com/gitalk/1.2.2/gitalk.min.css'
},
valine: 'https://unpkg.com/valine/dist/Valine.min.js'
},
site: {
toc: {
selectors: 'h1,h2,h3'
}
},
paths: {
search_js: '/assets/search.js'
}
};
window.TEXT_VARIABLES = TEXT_VARIABLES;
})();
</script>
</head>
<body>
<div class="root" data-is-touch="false">
<div class="layout--page js-page-root"><!----><div class="page__main js-page-main page__viewport hide-footer has-aside has-aside cell cell--auto">
<div class="page__main-inner"><div class="page__header d-print-none"><header class="header"><div class="main">
<div class="header__title">
<div class="header__brand"><svg id="svg" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="400" height="478.9473684210526" viewBox="0, 0, 400,478.9473684210526"><g id="svgg"><path id="path0" d="M308.400 56.805 C 306.970 56.966,303.280 57.385,300.200 57.738 C 290.906 58.803,278.299 59.676,269.200 59.887 L 260.600 60.085 259.400 61.171 C 258.010 62.428,256.198 63.600,255.645 63.600 C 255.070 63.600,252.887 65.897,252.598 66.806 C 252.460 67.243,252.206 67.600,252.034 67.600 C 251.397 67.600,247.206 71.509,247.202 72.107 C 247.201 72.275,246.390 73.190,245.400 74.138 C 243.961 75.517,243.598 76.137,243.592 77.231 C 243.579 79.293,241.785 83.966,240.470 85.364 C 239.176 86.740,238.522 88.365,237.991 91.521 C 237.631 93.665,236.114 97.200,235.554 97.200 C 234.938 97.200,232.737 102.354,232.450 104.472 C 232.158 106.625,230.879 109.226,229.535 110.400 C 228.933 110.926,228.171 113.162,226.434 119.500 C 226.178 120.435,225.795 121.200,225.584 121.200 C 225.373 121.200,225.200 121.476,225.200 121.813 C 225.200 122.149,224.885 122.541,224.500 122.683 C 223.606 123.013,223.214 123.593,223.204 124.600 C 223.183 126.555,220.763 132.911,219.410 134.562 C 218.443 135.742,217.876 136.956,217.599 138.440 C 217.041 141.424,215.177 146.434,214.532 146.681 C 214.240 146.794,214.000 147.055,214.000 147.261 C 214.000 147.467,213.550 148.086,213.000 148.636 C 212.450 149.186,212.000 149.893,212.000 150.208 C 212.000 151.386,208.441 154.450,207.597 153.998 C 206.319 153.315,204.913 150.379,204.633 147.811 C 204.365 145.357,202.848 142.147,201.759 141.729 C 200.967 141.425,199.200 137.451,199.200 135.974 C 199.200 134.629,198.435 133.224,196.660 131.311 C 195.363 129.913,194.572 128.123,193.870 125.000 C 193.623 123.900,193.236 122.793,193.010 122.540 C 190.863 120.133,190.147 118.880,188.978 115.481 C 188.100 112.928,187.151 111.003,186.254 109.955 C 185.358 108.908,184.518 107.204,183.847 105.073 C 183.280 103.273,182.497 101.329,182.108 100.753 C 181.719 100.177,180.904 98.997,180.298 98.131 C 179.693 97.265,178.939 95.576,178.624 94.378 C 178.041 92.159,177.125 90.326,175.023 87.168 C 174.375 86.196,173.619 84.539,173.342 83.486 C 172.800 81.429,171.529 79.567,170.131 78.785 C 169.654 78.517,168.697 77.511,168.006 76.549 C 167.316 75.587,166.594 74.800,166.402 74.800 C 166.210 74.800,164.869 73.633,163.421 72.206 C 160.103 68.936,161.107 69.109,146.550 69.301 C 133.437 69.474,128.581 70.162,126.618 72.124 C 126.248 72.495,125.462 72.904,124.872 73.033 C 124.282 73.163,123.088 73.536,122.219 73.863 C 121.349 74.191,119.028 74.638,117.061 74.858 C 113.514 75.254,109.970 76.350,108.782 77.419 C 107.652 78.436,100.146 80.400,97.388 80.400 C 95.775 80.400,93.167 81.360,91.200 82.679 C 90.430 83.195,89.113 83.804,88.274 84.031 C 85.875 84.681,78.799 90.910,74.400 96.243 L 73.400 97.456 73.455 106.028 C 73.526 117.055,74.527 121.238,77.820 124.263 C 78.919 125.273,80.400 127.902,80.400 128.842 C 80.400 129.202,81.075 130.256,81.900 131.186 C 83.563 133.059,85.497 136.346,86.039 138.216 C 86.233 138.886,87.203 140.207,88.196 141.153 C 89.188 142.098,90.000 143.104,90.000 143.388 C 90.000 144.337,92.129 148.594,92.869 149.123 C 93.271 149.410,93.600 149.831,93.600 150.059 C 93.600 150.286,93.932 150.771,94.337 151.136 C 94.743 151.501,95.598 153.004,96.237 154.475 C 96.877 155.947,97.760 157.351,98.200 157.596 C 98.640 157.841,99.900 159.943,101.000 162.267 C 102.207 164.817,103.327 166.644,103.825 166.876 C 104.278 167.087,105.065 168.101,105.573 169.130 C 107.658 173.348,108.097 174.093,110.006 176.647 C 111.103 178.114,112.000 179.725,112.000 180.227 C 112.000 181.048,113.425 183.163,114.678 184.200 C 115.295 184.711,117.396 188.733,117.720 190.022 C 117.855 190.562,118.603 191.633,119.381 192.402 C 120.160 193.171,121.496 195.258,122.351 197.039 C 123.206 198.820,124.167 200.378,124.487 200.501 C 124.807 200.624,125.953 202.496,127.034 204.662 C 128.114 206.828,129.676 209.299,130.505 210.153 C 131.333 211.007,132.124 212.177,132.262 212.753 C 132.618 214.239,134.291 217.048,136.288 219.5
" href="/">YannStatic</a></div><!--<button class="button button--secondary button--circle search-button js-search-toggle"><i class="fas fa-search"></i></button>--><!-- <li><button class="button button--secondary button--circle search-button js-search-toggle"><i class="fas fa-search"></i></button></li> -->
<!-- Champ de recherche -->
<div id="searchbox" class="search search--dark" style="visibility: visible">
<div class="main">
<div class="search__header"></div>
<div class="search-bar">
<div class="search-box js-search-box">
<div class="search-box__icon-search"><i class="fas fa-search"></i></div>
<input id="search-input" type="text" />
<!-- <div class="search-box__icon-clear js-icon-clear">
<a><i class="fas fa-times"></i></a>
</div> -->
</div>
</div>
</div>
</div>
<!-- Script pointing to search-script.js -->
<script>/*!
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen; i++) {
var nch = needle.charCodeAt(i);
while (j < tlen) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len; i++) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length && matches.length < opt.limit; i++) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) && strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len; i++) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 && xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' && params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object && JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '<li><a href="{url}" title="{desc}">{title}</a></li>',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' && options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len; i++) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query && query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
</script>
<!-- Configuration -->
<script>
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
json: '/search.json',
//searchResultTemplate: '<li><a href="https://static.rnmkcy.eu{url}">{date}&nbsp;{title}</a></li>'
searchResultTemplate: '<li><a href="{url}">{date}&nbsp;{title}</a></li>'
})
</script>
<!-- Fin déclaration champ de recherche --></div><nav class="navigation">
<ul><li class="navigation__item"><a href="/archive.html">Etiquettes</a></li><li class="navigation__item"><a href="/htmldoc.html">Documents</a></li><li class="navigation__item"><a href="/liens_ttrss.html">Liens</a></li><li class="navigation__item"><a href="/aide-jekyll-text-theme.html">Aide</a></li></ul>
</nav></div>
</header>
</div><div class="page__content"><div class ="main"><div class="grid grid--reverse">
<div class="col-main cell cell--auto"><!-- start custom main top snippet --><div id="results-container" class="search-result js-search-result"></div><!-- end custom main top snippet -->
<article itemscope itemtype="http://schema.org/Article"><div class="article__header"><header><h1 style="color:Tomato;">Nginx compilation, PHP8, MariaDB et Nextcloud (cloud.ouestyan.xyz)</h1></header></div><meta itemprop="headline" content="Nginx compilation, PHP8, MariaDB et Nextcloud (cloud.ouestyan.xyz)"><div class="article__info clearfix"><ul class="left-col menu"><li>
_includes/article-list.html
2024-11-08 14:10:33 +01:00
<a class="button button--secondary button--pill button--sm" style="color:#00FFFF" href="/archive.html?tag=nextcloud">nextcloud</a>
first commit
2024-10-31 20:18:37 +01:00
</li></ul><ul class="right-col menu"><li>
<i class="far fa-calendar-alt"></i>&nbsp;<span title="Création" style="color:#FF00FF">24&nbsp;déc.&nbsp;&nbsp;2021</span>
<span title="Modification" style="color:#00FF7F">&nbsp;6&nbsp;mai&nbsp;&nbsp;&nbsp;2022</span></li></ul></div><meta itemprop="datePublished" content="2022-05-06T00:00:00+02:00">
<meta itemprop="keywords" content="nextcloud"><div class="js-article-content">
<div class="layout--article"><!-- start custom article top snippet -->
<style>
#myBtn {
display: none;
position: fixed;
bottom: 10px;
right: 10px;
z-index: 99;
font-size: 12px;
font-weight: bold;
border: none;
outline: none;
background-color: white;
color: black;
cursor: pointer;
padding: 5px;
border-radius: 4px;
}
#myBtn:hover {
background-color: #555;
}
</style>
<button onclick="topFunction()" id="myBtn" title="Haut de page">&#8679;</button>
<script>
//Get the button
var mybutton = document.getElementById("myBtn");
// When the user scrolls down 20px from the top of the document, show the button
window.onscroll = function() {scrollFunction()};
function scrollFunction() {
if (document.body.scrollTop > 20 || document.documentElement.scrollTop > 20) {
mybutton.style.display = "block";
} else {
mybutton.style.display = "none";
}
}
// When the user clicks on the button, scroll to the top of the document
function topFunction() {
document.body.scrollTop = 0;
document.documentElement.scrollTop = 0;
}
</script>
<!-- end custom article top snippet -->
<div class="article__content" itemprop="articleBody"><details>
<summary><b>Afficher/cacher Sommaire</b></summary>
<!-- affichage sommaire -->
<div class="toc-aside js-toc-root"></div>
</details><p><em>Nextcloud peut être installé sur nimporte quel serveur supportant une version récente de PHP et supportant MariaDB (base de données par défaut), MySQL ou PostgreSQL.</em></p>
<p>Serveur debian/ubuntu à jour<br />
Utilisateur avec droits sudo</p>
<h1 id="nginx-php8-mariadb">Nginx PHP8 MariaDB</h1>
<h3 id="nginx-compilé">Nginx compilé</h3>
<p><img src="/images/nginx-logo.png" alt="" width="50" /></p>
<p>Télécharger le bash</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://static.xoyaz.xyz/files/compilation-nginx-tls1.3.sh
chmod +x compilation-nginx-tls1.3.sh # rendre le bash exécutable
./compilation-nginx-tls1.3.sh # exécution
</code></pre></div></div>
<p>Par défaut :<br />
<code class="language-plaintext highlighter-rouge">ssl_protocols TLSv1.2 TLSv1.3;</code><br />
<code class="language-plaintext highlighter-rouge">include /etc/nginx/conf.d/*.conf;</code></p>
<p>A la fin de la compilation</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>Versions Nginx OpenSSL
nginx version: nginx/1.20.2
OpenSSL 1.1.1k 25 Mar 2021
</code></pre></div></div>
<h3 id="php8">PHP8</h3>
<p><img src="/images/php8-logo.png" alt="" width="50" /></p>
<p>Ajout du dépôt sury.org</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -s
</code></pre></div></div>
<p>Pour installer la version de 8 de php, ajouter le dépôt sury.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt <span class="nb">install</span> <span class="nt">-y</span> lsb-release apt-transport-https ca-certificates wget
wget <span class="nt">-O</span> /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
<span class="nb">echo</span> <span class="s2">"deb https://packages.sury.org/php/ </span><span class="si">$(</span>lsb_release <span class="nt">-sc</span><span class="si">)</span><span class="s2"> main"</span> |tee /etc/apt/sources.list.d/php.list
</code></pre></div></div>
<p>Mise à jour des dépôts :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt update &amp;&amp; apt upgrade -y
</code></pre></div></div>
<p>Installation de php8.0, php8.0-fpm, php8.0-sqlite3 et les paquets PHP nécessaires à nextcloud</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>apt install php8.0 php8.0-fpm php8.0-sqlite3 php8.0-cli php8.0-gd php8.0-imap php8.0-mysql php8.0-soap php8.0-apcu php8.0-common php8.0-gmp php8.0-intl php8.0-opcache php8.0-xml php8.0-curl php8.0-igbinary php8.0-readline php8.0-zip php8.0-bcmath php8.0-imagick php8.0-mbstring php8.0-redis imagemagick
