docker搭建nextcloud

一、最小化安装centos7

1. 关闭SELinux

  • 查看SELinux状态

    • /usr/sbin/sestatus -vgetenforce 如果SELinux status参数为enabled即为开启状态
  • 关闭SELinux

    • vi /etc/selinux/configSELINUX=enforcing改为SELINUX=disabled
    • 重启生效

2. 安装NTP时间同步

  • 安装 yum -y install ntp
  • 启动 systemctl start ntpd
  • 开机启动 systemctl enable ntpd

3. 设置或关闭防火墙

  • 查看默认防火墙状态 firewall-cmd --state
  • 开放TCP80端口 firewall-cmd --zone=public --add-port=80/tcp --permanent
  • 关闭TCP80端口 firewall-cmd --zone=public --remove-port=80/tcp --permanent
  • 开启防火墙 systemctl start firewalld.service
  • 关闭防火墙 systemctl stop firewalld.service
  • 禁止防火墙开机启动 systemctl disable firewalld.service
  • 开启防火墙开机启动 systemctl enable firewalld.service
  • 查看所有信息 firewall-cmd --list-all-zones
  • 重新加载配置 firewall-cmd --reload

二、安装docker CE

1. 安装docker CE

https://www.baidu.com/s?wd=centos7+%E5%AE%89%E8%A3%85+docker+ce

2. 安装docker-compose

https://www.baidu.com/s?wd=centos7+%E5%AE%89%E8%A3%85+docker-compose

三、 拉取镜像

docker pull nginx &&
docker pull wonderfall/nextcloud &&
docker pull mariadb:10 &&
docker pull redis:alpine &&
docker pull collabora/code

四、配置

1.docker-compose.yml

version: '2'

networks:
  default:
    driver: bridge

services:
  C-nginx:
    container_name: C-nginx
    expose:
      - "443"  #nextcloud
      - "9980"  #collabora
    ports:
      - "9980:9980"
      - "443:443"
    image: nginx
    depends_on:
      - C-nextcloud
    volumes:
      - /docker/nginx/conf.d:/etc/nginx/conf.d  # Place your vhost here
      - /docker/nginx/crt:/etc/nginx/crt  # SSL
    restart: always
  C-nextcloud:
    container_name: C-nextcloud
    expose:
      - "8888"
    image: wonderfall/nextcloud
    depends_on:
      - C-mariadb           # If using MySQL
      - C-redis                  # If using Redis
    environment:
      - UID=1000
      - GID=1000
      - UPLOAD_MAX_SIZE=10G
      - APC_SHM_SIZE=128M
      - OPCACHE_MEM_SIZE=128
      - CRON_PERIOD=15m
      - TZ=Asia/Shanghai
      - ADMIN_USER=admin            # Don't set to configure through browser
      - ADMIN_PASSWORD=password        # Don't set to configure through browser
      - DOMAIN=file.nextcloud.com
      - DB_TYPE=mysql # Or sqlite3
      - DB_NAME=nextcloud
      - DB_USER=nextcloud
      - DB_PASSWORD=supersecretpassword
      - DB_HOST=C-mariadb
    volumes:
      - /docker/nextcloud/data:/data
      - /docker/nextcloud/config:/config
      - /docker/nextcloud/apps:/apps2
      - /docker/nextcloud/themes:/nextcloud/themes
    restart: always

  # If using MySQL
  C-mariadb:
    image: mariadb:10
    container_name: C-mariadb
    volumes:
      - /docker/nextcloud/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=supersecretpassword
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=supersecretpassword
    restart: always
    expose:
      - "3306"
  # If using Redis
  C-redis:
    image: redis:alpine
    container_name: C-redis
    volumes:
      - /docker/nextcloud/redis:/data
    restart: always
    expose:
      - "6379"
  # If using collabora
  C-collabora:
    image: collabora/code
    container_name: C-collabora
    expose:
      - "9980"
    environment:
      - domain=192\\.168\\.1\\.2|file\\.nextcloud\\.com
      - username=admin
      - password=admin
    restart: always
    cap_add: 
      - MKNOD

一些说明:(行数)
11、nextcloud外部端口声明
12、collabora外部端口声明
14、collabora外部端口
15、nextcloud外部端口
20、nginx反代配置文件目录
21、SSL证书目录
39、nextcloud管理员用户(可以删除39和40行)
40、nextcloud管理员密码
41、nextcloud域名
48、nextcloud数据目录
49、nextcloud配置
50、nextcloud应用目录
51、nextcloud主题目录
59、数据库目录
84、collabora允许调用的域名,多个域名用|隔开。
85-86、collabora后台管理账号,可以在域名后加/loleaflet/dist/admin/admin.html访问后台。

2.nginx配置

nextcloud.conf

server {
    listen 443 ssl http2;
    server_name file.nextcloud.com;

    ssl_certificate /etc/nginx/crt/file.nextcloud.com.crt;
    ssl_certificate_key /etc/nginx/crt/file.nextcloud.com.key;

    error_page  497 https://$host:443$request_uri;

    client_max_body_size 10G;
    location / {
    proxy_redirect off;
    proxy_pass http://C-nextcloud:8888;
    proxy_buffering off;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header X-Forwarded-Proto https;
    proxy_read_timeout 300s;
   }
}

一些说明:(行数)
2、监听端口,这个端口要和docker-compose.yml15行暴露的端口一致,这样外网才能访问nextcloud
3、域名。
5-6、SSL证书。

collabora.conf

server {
    listen 9980 ssl http2;
    server_name collabora.nextcloud.com;

    ssl_certificate /etc/nginx/crt/collabora.nextcloud.com.crt;
    ssl_certificate_key /etc/nginx/crt/collabora.nextcloud.com.key;

    # static files
    location ^~ /loleaflet {
        proxy_pass https://C-collabora:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://C-collabora:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        proxy_pass https://C-collabora:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        proxy_pass https://C-collabora:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        proxy_pass https://C-collabora:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

一些说明:(行数)
2、监听端口,这个端口要和docker-compose.yml14行暴露的端口一致,这样外网才能访问collabora
3、域名。
5-6、SSL证书。

3.config.php

一些添加项:

#Redis
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => 
  array (
    'host' => 'C-redis',
    'port' => 6379,
    'openssl' => 
    array (
      'config' => '/absolute/location/of/openssl.cnf',
    ),
  ),
#SSL
'overwriteprotocol' => 'https',
#skeleton files,新用户默认文件,默认值:/path/to/nextcloud/core/skeleton,为空不复制任何文件。
 'skeletondirectory' => '',

五、运行

CD到docker-compose.yml目录下运行

docker-compose up -d

评论已关闭