Nextcloud
- /var/www/html - Основная папка, необходимая для обновления
- /var/www/html/custom_apps - установленные/измененные приложения
- /var/www/html/config - локальная конфигурация
- /var/www/html/data - фактические данные вашего Nextcloud
- /var/www/html/themes/<YOUR_CUSTOM_THEME> - тематизация/брендинг
Установка
Установка Onlyoffice + Drawio + Drawio Export
nano docker_compose.yml
version: '3' services: # http://192.168.1.6 nginx: container_name: nextcloud-proxy image: nginx:latest restart: always networks: localnetwork: ipv4_address: "192.168.1.6" nextcloud_network: depends_on: - app - drawio - onlyoffice ports: - 192.168.1.6:80:80 # - 192.168.1.6:443:443 volumes: - /etc/localtime:/etc/localtime:ro - proxy:/etc/nginx - nextcloud:/var/www/html:r # docker exec -u www-data nextcloud-app php occ config:system:set trusted_domains 4 --value=178.140.10.58 # docker exec -u www-data nextcloud-app php occ --no-warnings config:system:set onlyoffice DocumentServerUrl --value="/ds-vpath/" # docker exec -u www-data nextcloud-app php occ --no-warnings config:system:set onlyoffice DocumentServerInternalUrl --value="http://onlyoffice-document-server/" # docker exec -u www-data nextcloud-app php occ --no-warnings config:system:set onlyoffice jwt_secret --value="secret" # docker exec -u www-data nextcloud-app php occ upgrade app: image: nextcloud:30.0-apache container_name: nextcloud-app networks: nextcloud_network: expose: - '80' - '9000' depends_on: - db - redis volumes: - /etc/localtime:/etc/localtime:ro - nextcloud:/var/www/html:rw # Основная папка, необходимая для обновления #- nextcloud_custom_apps:/var/www/html/custom_apps:rw # установленные/измененные приложения #- nextcloud_config:/var/www/html/config:rw # локальная конфигурация #- nextcloud_data:/var/www/html/data:rw # фактические данные вашего Nextcloud #- nextcloud_themes:/var/www/html/themes:rw # тематизация/брендинг environment: - TZ=Europe/Moscow - MYSQL_HOST=db - REDIS_HOST=redis - SKIP_DOMAIN_VALIDATION=true restart: unless-stopped deploy: resources: limits: cpus: '3' memory: 7G healthcheck: test: ["CMD", "curl", "-f", "http://localhost:80/"] interval: 10s timeout: 5s retries: 3 start_period: 90s # http://nextcloud-drawio drawio: image: jgraph/drawio:dev container_name: nextcloud-drawio networks: nextcloud_network: expose: - '8080' depends_on: - image-export environment: - DRAWIO_SELF_CONTAINED=1 - EXPORT_URL=http://image-export:8000/ # - PLANTUML_URL=http://plantuml-server:8080/ # - DRAWIO_BASE_URL=${DRAWIO_BASE_URL} restart: unless-stopped # http://image-export:8000/ image-export: image: jgraph/export-server container_name: nextcloud-drawio-export expose: - "8000" networks: nextcloud_network: # environment: # - DRAWIO_SERVER_URL=${DRAWIO_BASE_URL} #volumes: #- ./fonts:/usr/share/fonts/drawio restart: unless-stopped # ONLYOFFICE Docs address: /ds-vpath/ # ONLYOFFICE Docs address for internal requests from the server: /nextcloud-onlyoffice/ onlyoffice: container_name: nextcloud-onlyoffice image: onlyoffice/documentserver:latest environment: - JWT_SECRET=secret networks: nextcloud_network: restart: unless-stopped expose: - '80' # - '443' volumes: - document_data:/var/www/onlyoffice/Data - document_log:/var/log/onlyoffice cron: image: rcdailey/nextcloud-cronjob restart: unless-stopped network_mode: none depends_on: - app volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - crontabs:/cron-scripts environment: - NEXTCLOUD_CONTAINER_NAME=nextcloud-app - NEXTCLOUD_PROJECT_NAME= - NEXTCLOUD_CRON_MINUTE_INTERVAL=5 db: image: mariadb:11.4.5 container_name: nextcloud-mariadb command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW networks: nextcloud_network: volumes: - /etc/localtime:/etc/localtime:ro - db:/var/lib/mysql:rw environment: - TZ=Europe/Moscow - MYSQL_ROOT_PASSWORD=toor - MYSQL_PASSWORD=mysql - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud ports: - 13306:3306 restart: unless-stopped deploy: resources: limits: cpus: '2' memory: 4G redis: image: redis:alpine restart: unless-stopped deploy: resources: limits: cpus: '1' memory: 2G networks: nextcloud_network: es01: image: elasticsearch:8.17.2 container_name: nextcloud-es01 restart: always environment: node.name: elasticsearch bootstrap.memory_lock: true ES_JAVA_OPTS: -Xms512m -Xmx512m xpack.security.enabled: false # Bootstrap password. # Used to initialize the keystore during the initial startup