</code></pre></div></div>
<p class="warning">Nextcloud naccepte pas les versions PHP &gt; 8.0</p>
<h3 id="mariadb">MariaDB</h3>
<p><img src="/images/mariadb-logo.png" alt="" width="50" /><br />
installer les paquets de MariaDB</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install mariadb-server
</code></pre></div></div>
<p>Une fois que linstallation des composants est terminée, tapez la commande suivante pour finaliser la configuration.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo mysql_secure_installation
</code></pre></div></div>
<p>Tapez Enter directement à la première question car le mot de passe de lutilisateur root de MariaDB est vide par défaut après linstallation.<br />
Puis répondez Y à la question suivante pour spécifier le mot de passe de lutilisateur root de MariaDB qui, une fois de plus, est différent de lutilisateur root de votre Debian.<br />
Cet utilisateur root de la base de données aura tous les droits daccès. Pour des raisons évidentes de sécurité, je vous recommande dutiliser un mot de passe complexe !<br />
Et vous pouvez répondre Y à toutes les questions suivantes: les connexions anonymes seront désactivées, ainsi que les connexions root qui se font depuis un serveur autre que le votre…</p>
<h1 id="nextcloud">Nextcloud</h1>
<p><img src="/images/nextcloud_logo.png" alt="" width="50" /></p>
<h2 id="installation-dernière-version">Installation dernière version</h2>
<p>On télécharge la <a href="https://download.nextcloud.com/server/releases/">dernière version nextcloud</a></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://download.nextcloud.com/server/releases/latest.tar.bz2
</code></pre></div></div>
<p>Télécharger le SHA256</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://download.nextcloud.com/server/releases/latest.tar.bz2.sha256
</code></pre></div></div>
<p>Vérifier lintégrité de larchive téléchargée</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sha256sum -c latest.tar.bz2.sha256 &lt; latest.tar.bz2
</code></pre></div></div>
<p>Doit donner le résultat suivant : <strong>latest.tar.bz2: OK</strong></p>
<p>Vérifier la signature PGP et la provenance de larchive téléchargée (FACULTATIF)</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://download.nextcloud.com/server/releases/latest.tar.bz2.asc
wget https://nextcloud.com/nextcloud.asc
gpg --import nextcloud.asc
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>gpg: directory '/home/bullsadmin/.gnupg' created
gpg: keybox '/home/bullsadmin/.gnupg/pubring.kbx' created
gpg: /home/bullsadmin/.gnupg/trustdb.gpg: trustdb created
gpg: key D75899B9A724937A: public key "Nextcloud Security &lt;security@nextcloud.com&gt;" imported
gpg: Total number processed: 1
gpg: imported: 1
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>gpg --verify latest.tar.bz2.asc latest.tar.bz2
</code></pre></div></div>
<p>Donne le résultat suivant</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>gpg: Signature made Fri Nov 26 20:59:39 2021 UTC
gpg: using RSA key 28806A878AE423A28372792ED75899B9A724937A
gpg: Good signature from "Nextcloud Security &lt;security@nextcloud.com&gt;" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A
</code></pre></div></div>
<p>Décompresser larchive Nextcloud :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>tar -xvf latest.tar.bz2
</code></pre></div></div>
<p>Déplacement</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo mv nextcloud /var/www/
</code></pre></div></div>
<p>Supprimez les fichiers et signatures téléchargés :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>rm latest.tar.bz2*
</code></pre></div></div>
<h2 id="utilisateur-nextcloud">Utilisateur nextcloud</h2>
<p>Lors du déploiement basique dun serveur HTTP, lutilisateur sous lequel fonctionne ce serveur (Apache, Nginx…) est la plupart du temps www-data, nobody ou apache. Cela signifie que si plusieurs sites existent sous la même instance de Nginx, tous utilisent le même utilisateur. Or si lun des sites savère corrompu par un utilisateur malveillant alors lassaillant peut profiter pleinement de tous les droits de lutilisateur sous lequel tourne le serveur web. Tous les sites savèrent donc vulnérables.</p>
<p>Pour des raisons évidentes de sécurité, il est donc recommandé de cloisonner ces utilisateurs et davoir un utilisateur dédié à la gestion du dossier nextcloud. Cet utilisateur aura des droits aussi restreints que possible à ce répertoire.
Par défaut, les fichiers de Nextcloud possèdent les permissions suivantes :</p>
<ul>
<li>répertoires : 755 (permission de lecture, décriture et dexécution pour le propriétaire et permission de lecture et dexécution pour le groupe et les autres)</li>
<li>fichiers : 644 (permission de lecture et décriture pour le propriétaire et permission de lecture uniquement pour le groupe et les autres).</li>
</ul>
<p>Nous allons donc modifier le propriétaire du répertoire <code class="language-plaintext highlighter-rouge">/var/www/nextcloud</code> et lattribuer à un nouvel utilisateur dédié : <strong>nextcloud</strong></p>
<p>Par ailleurs, Nginx est lancé sous lutilisateur <strong>www-data</strong> et doit avoir accès en lecture au répertoire <code class="language-plaintext highlighter-rouge">/var/www/nextcloud</code> pour lire les ressources statiques (HTML, CSS, JS, etc.). Nous allons donc attribuer le répertoire <code class="language-plaintext highlighter-rouge">/var/www/nextcloud</code> au groupe <strong>www-data</strong>. Enfin nous retirerons toutes les permissions de ce répertoire aux autres utilisateurs.</p>
<p>Créez un utilisateur nextcloud</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo useradd -r nextcloud
</code></pre></div></div>
<p>Modifiez le propriétaire et le groupe du répertoire /var/www/nextcloud :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo chown -R nextcloud:www-data /var/www/nextcloud
</code></pre></div></div>
<p>Retirez toutes les permissions aux autres utilisateurs :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo chmod -R o-rwx /var/www/nextcloud
</code></pre></div></div>
<h2 id="mariadb-base-de-données-mysql">MariaDB base de données mysql</h2>
<p>Mot de passe base nextcloud</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>tr -cd '[:alnum:]' &lt; /dev/urandom | fold -w16 | head -n1
</code></pre></div></div>
<p>Tout comme pour la gestion du répertoire nextcloud et pour plus de sécurité, vous allez tout dabord créer un utilisateur MySQL <strong>nextcloud</strong> dédié à la base de données nextcloud, renseigner un mot de passe et ensuite lui donner les droits sur cette base de données.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>mysql -uroot -pMp_Root_MySql &lt;&lt;-EOF
CREATE DATABASE nextcloud;
CREATE USER "nextcloud"@"localhost";
SET password FOR "nextcloud"@"localhost" = password('Mp_MySql_Nextcloud');
GRANT ALL PRIVILEGES ON nextcloud.* TO "nextcloud"@"localhost" IDENTIFIED BY "Mp_MySql_Nextcloud";
FLUSH PRIVILEGES;
EOF
</code></pre></div></div>
<h1 id="cloudouestyanxyz">cloud.ouestyan.xyz</h1>
<p>Domaine ouestyan.xyz OVH <br />
Certificats Lets Encrypt installés sur le domaine cloud.ouestyan.xyz</p>
<h2 id="php">PHP</h2>
<h3 id="php-pool-nextcloud">PHP pool nextcloud</h3>
<p>Création du pool nextcloud <code class="language-plaintext highlighter-rouge">/etc/php/8.0/fpm/pool.d/nextcloud.conf</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/php/8.0/fpm/pool.d/nextcloud.conf
</code></pre></div></div>
<div class="language-conf highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[<span class="n">nextcloud</span>]
<span class="n">listen</span> = /<span class="n">run</span>/<span class="n">php</span>/<span class="n">nextcloud</span>.<span class="n">sock</span>
<span class="n">listen</span>.<span class="n">owner</span> = <span class="n">nextcloud</span>
<span class="n">listen</span>.<span class="n">group</span> = <span class="n">www</span>-<span class="n">data</span>
<span class="n">user</span> = <span class="n">nextcloud</span>
<span class="n">group</span> = <span class="n">www</span>-<span class="n">data</span>
<span class="n">pm</span> = <span class="n">ondemand</span>
<span class="n">pm</span>.<span class="n">max_children</span> = <span class="m">56</span>
<span class="n">pm</span>.<span class="n">process_idle_timeout</span> = <span class="m">60</span><span class="n">s</span>
<span class="n">pm</span>.<span class="n">max_requests</span> = <span class="m">500</span>
<span class="n">env</span>[<span class="n">HOSTNAME</span>] = $<span class="n">HOSTNAME</span>
<span class="n">env</span>[<span class="n">PATH</span>] = /<span class="n">usr</span>/<span class="n">local</span>/<span class="n">bin</span>:/<span class="n">usr</span>/<span class="n">bin</span>:/<span class="n">bin</span>
<span class="n">env</span>[<span class="n">TMP</span>] = /<span class="n">tmp</span>
<span class="n">env</span>[<span class="n">TMPDIR</span>] = /<span class="n">tmp</span>
<span class="n">env</span>[<span class="n">TEMP</span>] = /<span class="n">tmp</span>
</code></pre></div></div>
<h3 id="mémoire-pour-php">mémoire pour PHP</h3>
<p>ajouter <code class="language-plaintext highlighter-rouge">memory_limit = 512M</code> dans le fichier <code class="language-plaintext highlighter-rouge">/etc/php/8.0/fpm/php.ini</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo sed -i -e "s/^memory_limit \+= \+.*$/memory_limit = 512M/g" /etc/php/8.0/fpm/php.ini
sudo sed -i -e "s/^output_buffering \+= \+.*$/output_buffering = 0/g" /etc/php/8.0/fpm/php.ini
</code></pre></div></div>
<p>Vérification</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cat /etc/php/8.0/fpm/php.ini |egrep "memory_limit|^output_buffering"
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>output_buffering = 0
memory_limit = 512M
</code></pre></div></div>
<h3 id="php-opcache">PHP OPcache</h3>
<p><em>OPcache (qui signifie Optimizer Plus Cache) est introduit depuis la version 5.5.0 de PHP. Il sert à cacher lopcode de PHP, cest-à-dire les instructions de bas niveau générées par la machine virtuelle PHP lors de lexécution dun script. Autrement dit, le code pré-compilé est stocké en mémoire. Cela évite ainsi létape de compilation à chaque requête PHP. De plus, OPcache va optimiser lexécution du code afin den améliorer les performances.</em></p>
<p>Alternative A: Éditez le fichier /etc/php/8.0/fpm/php.ini,ajouter les lignes suivantes dans la section [opcache] :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/php/8.0/fpm/php.ini
</code></pre></div></div>
<div class="language-ini highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nn">[opcache]</span>
<span class="py">opcache.enable</span> <span class="p">=</span> <span class="s">1</span>
<span class="py">opcache.interned_strings_buffer</span> <span class="p">=</span> <span class="s">8</span>
<span class="py">opcache.max_accelerated_files</span> <span class="p">=</span> <span class="s">10000</span>
<span class="py">opcache.memory_consumption</span> <span class="p">=</span> <span class="s">128</span>
<span class="py">opcache.save_comments</span> <span class="p">=</span> <span class="s">1</span>
<span class="py">opcache.revalidate_freq</span> <span class="p">=</span> <span class="s">1</span>
</code></pre></div></div>
<p>Alternative B: Exécuter les instructions suivantes</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sed -i -e "s/^;* *opcache\.enable *= *.*$/opcache.enable=1/g" /etc/php/8.0/fpm/php.ini
sed -i -e "s/^;* *opcache\.memory_consumption *= *.*$/opcache.memory_consumption=128/g" /etc/php/8.0/fpm/php.ini
sed -i -e "s/^;* *opcache\.interned_strings_buffer *= *.*$/opcache.interned_strings_buffer=8/g" /etc/php/8.0/fpm/php.ini
sed -i -e "s/^;* *opcache\.max_accelerated_files *= *.*$/opcache.max_accelerated_files=10000/g" /etc/php/8.0/fpm/php.ini
