cloud 彙整 - 咖啡偶-IT日常

由網域主控站匯出VCARD 電子名片標準VERSION:3.0

2023-07-04 william 技術, 軟體介紹

一直以來公司的通訊錄使用ldap方式獲取。但是ldap缺點有二：

1、若連不上網域伺服器(越南夏天會停電還一次停兩天)，就算我們使用outlook時，並不需要用到通訊錄，但outlook還是會一直出現錯誤，解決方式如下：outlook 關於ldap通訊錄的處理經驗。

2、只能在內網使用，筆電拿到公司外就連不上網域主控站，outlook就會開始罵罵號。

這問題我滿頭痛的，好險最近我開始把重心放在nextcloud上，發現可以透過webdav連線方式，從網際網路直接獲取通訊錄以及行事曆，這樣可以解決上面兩個問題；雖然以後多了一個維護的地方，但這可以解決很多麻煩事，而且好處多多，例如可以透過手機、網頁等等多元方式，直接取得聯絡人以及行事曆。

說做就做，我連上公司nextcloud雲端系統後，原本打算一筆一筆「手動」輸入數百筆通訊錄，但是想想還是從三個廠的網域主控站匯出聯絡人比較實在，再由nextcloud提供的匯入功能匯入即可。

nextcloud提供匯入的檔案格式為vcf format，意即VCARD，而且規定要3.0或以上版本才能匯入，格式長這樣：

BEGIN:VCARD
VERSION:3.0
FN:william

ORG:HT
TITLE:
TEL;TYPE=WORK:
TEL;TYPE=HOME:
TEL;TYPE=CELL:
EMAIL;TYPE=WORK:william@test.com
CATEGORIES:test

NOTE:
UID:79996fd9-b2d6-1111-111e-85f7cd5896e5
END:VCARD

這種需求當然往github找尋解方，找了很久都是2.0的powershell腳本，後來終於在這裡找到，試跑了一次還ok，就差在沒有使用utf8輸出，匯入nextcloud會有亂碼，因此我改了一下寫法如下：

紅色部分請自行斟酌修改，存成xxx.ps1 並且在powershell裡執行；要注意屬性CATEGORIES，對應到nextcloud的聯絡人群組(Contact Group)，這很重要。

<#
.SYNOPSIS

Export AD Users as single vcf file

#>

cls

$filename = "C:\temp\vCards.vcf"

remove-item $filename

Get-ADUser -filter {Enabled -eq $True} -Properties * | where {$_.enabled -eq $true} | Foreach-Object {

$user = $_.sAMAccountName
$email = $_.EmailAddress
$phone = $_.OfficePhone
$name = $_.Name
$short = $_.HomePhone
$mobile = $_.MobilePhone
$sede = $_.physicalDeliveryOfficeName
$ufficio = $_.Department
$qualifica = $_.title
$responsabile = ($_.manager -split ',*..=')[1]

if ($phone -or $email -or $mobile){
    write-host $user

    # Generate vCard
    Add-Content -Encoding UTF8 -Path $filename "BEGIN:VCARD"
    Add-Content -Encoding UTF8 -Path $filename "VERSION:3.0"
    Add-Content -Encoding UTF8 -Path $filename ("FN:" + $_.cn)
    Add-Content -Encoding UTF8 -Path $filename ("ORG:test")
    Add-Content -Encoding UTF8 -Path $filename ("TITLE:" + $qualifica)
    Add-Content -Encoding UTF8 -Path $filename ("TEL;TYPE=WORK:" + $phone)
    Add-Content -Encoding UTF8 -Path $filename ("TEL;TYPE=HOME:" + $short)
    Add-Content -Encoding UTF8 -Path $filename ("TEL;TYPE=CELL:" + $mobile)
    Add-Content -Encoding UTF8 -Path $filename ("EMAIL;TYPE=WORK:" + $email)
    Add-Content -Encoding UTF8 -Path $filename ("CATEGORIES:test")
    $notedate = (get-date).ToString('d/MM/yyyy')
    Add-Content -Encoding UTF8 -Path $filename ("NOTE:")
    Add-Content -Encoding UTF8 -Path $filename ("UID:" + $_.objectGUID )
    Add-Content -Encoding UTF8 -Path $filename "END:VCARD" #`r`n"
    }

