1.安装docker
安装依赖包
yum -y install gcc gcc-c++ yum-utils device-mapper-persistent-data lvm2
设置stable镜像仓库
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
或
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
更新yum软件包索引
yum makecache fast
建立数据缓存
安装docker
安装指定版本:
yum list docker-ce.x86_64 --showduplicates | sort -r //从高到低列出Docker-ce的版本
例如:
yum install docker-ce-18.09.6 docker-ce-cli-18.09.6 containerd.io
或
yum install docker-ce docker-ce-cli containerd.io
安装最新版本docker:
yum -y install docker-ce
安装完后启动docker
systemctl enable docker && systemctl start docker
配置docker开机自启并启动docker
配置docker 加速,修改/etc/docker/daemon.json
如vim /etc/docker/daemon.json
cat > /etc/docker/daemon.json<<EOF
{
"registry-mirrors": ["https://1o3kv4j3.mirror.aliyuncs.com"]
}
EOF
修改daemon.json文件
重启docker
systemctl daemon-reload && systemctl restart docker
2.安装docker-compose
安装wget软件
yum install -y wget
安装rpel7源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
更新yum包索引
yum makecache fast
安装docker-compose
yum install docker-compose -y
3.使用docker-compose 拉取镜像
1.在根目录创建/docker-compose目录
mkdir /docker-compose
2.安装vim编辑器,使用vim 编辑docker-compose.yaml文件
yum install vim -y
vim /docker-compose/docker-compose.yaml
编辑docker-compose.yaml以下内容
version: '3'
services:
db:
image: mariadb:10.6
container_name: nextcloud_db
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW --innodb_read_only_compressed=0
restart: always
volumes:
- ./db:/var/lib/mysql:Z
environment:
- MARIADB_AUTO_UPGRADE=1
- MARIADB_DISABLE_UPGRADE_BACKUP=1
env_file:
- db.env
redis:
image: redis:alpine
container_name: nextcloud_redis
restart: always
app:
image: nextcloud:26-fpm
container_name: nextcloud_app
restart: always
volumes:
- ./nextcloud:/var/www/html:z
environment:
- REDIS_HOST=redis
env_file:
- db.env
depends_on:
- db
- redis
web:
image: nginx:alpine
container_name: nextcloud_web
restart: always
ports:
- 80:80
- 443:443
volumes:
- ./nextcloud:/var/www/html:z,ro
- ./nginx/log:/var/log/nginx:rw
- ./nginx/conf.d:/etc/nginx/conf.d:rw
- ./nginx/cert:/etc/nginx/cert:ro
depends_on:
- app
cron:
image: nextcloud:26-fpm
container_name: nextcloud_cron
restart: always
volumes:
- ./nextcloud:/var/www/html:z
entrypoint: /cron.sh
depends_on:
- db
- redis
onlyoffice:
image: onlyoffice/documentserver
container_name: onlyoffice
restart: always
ports:
- 9000:443
volumes:
- ./ssl/onlyoffice.crt:/var/www/onlyoffice/Data/certs/onlyoffice.crt
- ./ssl/onlyoffice.key:/var/www/onlyoffice/Data/certs/onlyoffice.key
volumes:
db:
nextcloud:
添加db.env文件,配置数据用户名及密码
cd /docker-compose //进入docker-compose目录
vim db.env //新建编辑db.env内容,建立如下内容
MYSQL_ROOT_PASSWORD=root123
MYSQL_PASSWORD=nextcloud123
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud
//以上代码定义mysql的root账户密码、用户、数据库等
3.添加nginx文件 及自签证书
创建目录nginx目录
mkdir -p /docker-compose/nginx/conf.d
mkdir -p /docker-compose/nginx/cert
创建编辑nginx配置文件default.conf
vim /docker-compose/nginx/conf.d/default.conf
新增并编辑如下内容
upstream php-handler {
server app:9000;
#server unix:/var/run/php/php7.4-fpm.sock;
}
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server {
listen 80;
listen [::]:80;
server_name localhost;
# Prevent nginx HTTP Server Detection
server_tokens off;
# Enforce HTTPS
return 301 https://$127.0.0.1$request_uri;
# rewrite ^(.*)https://server_name$1 permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name localhost;
# Path to the root of your installation
root /var/www/html;
# Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
ssl_certificate /etc/nginx/cert/server.crt;
ssl_certificate_key /etc/nginx/cert/server.key;
# Prevent nginx HTTP Server Detection
server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
# set max upload size and increase upload timeout:
client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# The settings allows you to optimize the HTTP2 bandwitdth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tunning hints
client_body_buffer_size 512k;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
创建自签证书文件
cd /docker-compose/nginx/cert
openssl genrsa -out server.key 2048 //创建私钥
openssl req -new -key server.key -out server.csr //创建CSR
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt //使用私钥和CSR签发证书
4.配置onlyoffice自签证书
直接复制nginx的自签证书改名即可
mkdir -p /docker-composer/ssl
cp /docker-composer/nginx/cert/server.crt /docker-composer/ssl/onlyoffice.crt
cp /docker-composer/nginx/cert/server.key /docker-composer/ssl/onlyoffice.crt
5.启动docker服务
docker-compose up -d
创建镜像中
6.检查docker镜像是否创建成功
6.1检查docker镜像是否成功运行
docker ps -a
6.2浏览器分别验证nextcloud、onlyoffice
6.2.1验证nextcloud并配置登录
输入https://服务器ip地址
数据库用户:nextcloud
数据库密码:nextcloud123
数据库名:nextcloud
数据库主机:db
nextcloud启动成功
6.2.2验证onlyoffice
显示此页面代表onlyoffice部署成功
7.nextcloud连接onlyoffice
7.1配置代理连接应用商城
修改config.php文件
vim /docker-compose/nextcloud/config/config.php
在最后面添加如下内容:
'appstoreenabled' => true,
'appstoreurl' => 'https://www.orcy.net/ncapps/v2/',
wq保存重新刷新浏览器即可
7.2安装onlyoffice插件
下载安装onlyoffice插件即可
7.3修改nextcloud配置文件,使能https连接
编辑config.php文件,添加如下内容
'onlyoffice' =>
array (
'verify_peer_off' => true,
)
7.4onlyoffice修改https配置文件
7.4.1进入onlyoffice容器
docker exec -it onlyoffice /bin/bash
7.4.2修改default.json文件rejectUnauthorized值为false
sed -i 's/\"rejectUnauthorized\"\: true/\"rejectUnauthorized\"\: false/g' /etc/onlyoffice/documentserver/default.json
7.4.3验证是否修改成功
输入:
cat /etc/onlyoffice/documentserver/default.json | grep "rejectUnauthorized"
显示false表示修改成功
exit //退出容器
7.4.3重启onlyoffice容器
docker restart onlyoffice
7.5Nextcloud连接onlyoffice
nextcloud页面找到onlyoffice插件,配置onlyoffice地址,输入https:服务器ip地址:9000
并关闭证书效验,点击保存即可
此页面代表nextcloud连接onlyoffice成功,尽情使用把