sed -i -e "s/^;* *opcache\.revalidate_freq *= *.*$/opcache.revalidate_freq=1/g" /etc/php/8.0/fpm/php.ini
sed -i -e "s/^;* *opcache\.save_comments *= *.*$/opcache.save_comments=1/g" /etc/php/8.0/fpm/php.ini
</code></pre></div></div>
<p>Vérification</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cat /etc/php/8.0/fpm/php.ini | \
egrep "^;* *opcache\.enable *=|^;* *opcache\.interned_strings_buffer *=\
|^;* *opcache\.max_accelerated_files *=|^;* *opcache\.memory_consumption *=\
|^;* *opcache\.save_comments *=|^;* *opcache\.revalidate_freq *="
</code></pre></div></div>
<p>La nouvelle configuration sera prise en compte après redémarrage du service PHP-FPM :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl restart php8.0-fpm.service
</code></pre></div></div>
<h2 id="nginx">Nginx</h2>
<p>NGINX Configuration <a href="https://docs.nextcloud.com/server/23/admin_manual/installation/nginx.html">https://docs.nextcloud.com/server/23/admin_manual/installation/nginx.html</a></p>
<ul>
<li>Vous devez insérer le code suivant dans votre fichier de configuration Nginx.</li>
<li>Ajustez <code class="language-plaintext highlighter-rouge">server_name</code>, <code class="language-plaintext highlighter-rouge">root</code>, <code class="language-plaintext highlighter-rouge">ssl_certificate</code> et <code class="language-plaintext highlighter-rouge">ssl_certificate_key</code> en fonction de vos besoins.</li>
<li>Assurez-vous que vos certificats SSL sont lisibles par le serveur (voir la documentation du module HTTP SSL de nginx).</li>
<li>Faites attention aux sauts de ligne si vous copiez les exemples, car les longues lignes peuvent être coupées pour le formatage de la page.</li>
<li>Certains environnements peuvent avoir besoin dune valeur de 1 pour <code class="language-plaintext highlighter-rouge">cgi.fix_pathinfo</code> dans leur <code class="language-plaintext highlighter-rouge">php.ini</code>.</li>
</ul>
<h3 id="nextcloud-dans-le-webroot-de-nginx">Nextcloud dans le webroot de NGINX</h3>
<p>La configuration suivante doit être utilisée lorsque Nextcloud est placé dans le webroot de votre installation nginx. Dans cet exemple, il sagit de /var/www/nextcloud et on y accède via http(s)://cloud.ouestyan.xyz/</p>
<h4 id="cloudouestyanxyz-1">cloud.ouestyan.xyz</h4>
<p>Le fichier de configuration web <code class="language-plaintext highlighter-rouge">cloud.ouestyan.xyz.conf</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/nginx/conf.d/cloud.ouestyan.xyz.conf
</code></pre></div></div>
<div class="language-nginx highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">upstream</span> <span class="s">php-handler</span> <span class="p">{</span>
<span class="kn">server</span> <span class="s">unix:/var/run/php/nextcloud.sock</span><span class="p">;</span>
<span class="p">}</span>
<span class="k">server</span> <span class="p">{</span>
<span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span>
<span class="kn">listen</span> <span class="s">[::]:80</span><span class="p">;</span>
<span class="kn">server_name</span> <span class="s">cloud.ouestyan.xyz</span><span class="p">;</span>
<span class="c1"># enforce https</span>
<span class="kn">return</span> <span class="mi">301</span> <span class="s">https://</span><span class="nv">$server_name</span><span class="p">:</span><span class="mi">443</span><span class="nv">$request_uri</span><span class="p">;</span>
<span class="p">}</span>
<span class="k">server</span> <span class="p">{</span>
<span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span>
<span class="kn">listen</span> <span class="s">[::]:443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span>
<span class="kn">server_name</span> <span class="s">cloud.ouestyan.xyz</span><span class="p">;</span>
<span class="c1"># Use Mozilla's guidelines for SSL/TLS settings</span>
<span class="c1"># https://mozilla.github.io/server-side-tls/ssl-config-generator/</span>
<span class="c1"># NOTE: some settings below might be redundant</span>
<span class="kn">ssl_certificate</span> <span class="n">/etc/ssl/private/ouestyan.xyz-fullchain.pem</span><span class="p">;</span>
<span class="kn">ssl_certificate_key</span> <span class="n">/etc/ssl/private/ouestyan.xyz-key.pem</span><span class="p">;</span>
<span class="c1"># TLS 1.3 only</span>
<span class="kn">ssl_protocols</span> <span class="s">TLSv1.3</span><span class="p">;</span>
<span class="kn">ssl_prefer_server_ciphers</span> <span class="no">off</span><span class="p">;</span>
<span class="c1"># HSTS (ngx_http_headers_module is required) (63072000 seconds)</span>
<span class="kn">add_header</span> <span class="s">Strict-Transport-Security</span> <span class="s">"max-age=63072000"</span> <span class="s">always</span><span class="p">;</span>
<span class="c1"># Virtual Host Configs</span>
<span class="kn">include</span> <span class="n">/etc/nginx/conf.d/ouestyan.xyz.d/*.conf</span><span class="p">;</span>
<span class="c1"># OCSP stapling</span>
<span class="kn">ssl_stapling</span> <span class="no">on</span><span class="p">;</span>
<span class="kn">ssl_stapling_verify</span> <span class="no">on</span><span class="p">;</span>
<span class="c1"># verify chain of trust of OCSP response using Root CA and Intermediate certs</span>
<span class="kn">ssl_trusted_certificate</span> <span class="n">/etc/ssl/private/ouestyan.xyz-fullchain.pem</span><span class="p">;</span>
<span class="c1"># replace with the IP address of your resolver</span>
<span class="kn">resolver</span> <span class="mf">8.8</span><span class="s">.8.8</span><span class="p">;</span>
<span class="c1"># Add headers to serve security related headers</span>
<span class="c1"># Before enabling Strict-Transport-Security headers please read into this</span>
<span class="c1"># topic first.</span>
<span class="c1">#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;</span>
<span class="c1">#</span>
<span class="c1"># WARNING: Only add the preload option once you read about</span>
<span class="c1"># the consequences in https://hstspreload.org/. This option</span>
<span class="c1"># will add the domain to a hardcoded list that is shipped</span>
<span class="c1"># in all major browsers and getting removed from this list</span>
<span class="c1"># could take several months.</span>
<span class="kn">add_header</span> <span class="s">Referrer-Policy</span> <span class="s">"no-referrer"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Content-Type-Options</span> <span class="s">"nosniff"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Download-Options</span> <span class="s">"noopen"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Frame-Options</span> <span class="s">"SAMEORIGIN"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Permitted-Cross-Domain-Policies</span> <span class="s">"none"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Robots-Tag</span> <span class="s">"none"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-XSS-Protection</span> <span class="s">"1</span><span class="p">;</span> <span class="kn">mode=block"</span> <span class="s">always</span><span class="p">;</span>
<span class="c1"># Remove X-Powered-By, which is an information leak</span>
<span class="kn">fastcgi_hide_header</span> <span class="s">X-Powered-By</span><span class="p">;</span>
<span class="c1"># Path to the root of your installation</span>
<span class="kn">root</span> <span class="n">/var/www/nextcloud</span><span class="p">;</span>
<span class="kn">location</span> <span class="p">=</span> <span class="n">/robots.txt</span> <span class="p">{</span>
<span class="kn">allow</span> <span class="s">all</span><span class="p">;</span>
<span class="kn">log_not_found</span> <span class="no">off</span><span class="p">;</span>
<span class="kn">access_log</span> <span class="no">off</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1"># The following 2 rules are only needed for the user_webfinger app.</span>
<span class="c1"># Uncomment it if you're planning to use this app.</span>
<span class="c1">#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;</span>
<span class="c1">#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;</span>
<span class="c1"># The following rule is only needed for the Social app.</span>
<span class="c1"># Uncomment it if you're planning to use this app.</span>
<span class="c1">#rewrite ^/.well-known/webfinger /public.php?service=webfinger last;</span>
<span class="kn">location</span> <span class="p">=</span> <span class="n">/.well-known/carddav</span> <span class="p">{</span>
<span class="kn">return</span> <span class="mi">301</span> <span class="nv">$scheme</span><span class="p">:</span><span class="n">//</span><span class="nv">$host</span><span class="p">:</span><span class="nv">$server_port</span><span class="n">/remote.php/dav</span><span class="p">;</span>
<span class="p">}</span>
<span class="kn">location</span> <span class="p">=</span> <span class="n">/.well-known/caldav</span> <span class="p">{</span>
<span class="kn">return</span> <span class="mi">301</span> <span class="nv">$scheme</span><span class="p">:</span><span class="n">//</span><span class="nv">$host</span><span class="p">:</span><span class="nv">$server_port</span><span class="n">/remote.php/dav</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1"># Anything else is dynamically handled by Nextcloud</span>
<span class="kn">location</span> <span class="s">^~</span> <span class="n">/.well-known</span> <span class="p">{</span> <span class="kn">return</span> <span class="mi">301</span> <span class="n">/index.php</span><span class="nv">$uri</span><span class="p">;</span> <span class="p">}</span>
<span class="c1"># set max upload size</span>
<span class="kn">client_max_body_size</span> <span class="mi">512M</span><span class="p">;</span>
<span class="kn">fastcgi_buffers</span> <span class="mi">64</span> <span class="mi">4K</span><span class="p">;</span>
<span class="c1"># Enable gzip but do not remove ETag headers</span>
<span class="kn">gzip</span> <span class="no">on</span><span class="p">;</span>
<span class="kn">gzip_vary</span> <span class="no">on</span><span class="p">;</span>
<span class="kn">gzip_comp_level</span> <span class="mi">4</span><span class="p">;</span>
<span class="kn">gzip_min_length</span> <span class="mi">256</span><span class="p">;</span>
<span class="kn">gzip_proxied</span> <span class="s">expired</span> <span class="s">no-cache</span> <span class="s">no-store</span> <span class="s">private</span> <span class="s">no_last_modified</span> <span class="s">no_etag</span> <span class="s">auth</span><span class="p">;</span>
<span class="kn">gzip_types</span> <span class="nc">application/atom</span><span class="s">+xml</span> <span class="nc">application/javascript</span> <span class="nc">application/json</span> <span class="nc">application/ld</span><span class="s">+json</span> <span class="nc">application/manifest</span><span class="s">+json</span> <span class="nc">application/rss</span><span class="s">+xml</span> <span class="nc">application/vnd</span><span class="s">.geo+json</span> <span class="nc">application/vnd</span><span class="s">.ms-fontobject</span> <span class="nc">application/x-font-ttf</span> <span class="nc">application/x-web-app-manifest</span><span class="s">+json</span> <span class="nc">application/xhtml</span><span class="s">+xml</span> <span class="nc">application/xml</span> <span class="nc">font/opentype</span> <span class="nc">image/bmp</span> <span class="nc">image/svg</span><span class="s">+xml</span> <span class="nc">image/x-icon</span> <span class="nc">text/cache-manifest</span> <span class="nc">text/css</span> <span class="nc">text/plain</span> <span class="nc">text/vcard</span> <span class="nc">text/vnd</span><span class="s">.rim.location.xloc</span> <span class="nc">text/vtt</span> <span class="nc">text/x-component</span> <span class="nc">text/x-cross-domain-policy</span><span class="p">;</span>