of # Elasticsearch. Ignored on subsequent runs. # ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-pass} # Use single node discovery in order to disable production mode and avoid bootstrap checks. # see: https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html discovery.type: single-node ulimits: memlock: soft: -1 hard: -1 volumes: - data01:/usr/share/elasticsearch/data expose: - 9200 - 9300 networks: nextcloud_network: volumes: proxy: nextcloud: crontabs: db: document_data: document_log: data01: networks: nextcloud_network: localnetwork: name: localnetwork driver: ipvlan driver_opts: parent: eno1 ipvlan_mode: l3 ipam: config: - subnet: "192.168.1.0/24" ip_range: "192.168.1.1/24" gateway: "192.168.1.1"
Настройка прокси-сервера
nano /etc/nginx/nginx.conf
user www-data; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; map $http_host $this_host { "" $host; default $http_host; } map $http_x_forwarded_proto $the_scheme { default $http_x_forwarded_proto; "" $scheme; } map $http_x_forwarded_host $the_host { default $http_x_forwarded_host; "" $this_host; } server { listen 80; # The below allows for being behind a reverse proxy and allowing the Nextcloud app to connect server_tokens off; # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always; # set max upload size and increase upload timeout: client_max_body_size 512M; client_body_timeout 300s; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; # The settings allows you to optimize the HTTP2 bandwidth. # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/ # for tuning hints client_body_buffer_size 512k; # HTTP response headers borrowed from Nextcloud `.htaccess` add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; # Set .mjs and .wasm MIME types # Either include it in the default mime.types list # and include that list explicitly or add the file extension # only for Nextcloud like below: include mime.types; types { text/javascript mjs; application/wasm wasm; } # Specify how to handle directories -- specifying `/index.php$request_uri` # here as the fallback means that Nginx always exhibits the desired behaviour # when a client requests a path that corresponds to a directory that exists # on the server. In particular, if that directory contains an index.php file, # that file is correctly served; if it doesn't, then the request is passed to # the front-end controller. This consistent behaviour means that we don't need # to specify custom rules for certain paths (e.g. images and other assets, # `/updater`, `/ocs-provider`), and thus # `try_files $uri $uri/ /index.php$request_uri` # always provides the desired behaviour. index index.php index.html /index.php$request_uri; # Rule borrowed from `.htaccess` to handle Microsoft DAV clients #location = / { # if ( $http_user_agent ~ ^DavClnt ) { # return 302 /remote.php/webdav/$is_args$args; # } #} location = /robots.txt { allow all; log_not_found off; access_log off; } # Make a regex exception for `/.well-known` so that clients can still # access it despite the existence of the regex rule # `location ~ /(\.|autotest|...)` which would otherwise handle requests # for `/.well-known`. location ^~ /.well-known { # The rules in this block are an adaptation of the rules # in `.htaccess` that concern `/.well-known`. location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; } location /.well-known/acme-challenge { try_files $uri $uri/ =404; } location /.well-known/pki-validation { try_files $uri $uri/ =404; } # Let Nextcloud's API for `/.well-known` URIs handle all other # requests by passing them to the front-end controller. return 301 /index.php$request_uri; } # Rules borrowed from `.htaccess` to hide certain paths from clients location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } index index.php; location / { proxy_pass http://nextcloud-app; proxy_redirect off; client_max_body_size 100m; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $the_host; proxy_set_header X-Forwarded-Proto $the_scheme; # Correct handling of fallbacks for HTTP headers proxy_hide_header X-Permitted-Cross-Domain-Policies; proxy_hide_header Referrer-Policy; proxy_hide_header X-Content-Type-Options; proxy_hide_header X-Frame-Options; proxy_hide_header X-XSS-Protection; } location ~* ^/ds-vpath/ { rewrite /ds-vpath/(.