我使用Docker和Docker Compose成功安装了Nextcloud 13.0。
这是Nextcloud的Docker映像的GitHub存储库:https://github.com/nextcloud/docker
我正在尝试将NGINX(不在Docker容器中)配置为代理,以通过dl.example.com访问我的Nextcloud安装(在Docker容器中)。我已经使用Docker创建了一个外部网络。访问dl.example.com时,我得到一个空白页。
创建了static_external网络:
docker network create -d bridge --subnet=192.168.100.0/24 static_external
docker-compose.yml
version: '3'
volumes:
nextcloud:
db:
services:
db:
image: mariadb
env_file:
- .env
restart: always
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
app:
image: nextcloud:${NEXTCLOUD_VERSION}
env_file:
- .env
networks:
net:
ipv4_address: 192.168.100.10
links:
- db
volumes:
- nextcloud:/var/www/html
- ./data:/var/www/html/data:rw
environment:
- NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
- NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
- NEXTCLOUD_TABLE_PREFIX=${NEXTCLOUD_TABLE_PREFIX}
- NEXTCLOUD_DATA_DIR=${NEXTCLOUD_DATA_DIR}
restart: always
networks:
net:
external:
name: static_external
NGINX conf
upstream php-handler {
server 127.0.0.1:9000;
}
upstream docker-proxy {
server 192.168.100.10;
}
server {
server_name dl.example.com;
etag off;
server_tokens off;
# Path to certificates; The server certificate must come first in the file,
# followed by all required intermediate certificates, but excluding the root.
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
# Path to the private key used to create the server certificate.
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/nginx/conf.d/includes/https.conf;
include /etc/nginx/conf.d/includes/headers.conf;
# Turn on OCSP response validation.
ssl_stapling_verify on;
# Path to the full chain certificate required to verify OCSP responses;
# The file must contain all the intermediate certificates, including the root.
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
# rewrite ^/.well-known/host-meta /nextcloud/public.php?service=host-meta
# last;
#rewrite ^/.well-known/host-meta.json
# /nextcloud/public.php?service=host-meta-json last;
location = /.well-known/carddav {
return 301 $scheme://$host/nextcloud/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/nextcloud/remote.php/dav;
}
location /.well-known/acme-challenge { }
location ^~ /nextcloud {
proxy_pass http://docker-proxy;
proxy_set_header Host $host;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/$
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location /nextcloud {
rewrite ^ /nextcloud/index.php$request_uri;
}
location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
proxy_pass http://docker-proxy;
proxy_set_header Host $host;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/nextcloud/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
proxy_pass http://docker-proxy;
proxy_set_header Host $host;
try_files $uri /nextcloud/index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended
# to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read
# into this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
proxy_pass http://docker-proxy;
proxy_set_header Host $host;
try_files $uri /nextcloud/index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
location / {
autoindex off;
proxy_pass http://docker-proxy;
proxy_set_header Host $host;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
}
}
谢谢!