<span class="c1"># Uncomment if your server is build with the ngx_pagespeed module</span>
<span class="c1"># This module is currently not supported.</span>
<span class="c1">#pagespeed off;</span>
<span class="kn">location</span> <span class="n">/</span> <span class="p">{</span>
<span class="kn">rewrite</span> <span class="s">^</span> <span class="n">/index.php</span><span class="p">;</span>
<span class="p">}</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">^\/(?:build|tests|config|lib|3rdparty|templates|data)\/</span> <span class="p">{</span>
<span class="kn">deny</span> <span class="s">all</span><span class="p">;</span>
<span class="p">}</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">^\/(?:\.|autotest|occ|issue|indie|db_|console)</span> <span class="p">{</span>
<span class="kn">deny</span> <span class="s">all</span><span class="p">;</span>
<span class="p">}</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/)</span> <span class="p">{</span>
<span class="kn">fastcgi_split_path_info</span> <span class="s">^(.+?</span><span class="err">\</span><span class="s">.php)(</span><span class="err">\</span><span class="n">/.*|</span><span class="s">)</span>$<span class="p">;</span>
<span class="kn">set</span> <span class="nv">$path_info</span> <span class="nv">$fastcgi_path_info</span><span class="p">;</span>
<span class="kn">try_files</span> <span class="nv">$fastcgi_script_name</span> <span class="p">=</span><span class="mi">404</span><span class="p">;</span>
<span class="kn">include</span> <span class="s">fastcgi_params</span><span class="p">;</span>
<span class="kn">fastcgi_param</span> <span class="s">SCRIPT_FILENAME</span> <span class="nv">$document_root$fastcgi_script_name</span><span class="p">;</span>
<span class="kn">fastcgi_param</span> <span class="s">PATH_INFO</span> <span class="nv">$path_info</span><span class="p">;</span>
<span class="kn">fastcgi_param</span> <span class="s">HTTPS</span> <span class="no">on</span><span class="p">;</span>
<span class="c1"># Avoid sending the security headers twice</span>
<span class="kn">fastcgi_param</span> <span class="s">modHeadersAvailable</span> <span class="s">true</span><span class="p">;</span>
<span class="c1"># Enable pretty urls</span>
<span class="kn">fastcgi_param</span> <span class="s">front_controller_active</span> <span class="s">true</span><span class="p">;</span>
<span class="kn">fastcgi_pass</span> <span class="s">php-handler</span><span class="p">;</span>
<span class="kn">fastcgi_intercept_errors</span> <span class="no">on</span><span class="p">;</span>
<span class="kn">fastcgi_request_buffering</span> <span class="no">off</span><span class="p">;</span>
<span class="p">}</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">^\/(?:updater|oc[ms]-provider)(?:$|\/)</span> <span class="p">{</span>
<span class="kn">try_files</span> <span class="nv">$uri</span><span class="n">/</span> <span class="p">=</span><span class="mi">404</span><span class="p">;</span>
<span class="kn">index</span> <span class="s">index.php</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1"># Adding the cache control header for js, css and map files</span>
<span class="c1"># Make sure it is BELOW the PHP block</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">\.(?:css|js|woff2?|svg|gif|map)$</span> <span class="p">{</span>
<span class="kn">try_files</span> <span class="nv">$uri</span> <span class="n">/index.php</span><span class="nv">$request_uri</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">Cache-Control</span> <span class="s">"public,</span> <span class="s">max-age=15778463"</span><span class="p">;</span>
<span class="c1"># Add headers to serve security related headers (It is intended to</span>
<span class="c1"># have those duplicated to the ones above)</span>
<span class="c1"># Before enabling Strict-Transport-Security headers please read into</span>
<span class="c1"># this topic first.</span>
<span class="c1">#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;</span>
<span class="c1">#</span>
<span class="c1"># WARNING: Only add the preload option once you read about</span>
<span class="c1"># the consequences in https://hstspreload.org/. This option</span>
<span class="c1"># will add the domain to a hardcoded list that is shipped</span>
<span class="c1"># in all major browsers and getting removed from this list</span>
<span class="c1"># could take several months.</span>
<span class="kn">add_header</span> <span class="s">Referrer-Policy</span> <span class="s">"no-referrer"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Content-Type-Options</span> <span class="s">"nosniff"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Download-Options</span> <span class="s">"noopen"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Frame-Options</span> <span class="s">"SAMEORIGIN"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Permitted-Cross-Domain-Policies</span> <span class="s">"none"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Robots-Tag</span> <span class="s">"none"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-XSS-Protection</span> <span class="s">"1</span><span class="p">;</span> <span class="kn">mode=block"</span> <span class="s">always</span><span class="p">;</span>
<span class="c1"># Optional: Don't log access to assets</span>
<span class="kn">access_log</span> <span class="no">off</span><span class="p">;</span>
<span class="p">}</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">\.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$</span> <span class="p">{</span>
<span class="kn">try_files</span> <span class="nv">$uri</span> <span class="n">/index.php</span><span class="nv">$request_uri</span><span class="p">;</span>
<span class="c1"># Optional: Don't log access to other assets</span>
<span class="kn">access_log</span> <span class="no">off</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span>
</code></pre></div></div>
<h3 id="nextcloud-dans-un-sous-répertoire-du-webroot-de-nginx">Nextcloud dans un sous-répertoire du webroot de NGINX</h3>
<p>La configuration suivante doit être utilisée lorsque Nextcloud est placé dans un sous-répertoire du webroot de votre installation nginx. Dans cet exemple, les fichiers Nextcloud sont situés dans <code class="language-plaintext highlighter-rouge">/var/www/nextcloud</code> et linstance Nextcloud est accessible via http(s)://ouestyan.xyz/nextcloud/. Cette configuration diffère de la configuration “Nextcloud dans webroot” ci-dessus de la manière suivante :</p>
<ul>
<li>Toutes les demandes pour <code class="language-plaintext highlighter-rouge">/nextcloud</code> sont encapsulées dans un seul bloc <code class="language-plaintext highlighter-rouge">location</code>, à savoir emplacement <code class="language-plaintext highlighter-rouge">^~ /nextcloud</code>.</li>
<li>La chaîne <code class="language-plaintext highlighter-rouge">/nextcloud</code> est ajoutée au début de tous les chemins de préfixe.</li>
<li>La racine du domaine est mappée sur <code class="language-plaintext highlighter-rouge">/var/www/default-www</code> plutôt que sur <code class="language-plaintext highlighter-rouge">/var/www/nextcloud</code>, de sorte que lURI <code class="language-plaintext highlighter-rouge">/nextcloud</code> est mappé sur le répertoire du serveur <code class="language-plaintext highlighter-rouge">/var/www/nextcloud</code>.</li>
<li>Les blocs qui gèrent les requêtes pour les chemins en dehors de <code class="language-plaintext highlighter-rouge">/nextcloud</code> (cest-à-dire <code class="language-plaintext highlighter-rouge">/robots.txt</code> et <code class="language-plaintext highlighter-rouge">/.well-known</code>) sont extraits du bloc location <code class="language-plaintext highlighter-rouge">^~ /nextcloud</code>.</li>
<li>Le bloc qui gère <code class="language-plaintext highlighter-rouge">/.well-known</code> na pas besoin dune exception regex, puisque la règle qui empêche les utilisateurs daccéder aux dossiers cachés à la racine de linstallation Nextcloud ne correspond plus à ce chemin.</li>
</ul>
<h4 id="ouestyanxyznextcloud">ouestyan.xyz/nextcloud</h4>
<p>Le fichier de configuration web <code class="language-plaintext highlighter-rouge">cloud.ouestyan.xyz.conf</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/nginx/conf.d/cloud.ouestyan.xyz.conf
</code></pre></div></div>
<div class="language-nginx highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">upstream</span> <span class="s">php-handler</span> <span class="p">{</span>
<span class="kn">server</span> <span class="s">unix:/var/run/php/nextcloud.sock</span><span class="p">;</span>
<span class="p">}</span>
<span class="k">server</span> <span class="p">{</span>
<span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span>
<span class="kn">listen</span> <span class="s">[::]:80</span><span class="p">;</span>
<span class="kn">server_name</span> <span class="s">ouestyan.xyz</span><span class="p">;</span>
<span class="c1"># Enforce HTTPS just for `/nextcloud`</span>
<span class="kn">location</span> <span class="n">/nextcloud</span> <span class="p">{</span>
<span class="kn">return</span> <span class="mi">301</span> <span class="s">https://</span><span class="nv">$server_name$request_uri</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="k">server</span> <span class="p">{</span>
<span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span>
<span class="kn">listen</span> <span class="s">[::]:443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span>
<span class="kn">server_name</span> <span class="s">ouestyan.xyz</span><span class="p">;</span>
<span class="c1"># Use Mozilla's guidelines for SSL/TLS settings</span>
<span class="c1"># https://mozilla.github.io/server-side-tls/ssl-config-generator/</span>
<span class="c1"># NOTE: some settings below might be redundant</span>
<span class="kn">ssl_certificate</span> <span class="n">/etc/ssl/private/ouestyan.xyz-fullchain.pem</span><span class="p">;</span>
<span class="kn">ssl_certificate_key</span> <span class="n">/etc/ssl/private/ouestyan.xyz-key.pem</span><span class="p">;</span>
<span class="c1"># TLS 1.3 only</span>
<span class="kn">ssl_protocols</span> <span class="s">TLSv1.3</span><span class="p">;</span>
<span class="kn">ssl_prefer_server_ciphers</span> <span class="no">off</span><span class="p">;</span>
<span class="c1"># HSTS (ngx_http_headers_module is required) (63072000 seconds)</span>
<span class="kn">add_header</span> <span class="s">Strict-Transport-Security</span> <span class="s">"max-age=63072000"</span> <span class="s">always</span><span class="p">;</span>
<span class="c1"># Virtual Host Configs</span>
<span class="kn">include</span> <span class="n">/etc/nginx/conf.d/ouestyan.xyz.d/*.conf</span><span class="p">;</span>
<span class="c1"># OCSP stapling</span>
<span class="kn">ssl_stapling</span> <span class="no">on</span><span class="p">;</span>
<span class="kn">ssl_stapling_verify</span> <span class="no">on</span><span class="p">;</span>
<span class="c1"># verify chain of trust of OCSP response using Root CA and Intermediate certs</span>
<span class="kn">ssl_trusted_certificate</span> <span class="n">/etc/ssl/private/ouestyan.xyz-fullchain.pem</span><span class="p">;</span>
<span class="c1"># replace with the IP address of your resolver</span>
<span class="kn">resolver</span> <span class="mf">8.8</span><span class="s">.8.8</span><span class="p">;</span>
<span class="c1"># Path to the root of the domain</span>
<span class="kn">root</span> <span class="n">/var/www/default-www/</span><span class="p">;</span>
<span class="kn">location</span> <span class="p">=</span> <span class="n">/robots.txt</span> <span class="p">{</span>
<span class="kn">allow</span> <span class="s">all</span><span class="p">;</span>
<span class="kn">log_not_found</span> <span class="no">off</span><span class="p">;</span>
<span class="kn">access_log</span> <span class="no">off</span><span class="p">;</span>