*) /$1 break; proxy_pass http://nextcloud-onlyoffice; proxy_redirect off; client_max_body_size 100m; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $the_host/ds-vpath; proxy_set_header X-Forwarded-Proto $the_scheme; # Correct handling of fallbacks for HTTP headers proxy_hide_header X-Permitted-Cross-Domain-Policies; proxy_hide_header Referrer-Policy; proxy_hide_header X-Content-Type-Options; proxy_hide_header X-Frame-Options; proxy_hide_header X-XSS-Protection; } location ~* ^/drawio/ { rewrite /drawio/(.*) /$1 break; proxy_pass http://nextcloud-drawio:8080; proxy_redirect off; client_max_body_size 100m; proxy_http_version 1.1; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection "upgrade"; #proxy_set_header Host $http_host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Host $the_host/ds-vpath; #proxy_set_header X-Forwarded-Proto $the_scheme; } location /service/0 { rewrite /\/service\/0/(.*) /$1 break; proxy_pass http://nextcloud-drawio-export:8000; proxy_redirect off; client_max_body_size 100m; proxy_http_version 1.1; #proxy_set_header Upgrade $http_upgrade; #proxy_set_header Connection "upgrade"; #proxy_set_header Host $http_host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Host $the_host/ds-vpath; #proxy_set_header X-Forwarded-Proto $the_scheme; } } }
Продолжение настройки
$ docker exec nextcloud-app rm /var/spool/cron/crontabs/www-data
Установка контейнера и настройка приложения
$ docker compose up -d $ docker exec -u www-data nextcloud-app php occ config:system:set trusted_domains 4 --value=178.140.10.58 $ docker exec -u www-data nextcloud-app php occ app:install onlyoffice $ docker exec -u www-data nextcloud-app php occ --no-warnings config:system:set onlyoffice DocumentServerUrl --value="/ds-vpath/" $ docker exec -u www-data nextcloud-app php occ --no-warnings config:system:set onlyoffice DocumentServerInternalUrl --value="http://nextcloud-onlyoffice/" $ docker exec -u www-data nextcloud-app php occ --no-warnings config:system:set onlyoffice jwt_secret --value="secret"
- trusted_domains 1 - Индекс в массиве trusted_domains
Fulltextsearch + Elasticsearch
$ docker exec nextcloud-app curl -XGET 'nextcloud-es01:9200/?pretty' $ docker exec -u www-data nextcloud-app php occ fulltextsearch:test $ docker exec -u www-data nextcloud-app php occ full:index
OCC
$ docker exec -u www-data nextcloud-app php occ config:app:set calendar publicCalendars --value '[{"name":"My custom calendar","source":"http://example.com/example.ics"}]' $ docker exec -u www-data nextcloud-app php occ config:app:set dav calendarSubscriptionRefreshRate --value "PT6H" $ docker exec -u www-data nextcloud-app php occ config:app:set dav webcalAllowLocalAccess --value yes $ docker exec -u www-data nextcloud-app php occ upgrade $ docker exec nextcloud-app php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" $ docker exec nextcloud-app php composer-setup.php $ docker exec nextcloud-app mv /var/www/html/composer.phar /usr/local/bin/composer $ docker exec nextcloud-app chmod +x /usr/local/bin/composer
Maintenance
$ docker exec -u www-data nextcloud-app php occ maintenance:mode --on $ docker exec -u www-data nextcloud-app php occ maintenance:mode --off
Logfile
$ docker exec -u www-data nextcloud-app bash -c 'cd /var/www/html/data && echo "" > nextcloud.log'
Composer
Install
$ docker exec nextcloud-app php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && \ docker exec nextcloud-app php composer-setup.php && \ docker exec nextcloud-app mv composer.phar /usr/local/bin/composer && \ docker exec nextcloud-app composer -v
Использование
$ docker exec -u www-data nextcloud-app bash -c 'cd /var/www/html && ls -la' $ docker exec -u www-data nextcloud-app bash -c 'cd /var/www/html/custom_apps/backup && composer install'
User Data
$ docker exec -u www-data nextcloud-app bash -c 'cd /var/www/html/data && ls -la'
Custom Application
$ docker exec nextcloud-app chown www-data:www-data -R custom_apps/ $ docker exec -u www-data nextcloud-app bash -c 'cd /var/www/html/custom_apps && ls -la'
Debug
$ docker exec nextcloud-app pecl install xdebug && \ docker exec nextcloud-app docker-php-ext-enable xdebug && \ docker exec nextcloud-app rm -rf /tmp/pear && \ docker exec nextcloud-app bash -c 'echo "xdebug.mode=debug xdebug.start_with_request=yes xdebug.client_host=host.docker.internal ;# 9003 is now the default (set this for old PhpStorm settings). xdebug.client_port=9000" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini;'; \ php -i|grep xdebug