Различия

Показаны различия между двумя версиями страницы.

--- application:nextcloud [2025/03/02 17:09] – mirocow
+++ application:nextcloud [2025/11/28 07:56] (текущий) – 78.138.161.134
@@ Строка 3: / Строка 3: @@
 ====== Nextcloud ======
+  * /var/www/html - вная папка, необходимая для обновления
+  * /var/www/html/custom_apps - установленные/измененные приложения
+  * /var/www/html/config - локальная конфигурация
+  * /var/www/html/data - фактические данные вашего Nextcloud
+  * /var/www/html/themes/<YOUR_CUSTOM_THEME> - тематизация/брендинг
+====== Сборка ======
+<code bash>
+#!/bin/bash
+export PROD_V=9.04
+##################################################################################
+cd /opt
+git clone https://github.com/thomisus/Docker-DocumentServer.git --branch v$PROD_V
+cd /opt/Docker-DocumentServer
+docker build . -t onlyoffice-documentserver-unlimited:$PROD_V  && \
+docker tag onlyoffice-documentserver-unlimited:$PROD_V ghcr.io/thomisus/onlyoffice-documentserver-unlimited:$PROD_V && \
+docker tag onlyoffice-documentserver-unlimited:$PROD_V thomisus/onlyoffice-documentserver-unlimited:$PROD_V && \
+docker push ghcr.io/thomisus/onlyoffice-documentserver-unlimited:$PROD_V &&
+docker push thomisus/onlyoffice-documentserver-unlimited:$PROD_V && \
+docker tag onlyoffice-documentserver-unlimited:$PROD_V ghcr.io/thomisus/onlyoffice-documentserver-unlimited:latest && \
+docker tag onlyoffice-documentserver-unlimited:$PROD_V thomisus/onlyoffice-documentserver-unlimited:latest && \
+echo "all done" && \
+docker push ghcr.io/thomisus/onlyoffice-documentserver-unlimited:latest &&
+docker push thomisus/onlyoffice-documentserver-unlimited:latest
+</code>
+====== Установка ======
+  * https://github.com/nextcloud/docker
+  * https://hub.docker.com/_/nextcloud
 ===== Установка Onlyoffice + Drawio + Drawio Export =====
@@ Строка 29: / Строка 64: @@
       # - 192.168.1.6:443:443
     volumes:
+      - /etc/localtime:/etc/localtime:ro
       - proxy:/etc/nginx
-      - data:/var/www/html
+      - nextcloud:/var/www/html:r
+    deploy:
+        resources:
+            limits:
+                cpus: '1'
+                memory: 2G
   # docker exec -u www-data nextcloud-app php occ config:system:set trusted_domains 4 --value=178.140.10.58
@@ Строка 39: / Строка 79: @@
   # docker exec -u www-data nextcloud-app php occ upgrade
   app:
-    image: nextcloud:latest
+    image: nextcloud:31.0.8-apache
     container_name: nextcloud-app
     networks:
@@ Строка 49: / Строка 89: @@
       - db
       - redis
+      - cron
+      - es01
     volumes:
       - /etc/localtime:/etc/localtime:ro
-      - data:/var/www/html:z
+      - nextcloud:/var/www/html:rw
+      - crontabs:/cron-scripts:ro
     environment:
       - TZ=Europe/Moscow
@@ Строка 58: / Строка 101: @@
       - SKIP_DOMAIN_VALIDATION=true
     restart: unless-stopped
+    deploy:
+        resources:
+            limits:
+                cpus: '4'
+                memory: 10G
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:80/"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 90s
+  cron:
+    image: rcdailey/nextcloud-cronjob
+    restart: unless-stopped
+    network_mode: none
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - crontabs:/cron-scripts
+    environment:
+      - NEXTCLOUD_CONTAINER_NAME=nextcloud-app
+      - NEXTCLOUD_PROJECT_NAME=
+      - NEXTCLOUD_CRON_MINUTE_INTERVAL=5
+    deploy:
+        resources:
+            limits:
+                cpus: '1'
+                memory: 2G
   # http://nextcloud-drawio
@@ Строка 67: / Строка 139: @@
     expose:
       - '8080'
-    depends_on:
-      - image-export
     environment:
       - DRAWIO_SELF_CONTAINED=1
       - EXPORT_URL=http://image-export:8000/
+      - PLANTUML_URL=http://plantuml-server:8080/
       # - PLANTUML_URL=http://plantuml-server:8080/
       # - DRAWIO_BASE_URL=${DRAWIO_BASE_URL}
