fuyuanli/10-opcache.ini

## 10-opcache.ini
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

## apache2.conf
<Directory /var/www/>
    Options -Indexes +FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

## gistfile1.txt
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^/\.well-known/host-meta /public.php?service=host-meta [QSA,L]
  RewriteRule ^/\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
  RewriteRule ^/\.well-known/webfinger /public.php?service=webfinger [QSA,L]
  RewriteRule ^/\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^/\.well-known/caldav /remote.php/dav/ [R=301,L]
</IfModule>

## issue.cert.sh
DOMAIN="cloud.becoder.org"
# Gandi.net API
#export GANDI_LIVEDNS_KEY="Your_Gandi_API_Key"

# CloudFlare API
#export CF_Email="Your_CloudFlare_Account@example.com"
#export CF_Key="Your_CloudFlare_API_Key"

# CloudFlare API
#/root/.acme.sh/acme.sh --issue -d $DOMAIN --dns dns_cf --dnssleep 30 \

# Gandi.net API
#/root/.acme.sh/acme.sh --issue -d $DOMAIN --dns dns_gandi_livedns --dnssleep 30 \

/root/.acme.sh/acme.sh --issue -d $DOMAIN -w /var/www/html  \

--cert-file      /etc/ssl/certs/$DOMAIN.crt  \
--key-file       /etc/ssl/private/$DOMAIN.key  \
--fullchain-file /etc/ssl/certs/$DOMAIN-chain.crt \
--ca-file /etc/ssl/certs/$DOMAIN-ca.crt \
--reloadcmd     "systemctl reload apache2"

## LXCID.conf
lxc.apparmor.profile: unconfined
lxc.mount.auto: cgroup:rw
lxc.mount.auto: proc:rw
lxc.mount.auto: sys:rw

## nextcloud.conf
<VirtualHost *:80>
    ServerName cloud.becoder.org
    DocumentRoot /var/www/html
    CustomLog /var/log/apache2/cloud.becoder.org.access.log common
    ErrorLog /var/log/apache2/cloud.becoder.org.error.log
    Redirect permanent / https://cloud.becoder.org/
</VirtualHost>

<VirtualHost *:443>
    ServerName cloud.becoder.org
    DocumentRoot /var/www/html
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/cloud.becoder.org.crt
    SSLCertificateKeyFile /etc/ssl/private/cloud.becoder.org.key
    SSLCACertificateFile /etc/ssl/certs/cloud.becoder.org-chain.crt
    CustomLog /var/log/apache2/cloud.becoder.org.access.log common
    ErrorLog /var/log/apache2/cloud.becoder.org.error.log

    Header always set Strict-Transport-Security "max-age=15768000"

</VirtualHost>
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder     on
SSLCompression          off
SSLSessionTickets       off

## repair-permission.sh
chmod -R 775 /home/
chown -R www-data:nasuser /home/*
	opcache.enable=1
	opcache.enable_cli=1
	opcache.interned_strings_buffer=8
	opcache.max_accelerated_files=10000
	opcache.memory_consumption=128
	opcache.save_comments=1
	opcache.revalidate_freq=1
	<Directory /var/www/>
	Options -Indexes +FollowSymLinks
	AllowOverride All
	Require all granted
	</Directory>
	<IfModule mod_rewrite.c>
	RewriteEngine on
	RewriteRule ^/\.well-known/host-meta /public.php?service=host-meta [QSA,L]
	RewriteRule ^/\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
	RewriteRule ^/\.well-known/webfinger /public.php?service=webfinger [QSA,L]
	RewriteRule ^/\.well-known/carddav /remote.php/dav/ [R=301,L]
	RewriteRule ^/\.well-known/caldav /remote.php/dav/ [R=301,L]
	</IfModule>
	DOMAIN="cloud.becoder.org"
	# Gandi.net API
	#export GANDI_LIVEDNS_KEY="Your_Gandi_API_Key"

	# CloudFlare API
	#export CF_Email="Your_CloudFlare_Account@example.com"
	#export CF_Key="Your_CloudFlare_API_Key"

	# CloudFlare API
	#/root/.acme.sh/acme.sh --issue -d $DOMAIN --dns dns_cf --dnssleep 30 \

	# Gandi.net API
	#/root/.acme.sh/acme.sh --issue -d $DOMAIN --dns dns_gandi_livedns --dnssleep 30 \

	/root/.acme.sh/acme.sh --issue -d $DOMAIN -w /var/www/html \

	--cert-file /etc/ssl/certs/$DOMAIN.crt \
	--key-file /etc/ssl/private/$DOMAIN.key \
	--fullchain-file /etc/ssl/certs/$DOMAIN-chain.crt \
	--ca-file /etc/ssl/certs/$DOMAIN-ca.crt \
	--reloadcmd "systemctl reload apache2"
	lxc.apparmor.profile: unconfined
	lxc.mount.auto: cgroup:rw
	lxc.mount.auto: proc:rw
	lxc.mount.auto: sys:rw
	<VirtualHost *:80>
	ServerName cloud.becoder.org
	DocumentRoot /var/www/html
	CustomLog /var/log/apache2/cloud.becoder.org.access.log common
	ErrorLog /var/log/apache2/cloud.becoder.org.error.log
	Redirect permanent / https://cloud.becoder.org/
	</VirtualHost>

	<VirtualHost *:443>
	ServerName cloud.becoder.org
	DocumentRoot /var/www/html
	SSLEngine on
	SSLCertificateFile /etc/ssl/certs/cloud.becoder.org.crt
	SSLCertificateKeyFile /etc/ssl/private/cloud.becoder.org.key
	SSLCACertificateFile /etc/ssl/certs/cloud.becoder.org-chain.crt
	CustomLog /var/log/apache2/cloud.becoder.org.access.log common
	ErrorLog /var/log/apache2/cloud.becoder.org.error.log

	Header always set Strict-Transport-Security "max-age=15768000"

	</VirtualHost>
	SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
	SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
	SSLHonorCipherOrder on
	SSLCompression off
	SSLSessionTickets off