Docker安装私有云盘NextCloud过程记录

简介

Nextcloud是私有云盘服务应用,由开源的Owncloud 项目fork而来,其中包含部分Owcloud原开发人员。其中服务器端Nextcloud和Owncloud基本上是一致的(owncloud9 和 nextcloud11),所以两者的安装过程大同小异。
P.S. 个人原本使用免费版的坚果云,因为1G流量实在不够使用,加上以前安装过owncloud,这次试着在服务器的docker上安装nextcloud

准备工作:
  • Host宿主机(这里是腾讯云服务器)
  • Docker环境(+docker-compose环境)
  • Ubuntu 16.04
过程概述:
  • Host主机安装Nginx
  • Host主机配置SSL,安装证书
  • Docker安装NextCloud,开放8888端口
  • Host主机反向代理到Docker的NextCloud
  • 测试

1、本机安装Nginx

本内容参考:
Nginx安装 http://www.nginx.cn/install
也可以使用apt-get install nginx 安装,但文件结构有不同

ubuntu@VM-95-41-ubuntu:~$ uname -a
Linux VM-95-41-ubuntu 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@VM-95-41-ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial
ubuntu@VM-95-41-ubuntu:~$

Docker安装私有云盘NextCloud过程记录

图片.png

sudo apt-get update

云主机是腾讯云,Docker我是使用阿里的Docker镜像安装的,所以这里两对头聚在一起了。。。

Docker安装私有云盘NextCloud过程记录

图片.png

sudo apt-get install build-essential
sudo apt-get install libtool

Docker安装私有云盘NextCloud过程记录

图片.png

安装

#PCRE - Perl Compatible Regular Expressions
sudo wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz
sudo tar -zvxf pcre-8.40.tar.gz
cd pcre-8.40
sudo ./configure 
sudo make && sudo make install
#zlib - compression && decompression
cd /usr/local/src
sudo wget http://zlib.net/zlib-1.2.11.tar.gz
sudo tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
sudo ./configure
sudo make && sudo make install
#openssl - ssl
cd /usr/local/src
sudo wget https://github.com/openssl/openssl/archive/OpenSSL_1_1_0e.tar.gz
sudo tar -zvxf OpenSSL_1_1_0e.tar.gz
cd /usr/local/src
sudo wget http://nginx.org/download/nginx-1.11.12.tar.gz
sudo tar -zvxf nginx-1.11.12
cd nginx-1.11.12
sudo ./configure --sbin-path=/usr/local/nginx/nginx \
--conf-path=/usr/local/nginx/nginx.conf \
--pid-path=/usr/local/nginx/nginx.pid \
--with-http_ssl_module \
--with-pcre=/usr/local/src/pcre-8.40 \
--with-zlib=/usr/local/src/zlib-1.2.11 \
--with-openssl=/usr/local/src/openssl-OpenSSL_1_1_0e
sudo make && sudo make install

查看

Docker安装私有云盘NextCloud过程记录

图片.png

配置

cd /usr/local/nginx
sudo vim nginx.conf

配置文件,重点①内容

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
    gzip  on;

server {
        listen 443 ssl ;
        ssl_certificate /etc/letsencrypt/live/laurt.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/laurt.com/privkey.pem;
        ssl_session_timeout 10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
        server_name www.laurt.com laurt.com;
        location / {
            root   /var/www/html;
            index  index.html index.htm;
        }
}
# vhost of nextcloud with proxy ①
server {
        listen 443 ssl ;
        ssl_certificate /etc/letsencrypt/live/laurt.com/fullchain.pem; ②
        ssl_certificate_key /etc/letsencrypt/live/laurt.com/privkey.pem; ③
        ssl_session_timeout 10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
        server_name cloud.laurt.com; ④
        location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_pass http://172.18.0.5:8888; ⑤
        }
}
server {
        listen 80;
        server_name www.laurt.com laurt.com;
        rewrite ^/(.*) https://laurt.com/$1 permanent;
}
}

