简介
Nextcloud是私有云盘服务应用,由开源的Owncloud 项目fork而来,其中包含部分Owcloud原开发人员。其中服务器端Nextcloud和Owncloud基本上是一致的(owncloud9 和 nextcloud11),所以两者的安装过程大同小异。
P.S. 个人原本使用免费版的坚果云,因为1G流量实在不够使用,加上以前安装过owncloud,这次试着在服务器的docker上安装nextcloud
准备工作:
- Host宿主机(这里是腾讯云服务器)
- Docker环境(+docker-compose环境)
- Ubuntu 16.04
过程概述:
- Host主机安装Nginx
- Host主机配置SSL,安装证书
- Docker安装NextCloud,开放8888端口
- Host主机反向代理到Docker的NextCloud
- 测试
1、本机安装Nginx
本内容参考:
Nginx安装 http://www.nginx.cn/install
也可以使用apt-get install nginx 安装,但文件结构有不同
ubuntu@VM-95-41-ubuntu:~$ uname -a
Linux VM-95-41-ubuntu 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@VM-95-41-ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial
ubuntu@VM-95-41-ubuntu:~$
sudo apt-get update
云主机是腾讯云,Docker我是使用阿里的Docker镜像安装的,所以这里两对头聚在一起了。。。
sudo apt-get install build-essential
sudo apt-get install libtool
安装
#PCRE - Perl Compatible Regular Expressions
sudo wget https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz
sudo tar -zvxf pcre-8.40.tar.gz
cd pcre-8.40
sudo ./configure
sudo make && sudo make install
#zlib - compression && decompression
cd /usr/local/src
sudo wget http://zlib.net/zlib-1.2.11.tar.gz
sudo tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
sudo ./configure
sudo make && sudo make install
#openssl - ssl
cd /usr/local/src
sudo wget https://github.com/openssl/openssl/archive/OpenSSL_1_1_0e.tar.gz
sudo tar -zvxf OpenSSL_1_1_0e.tar.gz
cd /usr/local/src
sudo wget http://nginx.org/download/nginx-1.11.12.tar.gz
sudo tar -zvxf nginx-1.11.12
cd nginx-1.11.12
sudo ./configure --sbin-path=/usr/local/nginx/nginx \
--conf-path=/usr/local/nginx/nginx.conf \
--pid-path=/usr/local/nginx/nginx.pid \
--with-http_ssl_module \
--with-pcre=/usr/local/src/pcre-8.40 \
--with-zlib=/usr/local/src/zlib-1.2.11 \
--with-openssl=/usr/local/src/openssl-OpenSSL_1_1_0e
sudo make && sudo make install
查看
配置
cd /usr/local/nginx
sudo vim nginx.conf
配置文件,重点①内容
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
server {
listen 443 ssl ;
ssl_certificate /etc/letsencrypt/live/laurt.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/laurt.com/privkey.pem;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
server_name www.laurt.com laurt.com;
location / {
root /var/www/html;
index index.html index.htm;
}
}
# vhost of nextcloud with proxy ①
server {
listen 443 ssl ;
ssl_certificate /etc/letsencrypt/live/laurt.com/fullchain.pem; ②
ssl_certificate_key /etc/letsencrypt/live/laurt.com/privkey.pem; ③
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS;
server_name cloud.laurt.com; ④
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://172.18.0.5:8888; ⑤
}
}
server {
listen 80;
server_name www.laurt.com laurt.com;
rewrite ^/(.*) https://laurt.com/$1 permanent;
}
}
说明
- 证书签发的pem文件②和③
- 设置域名④
- 设置反向代理(这里应该映射到本机端口或者使用socket,因为docker与宿主机是可以通信的,用了docker container的ip测试)⑤
* 反向代理可以直接使用127.0.0.1,这时docker容器需要绑定到宿主机端口
* 反向代理可以使用docker container 的ip (容器桥接且暴露端口)
* 反向代理可以使用套接字(性能应该是最好的)
启动测试
cd /usr/local/nginx
sudo ./nginx
2、SSL签名
