我在设置 docker 镜像时遇到了很多麻烦:
collabora/code:latestCollabora Online server is reachable.https://code.foo.tldcodeDocument loading failed - Failed to load Nextcloud Office - please try again later我可以到达
https://code.foo.tld/hosting/discoveryhttps://code.foo.tld/hosting/capabilitieshttps://code.foo.tld/coolhttps://code.foo.tld/cool/adminwshttps://code.foo.tld以下片段中的不必要/私人信息要么被省略,要么被随机单词/字母替换。
Ready to accept connections on port 9980.
dateTtime.num0Z
wsd-num1-num2 date time.num3 +0000 [ websrv_poll ] WRN convert-to: Requesting address is denied: z.z.z.z| wsd/COOLWSD.cpp:3507
wsd-num1-num1 date time.num4 +0000 [ coolwsd ] WRN Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:727
version: "3.9"
services:
reverse-proxy:
image: "nginx:stable-alpine"
container_name: "reverse-proxy"
networks:
frontend:
ipv4_address: "x.x.x.x"
backend:
ipv4_address: "y.y.y.y"
hostname: "reverse-proxy"
"..."
nextcloud-webserver:
image: "nginx:stable-alpine"
"..."
nextcloud:
image: "nextcloud:stable-fpm-alpine"
"..."
networks:
frontend:
ipv4_address: "x.x.x.x"
backend:
ipv4_address: "y.y.y.y"
"..."
nextcloud-database:
image: "yobasystems/alpine-mariadb"
"..."
code-web:
image: "nginx:stable-alpine"
container_name: "code-web"
networks:
backend:
ipv4_address: "y.y.y.y"
hostname: "code-web"
depends_on:
- "code"
"..."
code:
image: "collabora/code:latest"
container_name: "code"
networks:
frontend:
ipv4_address: "x.x.x.x"
backend:
ipv4_address: "y.y.y.y"
hostname: "code"
restart: "always"
env_file:
- "~/dock/code/code.env"
networks:
frontend:
internal: false
ipam:
config:
- subnet: "x.x.x.x/x"
gateway: "x.x.x.x"
backend:
internal: true
ipam:
config:
- subnet: "y.y.y.y/y"
gateway: "y.y.y.y"
aliasgroup1="https://nextcloud.foo.tld:443"
DONT_GEN_SSL_CERT="true"
extra_params="--o:ssl.enable=false --o:ssl.termination=true"
password='password'
server_name="hostname-app"
username="username"
这些是相关的 nginx 配置。很多内容被遗漏,任何包含语句都被它们包含的文件替换。
# https://nginx.org/en/docs/ngx_core_module.html#worker_processes
worker_processes auto;
# https://nginx.org/en/docs/ngx_core_module.html#error_log
error_log /var/log/nginx/error.log;
# https://nginx.org/en/docs/ngx_core_module.html#pid
pid /run/nginx.pid;
# https://nginx.org/en/docs/ngx_core_module.html#include
include /usr/share/nginx/modules/*.conf;
# https://nginx.org/en/docs/ngx_core_module.html#events
events {
# https://nginx.org/en/docs/ngx_core_module.html#worker_connections
worker_connections 1024;
}
# https://nginx.org/en/docs/http/ngx_http_core_module.html#http
http {
# https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
access_log /var/log/nginx/access.log combined;
# https://nginx.org/en/docs/ngx_core_module.html#include
include /etc/nginx/mime.types;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#default_type
default_type application/octet-stream;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#server
server {
# https://nginx.org/en/docs/http/ngx_http_core_module.html#listen
listen 443 ssl http2;
listen [::]:443 ssl http2;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
ssl_protocols TLSv1.3;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM';
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve
ssl_ecdh_curve secp384r1;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers
ssl_prefer_server_ciphers on;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam
ssl_dhparam /etc/nginx/certs/dhparam.pem;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache
ssl_session_cache shared:SSL:10m;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout
ssl_session_timeout 10m;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
ssl_session_tickets off;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
ssl_stapling on;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling_verify
ssl_stapling_verify on;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_verify_client
ssl_verify_client on;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate
ssl_client_certificate /etc/nginx/certs/authenticated_origin_pull_ca.pem;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate
ssl_trusted_certificate /etc/nginx/certs/origin_ca_ecc_root.pem;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
ssl_certificate /etc/nginx/certs/foo.tld.pem;
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate_key
ssl_certificate_key /etc/nginx/certs/foo.tld.key;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name
server_name code.foo.tld;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#location
location / {
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version
proxy_http_version 1.1;
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_bypass
proxy_cache_bypass $http_upgrade;
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout
proxy_read_timeout 90;
# https://docs.oracle.com/en-us/iaas/Content/Balance/Reference/httpheaders.htm
proxy_set_header X-Real-IP $remote_addr;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
proxy_set_header X-Forwarded-Proto $scheme;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
proxy_set_header Host $host;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