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://domain:8080 || exit 1"]
+      interval: 1m30s
+      timeout: 10s
+      retries: 5
+      start_period: 10s
+    deploy:
+        resources:
+            limits:
+                cpus: '2'
+                memory: 2G
   # http://image-export:8000/
@@ Строка 82: / Строка 164: @@
     expose:
       - "8000"
+    depends_on:
+      - drawio
     networks:
       nextcloud_network:
@@ Строка 89: / Строка 173: @@
       #- ./fonts:/usr/share/fonts/drawio
     restart: unless-stopped
+    # deploy:
+    #     resources:
+    #         limits:
+    #             cpus: '2'
+    #             memory: 2G
+  plantuml-server:
+    image: plantuml/plantuml-server
+    expose:
+      - "8080"
+    networks:
+      nextcloud_network:
+    depends_on:
+      - drawio
+    restart: unless-stopped
+    deploy:
+        resources:
+            limits:
+                cpus: '2'
+                memory: 2G
   # ONLYOFFICE Docs address: /ds-vpath/
   # ONLYOFFICE Docs address for internal requests from the server: /nextcloud-onlyoffice/
+  # This build of onlyoffice community edition ( documentserver ) has connections limits increased to 9999 ( instead of default 20 )
   onlyoffice:
     container_name: nextcloud-onlyoffice
-    image: onlyoffice/documentserver:latest
+    # image: onlyoffice/documentserver:9.0.4
+    image: thomisus/onlyoffice-documentserver-unlimited:9.0.4
+    stdin_open: true
+    tty: true
     environment:
       - JWT_SECRET=secret
@@ Строка 102: / Строка 210: @@
     expose:
       - '80'
-      # - '443'
     volumes:
       - document_data:/var/www/onlyoffice/Data
       - document_log:/var/log/onlyoffice
+    deploy:
-  cron:
+        resources:
-    image: nextcloud:latest
+            limits:
-    restart: unless-stopped
+                cpus: '2'
-    volumes:
+                memory: 2G
-      - /etc/localtime:/etc/localtime:ro
-      - data:/var/www/html:z
-    environment:
-      - TZ=Europe/Moscow
-    entrypoint: /cron.sh
-    depends_on:
-      - db
-      - redis
-    networks:
-      nextcloud_network:
   db:
@@ Строка 137: / Строка 234: @@
       - MYSQL_DATABASE=nextcloud
       - MYSQL_USER=nextcloud
+    ports:
+      - 13306:3306
     restart: unless-stopped
+    deploy:
+        resources:
+            limits:
+                cpus: '4'
+                memory: 8G
   redis:
     image: redis:alpine
     restart: unless-stopped
+    volumes:
+      - redis01:/data
+    deploy:
+        resources:
+            limits:
+                cpus: '1'
+                memory: 2G
     networks:
       nextcloud_network:
@@ Строка 172: / Строка 283: @@
     networks:
       nextcloud_network:
+    deploy:
+        resources:
+            limits:
+                cpus: '2'
+                memory: 4G
 volumes:
   proxy:
-  data:
+  nextcloud:
+  crontabs:
   db:
   document_data:
   document_log:
   data01:
+  redis01:
+  screenshoter:
 networks:
   nextcloud_network:
@@ Строка 218: / Строка 336: @@
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
+              '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
+              '"$http_user_agent" "$http_x_forwarded_for"';
     access_log  /var/log/nginx/access.log  main;
@@ Строка 249: / Строка 367: @@
         server_tokens off;
-        # Add headers to serve security related headers
+        # HSTS settings
-        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+        # WARNING: Only add the preload option once you read about
-        add_header X-Content-Type-Options nosniff;
+        # the consequences in https://hstspreload.org/. This option
-        add_header X-XSS-Protection "1; mode=block";
+        # will add the domain to a hardcoded list that is shipped
-        add_header X-Robots-Tag none;
+        # in all major browsers and getting removed from this list
-        add_header X-Download-Options noopen;
+        # could take several months.