}

Leave a comment cloud, docker, ldap, microsoft, nextcloud, podman, RockyLinux, windows

超簡單安裝nextcloud共筆功能collabora online Part II (v 2.4.17 )

2022-11-29 william 其他

我以前文章「超簡單安裝collabora online」敘述如何讓nextcloud搭配online document server達到線上編輯功能；後來發現Onlyoffice 更好用，版面格式比較不會跑掉，就變心改用onlyoffice。

隨著公司越來越多人使用onlyoffice ，沒想到onlyoffice免費版有10人開啟檔案的上限，預算考量，只能另想辦法。

我回過頭來看collabora online ，雖是免費，但官方編譯一樣有20人數限制；照這樣子應該真的要去拍桌，跟老闆說要加錢購買onlyoffice。

可是偶然間發現有個群組，協助編譯開源版collabora online，並且解除20人限制，甚至編譯成 docker 版本，真是佛心來的。

以下請參考github與docker網站：

https://github.com/tiredofit/docker-collabora-online

https://hub.docker.com/r/tiredofit/collabora-online/tags

官方文件很少。但不囉嗦，我測試後直接寫如何安裝。

compose 文件

wget https://github.com/tiredofit/docker-collabora-online/raw/master/examples/docker-compose.yml
mv docker-compose.yml.traefik docker-compose.yml
vi docker-compose.yml

#改成醬
#紅色字需要修改
version: '3.7'
services:

  collabora-online-app:
    image: tiredofit/collabora-online:2.4.17
    container_name: collabora-online-app
    hostname: collabora-online.test.com
    expose:
      - 9980
    ports:
      - "9980:9980"
    cap_add:
      - MKNOD
      - NET_ADMIN
    privileged: true
    labels:
      - traefik.enable=true
      - traefik.frontend.rule=Host:collabora-online.test.com
      - traefik.port=9980
      - traefik.protocol=http
      - traefik.docker.network=proxy
      - traefik.backend=collabora-online-app
    volumes:
      - ./logs:/logs
    environment:
      - CONTAINER_NAME=collabora-online-app

      - ADMIN_USER=admin
      - ADMIN_PASS=collabora-online

# 允許哪些網站存取
      - ALLOWED_HOSTS=cloud.test.com,xxx.test.com

      - ENABLE_TLS=FALSE
      - ENABLE_TLS_REVERSE_PROXY=TRUE
    restart: always
#2023/6/14
#2.4.17這版本pdf下載會出問題，因此更換2.4.34版，但是無法啟用成功，出現：
#ERROR: Cannot create container for service collabora-online-app: Conflict
#若要換新版本,需docker-compose down; docker rm collabora-online;
#修改yml檔案，改成新的版本號碼2.4.34後，再重新docker-compose up -d才能執行成功

反向代理(apache 2)
以下主機名稱需與compose文件相同

<VirtualHost *:443>
  ServerName collabora-online.test.com:443

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLCertificateFile /etc/letsencrypt/live/collabora-online.test.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/collabora-online.test.com/privkey.pem
  SSLCACertificateFile /etc/letsencrypt/live/collabora-online.test.com/fullchain.pem
  SSLProtocol             all -SSLv2 -SSLv3
  SSLEngine on
  SSLHonorCipherOrder     on
  AllowEncodedSlashes NoDecode
  ProxyPreserveHost On


 # static html, js, images, etc. served from coolwsd
 # browser is the client part of Collabora Online
 ProxyPass           /browser http://127.0.0.1:9980/browser retry=0
 ProxyPassReverse    /browser http://127.0.0.1:9980/browser


