Docker安装Nextcloud
1、编排配置nextcloud
compose文件由三个组件组成,分别是主程序、缓存、数据库
version: '3.2'
networks:
default:
name: nextcloud
driver: bridge
ipam:
config:
- subnet: 172.10.0.0/16
gateway: 172.10.0.1
services:
app:
image: nextcloud:27.1.4
restart: unless-stopped
volumes:
- /data/nextcloud/app:/var/www/html
environment:
- MYSQL_PASSWORD=Quectel@2023
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=Quectel
- MYSQL_HOST=db
- TZ=Asia/Shanghai
ports:
- 81:80
networks:
default:
ipv4_address: 172.10.0.4
container_name: Q-nextcloud
cache:
image: redis:latest
restart: unless-stopped
expose:
- "6379"
volumes:
- /data/nextcloud/cache:/data
command: redis-server --requirepass '密码***'
environment:
- TZ=Asia/Shanghai
networks:
default:
ipv4_address: 172.10.0.3
container_name: Q-redis
db:
image: mariadb:latest
restart: unless-stopped
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
volumes:
- /data/nextcloud/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=密码***
- MYSQL_PASSWORD=密码***
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=admin
- TZ=Asia/Shanghai
ports:
- 8888:3306
networks:
default:
ipv4_address: 172.10.0.2
container_name: Q-mariadb
nginx:
image: nginx:1.25.2
restart: always
ports:
- 443:443
- 85:85
volumes:
- /data/nextcloud/nginx/nginx.conf:/etc/nginx/nginx.conf
- /data/nextcloud/nginx/logs:/var/log/nginx
- /data/nextcloud/nginx/html:/usr/share/nginx/html
- /data/nextcloud/nginx/conf.d:/etc/nginx/conf.d
- /data/nextcloud/certs:/data/nextcloud/certs
- /data/nextcloud/www:/data/nextcloud/www
environment:
- TZ=Asia/Shanghai
networks:
- default
container_name: Q-nginx
查询最新版本号
docker inspect nextcloud
2、配置网盘的缓存
Nextcloud主程序的安装目录,在目录下 config/config.php 配置文件并打开
'memcache.local' => '\\OC\\Memcache\\APCu',
#在memcache.local下面加如下代码
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => array (
'host' => 'cache',
'port' => 6379,
'password' => 'Quectel@2023',
),
配置文件里面,local缓存保持原来的apcu,官方并不推荐local缓存用redis。
然后在配置文件里面随便找个地方加一行这个参数,解决系统关于电话区域的警告。
'default_phone_region' => 'CN',
3、用户默认文档配置
默认在目录core/skeleton下,更改core/Quectel文件夹,
Quectel文件夹新建
还是在config/config.php 配置文件并打开在最后加上
'skeletondirectory' => 'core/Quectel',
⽂件权限为:644
⽬录权限为:755
chmod 755 ./core/Quectel
4、cronie配置定时任务
需要由系统用户“www-data”执行每 5 分钟调用 cron.php 文件
docker exec -u www-data Q-nextcloud php cron.php
使用cronie 定时任务
crontab -e
添加任务行 5 分钟一次
*/5 * * * * docker exec -u www-data Q-nextcloud php cron.php
5、生成ssl证书
生成私钥和自签名证书
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /data/certs/domain.key -x509 -days 36500 -out /data/certs/domain.crt -subj "/C=CN/ST=Jiangsu/L=Changzhou/O=Quectel/OU=IT/CN=10.11.11.11"
6、nginx配置ssl
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /data/nextcloud/certs/domain.crt;
ssl_certificate_key /data/nextcloud/certs/domain.key;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
location / {
proxy_pass http://172.10.0.2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto 'https';
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
}
还是在config/config.php 配置文件加信任
#在ip下面增加域名,这时候就不会提示不信任域名了。
'trusted_domains' =>
array (
0 => '10.11.11.11',
1 => 'www.xxx.com',
),
nginx内网段加信任
'trusted_proxies' =>
array (
0 => '172.10.0.0/24',
1 => '127.10.0.1',
),
重写端口映射
'overwrite.cli.url' => 'http://10.11.11.11:170,
#如果是有端口需要重新写映射
'overwrite.cli.url' => 'https://www.xxx.com:170,
#overwrite.cli.url使用任何类型的命令行工具在Nextcloud中生成的任何URL的基本URL。例如,此处设置的值将由通知区域使用
'overwritehost' => 'www.xxx.com:170',
#设置代理的主机名。您还可以指定端口
'overwriteprotocol' => 'https',
#overwriteprotocol设置代理的协议。您可以在 http 和 https 这两个选项之间进行选择。。
'overwrite.cli.url' => 'https://10.11.11.11',
'overwriteprotocol' => 'https',