-        add_header X-Permitted-Cross-Domain-Policies none;
+        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
-        root /var/www/html;
+        # set max upload size and increase upload timeout:
-        client_max_body_size 10G; # 0=unlimited - set max upload size
+        client_max_body_size 512M;
+        client_body_timeout 300s;
         fastcgi_buffers 64 4K;
-        gzip off;
+        # Enable gzip but do not remove ETag headers
+        gzip on;
+        gzip_vary on;
+        gzip_comp_level 4;
+        gzip_min_length 256;
+        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+        gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+        # Pagespeed is not supported by Nextcloud, so if your server is built
+        # with the `ngx_pagespeed` module, uncomment this line to disable it.
+        #pagespeed off;
+        # The settings allows you to optimize the HTTP2 bandwidth.
+        # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
+        # for tuning hints
+        client_body_buffer_size 512k;
+        # HTTP response headers borrowed from Nextcloud `.htaccess`
+        add_header Referrer-Policy                               "no-referrer"               always;
+        add_header X-Content-Type-Options                        "nosniff"                   always;
+        add_header X-Frame-Options                               "SAMEORIGIN"                always;
+        add_header X-Permitted-Cross-Domain-Policies             "none"                      always;
+        add_header X-Robots-Tag                                  "noindex, nofollow"         always;
+        add_header X-XSS-Protection                              "1; mode=block"             always;
+        # Remove X-Powered-By, which is an information leak
+        fastcgi_hide_header X-Powered-By;
+        # Set .mjs and .wasm MIME types
+        # Either include it in the default mime.types list
+        # and include that list explicitly or add the file extension
+        # only for Nextcloud like below:
+        include mime.types;
+        types {
+                text/javascript mjs;
+                application/wasm wasm;
+        }
+        # Specify how to handle directories -- specifying `/index.php$request_uri`
+        # here as the fallback means that Nginx always exhibits the desired behaviour
+        # when a client requests a path that corresponds to a directory that exists
+        # on the server. In particular, if that directory contains an index.php file,
+        # that file is correctly served; if it doesn't, then the request is passed to
+        # the front-end controller. This consistent behaviour means that we don't need
+        # to specify custom rules for certain paths (e.g. images and other assets,
+        # `/updater`, `/ocs-provider`), and thus
+        # `try_files $uri $uri/ /index.php$request_uri`
+        # always provides the desired behaviour.
+        index index.php index.html /index.php$request_uri;
+        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
+        #location = / {
+        #        if ( $http_user_agent ~ ^DavClnt ) {
+        #                return 302 /remote.php/webdav/$is_args$args;
+        #        }
+        #}
+        location = /robots.txt {
+                allow all;
+                log_not_found off;
+                access_log off;
+        }
+        # Make a regex exception for `/.well-known` so that clients can still
+        # access it despite the existence of the regex rule
+        # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+        # for `/.well-known`.
+        location ^~ /.well-known {
+                # The rules in this block are an adaptation of the rules
+                # in `.htaccess` that concern `/.well-known`.
+                location = /.well-known/carddav { return 301 /remote.php/dav/; }
+                location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+                location /.well-known/acme-challenge        { try_files $uri $uri/ =404; }
+                location /.well-known/pki-validation        { try_files $uri $uri/ =404; }
+                # Let Nextcloud's API for `/.well-known` URIs handle all other
+                # requests by passing them to the front-end controller.
+                return 301 /index.php$request_uri;
+        }
+        # Rules borrowed from `.htaccess` to hide certain paths from clients
+        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
+        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                                { return 404; }
         index index.php;
@@ Строка 270: / Строка 473: @@
                 client_max_body_size 100m;
                 proxy_http_version 1.1;
-                #proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Upgrade $http_upgrade;
-                #proxy_set_header Connection "upgrade";
+                proxy_set_header Connection "upgrade";
                 proxy_set_header Host $http_host;
                 proxy_set_header X-Real-IP $remote_addr;
-                #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                #proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
+                proxy_set_header X-Forwarded-Host $the_host;
-                #proxy_set_header X-Forwarded-Proto $the_scheme;
+                proxy_set_header X-Forwarded-Proto $the_scheme;
+                # Correct handling of fallbacks for HTTP headers
+                proxy_hide_header X-Permitted-Cross-Domain-Policies;
+                proxy_hide_header  Referrer-Policy;
+                proxy_hide_header  X-Content-Type-Options;
+                proxy_hide_header  X-Frame-Options;
+                proxy_hide_header  X-XSS-Protection;
         }
-        # onlyoffice
         location ~* ^/ds-vpath/ {
                 rewrite /ds-vpath/(.*) /$1  break;
@@ Строка 293: / Строка 501: @@
                 proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
                 proxy_set_header X-Forwarded-Proto $the_scheme;
+                # Correct handling of fallbacks for HTTP headers
+                proxy_hide_header X-Permitted-Cross-Domain-Policies;
+                proxy_hide_header  Referrer-Policy;
+                proxy_hide_header  X-Content-Type-Options;
+                proxy_hide_header  X-Frame-Options;
+                proxy_hide_header  X-XSS-Protection;
         }
-        # drawio
         location ~* ^/drawio/ {
                 rewrite /drawio/(.*) /$1  break;
@@ Строка 310: / Строка 523: @@
                 #proxy_set_header X-Forwarded-Proto $the_scheme;
         }
-        # drawio-export PDF
         location /service/0 {
                 rewrite /\/service\/0/(.*) /$1  break;
@@ Строка 326: / Строка 538: @@
                 #proxy_set_header X-Forwarded-Proto $the_scheme;
         }
     }
 }
+</code>
+===== Продолжение настройки =====
+<code bash>
+$ docker exec nextcloud-app rm /var/spool/cron/crontabs/www-data
 </code>
@@ Строка 381: / Строка 598: @@
 ===== Composer =====
+==== Install ====
+<code bash>
+$ docker exec nextcloud-app php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && \
+docker exec nextcloud-app php composer-setup.php && \
+docker exec nextcloud-app mv composer.phar /usr/local/bin/composer && \
+docker exec nextcloud-app composer -v
+</code>
+==== Использование ====
 <code bash>
@@ Строка 386: / Строка 614: @@
 $ docker exec -u www-data nextcloud-app bash -c 'cd /var/www/html/custom_apps/backup && composer install'
 </code>
+===== User Data =====
+<code bash>
+$ docker exec -u www-data nextcloud-app bash -c 'cd /var/www/html/data && ls -la'
+</code>
+===== Custom Application =====
+<code bash>
+$ docker exec nextcloud-app chown www-data:www-data -R custom_apps/
+$ docker exec -u www-data nextcloud-app bash -c 'cd /var/www/html/custom_apps && ls -la'
+</code>
+===== Debug =====
+<code bash>
+$ docker exec nextcloud-app pecl install xdebug && \
+docker exec nextcloud-app docker-php-ext-enable xdebug && \
+docker exec nextcloud-app rm -rf /tmp/pear && \
+docker exec nextcloud-app bash -c 'echo "xdebug.mode=debug
+xdebug.start_with_request=yes
+xdebug.client_host=host.docker.internal
+;# 9003 is now the default (set this for old PhpStorm settings).
+xdebug.client_port=9000" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini;'; \
+    php -i|grep xdebug
+</code>