免费CA网站
https://certbot.eff.org/#ubuntutyakkety-nginx
具体请参考网站说明
另外,csr证书有效期90天,需要定期续签
# ubuntu
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
sudo certbot certonly --webroot -w /var/www/html -d laurt.com -d www.laurt.com -d cloud.laurt.com
注意:
-w /var/www/html 是项目路径,与配置相同,certbot会在这个路径上创建一个.well-known路径以便认证CA访问来确定网站拥有权
-d 域名,一定是可达的,否则不成功提示dns问题
签署成功
签署成功后要把fullchain.pem文件和privkey.pem配置到nginx里(参考nginx配置文件的②和③)
启动测试
cd /usr/local/nginx
sudo ./nginx -s reload
3、编排nextcloud
安装docker-compose
** 国内用户建议使用迅雷等工具从github.com下载docker-compose **
使用compose进行编排
version: '2'
services:
nextcloud:
image: wonderfall/nextcloud
links:
- nextcloud-db:nextcloud-db # If using MySQL
#- solr:solr # If using Nextant
- redis:redis # If using Redis
environment:
- UID=1000
- GID=1000
- UPLOAD_MAX_SIZE=10G
- APC_SHM_SIZE=128M
- OPCACHE_MEM_SIZE=128
- CRON_PERIOD=15m
- TZ=Europe/Berlin
- ADMIN_USER=admin # Don't set to configure through browser
- ADMIN_PASSWORD=admin # Don't set to configure through browser
- DOMAIN=laurt.com
- DB_TYPE=mysql
- DB_NAME=nextcloud
- DB_USER=nextcloud
- DB_PASSWORD=supersecretpassword
- DB_HOST=nextcloud-db
volumes:
- /mnt/nextcloud/data:/data
- /mnt/nextcloud/config:/config
- /mnt/nextcloud/apps:/apps2
- /mnt/nextcloud/themes:/nextcloud/themes
expose:
- 8888
# ports:
# - 80:8888
# If using MySQL
nextcloud-db:
image: mariadb:10
volumes:
- /mnt/nextcloud/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=supersecretpassword
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=supersecretpassword
# If using Nextant
solr:
image: solr:6-alpine
container_name: solr
volumes:
- /mnt/nextcloud/solr:/opt/solr/server/solr/mycores
entrypoint:
- docker-entrypoint.sh
- solr-precreate
- nextant
# If using Redis
redis:
image: redis:alpine
container_name: redis
volumes:
- /mnt/nextcloud/redis:/data
这里使用作者的镜像进行的,具体细节请参考原作者的说明
https://store.docker.com/community/images/wonderfall/nextcloud
https://github.com/Wonderfall/dockerfiles/tree/master/nextcloud
需要说明的是,我nextcloud容器暴露了8888端口,并没有映射到宿主机,这时外部是无法进行访问,一般的做法是端口映射或者使用socket
ports :
- 80:8888
因为docker容器与宿主机可以通过docker0通信ip addr show docker0,其实宿主机是可以直接访问容器的(从宿主机到172.17.0.1到172.18.0.1到容器的172.18.0.5),但这么做不利于部署和迁移。
运行
与docker-compose.yml同级目录执行
sudo docker-compose up -d
查看
安装桌面客户端
如果使用nextcloud的桌面client配置始终出错,我不确定原因出在哪😔
下载地址:https://nextcloud.com/install/#install-clients
因为nextcloud是owncloud的fork版本,所以尝试使用owncloud的client进行连接
owncloud的client地址:https://owncloud.org/install/#install-clients
输入地址后输入账号密码即可连接服务器
安装移动客户端
可以直接从商店下载app,或者从源码自己构建
owncloud android源码:https://github.com/owncloud/android
owncloud ios源码:https://github.com/owncloud/ios
nextcloud android源码:https://github.com/nextcloud/android
nextcloud ios源码:https://github.com/nextcloud/ios
移动端构建部分抽空再发上来。
参考资料
- Nginx开发从入门到精通 http://tengine.taobao.org/book/
- Nextcloud 官方地址:https://nextcloud.com/install/#install-clients
- Owncloud 官方地址:https://owncloud.org/install/#install-clients
- docker-compose官方参考:https://docs.docker.com/compose/
