超簡單安裝collabora online

collabora online 加上 nextcloud 或 owncloud 可以實現線上協同編輯的功能, 很猛!

docker run -t -d -p 9980:9980 -e "domain=<your-dot-escaped-domain>" -e "username=admin" -e "password=your_password" --restart always --name collabora collabora/code
EX:
docker run -t -d -p 9980:9980 -e "domain=next\\.fromtw\\.com" -e "username=admin" -e "password=your_password" --restart always --name collabora collabora/code 

以上安裝collabora online 指令中, domain=nextcloud\\.fromtw\\.com代表允許next.fromtw.com這個網址使用協同編輯,

若需要多個網址,請加上 |

記得搭配 letsencrypt 讓collabora 擁有 https 加密功能 ,   安裝完畢,

ps. 網址https://collabora.fromtw.com/loleaflet/dist/admin/admin.html , 可查詢是否成功.(需輸入以上設定帳密)

**nextcloud,

找出 collabora online app 並安裝 , 並設定collabora online的https網址, 這樣就能實現文件線上協同編輯的功能.

**owncloud,

需要到 https://marketplace.owncloud.com/apps/richdocuments 這個地方下載, 然後複製到owncloud app區解開才能安裝, 安裝後找出設定,把collabor的網址輸入進去就可以使用了

ps. 若collabora online 為內部service, 需要透過對外的httpd proxy接應, 因此httpd proxy的設定如下:

 <VirtualHost *:443>
  ServerName collabora.fromtw.com:443
  Options -Indexes

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/collabora.fromtw.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/collabora.fromtw.com/privkey.pem
  SSLCACertificateFile /etc/letsencrypt/live/collabora.fromtw.com/fullchain.pem
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of Collabora Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Capabilities
  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
  ProxyPass / https://localhost:9980/
  ProxyPassReverse / https://localhost:9980/
</VirtualHost>

docker 安裝pptpd vpn

1. 安裝

docker volume create pptp-chap 
docker run -d --name pptpd --restart always --privileged --net=host  -v pptp-chap:/etc/ppp mobtitude/vpn-pptp

2. 修改密碼檔案(volumes/是docker的volumes目錄, pptp-chap是docker的volumes代號)

vi  volumes/pptp-chap/_data/chap-secrets

3. 加上防火牆

firewall-cmd --permanent --zone=public --direct --remove-rule ipv4 filter INPUT 0 -p gre -j ACCEPT
firewall-cmd --permanent --zone=public --add-port=1723/tcp
firewall-cmd --permanent --zone=public --add-masquerade
firewall-cmd --reload

參考連結

https://github.com/mobtitude/docker-vpn-pptp

docker 安裝 restyaboard (一種看板軟體)

**安裝前必須先安裝postgres (因為restyaboard是docker安裝, 因此postgres也建議用docker安裝)

也必須先行建立資料庫 restyaboard , 存取的使用者,與密碼 ,

docker run --rm -d -e POSTGRES_DB='restyaboard' \
-e POSTGRES_HOST='postgres' \
--link <docker postgres名稱>:postgres \
-e POSTGRES_PASSWORD='admin' \
-e POSTGRES_USER='admin' \
-p 8080:80 \
--name restyaboard restyaplatform/restyaboard:dev

完成後, 可以http登入8080 ,

輸入預設帳號admin , 密碼restya

docker安裝postgres

安裝很簡單, 預設的管理者帳號是 postgres , 密碼就是底下所設定的密碼

docker volume create postgres-data 
docker run --name postgres -v postgres-data:/var/lib/postgresql/data -e POSTGRES_PASSWORD=<密碼> -d postgres

如何登入

docker exec -it postgres  bash

登入後輸入 su - postgres

變身成 postgres之後, 

再下psql 就可以進入postgres世界了

但是指令就很不習慣,只能列出一些剛剛用到的,以後想到再補上

$ sudo -u postgres psql
-- List all databases via \l (or \list), or \l+ for more details
postgres=# \l Name | ... -----------+----------- postgres | ... template0 | ... template1 | ... postgres=# CREATE DATABASE mytest; $ sudo -u postgres createuser --login --pwprompt testuser Enter password for new role: xxxx # Create a new database called testdb, owned by testuser. $ sudo -u postgres createdb --owner=testuser testdb

 

docker安裝gitlab

很方便, 也很簡單

1. docker volume create  gitlab-config 
2. docker volume create gitlab-logs
3. docker volume create gitlab-data
4.
docker run -d --hostname <主機名稱> -p<外部對應http>:80 -p
<外部對應https> :443 --name gitlab --restart always --volume gitlab-config:/etc/gitlab --volume gitlab-logs:/var/log/gitlab --volume gitlab-data:/var/opt/gitlab gitlab/gitlab-ce:latest
5. 設定檔案在 gitlab-config/gitlab.rb
若不需要http ,可加上external_url "https://主機名稱" ,
若不需要 leetsencrypt , 請加上 letsencrypt['enable'] = false

dns代管的建議事項

申請網域之後, 接下來就是思考如何設定dns, 以下是幾點建議:

  1. TW網域, 請到申請的網域公司設定成cloudflare代管,功能非常多,而且免費,還能作為CDN網站分流呢!
    為何不使用網域公司提供的功能呢? 因為國內網域公司提供的dns很陽春, 萬年功能就是A, TXT, PTR, MX,NS之類, 很不思進步, 台灣的能耐大概也就只能這樣. Hinet甚至還出現額外功能還要收費的情形.
  2. 其他網域若能使用google domain代管最好了, 直接提供超強的dns功能, 若網域不是向google domain購買,則無法請google domain代管, 請轉成cloudflare.
    另外若網域向GoDaddy申請, 您一定知道申請者資料保護還要另外收費,真是傻眼,趕快移轉到別地方吧, 偶認為GoDaddy是個很不優質的網域服務商, 但有些網域倒是不得不拜託GoDaddy 如 DE 德國的網域.
  3. 自架設PowerDNS-Admin , 本站爬一下文, pdns非常實用, 還支援DDNS功能, 若要突破大陸封鎖google的網路, 請務必準備好自架的DNS server.

docker快速安裝shadowsocks server

1. 安裝

docker run -dt --restart always --name ss -p 6666:6666 -p 6700:6700/udp mritd/shadowsocks -m "ss-server" -s "-s 0.0.0.0 -p 6666 -u -m aes-256-cfb -k <密碼> --fast-open" -x -e "kcpserver" -k "-t 127.0.0.1:6666 -l :6700 -mode fast2"

2. 打開防火牆 6666/tcp 與 6700/udp ( 6666 與 6700 可以隨意修改,防火牆記得跟著修改即可)

1 2 3