標籤: cloud
nextcloud 綁定ldap, 突然無法登入
nextcloud 綁定公司兩台AD , 一台台北, 一台蘇州 , 兩台不同網域
但是今天發生蘇州網域伺服器停機(停電超過4小時), 居然造成nextcloud所有人員無法登入的情況
查了一下解法, 可以先暫時停用蘇州的ldap連線,
sudo -u www-data php occ ldap:set-config s02 ldapConfigurationActive 0
以下是ldap相關指令, 可以先查詢設定檔案名稱之後, 如s01 , s02 , 再停用連線
ldap ldap:check-user checks whether a user exists on LDAP. ldap:create-empty-config creates an empty LDAP configuration ldap:delete-config deletes an existing LDAP configuration ldap:search executes a user or group search ldap:set-config modifies an LDAP configuration ldap:show-config shows the LDAP configuration ldap:show-remnants shows which users are not available on LDAP anymore, but have remnants in Nextcloud. ldap:test-config tests an LDAP configuration
使用docker安裝nextcloud
新版安裝方式請到這裡查看
-------------------以下是舊版安裝方式-------------------
- 建立volume
- 設定mariadb data
- 執行
- 設定trusted_domain
建立volume
docker volume create nextcloud-www docker volume create nextcloud-app docker volume create nextcloud-config docker volume create nextcloud-data docker volume create nextcloud-theme
確認 mariadb 資料庫伺服器是否準備好
執行docker指令
docker run -d -p <對應的port>:80 -v nextcloud-www:/var/www/html -v nextcloud-app:/var/www/html/custom_apps -v nextcloud-config:/var/www/html/config -v nextcloud-data:/var/www/html/data -v nextcloud-theme:/var/www/html/themes/mycustom --link <docker資料庫名稱>:mysql -e MYSQL_DATABASE=nextcloud -e MYSQL_USER=root -e MYSQL_PASSWORD=<密碼> -e MYSQL_HOST=mysql --restart=always --name nextcloud nextcloud
若有apache或是nginx作為反向proxy, 將https帶到nextcloud, 需設定trust_domain(網站會提醒)
httpd設定
# for CalDav RewriteEngine On RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
# form redirect <VirtualHost *:80> ServerName <server name> Redirect permanent / https://<server name>/ </VirtualHost> <VirtualHost *:443> # form security <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" </IfModule> </VirtualHost>
nextcloud config設定
若使用httpd proxy 的方式需要加入以下設定, 以免登入轉圈圈無法進入頁面, 修改 config.php 檔案
'overwritehost' => '<主機名稱>', 'overwriteprotocol' => 'https',
執行command
docker exec --user www-data <CONTAINER_ID> php occ 例入遇到上傳檔案失敗, 或是一些檔案錯誤可執行 docker exec --user www-data <container id> php occ files:scan --all
超簡單安裝collabora online
collabora online 加上 nextcloud 或 owncloud 可以實現線上協同編輯的功能, 很猛!
docker run -t -d -p 9980:9980 -e "domain=<your-dot-escaped-domain>" -e "username=admin" -e "password=your_password" --restart always --name collabora collabora/code EX: docker run -t -d -p 9980:9980 -e "domain=next\\.fromtw\\.com" -e "username=admin" -e "password=your_password" --restart always --name collabora collabora/code
以上安裝collabora online 指令中, domain=nextcloud\\.fromtw\\.com代表允許next.fromtw.com這個網址使用協同編輯,
若需要多個網址,請加上 |
記得搭配 letsencrypt 讓collabora 擁有 https 加密功能 , 安裝完畢,
ps. 網址https://collabora.fromtw.com/loleaflet/dist/admin/admin.html , 可查詢是否成功.(需輸入以上設定帳密)
**nextcloud,
找出 collabora online app 並安裝 , 並設定collabora online的https網址, 這樣就能實現文件線上協同編輯的功能.
**owncloud,
需要到 https://marketplace.owncloud.com/apps/richdocuments 這個地方下載, 然後複製到owncloud app區解開才能安裝, 安裝後找出設定,把collabor的網址輸入進去就可以使用了
ps. 若collabora online 為內部service, 需要透過對外的httpd proxy接應, 因此httpd proxy的設定如下:
<VirtualHost *:443> ServerName collabora.fromtw.com:443 Options -Indexes # SSL configuration, you may want to take the easy route instead and use Lets Encrypt! SSLEngine on SSLCertificateFile /etc/letsencrypt/live/collabora.fromtw.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/collabora.fromtw.com/privkey.pem SSLCACertificateFile /etc/letsencrypt/live/collabora.fromtw.com/fullchain.pem SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on # Encoded slashes need to be allowed AllowEncodedSlashes NoDecode # Container uses a unique non-signed certificate SSLProxyEngine On SSLProxyVerify None SSLProxyCheckPeerCN Off SSLProxyCheckPeerName Off # keep the host ProxyPreserveHost On # static html, js, images, etc. served from loolwsd # loleaflet is the client part of Collabora Online ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0 ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet # WOPI discovery URL ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0 ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery # Capabilities ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0 ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities # Main websocket ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon # Admin Console websocket ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws # Download as, Fullscreen presentation and Image upload operations ProxyPass /lool https://127.0.0.1:9980/lool ProxyPassReverse /lool https://127.0.0.1:9980/lool ProxyPass / https://localhost:9980/ ProxyPassReverse / https://localhost:9980/ </VirtualHost>
安裝owncloud-使用docker
owncloud 是個很方便的雲端檔案管理系統, 安裝簡便, 功能強大,最重要的是免費, 開放原始碼!
安裝的方式很多, 咖啡偶建議使用最夯的docker方式安裝, 方便以後升級, 備份與還原.
安裝前, 需要確保基本環境已經建置, 因此請參考本站docker建置基礎文章-"docker環境建立須知",
再安裝owncloud方為適當