<span class="p">}</span>
<span class="kn">location</span> <span class="s">^~</span> <span class="n">/.well-known</span> <span class="p">{</span>
<span class="c1"># The rules in this block are an adaptation of the rules</span>
<span class="c1"># in the Nextcloud `.htaccess` that concern `/.well-known`.</span>
<span class="kn">location</span> <span class="p">=</span> <span class="n">/.well-known/carddav</span> <span class="p">{</span> <span class="kn">return</span> <span class="mi">301</span> <span class="n">/nextcloud/remote.php/dav/</span><span class="p">;</span> <span class="p">}</span>
<span class="kn">location</span> <span class="p">=</span> <span class="n">/.well-known/caldav</span> <span class="p">{</span> <span class="kn">return</span> <span class="mi">301</span> <span class="n">/nextcloud/remote.php/dav/</span><span class="p">;</span> <span class="p">}</span>
<span class="kn">location</span> <span class="n">/.well-known/acme-challenge</span> <span class="p">{</span> <span class="kn">try_files</span> <span class="nv">$uri</span> <span class="nv">$uri</span><span class="n">/</span> <span class="p">=</span><span class="mi">404</span><span class="p">;</span> <span class="p">}</span>
<span class="kn">location</span> <span class="n">/.well-known/pki-validation</span> <span class="p">{</span> <span class="kn">try_files</span> <span class="nv">$uri</span> <span class="nv">$uri</span><span class="n">/</span> <span class="p">=</span><span class="mi">404</span><span class="p">;</span> <span class="p">}</span>
<span class="c1"># Let Nextcloud's API for `/.well-known` URIs handle all other</span>
<span class="c1"># requests by passing them to the front-end controller.</span>
<span class="kn">return</span> <span class="mi">301</span> <span class="n">/nextcloud/index.php</span><span class="nv">$request_uri</span><span class="p">;</span>
<span class="p">}</span>
<span class="kn">location</span> <span class="s">^~</span> <span class="n">/nextcloud</span> <span class="p">{</span>
<span class="c1"># set max upload size and increase upload timeout:</span>
<span class="kn">client_max_body_size</span> <span class="mi">512M</span><span class="p">;</span>
<span class="kn">client_body_timeout</span> <span class="s">300s</span><span class="p">;</span>
<span class="kn">fastcgi_buffers</span> <span class="mi">64</span> <span class="mi">4K</span><span class="p">;</span>
<span class="c1"># Enable gzip but do not remove ETag headers</span>
<span class="kn">gzip</span> <span class="no">on</span><span class="p">;</span>
<span class="kn">gzip_vary</span> <span class="no">on</span><span class="p">;</span>
<span class="kn">gzip_comp_level</span> <span class="mi">4</span><span class="p">;</span>
<span class="kn">gzip_min_length</span> <span class="mi">256</span><span class="p">;</span>
<span class="kn">gzip_proxied</span> <span class="s">expired</span> <span class="s">no-cache</span> <span class="s">no-store</span> <span class="s">private</span> <span class="s">no_last_modified</span> <span class="s">no_etag</span> <span class="s">auth</span><span class="p">;</span>
<span class="kn">gzip_types</span> <span class="nc">application/atom</span><span class="s">+xml</span> <span class="nc">application/javascript</span> <span class="nc">application/json</span> <span class="nc">application/ld</span><span class="s">+json</span> <span class="nc">application/manifest</span><span class="s">+json</span> <span class="nc">application/rss</span><span class="s">+xml</span> <span class="nc">application/vnd</span><span class="s">.geo+json</span> <span class="nc">application/vnd</span><span class="s">.ms-fontobject</span> <span class="nc">application/wasm</span> <span class="nc">application/x-font-ttf</span> <span class="nc">application/x-web-app-manifest</span><span class="s">+json</span> <span class="nc">application/xhtml</span><span class="s">+xml</span> <span class="nc">application/xml</span> <span class="nc">font/opentype</span> <span class="nc">image/bmp</span> <span class="nc">image/svg</span><span class="s">+xml</span> <span class="nc">image/x-icon</span> <span class="nc">text/cache-manifest</span> <span class="nc">text/css</span> <span class="nc">text/plain</span> <span class="nc">text/vcard</span> <span class="nc">text/vnd</span><span class="s">.rim.location.xloc</span> <span class="nc">text/vtt</span> <span class="nc">text/x-component</span> <span class="nc">text/x-cross-domain-policy</span><span class="p">;</span>
<span class="c1"># Pagespeed is not supported by Nextcloud, so if your server is built</span>
<span class="c1"># with the `ngx_pagespeed` module, uncomment this line to disable it.</span>
<span class="c1">#pagespeed off;</span>
<span class="c1"># HTTP response headers borrowed from Nextcloud `.htaccess`</span>
<span class="kn">add_header</span> <span class="s">Referrer-Policy</span> <span class="s">"no-referrer"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Content-Type-Options</span> <span class="s">"nosniff"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Download-Options</span> <span class="s">"noopen"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Frame-Options</span> <span class="s">"SAMEORIGIN"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Permitted-Cross-Domain-Policies</span> <span class="s">"none"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-Robots-Tag</span> <span class="s">"none"</span> <span class="s">always</span><span class="p">;</span>
<span class="kn">add_header</span> <span class="s">X-XSS-Protection</span> <span class="s">"1</span><span class="p">;</span> <span class="kn">mode=block"</span> <span class="s">always</span><span class="p">;</span>
<span class="c1"># Remove X-Powered-By, which is an information leak</span>
<span class="kn">fastcgi_hide_header</span> <span class="s">X-Powered-By</span><span class="p">;</span>
<span class="c1"># Specify how to handle directories -- specifying `/nextcloud/index.php$request_uri`</span>
<span class="c1"># here as the fallback means that Nginx always exhibits the desired behaviour</span>
<span class="c1"># when a client requests a path that corresponds to a directory that exists</span>
<span class="c1"># on the server. In particular, if that directory contains an index.php file,</span>
<span class="c1"># that file is correctly served; if it doesn't, then the request is passed to</span>
<span class="c1"># the front-end controller. This consistent behaviour means that we don't need</span>
<span class="c1"># to specify custom rules for certain paths (e.g. images and other assets,</span>
<span class="c1"># `/updater`, `/ocm-provider`, `/ocs-provider`), and thus</span>
<span class="c1"># `try_files $uri $uri/ /nextcloud/index.php$request_uri`</span>
<span class="c1"># always provides the desired behaviour.</span>
<span class="kn">index</span> <span class="s">index.php</span> <span class="s">index.html</span> <span class="n">/nextcloud/index.php</span><span class="nv">$request_uri</span><span class="p">;</span>
<span class="c1"># Rule borrowed from `.htaccess` to handle Microsoft DAV clients</span>
<span class="kn">location</span> <span class="p">=</span> <span class="n">/nextcloud</span> <span class="p">{</span>
<span class="kn">if</span> <span class="s">(</span> <span class="nv">$http_user_agent</span> <span class="p">~</span> <span class="sr">^DavClnt</span> <span class="s">)</span> <span class="p">{</span>
<span class="kn">return</span> <span class="mi">302</span> <span class="n">/nextcloud/remote.php/webdav/</span><span class="nv">$is_args$args</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="c1"># Rules borrowed from `.htaccess` to hide certain paths from clients</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)</span> <span class="p">{</span> <span class="kn">return</span> <span class="mi">404</span><span class="p">;</span> <span class="p">}</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console)</span> <span class="p">{</span> <span class="kn">return</span> <span class="mi">404</span><span class="p">;</span> <span class="p">}</span>
<span class="c1"># Ensure this block, which passes PHP files to the PHP process, is above the blocks</span>
<span class="c1"># which handle static assets (as seen below). If this block is not declared first,</span>
<span class="c1"># then Nginx will encounter an infinite rewriting loop when it prepends</span>
<span class="c1"># `/nextcloud/index.php` to the URI, resulting in a HTTP 500 error response.</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">\.php(?:$|/)</span> <span class="p">{</span>
<span class="c1"># Required for legacy support</span>
<span class="kn">rewrite</span> <span class="s">^/nextcloud/(?!index|remote|public|cron|core</span><span class="err">\</span><span class="n">/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy</span><span class="s">)</span> <span class="n">/nextcloud/index.php</span><span class="nv">$request_uri</span><span class="p">;</span>
<span class="kn">fastcgi_split_path_info</span> <span class="s">^(.+?</span><span class="err">\</span><span class="s">.php)(/.*)</span>$<span class="p">;</span>
<span class="kn">set</span> <span class="nv">$path_info</span> <span class="nv">$fastcgi_path_info</span><span class="p">;</span>
<span class="kn">try_files</span> <span class="nv">$fastcgi_script_name</span> <span class="p">=</span><span class="mi">404</span><span class="p">;</span>
<span class="kn">include</span> <span class="s">fastcgi_params</span><span class="p">;</span>
<span class="kn">fastcgi_param</span> <span class="s">SCRIPT_FILENAME</span> <span class="nv">$document_root$fastcgi_script_name</span><span class="p">;</span>
<span class="kn">fastcgi_param</span> <span class="s">PATH_INFO</span> <span class="nv">$path_info</span><span class="p">;</span>
<span class="kn">fastcgi_param</span> <span class="s">HTTPS</span> <span class="no">on</span><span class="p">;</span>
<span class="kn">fastcgi_param</span> <span class="s">modHeadersAvailable</span> <span class="s">true</span><span class="p">;</span> <span class="c1"># Avoid sending the security headers twice</span>
<span class="kn">fastcgi_param</span> <span class="s">front_controller_active</span> <span class="s">true</span><span class="p">;</span> <span class="c1"># Enable pretty urls</span>
<span class="kn">fastcgi_pass</span> <span class="s">php-handler</span><span class="p">;</span>
<span class="kn">fastcgi_intercept_errors</span> <span class="no">on</span><span class="p">;</span>
<span class="kn">fastcgi_request_buffering</span> <span class="no">off</span><span class="p">;</span>
<span class="p">}</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">\.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite)$</span> <span class="p">{</span>
<span class="kn">try_files</span> <span class="nv">$uri</span> <span class="n">/nextcloud/index.php</span><span class="nv">$request_uri</span><span class="p">;</span>
<span class="kn">expires</span> <span class="mi">6M</span><span class="p">;</span> <span class="c1"># Cache-Control policy borrowed from `.htaccess`</span>
<span class="kn">access_log</span> <span class="no">off</span><span class="p">;</span> <span class="c1"># Optional: Don't log access to assets</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">\.wasm$</span> <span class="p">{</span>
<span class="kn">default_type</span> <span class="nc">application/wasm</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="kn">location</span> <span class="p">~</span> <span class="sr">\.woff2?$</span> <span class="p">{</span>
<span class="kn">try_files</span> <span class="nv">$uri</span> <span class="n">/nextcloud/index.php</span><span class="nv">$request_uri</span><span class="p">;</span>
<span class="kn">expires</span> <span class="s">7d</span><span class="p">;</span> <span class="c1"># Cache-Control policy borrowed from `.htaccess`</span>