 # WOPI discovery URL
 ProxyPass           /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
 ProxyPassReverse    /hosting/discovery http://127.0.0.1:9980/hosting/discovery


 # Capabilities
 ProxyPass           /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
 ProxyPassReverse    /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities


 # Main websocket
 ProxyPassMatch      "/cool/(.*)/ws$"      ws://127.0.0.1:9980/cool/$1/ws nocanon


 # Admin Console websocket
 ProxyPass           /cool/adminws ws://127.0.0.1:9980/cool/adminws


 # Download as, Fullscreen presentation and Image upload operations
 ProxyPass           /cool http://127.0.0.1:9980/cool
 ProxyPassReverse    /cool http://127.0.0.1:9980/cool
 # Compatibility with integrations that use the /lool/convert-to endpoint
 ProxyPass           /lool http://127.0.0.1:9980/cool
 ProxyPassReverse    /lool http://127.0.0.1:9980/cool
</VirtualHost>

反向代理(nginx)

server {
 listen       443 ssl;
 server_name  collaboraonline.example.com;


 ssl_certificate /path/to/certificate;
 ssl_certificate_key /path/to/key;


 # static files
 location ^~ /browser {
   proxy_pass http://127.0.0.1:9980;
   proxy_set_header Host $http_host;
 }


 # WOPI discovery URL
 location ^~ /hosting/discovery {
   proxy_pass http://127.0.0.1:9980;
   proxy_set_header Host $http_host;
 }


 # Capabilities
 location ^~ /hosting/capabilities {
   proxy_pass http://127.0.0.1:9980;
   proxy_set_header Host $http_host;
 }


 # main websocket
 location ~ ^/cool/(.*)/ws$ {
   proxy_pass http://127.0.0.1:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }


 # download, presentation and image upload
 location ~ ^/(c|l)ool {
   proxy_pass http://127.0.0.1:9980;
   proxy_set_header Host $http_host;
 }


 # Admin Console websocket
 location ^~ /cool/adminws {
   proxy_pass http://127.0.0.1:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }
}

nextcloud 設定
要安裝Collabora Online

設定URL，以後開檔案將導入到 Collabora Online-server 達到線上作業功能

完成了

檢查運行狀況
需輸入compose上面的管理者帳號與密碼

https://collabora-online.test.com/browser/dist/admin/admin.html

上傳字型，需要登入到容器，加上額外字型的設定

docker exec -it <容器名稱> bash
vi etc/coolwsd/coolwsd.xml
<remote_font_config>
  <url desc="URL of optional JSON file that lists fonts to be included in Online" type="string" default="">https://cloud.test.com/apps/richdocuments/settings/fonts.json</url>
</remote_font_config>

若nextcloud安裝pdf viewer 請停用，否則會衝突

唯讀請設定浮水印
這很重要，若公司被稽核，稽核員通常要求只能線上看ISO文件、程序書，且考慮版本無法管控，預設不可以下載

另外要設定安全機制WOPI，一樣是修改 coolwsd，只允許相關ip才能存取

docker exec -it <容器名稱> bash
vi etc/coolwsd/coolwsd.xml
#########################################################
<alias_groups desc="xxxxxx" mode="groups">
  <group><host desc="hostname to allow or deny." allow="true">192.168.1.1</host></group>
  <group><host desc="hostname to allow or deny." allow="true">cloud.test.com</host></group>
</alias_groups>

One comment cloud, docker, linux, microsoft, nextcloud, podman

nextcloud 21 反向代理設定

2022-05-13 william 技術

'trusted_proxies' =>
   array (
      0 => '反向代理server的host ip',
      1 => 'docker local ip',
   ),

'trusted_proxies' =>
   array (
      0 => 'x.x.x.x',
      1 => '172.0.0.1/8',
   ),

Leave a comment cloud, docker, linux, nextcloud, ubuntu

使用docker安裝nextcloud

2019-11-06 william 技術

新版安裝方式請到這裡查看

——————-以下是舊版安裝方式——————-

建立volume
設定mariadb data
執行
設定trusted_domain

建立volume

 docker volume create nextcloud-www
 docker volume create nextcloud-app
 docker volume create nextcloud-config
 docker volume create nextcloud-data
 docker volume create nextcloud-theme