proxy_set_header X-Forwarded-Host $host;
# https://docs.oracle.com/en-us/iaas/Content/Balance/Reference/httpheaders.htm
proxy_set_header X-Forwarded-Port $server_port;
# https://nginx.org/en/docs/http/websocket.html
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade
proxy_set_header Upgrade $http_upgrade;
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection
proxy_set_header Connection 'upgrade';
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
proxy_pass http://hostname-web:80/;
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect
proxy_redirect http://hostname-web:80 https://code.foo.tld;
}
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
add_header Strict-Transport-Security "max-age=15780000; includeSubDomains; preload" always;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
add_header X-XSS-Protection "1; mode=block";
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
add_header X-Content-Type-Options nosniff;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens
server_tokens off;
# https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip
gzip off;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile
sendfile on;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush
tcp_nopush on;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nodelay
tcp_nodelay on;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
keepalive_timeout 65;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#types_hash_max_size
types_hash_max_size 4096;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
client_max_body_size 0;
}
# https://nginx.org/en/docs/http/ngx_http_core_module.html#server
server {
# https://nginx.org/en/docs/http/ngx_http_core_module.html#listen
listen 80;
listen [::]:80;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name
server_name _;
# https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return
return 301 https://$host$request_uri;
}
}
# https://nginx.org/en/docs/ngx_core_module.html#worker_processes
worker_processes auto;
# https://nginx.org/en/docs/ngx_core_module.html#error_log
error_log /var/log/nginx/error.log;
# https://nginx.org/en/docs/ngx_core_module.html#pid
pid /run/nginx.pid;
# https://nginx.org/en/docs/ngx_core_module.html#include
include /usr/share/nginx/modules/*.conf;
# https://nginx.org/en/docs/ngx_core_module.html#events
events {
# https://nginx.org/en/docs/ngx_core_module.html#worker_connections
worker_connections 1024;
}
# https://nginx.org/en/docs/http/ngx_http_core_module.html#http
http {
# https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
access_log /var/log/nginx/access.log combined;
# https://nginx.org/en/docs/ngx_core_module.html#include
include /etc/nginx/mime.types;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#default_type
default_type application/octet-stream;
#https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-settings-in-nginx-config-ssl-termination
########## START collabora ##########
# https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server
server {
# https://nginx.org/en/docs/http/ngx_http_core_module.html#listen
listen 80 default_server;
listen [::]:80 default_server;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#server_name
server_name sub.foo.tld;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#location
## STATIC FILES ##
# https://nginx.org/en/docs/http/ngx_http_core_module.html#location
location ^~ /browser {
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
proxy_pass http://hostname-app:9980;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
proxy_set_header Host $http_host;
}
## WOPI DISCOVERY URL ##
# https://nginx.org/en/docs/http/ngx_http_core_module.html#location
location ^~ /hosting/discovery {
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
proxy_pass http://hostname-app:9980;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
proxy_set_header Host $http_host;
}
## CAPABILITIES ##
# https://nginx.org/en/docs/http/ngx_http_core_module.html#location
location ^~ /hosting/capabilities {
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
proxy_pass http://hostname-app:9980;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
proxy_set_header Host $http_host;
}
## DOWNLOAD, PRESENTATION & IMAGE UPLOAD ##
# https://nginx.org/en/docs/http/ngx_http_core_module.html#location
location ~ ^/(c|l)ool {
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
proxy_pass http://hostname-app:9980;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
proxy_set_header Host $http_host;
}
## MAIN WEBSOCKET ##
# https://nginx.org/en/docs/http/ngx_http_core_module.html#location
location ~ ^/cool/(.*)/ws$ {
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
proxy_pass http://hostname-app:9980;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
proxy_set_header Host $http_host;
# https://nginx.org/en/docs/http/websocket.html
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade
proxy_set_header Upgrade $http_upgrade;
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection
proxy_set_header Connection "Upgrade";