<span class="kn">access_log</span> <span class="no">off</span><span class="p">;</span> <span class="c1"># Optional: Don't log access to assets</span>
<span class="p">}</span>
<span class="c1"># Rule borrowed from `.htaccess`</span>
<span class="kn">location</span> <span class="n">/nextcloud/remote</span> <span class="p">{</span>
<span class="kn">return</span> <span class="mi">301</span> <span class="n">/nextcloud/remote.php</span><span class="nv">$request_uri</span><span class="p">;</span>
<span class="p">}</span>
<span class="kn">location</span> <span class="n">/nextcloud</span> <span class="p">{</span>
<span class="kn">try_files</span> <span class="nv">$uri</span> <span class="nv">$uri</span><span class="n">/</span> <span class="n">/nextcloud/index.php</span><span class="nv">$request_uri</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
</code></pre></div></div>
<p>Vérifier et recharger nginx</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nginx -t
sudo systemctl reload nginx
</code></pre></div></div>
<p>Recharger php-fpm</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl reload php8.0-fpm
</code></pre></div></div>
<h2 id="paramétrer-nextcloud">Paramétrer Nextcloud</h2>
<p>Lancer <a href="https://cloud.ouestyan.xyz">https://cloud.ouestyan.xyz</a></p>
<h3 id="compte-administrateur">Compte administrateur</h3>
<p>Créer un compte administrateur et son mot de passe
admin
Saisir les informations sur la base , utilisateur et mot de passe <br />
<img src="/images/nextcloud-ouestyan001.png" alt="" width="200" /> <img src="/images/nextcloud.rnmkcy.eu003.png" alt="" width="200" /></p>
<p>Ne pas installer les applications recommandées</p>
<p>INFO : Pour réinitialiser le mot de passe admin nextcloud</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -u nextcloud php /var/www/nextcloud/occ user:resetpassword admin
</code></pre></div></div>
<h3 id="configuration-de-la-région">Configuration de la région</h3>
<p><strong>Votre installation na pas de préfixe de région par défaut.</strong> , ajouter <code class="language-plaintext highlighter-rouge">'default_phone_region' =&gt; 'FR',</code> dans le le fichier <code class="language-plaintext highlighter-rouge">/var/www/nextcloud/config/config.php</code> ou exécuter la commande suivante <br />
Configuration de la région par défaut pour les numéros de téléphone</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo -u nextcloud php /var/www/nextcloud/occ config:system:set default_phone_region --value="FR"
</code></pre></div></div>
<p><em>System config value default_phone_region set to string FR</em></p>
<h3 id="authentification-2fa">Authentification 2FA</h3>
<p><a href="/2021/09/18/Nextcloud22_Nginx_PHP8-FPM_MariaDB_SSL-TLS.html#authentification-%C3%A0-deux-facteurs">Authentification à deux facteurs</a><br />
<img src="/images/cloud_ouestyan_xyz01.png" alt="" /><br />
Aller ensuite dans “Paramètres → Applications Sécurité”<br />
<img src="/images/cloud_ouestyan_xyz02.png" alt="" /><br />
Aller ensuite dans “Paramètres → Personnel Sécurité” et <strong>Activer les mots de passe à usage unique (TOTP)</strong>
<img src="/images/cloud_ouestyan_xyz03.png" alt="" /><br />
Ensuite saisr la “clé secrète” dans le générateur de code TOTP (andOTP, keepass, etc…) et valider lactivation 2FA<br />
Pour terminer , <strong>Générer des codes de récupération</strong> .Veuillez les sauvegarder et/ou les imprimer car vous ne pourrez plus y avoir accès ultérieurement</p>
<h3 id="thème-apparence-messagerie-et-stockage">Thème, Apparence, Messagerie et Stockage</h3>
<p>Un thème sombre basé sur <strong>Breeze Dark</strong> <br />
Aller dans “Applications → Personnalisation”<br />
<img src="/images/cloud_ouestyan_xyz04.png" alt="" /><br />
Aller ensuite dans “Paramètres Administration → Personnaliser lapparence”</p>
<p>Logo : ym.png<br />
Image de connexion : coucher-de-soleil-sur-le-lac_1920x1080-optim.jpg<br />
Logo dentête : ym01.png<br />
Favicon : yannick-white.svg<br />
<img src="/images/cloud_ouestyan_xyz05.png" alt="" /></p>
<p><strong>Thème</strong><br />
Activer Breeze-dark au préalable dans Paramètres -&gt; Applications<br />
<img src="/images/cloud_ouestyan_xyz06.png" alt="" /></p>
<p>Personnel → Informations personnelles<br />
<img src="/images/cloud_ouestyan_xyz07a.png" alt="" /></p>
<p><strong>Messagerie</strong><br />
<img src="/images/cloud_ouestyan_xyz07.png" alt="" /></p>
<p><img src="/images/cloud_ouestyan_xyz08.png" alt="" /><br />
Lancer le test<br />
<img src="/images/cloud_ouestyan_xyz09.png" alt="" /></p>
<p><strong>Stockage externe</strong> (paramétrage en admin)<br />
Applications , activer external storage support<br />
<img src="/images/cloud_ouestyan_xyz10.png" alt="" /></p>
<p>Paramètres → Administration Stockage externe<br />
<img src="/images/cloud_ouestyan_xyz11.png" alt="" /></p>
<h3 id="cache-de-données--apcu--redis">Cache de données : APCu &amp; Redis</h3>
<p><em>APCu permet notamment de mettre en cache les variables PHP et de les stocker en mémoire vive. Redis est un système de gestion de base de données NoSQL avec un système de clef-valeur scalable (sadapte à la charge). Une des principales caractéristiques de Redis est de conserver lintégralité des données en RAM. Cela permet dobtenir dexcellentes performances en évitant les accès disques, particulièrement coûteux.</em><br />
<a href="https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-redis-on-ubuntu-18-04">How To Install and Secure Redis on Ubuntu 18.04</a></p>
<p>Installez les paquets APCu et Redis :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo apt install php8.0-apcu redis-server php8.0-redis
</code></pre></div></div>
<p>Il faut ajouter <code class="language-plaintext highlighter-rouge">apc.enable_cli=1</code> au fichier <code class="language-plaintext highlighter-rouge">/etc/php/8.0/mods-available/apcu.ini</code></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>extension=apcu.so
apc.enable_cli=1
</code></pre></div></div>
<p>Ajoutez les lignes suivantes dans le fichier /var/www/nextcloud/config/config.php :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /var/www/nextcloud/config/config.php
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> 'memcache.local' =&gt; '\OC\Memcache\APCu',
'memcache.locking' =&gt; '\OC\Memcache\Redis',
'memcache.local' =&gt; '\OC\Memcache\Redis',
'redis' =&gt; array(
'host' =&gt; 'localhost',
'port' =&gt; 6379,
'timeout' =&gt; 0.0,
'password' =&gt; '',
),
</code></pre></div></div>
<ul>
<li>La directive filelocking.enabled sert à activer le verrouillage de fichier transactionnel, et nous précisons ensuite que cest Redis qui assure cette fonction au travers de la directive memcache.locking.</li>
<li>La directive memcache.local sert à préciser que Redis gère le cache</li>
<li>Le bloc de configuration “redis” avec les directives host, port, timeout et password sert à indiquer la configuration de notre redis. Pour passer en mode socket, il faudrait indiquer le chemin vers le socket à la place de localhost. Pour le moment, laissez la valeur mot de passe vide.</li>
</ul>
<p>La nouvelle configuration sera prise en compte après redémarrage du service PHP-FPM :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl restart php8.0-fpm.service
</code></pre></div></div>
<p>Se connecter “admin” → Paramétrage → Administration : Vue densemble
Si tout est bien paramétré , voici le message <br />
<img src="/images/nextcloud.rnmkcy.eu004.png" alt="" width="600" /></p>
<h3 id="travaux-cron">Travaux cron</h3>
<p>Vous pouvez programmer des tâches cron de trois façons : en utilisant <strong>AJAX</strong>, <strong>Webcron</strong> ou <strong>cron</strong>. La méthode par défaut consiste à utiliser AJAX. <u>Cependant, la méthode recommandée est d'utiliser **cron**</u>.</p>
<p>Si systemd est installé sur le système, un timer systemd peut être une alternative à un cronjob.</p>
<p>Cette approche nécessite deux fichiers : <code class="language-plaintext highlighter-rouge">nextcloudcron.service</code> et <code class="language-plaintext highlighter-rouge">nextcloudcron.timer</code><br />
Créez ces deux fichiers dans <code class="language-plaintext highlighter-rouge">/etc/systemd/system/</code></p>
<p><code class="language-plaintext highlighter-rouge">/etc/systemd/system/nextcloudcron.service</code> doit ressembler à ceci :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Unit]
Description=Nextcloud cron.php job
[Service]
User=nextcloud
ExecStart=/usr/bin/php -f /var/www/nextcloud/cron.php
KillMode=process
</code></pre></div></div>
<p>Remplacez lutilisateur <code class="language-plaintext highlighter-rouge">User</code> par lutilisateur de votre serveur http (<strong>www-data</strong> si ce nest pas <strong>nextcloud</strong>) et <code class="language-plaintext highlighter-rouge">/var/www/nextcloud/cron.php</code> par lemplacement de cron.php dans votre répertoire nextcloud.</p>
<p>Le paramètre <code class="language-plaintext highlighter-rouge">KillMode=process</code> est nécessaire pour que les programmes externes qui sont lancés par la tâche cron continuent à fonctionner après la fin de la tâche cron.</p>
<p>Notez que le fichier <strong>.service</strong> unit na pas besoin dune section <code class="language-plaintext highlighter-rouge">[Install]</code>. Veuillez vérifier votre installation car nous lavons recommandé dans les versions précédentes de ce manuel dadministration.</p>
<p>Le fichier <code class="language-plaintext highlighter-rouge">/etc/systemd/system/nextcloudcron.timer</code> devrait ressembler à ceci :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Unit]
Description=Run Nextcloud cron.php every 5 minutes
[Timer]
OnBootSec=5min
OnUnitActiveSec=5min
Unit=nextcloudcron.service
[Install]
WantedBy=timers.target
</code></pre></div></div>
<p>Les parties importantes de lunité de minuterie sont <strong>OnBootSec</strong> et <strong>OnUnitActiveSec</strong>. <strong>OnBootSec</strong> démarre la minuterie 5 minutes après le démarrage, sinon vous devriez la démarrer manuellement après chaque démarrage. <strong>OnUnitActiveSec</strong> déclenchera une minuterie de 5 minutes après la dernière activation de lunité de service.</p>
<p>Maintenant, tout ce qui reste à faire est de démarrer et dactiver le minuteur en exécutant cette commande :</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl enable --now nextcloudcron.timer
</code></pre></div></div>
<p>Lorsque loption <code class="language-plaintext highlighter-rouge">--now</code> est utilisée avec enable, lunité respective sera également démarrée.</p>
<p class="info">Note : Il nest pas obligatoire de sélectionner loption Cron dans le menu dadministration pour les travaux en arrière-plan, car une fois que cron.php est exécuté à partir de la ligne de commande ou du service cron, il sera automatiquement réglé sur Cron.<br />
<img src="/images/cloud_xoyaz_xyz06.png" alt="" width="600" /></p>
<p>Vérifier</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl list-timers
</code></pre></div></div>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>NEXT LEFT LAST PASSED UNIT ACTIVATES
Fri 2021-12-24 15:53:31 UTC 4min 5s left Fri 2021-12-24 15:48:31 UTC 54s ago nextcloudcron.timer nextcloudcron.service
</code></pre></div></div>
<h3 id="stockage-externe">Stockage externe</h3>
<p><img src="/images/cloud_xoyaz_xyz07.png" alt="" width="600" /><br />
<img src="/images/cloud_xoyaz_xyz08.png" alt="" width="600" /></p>
<h3 id="optimiser-mariadb-facultatif">Optimiser MariaDB (Facultatif)</h3>
<p>Edition du fichier mysql.cnf</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf
</code></pre></div></div>
<p>section mysqld</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[mysqld]
innodb_buffer_pool_size=512M
innodb_io_capacity=4000
transaction_isolation = READ-COMMITTED
binlog_format = ROW
</code></pre></div></div>
<p>Redémarrer MariaDB</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sudo systemctl restart mariadb.service