確認 mariadb 資料庫伺服器是否準備好

執行docker指令

docker run -d -p <對應的port>:80 -v nextcloud-www:/var/www/html -v nextcloud-app:/var/www/html/custom_apps -v nextcloud-config:/var/www/html/config -v nextcloud-data:/var/www/html/data -v nextcloud-theme:/var/www/html/themes/mycustom --link <docker資料庫名稱>:mysql -e MYSQL_DATABASE=nextcloud -e MYSQL_USER=root -e MYSQL_PASSWORD=<密碼> -e MYSQL_HOST=mysql --restart=always --name nextcloud nextcloud

若有apache或是nginx作為反向proxy, 將https帶到nextcloud, 需設定trust_domain(網站會提醒)

httpd設定

# for CalDav
RewriteEngine On 
RemoteIPHeader X-Forwarded-For
RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]

# form redirect
<VirtualHost *:80>
    ServerName <server name>
    Redirect permanent / https://<server name>/
</VirtualHost>

<VirtualHost *:443> 
  # form security
  <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  </IfModule>
</VirtualHost>

nextcloud config設定

若使用httpd proxy 的方式需要加入以下設定, 以免登入轉圈圈無法進入頁面, 修改 config.php 檔案

'overwritehost' => '<主機名稱>',
'overwriteprotocol' => 'https',

執行command

 docker exec --user www-data <CONTAINER_ID> php occ 
例入遇到上傳檔案失敗, 或是一些檔案錯誤可執行
docker exec --user www-data <container id> php occ files:scan --all

Leave a comment centos, cloud, docker, httpd, linux, nextcloud, proxy

超簡單安裝collabora online

2019-07-06 william 技術

** 2022/11/29
因多人使用限制, 想從onlyoffice轉回來Collabora Online , 但沒想到這邊也限制人數, 無論如何以下的設定已經過時,先不要用

collabora online 加上 nextcloud 或 owncloud 可以實現線上協同編輯的功能, 很猛!

docker run -t -d -p 9980:9980 -e "domain=<your-dot-escaped-domain>" -e "username=admin" -e "password=your_password" --restart always --name collabora collabora/code
EX:
docker run -t -d -p 9980:9980 -e "domain=next\\.test\\.com" -e "username=admin" -e "password=your_password" --restart always --name collabora collabora/code

以上安裝collabora online 指令中, domain=nextcloud\\.fromtw\\.com代表允許next.fromtw.com這個網址使用協同編輯,

若需要多個網址,請加上 |

記得搭配 letsencrypt 讓collabora 擁有 https 加密功能 , 安裝完畢,

ps. 網址https://collabora.test.com/loleaflet/dist/admin/admin.html , 可查詢是否成功.(需輸入以上設定帳密)

**nextcloud,

找出 collabora online app 並安裝 , 並設定collabora online的https網址, 這樣就能實現文件線上協同編輯的功能.

**owncloud,

需要到 https://marketplace.owncloud.com/apps/richdocuments 這個地方下載, 然後複製到owncloud app區解開才能安裝, 安裝後找出設定,把collabor的網址輸入進去就可以使用了

ps. 若collabora online 為內部service, 需要透過對外的httpd proxy接應, 因此httpd proxy的設定如下:

 <VirtualHost *:443>
  ServerName collabora.fromtw.com:443
  Options -Indexes

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/collabora.fromtw.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/collabora.fromtw.com/privkey.pem
  SSLCACertificateFile /etc/letsencrypt/live/collabora.fromtw.com/fullchain.pem
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of Collabora Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Capabilities
  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
  ProxyPass / https://localhost:9980/
  ProxyPassReverse / https://localhost:9980/
</VirtualHost>

One comment cloud, docker, nextcloud, owncloud

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: