Docker安装私有云盘NextCloud过程记录
简介
Nextcloud是私有云盘服务应用,由开源的Owncloud 项目fork而来,其中包含部分Owcloud原开发人员。其中服务器端Nextcloud和Owncloud基本上是一致的(owncloud9 和 nextcloud11),所以两者的安装过程大同小异。
P.S. 个人原本使用免费版的坚果云,因为1G流量实在不够使用,加上以前安装过owncloud,这次试着在服务器的docker上安装nextcloud
准备工作:
- Host宿主机(这里是腾讯云服务器)
- Docker环境(+docker-compose环境)
- Ubuntu 16.04
过程概述:
- Host主机安装Nginx
- Host主机配置SSL,安装证书
- Docker安装NextCloud,开放8888端口
- Host主机反向代理到Docker的NextCloud
- 测试
1、本机安装Nginx
本内容参考:
Nginx安装 http://www.nginx.cn/install
也可以使用apt-get install nginx 安装,但文件结构有不同
ubuntu@VM-95-41-ubuntu:~$ uname -a Linux VM-95-41-ubuntu 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux ubuntu@VM-95-41-ubuntu:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial ubuntu@VM-95-41-ubuntu:~$
图片.png
sudo apt-get update
云主机是腾讯云,Docker我是使用阿里的Docker镜像安装的,所以这里两对头聚在一起了。。。
图片.png
sudo apt-get install build-essential sudo apt-get install libtool
图片.png
安装
#PCRE - Perl Compatible Regular Expressions sudo wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz sudo tar -zvxf pcre-8.40.tar.gz cd pcre-8.40 sudo ./configure sudo make && sudo make install
#zlib - compression && decompression cd /usr/local/src sudo wget http://zlib.net/zlib-1.2.11.tar.gz sudo tar -zxvf zlib-1.2.11.tar.gz cd zlib-1.2.11 sudo ./configure sudo make && sudo make install
#openssl - ssl cd /usr/local/src sudo wget https://github.com/openssl/openssl/archive/OpenSSL_1_1_0e.tar.gz sudo tar -zvxf OpenSSL_1_1_0e.tar.gz
cd /usr/local/src sudo wget http://nginx.org/download/nginx-1.11.12.tar.gz sudo tar -zvxf nginx-1.11.12 cd nginx-1.11.12 sudo ./configure --sbin-path=/usr/local/nginx/nginx \ --conf-path=/usr/local/nginx/nginx.conf \ --pid-path=/usr/local/nginx/nginx.pid \ --with-http_ssl_module \ --with-pcre=/usr/local/src/pcre-8.40 \ --with-zlib=/usr/local/src/zlib-1.2.11 \ --with-openssl=/usr/local/src/openssl-OpenSSL_1_1_0e sudo make && sudo make install
查看
图片.png
配置
cd /usr/local/nginx sudo vim nginx.conf
配置文件,重点①内容
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; gzip on; server { listen 443 ssl ; ssl_certificate /etc/letsencrypt/live/laurt.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/laurt.com/privkey.pem; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS; server_name www.laurt.com laurt.com; location / { root /var/www/html; index index.html index.htm; } } # vhost of nextcloud with proxy ① server { listen 443 ssl ; ssl_certificate /etc/letsencrypt/live/laurt.com/fullchain.pem; ② ssl_certificate_key /etc/letsencrypt/live/laurt.com/privkey.pem; ③ ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS; server_name cloud.laurt.com; ④ location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://172.18.0.5:8888; ⑤ } } server { listen 80; server_name www.laurt.com laurt.com; rewrite ^/(.*) https://laurt.com/$1 permanent; } }
说明
- 证书签发的pem文件②和③
- 设置域名④
- 设置反向代理(这里应该映射到本机端口或者使用socket,因为docker与宿主机是可以通信的,用了docker container的ip测试)⑤
* 反向代理可以直接使用127.0.0.1,这时docker容器需要绑定到宿主机端口
* 反向代理可以使用docker container 的ip (容器桥接且暴露端口)
* 反向代理可以使用套接字(性能应该是最好的)
启动测试
cd /usr/local/nginx sudo ./nginx
2、SSL签名
免费CA网站
https://certbot.eff.org/#ubuntutyakkety-nginx
具体请参考网站说明
另外,csr证书有效期90天,需要定期续签
# ubuntu sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot sudo certbot certonly --webroot -w /var/www/html -d laurt.com -d www.laurt.com -d cloud.laurt.com
注意:
-w /var/www/html 是项目路径,与配置相同,certbot会在这个路径上创建一个.well-known路径以便认证CA访问来确定网站拥有权
-d 域名,一定是可达的,否则不成功提示dns问题
签署成功
签署成功提示信息
签署成功后要把fullchain.pem文件和privkey.pem配置到nginx里(参考nginx配置文件的②和③)
启动测试
cd /usr/local/nginx sudo ./nginx -s reload
3、编排nextcloud
安装docker-compose
参考:
docker-compose安装地址
nextcloud镜像地址
国内用户建议使用迅雷等工具从github.com下载docker-compose
使用compose进行编排
version: '2' services: nextcloud: image: wonderfall/nextcloud links: - nextcloud-db:nextcloud-db # If using MySQL #- solr:solr # If using Nextant - redis:redis # If using Redis environment: - UID=1000 - GID=1000 - UPLOAD_MAX_SIZE=10G - APC_SHM_SIZE=128M - OPCACHE_MEM_SIZE=128 - CRON_PERIOD=15m - TZ=Europe/Berlin - ADMIN_USER=admin # Don't set to configure through browser - ADMIN_PASSWORD=admin # Don't set to configure through browser - DOMAIN=laurt.com - DB_TYPE=mysql - DB_NAME=nextcloud - DB_USER=nextcloud - DB_PASSWORD=supersecretpassword - DB_HOST=nextcloud-db volumes: - /mnt/nextcloud/data:/data - /mnt/nextcloud/config:/config - /mnt/nextcloud/apps:/apps2 - /mnt/nextcloud/themes:/nextcloud/themes expose: - 8888 # ports: # - 80:8888 # If using MySQL nextcloud-db: image: mariadb:10 volumes: - /mnt/nextcloud/db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=supersecretpassword - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MYSQL_PASSWORD=supersecretpassword # If using Nextant solr: image: solr:6-alpine container_name: solr volumes: - /mnt/nextcloud/solr:/opt/solr/server/solr/mycores entrypoint: - docker-entrypoint.sh - solr-precreate - nextant # If using Redis redis: image: redis:alpine container_name: redis volumes: - /mnt/nextcloud/redis:/data
这里使用作者的镜像进行的,具体细节请参考原作者的说明
https://store.docker.com/community/images/wonderfall/nextcloud
https://github.com/Wonderfall/dockerfiles/tree/master/nextcloud
需要说明的是,我nextcloud容器暴露了8888端口,并没有映射到宿主机,这时外部是无法进行访问,一般的做法是端口映射或者使用socket
ports : - 80:8888
因为docker容器与宿主机可以通过docker0通信ip addr show docker0
,其实宿主机是可以直接访问容器的(从宿主机到172.17.0.1到172.18.0.1到容器的172.18.0.5),但这么做不���于部署和迁移。
运行
与docker-compose.yml同级目录执行
sudo docker-compose up -d
使用docker-compose启动nextcloud
查看
安装桌面客户端
如果使用nextcloud的桌面client配置始终出错,我不确定原因出在哪