</code></pre></div></div>
<h3 id="changement-mot-de-passe">Changement mot de passe</h3>
<p><strong>Nouveau mot de passe utilisateur en ligne de commande</strong></p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>php occ user:resetpassword NOM_UTILISATEUR
</code></pre></div></div>
<p>Exemple, changer le mot de passe administrateur</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>php occ user:resetpassword admin
</code></pre></div></div>
<h3 id="documentation">Documentation</h3>
<ul>
<li><a href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/linux_database_configuration.html#configuring-a-mysql-or-mariadb-database">Configuring a MySQL or MariaDB database</a></li>
<li><a href="https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache">Enable PHP OPcache</a></li>
<li><a href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html">Memory Caching</a></li>
<li><a href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html">uploading big files &gt; 512MB</a></li>
</ul>
</div>
<div class="d-print-none"><footer class="article__footer"><meta itemprop="dateModified" content="2021-12-24T00:00:00+01:00"><!-- start custom article footer snippet -->
<!-- end custom article footer snippet -->
<!--
<div align="right"><a type="application/rss+xml" href="/feed.xml" title="S'abonner"><i class="fa fa-rss fa-2x"></i></a>
&emsp;</div>
-->
</footer>
<div class="article__section-navigator clearfix"><div class="previous"><span>PRÉCÉDENT</span><a href="/2021/12/22/Executer_Debian_sur_KVM_en_utilisant_l-image_de_nuage_Qcow2.html">Qemu/KVM - Serveur ouestyan.xyz debian 11 virtuel avec image cloud Qcow2 sur archlinux</a></div><div class="next"><span>SUIVANT</span><a href="/2021/12/25/Validation_des_jetons_d-acces_OAuth_2.0_avec_NGINX_et_NGINX_Plus.html">Validation des jetons d'accès OAuth 2.0 avec NGINX et NGINX Plus</a></div></div></div>
</div>
<script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
$(function() {
var $this ,$scroll;
var $articleContent = $('.js-article-content');
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var scroll = hasSidebar ? '.js-page-main' : 'html, body';
$scroll = $(scroll);
$articleContent.find('.highlight').each(function() {
$this = $(this);
$this.attr('data-lang', $this.find('code').attr('data-lang'));
});
$articleContent.find('h1[id], h2[id], h3[id], h4[id], h5[id], h6[id]').each(function() {
$this = $(this);
$this.append($('<a class="anchor d-print-none" aria-hidden="true"></a>').html('<i class="fas fa-anchor"></i>'));
});
$articleContent.on('click', '.anchor', function() {
$scroll.scrollToAnchor('#' + $(this).parent().attr('id'), 400);
});
});
});
})();
</script>
</div><section class="page__comments d-print-none"></section></article><!-- start custom main bottom snippet -->
<!-- end custom main bottom snippet -->
</div>
</div></div></div></div>
</div><script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $body = $('body'), $window = $(window);
var $pageRoot = $('.js-page-root'), $pageMain = $('.js-page-main');
var activeCount = 0;
function modal(options) {
var $root = this, visible, onChange, hideWhenWindowScroll = false;
var scrollTop;
function setOptions(options) {
var _options = options || {};
visible = _options.initialVisible === undefined ? false : show;
onChange = _options.onChange;
hideWhenWindowScroll = _options.hideWhenWindowScroll;
}
function init() {
setState(visible);
}
function setState(isShow) {
if (isShow === visible) {
return;
}
visible = isShow;
if (visible) {
activeCount++;
scrollTop = $(window).scrollTop() || $pageMain.scrollTop();
$root.addClass('modal--show');
$pageMain.scrollTop(scrollTop);
activeCount === 1 && ($pageRoot.addClass('show-modal'), $body.addClass('of-hidden'));
hideWhenWindowScroll && window.hasEvent('touchstart') && $window.on('scroll', hide);
$window.on('keyup', handleKeyup);
} else {
activeCount > 0 && activeCount--;
$root.removeClass('modal--show');
$window.scrollTop(scrollTop);
activeCount === 0 && ($pageRoot.removeClass('show-modal'), $body.removeClass('of-hidden'));
hideWhenWindowScroll && window.hasEvent('touchstart') && $window.off('scroll', hide);
$window.off('keyup', handleKeyup);
}
onChange && onChange(visible);
}
function show() {
setState(true);
}
function hide() {
setState(false);
}
function handleKeyup(e) {
// Char Code: 27 ESC
if (e.which === 27) {
hide();
}
}
setOptions(options);
init();
return {
show: show,
hide: hide,
$el: $root
};
}
$.fn.modal = modal;
});
})();
</script><div class="modal modal--overflow page__search-modal d-print-none js-page-search-modal"><script>
(function () {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
// search panel
var search = (window.search || (window.search = {}));
var useDefaultSearchBox = window.useDefaultSearchBox === undefined ?
true : window.useDefaultSearchBox ;
var $searchModal = $('.js-page-search-modal');
var $searchToggle = $('.js-search-toggle');
var searchModal = $searchModal.modal({ onChange: handleModalChange, hideWhenWindowScroll: true });
var modalVisible = false;
search.searchModal = searchModal;
var $searchBox = null;
var $searchInput = null;
var $searchClear = null;
function getModalVisible() {
return modalVisible;
}
search.getModalVisible = getModalVisible;
function handleModalChange(visible) {
modalVisible = visible;
if (visible) {
search.onShow && search.onShow();
useDefaultSearchBox && $searchInput[0] && $searchInput[0].focus();
} else {
search.onShow && search.onHide();
useDefaultSearchBox && $searchInput[0] && $searchInput[0].blur();
setTimeout(function() {
useDefaultSearchBox && ($searchInput.val(''), $searchBox.removeClass('not-empty'));
search.clear && search.clear();
window.pageAsideAffix && window.pageAsideAffix.refresh();
}, 400);
}
}
$searchToggle.on('click', function() {
modalVisible ? searchModal.hide() : searchModal.show();
});
// Char Code: 83 S, 191 /
$(window).on('keyup', function(e) {
if (!modalVisible && !window.isFormElement(e.target || e.srcElement) && (e.which === 83 || e.which === 191)) {
modalVisible || searchModal.show();
}
});
if (useDefaultSearchBox) {
$searchBox = $('.js-search-box');
$searchInput = $searchBox.children('input');
$searchClear = $searchBox.children('.js-icon-clear');
search.getSearchInput = function() {
return $searchInput.get(0);
};
search.getVal = function() {
return $searchInput.val();
};
search.setVal = function(val) {
$searchInput.val(val);
};
$searchInput.on('focus', function() {
$(this).addClass('focus');
});
$searchInput.on('blur', function() {
$(this).removeClass('focus');
});
$searchInput.on('input', window.throttle(function() {
var val = $(this).val();
if (val === '' || typeof val !== 'string') {
search.clear && search.clear();
} else {
$searchBox.addClass('not-empty');
search.onInputNotEmpty && search.onInputNotEmpty(val);
}
}, 400));
$searchClear.on('click', function() {
$searchInput.val(''); $searchBox.removeClass('not-empty');
search.clear && search.clear();
});
}
});
})();
</script><div class="search search--dark">
<div class="main">
<div class="search__header">Recherche</div>
<div class="search-bar">
<div class="search-box js-search-box">
<div class="search-box__icon-search"><i class="fas fa-search"></i></div>
<input id="search-input" type="text" />
<div class="search-box__icon-clear js-icon-clear">
<a><i class="fas fa-times"></i></a>
</div>
</div>
<button class="button button--theme-dark button--pill search__cancel js-search-toggle">
Annuler</button>
</div>
<div id="results-container" class="search-result js-search-result"></div>
</div>
</div>
<!-- Script pointing to search-script.js -->
<script>/*!
* Simple-Jekyll-Search
* Copyright 2015-2020, Christian Fei
* Licensed under the MIT License.
*/
(function(){
'use strict'
var _$Templater_7 = {
compile: compile,
setOptions: setOptions
}
const options = {}
options.pattern = /\{(.*?)\}/g
options.template = ''
options.middleware = function () {}
function setOptions (_options) {
options.pattern = _options.pattern || options.pattern
options.template = _options.template || options.template
if (typeof _options.middleware === 'function') {
options.middleware = _options.middleware
}
}
function compile (data) {
return options.template.replace(options.pattern, function (match, prop) {
const value = options.middleware(prop, data[prop], options.template)
if (typeof value !== 'undefined') {
return value
}
return data[prop] || match
})
}
'use strict';
function fuzzysearch (needle, haystack) {
var tlen = haystack.length;
var qlen = needle.length;
if (qlen > tlen) {
return false;
}
if (qlen === tlen) {
return needle === haystack;
}
outer: for (var i = 0, j = 0; i < qlen; i++) {
var nch = needle.charCodeAt(i);
while (j < tlen) {
if (haystack.charCodeAt(j++) === nch) {
continue outer;
}
}
return false;
}
return true;
}
var _$fuzzysearch_1 = fuzzysearch;
'use strict'
/* removed: const _$fuzzysearch_1 = require('fuzzysearch') */;
var _$FuzzySearchStrategy_5 = new FuzzySearchStrategy()
function FuzzySearchStrategy () {
this.matches = function (string, crit) {
return _$fuzzysearch_1(crit.toLowerCase(), string.toLowerCase())
}
}
'use strict'
var _$LiteralSearchStrategy_6 = new LiteralSearchStrategy()
function LiteralSearchStrategy () {
this.matches = function (str, crit) {
if (!str) return false
str = str.trim().toLowerCase()
crit = crit.trim().toLowerCase()
return crit.split(' ').filter(function (word) {
return str.indexOf(word) >= 0
}).length === crit.split(' ').length
}
}
'use strict'
var _$Repository_4 = {
put: put,
clear: clear,
search: search,
setOptions: __setOptions_4
}
/* removed: const _$FuzzySearchStrategy_5 = require('./SearchStrategies/FuzzySearchStrategy') */;
/* removed: const _$LiteralSearchStrategy_6 = require('./SearchStrategies/LiteralSearchStrategy') */;
function NoSort () {
return 0
}
const data = []
let opt = {}
opt.fuzzy = false
opt.limit = 10
opt.searchStrategy = opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = NoSort
opt.exclude = []
function put (data) {
if (isObject(data)) {
return addObject(data)
}
if (isArray(data)) {
return addArray(data)
}
return undefined
}
function clear () {
data.length = 0
return data
}
function isObject (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Object]'
}
function isArray (obj) {
return Boolean(obj) && Object.prototype.toString.call(obj) === '[object Array]'
}
function addObject (_data) {
data.push(_data)
return data
}
function addArray (_data) {
const added = []
clear()
for (let i = 0, len = _data.length; i < len; i++) {
if (isObject(_data[i])) {
added.push(addObject(_data[i]))
}
}
return added
}
function search (crit) {
if (!crit) {
return []
}
return findMatches(data, crit, opt.searchStrategy, opt).sort(opt.sort)
}
function __setOptions_4 (_opt) {
opt = _opt || {}
opt.fuzzy = _opt.fuzzy || false
opt.limit = _opt.limit || 10
opt.searchStrategy = _opt.fuzzy ? _$FuzzySearchStrategy_5 : _$LiteralSearchStrategy_6
opt.sort = _opt.sort || NoSort
opt.exclude = _opt.exclude || []
}
function findMatches (data, crit, strategy, opt) {
const matches = []
for (let i = 0; i < data.length && matches.length < opt.limit; i++) {
const match = findMatchesInObject(data[i], crit, strategy, opt)
if (match) {
matches.push(match)
}
}
return matches
}
function findMatchesInObject (obj, crit, strategy, opt) {
for (const key in obj) {
if (!isExcluded(obj[key], opt.exclude) && strategy.matches(obj[key], crit)) {
return obj
}
}
}
function isExcluded (term, excludedTerms) {
for (let i = 0, len = excludedTerms.length; i < len; i++) {
const excludedTerm = excludedTerms[i]
if (new RegExp(excludedTerm).test(term)) {
return true
}
}
return false
}
/* globals ActiveXObject:false */
'use strict'
var _$JSONLoader_2 = {
load: load
}
function load (location, callback) {
const xhr = getXHR()
xhr.open('GET', location, true)
xhr.onreadystatechange = createStateChangeListener(xhr, callback)
xhr.send()
}
function createStateChangeListener (xhr, callback) {
return function () {
if (xhr.readyState === 4 && xhr.status === 200) {
try {
callback(null, JSON.parse(xhr.responseText))
} catch (err) {
callback(err, null)
}
}
}
}
function getXHR () {
return window.XMLHttpRequest ? new window.XMLHttpRequest() : new ActiveXObject('Microsoft.XMLHTTP')
}
'use strict'
var _$OptionsValidator_3 = function OptionsValidator (params) {
if (!validateParams(params)) {
throw new Error('-- OptionsValidator: required options missing')
}
if (!(this instanceof OptionsValidator)) {
return new OptionsValidator(params)
}
const requiredOptions = params.required
this.getRequiredOptions = function () {
return requiredOptions
}
this.validate = function (parameters) {
const errors = []
requiredOptions.forEach(function (requiredOptionName) {
if (typeof parameters[requiredOptionName] === 'undefined') {
errors.push(requiredOptionName)
}
})
return errors
}
function validateParams (params) {
if (!params) {
return false
}
return typeof params.required !== 'undefined' && params.required instanceof Array
}
}
'use strict'
var _$utils_9 = {
merge: merge,
isJSON: isJSON
}
function merge (defaultParams, mergeParams) {
const mergedOptions = {}
for (const option in defaultParams) {
mergedOptions[option] = defaultParams[option]
if (typeof mergeParams[option] !== 'undefined') {
mergedOptions[option] = mergeParams[option]
}
}
return mergedOptions
}
function isJSON (json) {
try {
if (json instanceof Object && JSON.parse(JSON.stringify(json))) {
return true
}
return false
} catch (err) {
return false
}
}
var _$src_8 = {};
(function (window) {
'use strict'
let options = {
searchInput: null,
resultsContainer: null,
json: [],
success: Function.prototype,
searchResultTemplate: '<li><a href="{url}" title="{desc}">{title}</a></li>',
templateMiddleware: Function.prototype,
sortMiddleware: function () {
return 0
},
noResultsText: 'No results found',
limit: 10,
fuzzy: false,
debounceTime: null,
exclude: []
}
let debounceTimerHandle
const debounce = function (func, delayMillis) {
if (delayMillis) {
clearTimeout(debounceTimerHandle)
debounceTimerHandle = setTimeout(func, delayMillis)
} else {
func.call()
}
}
const requiredOptions = ['searchInput', 'resultsContainer', 'json']
/* removed: const _$Templater_7 = require('./Templater') */;
/* removed: const _$Repository_4 = require('./Repository') */;
/* removed: const _$JSONLoader_2 = require('./JSONLoader') */;
const optionsValidator = _$OptionsValidator_3({
required: requiredOptions
})
/* removed: const _$utils_9 = require('./utils') */;
window.SimpleJekyllSearch = function (_options) {
const errors = optionsValidator.validate(_options)
if (errors.length > 0) {
throwError('You must specify the following required options: ' + requiredOptions)
}
options = _$utils_9.merge(options, _options)
_$Templater_7.setOptions({
template: options.searchResultTemplate,
middleware: options.templateMiddleware
})
_$Repository_4.setOptions({
fuzzy: options.fuzzy,
limit: options.limit,
sort: options.sortMiddleware,
exclude: options.exclude
})
if (_$utils_9.isJSON(options.json)) {
initWithJSON(options.json)
} else {
initWithURL(options.json)
}
const rv = {
search: search
}
typeof options.success === 'function' && options.success.call(rv)
return rv
}
function initWithJSON (json) {
_$Repository_4.put(json)
registerInput()
}
function initWithURL (url) {
_$JSONLoader_2.load(url, function (err, json) {
if (err) {
throwError('failed to get JSON (' + url + ')')
}
initWithJSON(json)
})
}
function emptyResultsContainer () {
options.resultsContainer.innerHTML = ''
}
function appendToResultsContainer (text) {
options.resultsContainer.innerHTML += text
}
function registerInput () {
options.searchInput.addEventListener('input', function (e) {
if (isWhitelistedKey(e.which)) {
emptyResultsContainer()
debounce(function () { search(e.target.value) }, options.debounceTime)
}
})
}
function search (query) {
if (isValidQuery(query)) {
emptyResultsContainer()
render(_$Repository_4.search(query), query)
}
}
function render (results, query) {
const len = results.length
if (len === 0) {
return appendToResultsContainer(options.noResultsText)
}
for (let i = 0; i < len; i++) {
results[i].query = query
appendToResultsContainer(_$Templater_7.compile(results[i]))
}
}
function isValidQuery (query) {
return query && query.length > 0
}
function isWhitelistedKey (key) {
return [13, 16, 20, 37, 38, 39, 40, 91].indexOf(key) === -1
}
function throwError (message) {
throw new Error('SimpleJekyllSearch --- ' + message)
}
})(window)
}());
</script>
<!-- Configuration -->
<script>
SimpleJekyllSearch({
searchInput: document.getElementById('search-input'),
resultsContainer: document.getElementById('results-container'),
noResultsText: '<p>Aucun résultat!</p>',
json: '/search.json',
searchResultTemplate: '<li><a href="{url}">{date}&nbsp;{title}</a>&nbsp;(Création {create})</li>'
})
</script>
</div></div>
<script>(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function scrollToAnchor(anchor, duration, callback) {
var $root = this;
$root.animate({ scrollTop: $(anchor).position().top }, duration, function() {
window.history.replaceState(null, '', window.location.href.split('#')[0] + anchor);
callback && callback();
});
}
$.fn.scrollToAnchor = scrollToAnchor;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function affix(options) {
var $root = this, $window = $(window), $scrollTarget, $scroll,
offsetBottom = 0, scrollTarget = window, scroll = window.document, disabled = false, isOverallScroller = true,
rootTop, rootLeft, rootHeight, scrollBottom, rootBottomTop,
hasInit = false, curState;
function setOptions(options) {
var _options = options || {};
_options.offsetBottom && (offsetBottom = _options.offsetBottom);
_options.scrollTarget && (scrollTarget = _options.scrollTarget);
_options.scroll && (scroll = _options.scroll);
_options.disabled !== undefined && (disabled = _options.disabled);
$scrollTarget = $(scrollTarget);
isOverallScroller = window.isOverallScroller($scrollTarget[0]);
$scroll = $(scroll);
}
function preCalc() {
top();
rootHeight = $root.outerHeight();
rootTop = $root.offset().top + (isOverallScroller ? 0 : $scrollTarget.scrollTop());
rootLeft = $root.offset().left;
}
function calc(needPreCalc) {
needPreCalc && preCalc();
scrollBottom = $scroll.outerHeight() - offsetBottom - rootHeight;
rootBottomTop = scrollBottom - rootTop;
}
function top() {
if (curState !== 'top') {
$root.removeClass('fixed').css({
left: 0,
top: 0
});
curState = 'top';
}
}
function fixed() {
if (curState !== 'fixed') {
$root.addClass('fixed').css({
left: rootLeft + 'px',
top: 0
});
curState = 'fixed';
}
}
function bottom() {
if (curState !== 'bottom') {
$root.removeClass('fixed').css({
left: 0,
top: rootBottomTop + 'px'
});
curState = 'bottom';
}
}
function setState() {
var scrollTop = $scrollTarget.scrollTop();
if (scrollTop >= rootTop && scrollTop <= scrollBottom) {
fixed();
} else if (scrollTop < rootTop) {
top();
} else {
bottom();
}
}
function init() {
if(!hasInit) {
var interval, timeout;
calc(true); setState();
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState();
});
$window.on('resize', function() {
disabled || (calc(true), setState());
});
hasInit = true;
}
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions,
refresh: function() {
calc(true, { animation: false }); setState();
}
};
}
$.fn.affix = affix;
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
function toc(options) {
var $root = this, $window = $(window), $scrollTarget, $scroller, $tocUl = $('<ul class="toc toc--ellipsis"></ul>'), $tocLi, $headings, $activeLast, $activeCur,
selectors = 'h1,h2,h3', container = 'body', scrollTarget = window, scroller = 'html, body', disabled = false,
headingsPos, scrolling = false, hasRendered = false, hasInit = false;
function setOptions(options) {
var _options = options || {};
_options.selectors && (selectors = _options.selectors);
_options.container && (container = _options.container);
_options.scrollTarget && (scrollTarget = _options.scrollTarget);
_options.scroller && (scroller = _options.scroller);
_options.disabled !== undefined && (disabled = _options.disabled);
$headings = $(container).find(selectors).filter('[id]');
$scrollTarget = $(scrollTarget);
$scroller = $(scroller);
}
function calc() {
headingsPos = [];
$headings.each(function() {
headingsPos.push(Math.floor($(this).position().top));
});
}
function setState(element, disabled) {
var scrollTop = $scrollTarget.scrollTop(), i;
if (disabled || !headingsPos || headingsPos.length < 1) { return; }
if (element) {
$activeCur = element;
} else {
for (i = 0; i < headingsPos.length; i++) {
if (scrollTop >= headingsPos[i]) {
$activeCur = $tocLi.eq(i);
} else {
$activeCur || ($activeCur = $tocLi.eq(i));
break;
}
}
}
$activeLast && $activeLast.removeClass('active');
($activeLast = $activeCur).addClass('active');
}
function render() {
if(!hasRendered) {
$root.append($tocUl);
$headings.each(function() {
var $this = $(this);
$tocUl.append($('<li></li>').addClass('toc-' + $this.prop('tagName').toLowerCase())
.append($('<a></a>').text($this.text()).attr('href', '#' + $this.prop('id'))));
});
$tocLi = $tocUl.children('li');
$tocUl.on('click', 'a', function(e) {
e.preventDefault();
var $this = $(this);
scrolling = true;
setState($this.parent());
$scroller.scrollToAnchor($this.attr('href'), 400, function() {
scrolling = false;
});
});
}
hasRendered = true;
}
function init() {
var interval, timeout;
if(!hasInit) {
render(); calc(); setState(null, scrolling);
// run calc every 100 millisecond
interval = setInterval(function() {
calc();
}, 100);
timeout = setTimeout(function() {
clearInterval(interval);
}, 45000);
window.pageLoad.then(function() {
setTimeout(function() {
clearInterval(interval);
clearTimeout(timeout);
}, 3000);
});
$scrollTarget.on('scroll', function() {
disabled || setState(null, scrolling);
});
$window.on('resize', window.throttle(function() {
if (!disabled) {
render(); calc(); setState(null, scrolling);
}
}, 100));
}
hasInit = true;
}
setOptions(options);
if (!disabled) {
init();
}
$window.on('resize', window.throttle(function() {
init();
}, 200));
return {
setOptions: setOptions
};
}
$.fn.toc = toc;
});
})();
/*(function () {
})();*/
</script><script>
/* toc must before affix, since affix need to konw toc' height. */(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
var TOC_SELECTOR = window.TEXT_VARIABLES.site.toc.selectors;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window);
var $articleContent = $('.js-article-content');
var $tocRoot = $('.js-toc-root'), $col2 = $('.js-col-aside');
var toc;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
var hasToc = $articleContent.find(TOC_SELECTOR).length > 0;
function disabled() {
return $col2.css('display') === 'none' || !hasToc;
}
tocDisabled = disabled();
toc = $tocRoot.toc({
selectors: TOC_SELECTOR,
container: $articleContent,
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
tocDisabled = disabled();
toc && toc.setOptions({
disabled: tocDisabled
});
}, 100));
});
})();
(function() {
var SOURCES = window.TEXT_VARIABLES.sources;
window.Lazyload.js(SOURCES.jquery, function() {
var $window = $(window), $pageFooter = $('.js-page-footer');
var $pageAside = $('.js-page-aside');
var affix;
var tocDisabled = false;
var hasSidebar = $('.js-page-root').hasClass('layout--page--sidebar');
affix = $pageAside.affix({
offsetBottom: $pageFooter.outerHeight(),
scrollTarget: hasSidebar ? '.js-page-main' : null,
scroller: hasSidebar ? '.js-page-main' : null,
scroll: hasSidebar ? $('.js-page-main').children() : null,
disabled: tocDisabled
});
$window.on('resize', window.throttle(function() {
affix && affix.setOptions({
disabled: tocDisabled
});
}, 100));
window.pageAsideAffix = affix;
});
})();
</script><!---->
</div>
<script>(function () {
var $root = document.getElementsByClassName('root')[0];
if (window.hasEvent('touchstart')) {
$root.dataset.isTouch = true;
document.addEventListener('touchstart', function(){}, false);
}
})();
</script>
</body>
</html>
Reference in New Issue Copy Permalink