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout
proxy_read_timeout 36000s;
}
## ADMIN CONSOLE WEBSOCKET ##
# https://nginx.org/en/docs/http/ngx_http_core_module.html#location
location ^~ /cool/adminws {
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
proxy_pass http://hostname-app:9980;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
proxy_set_header Host $http_host;
# https://nginx.org/en/docs/http/websocket.html
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade
proxy_set_header Upgrade $http_upgrade;
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection
proxy_set_header Connection "Upgrade";
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout
proxy_read_timeout 36000s;
}
########## END collabora ##########
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
add_header X-XSS-Protection "1; mode=block";
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
add_header X-Content-Type-Options nosniff;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
add_header Referrer-Policy "no-referrer";
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
add_header X-Download-Options "noopen";
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
add_header X-Permitted-Cross-Domain-Policies none;
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
add_header X-Robots-Tag none;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens
server_tokens off;
# https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip
gzip on;
# https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_vary
gzip_vary on;
# https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_comp_level
gzip_comp_level 4;
# https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_min_length
gzip_min_length 256;
# https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_proxied
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
# https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_types
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile
sendfile on;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush
tcp_nopush on;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nodelay
tcp_nodelay on;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
keepalive_timeout 65;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#types_hash_max_size
types_hash_max_size 4096;
# https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
client_max_body_size 512M;
# https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffers
fastcgi_buffers 64 4K;
# https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_hide_header
fastcgi_hide_header X-Powered-By;
}
}
注意:我已经在 Collabora 在线论坛 上问过这个问题,但我不知道它是否真的足够活跃或会在任何合理的时间内帮助我。
我看了以下文章:
还有更多,但我认为它们已经过时/不适用于我的设置,因为我尝试过的任何方法都不起作用!
我找到了this线程,其中解释了完整的docker安装。
他们使用撰写功能“extra_hosts”来使服务器相互了解。
extra_hosts:
- "code.foo.tld=x1.x2.x3.x4"
- "nextcloud.foo.tld=y1.y1.y1.y1"
当您在一台 Docker 主机上运行所有程序时,您可能可以使用本地 IP 地址。根据日志,CODE 服务器正在将您的 nextcloud 服务器的 FQDN 转换为 z.z.z.z,而不是 y1.y1.y1.y1
但是,我建议您使用 nextcloud-aio 来代替自己进行设置。它配备了已预先配置的 Nexcloud、redis 和 CODE 容器。一个很好的开始 nextcloud 的设置
由于我自己在hetzner租用了一台nextcloud服务器,因此我需要一台外部CODE服务器,因为hetzner没有安装CODE服务器,并且由于运行nextcloud实例的服务器资源有限而不允许安装。
因此,我在反向代理(使用 nginx 代理管理器)后面的私有虚拟服务器上运行 CODE docker 容器,该容器处理 SSL 证书和加密。
当我收到相同的错误消息“转换为:请求地址被拒绝:x.x.x.x”时,我最终进入了这个线程。
这是我最后的评论 compose.yaml - 也许它可以帮助任何遇到同样问题的人:
# the docs: https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html
services:
collabora_code:
container_name: code_office
image: collabora/code:latest
restart: always
# "privileged" needs to be set for the collabora server (see docs) but just throws many errors. rather use MKNOD (see below)
# privileged: true
# I have the reverse proxy forwarding the traffic to port 9980, so no need to expose the ports on the public interface of the docker host
# ports:
# - '9980:9980' # CODE Ports
environment:
server_name: "collabora.mydomain.de" # the FQDN address this server is reachable at
cert_domain: "collabora.mydomain.de" # the FQDN address this server is reachable at
DONT_GEN_SSL_CERT: true # do not generate a SSL certificate
aliasgroup1: https://nc.mydomain.com # the FQDN of the nextcloud server - access via WOPI
# aliasgroup1: "https://x.x.x.x" # try your IPv4 if the FQDN does not work
# aliasgroup1: "https://.*:443" # this allows all hosts to connect via WOPI
username: "admin"
password: "mytopsecretpassword"
dictionaries: "de_DE en_GB en_US" # the dictionaries for the correction in text files
# disable ssl as NGINX Reverse Proxy is handling the certification
# additionally termination has to be set according to the docs, as the traffic is not encrypted between the docker host and the docker container (http is enough for network traffic within the docker host)
# also load fonts from the nextcloud server
extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:remote_font_config.url=https://nc.mydomain.com/apps/richdocuments/settings/fonts.json"
cap_add:
# gives additional filesystem access to the container
- MKNOD
如果无法打开文件或无法将 Nextcloud 服务器连接到 Code 服务器,请尝试
aliasgroup1: "https://.*:443"请记住在反向代理中启用 Websocket 支持!