说明

  • 证书签发的pem文件②和③
  • 设置域名④
  • 设置反向代理(这里应该映射到本机端口或者使用socket,因为docker与宿主机是可以通信的,用了docker container的ip测试)⑤
    * 反向代理可以直接使用127.0.0.1,这时docker容器需要绑定到宿主机端口
    * 反向代理可以使用docker container 的ip (容器桥接且暴露端口)
    * 反向代理可以使用套接字(性能应该是最好的)

启动测试

cd /usr/local/nginx
sudo ./nginx

2、SSL签名

免费CA网站
https://certbot.eff.org/#ubuntutyakkety-nginx
具体请参考网站说明
另外,csr证书有效期90天,需要定期续签

# ubuntu 
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot 

sudo certbot certonly --webroot -w /var/www/html -d laurt.com -d www.laurt.com -d cloud.laurt.com

注意:
-w /var/www/html 是项目路径,与配置相同,certbot会在这个路径上创建一个.well-known路径以便认证CA访问来确定网站拥有权
-d 域名,一定是可达的,否则不成功提示dns问题

签署成功

Docker安装私有云盘NextCloud过程记录

签署成功提示信息

签署成功后要把fullchain.pem文件和privkey.pem配置到nginx里(参考nginx配置文件的②和③)

启动测试

cd /usr/local/nginx
sudo ./nginx -s reload

3、编排nextcloud

安装docker-compose

参考:
docker-compose安装地址
nextcloud镜像地址

国内用户建议使用迅雷等工具从github.com下载docker-compose

使用compose进行编排
version: '2'
services:
  nextcloud:
    image: wonderfall/nextcloud
    links:
      - nextcloud-db:nextcloud-db   # If using MySQL
      #- solr:solr                   # If using Nextant
      - redis:redis                 # If using Redis
    environment:
      - UID=1000
      - GID=1000
      - UPLOAD_MAX_SIZE=10G
      - APC_SHM_SIZE=128M
      - OPCACHE_MEM_SIZE=128
      - CRON_PERIOD=15m
      - TZ=Europe/Berlin
      - ADMIN_USER=admin            # Don't set to configure through browser
      - ADMIN_PASSWORD=admin        # Don't set to configure through browser
      - DOMAIN=laurt.com
      - DB_TYPE=mysql
      - DB_NAME=nextcloud
      - DB_USER=nextcloud
      - DB_PASSWORD=supersecretpassword
      - DB_HOST=nextcloud-db
    volumes:
      - /mnt/nextcloud/data:/data
      - /mnt/nextcloud/config:/config
      - /mnt/nextcloud/apps:/apps2
      - /mnt/nextcloud/themes:/nextcloud/themes
    expose:
      - 8888
#   ports:
#     - 80:8888


  # If using MySQL
  nextcloud-db:
    image: mariadb:10
    volumes:
      - /mnt/nextcloud/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=supersecretpassword
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=supersecretpassword

  # If using Nextant
  solr:
    image: solr:6-alpine
    container_name: solr
    volumes:
      - /mnt/nextcloud/solr:/opt/solr/server/solr/mycores
    entrypoint:
      - docker-entrypoint.sh
      - solr-precreate
      - nextant

  # If using Redis
  redis:
    image: redis:alpine
    container_name: redis
    volumes:
      - /mnt/nextcloud/redis:/data

这里使用作者的镜像进行的,具体细节请参考原作者的说明
https://store.docker.com/community/images/wonderfall/nextcloud
https://github.com/Wonderfall/dockerfiles/tree/master/nextcloud
需要说明的是,我nextcloud容器暴露了8888端口,并没有映射到宿主机,这时外部是无法进行访问,一般的做法是端口映射或者使用socket

ports :
    - 80:8888

因为docker容器与宿主机可以通过docker0通信ip addr show docker0,其实宿主机是可以直接访问容器的(从宿主机到172.17.0.1到172.18.0.1到容器的172.18.0.5),但这么做不���于部署和迁移。

运行
与docker-compose.yml同级目录执行

sudo docker-compose up -d

Docker安装私有云盘NextCloud过程记录

使用docker-compose启动nextcloud

查看

Docker安装私有云盘NextCloud过程记录

安装桌面客户端
如果使用nextcloud的桌面client配置始终出错,我不确定原因出在哪

相关推荐