nextcloud 安裝流程圖套件drawio注意事項

drawio 相容m$ visio , 而且免費, 支援nextcloud, 達到線上繪製流程圖的功能.

雖說drawio還不是很穩定,但是一直在更新, 已經能上線讓公司同仁使用,

透過官方安裝drawio套件並且啟用後, 以下為注意事項:

  1. drawio預設副檔名為xml(這超奇怪的), 請將副檔名改成drawio, 並且設定mimetype
複製設定檔cp resources/config/mimetypemapping.dist.json config/mimetypemapping.json
修改 config/mimetypemapping.json 加上以下設定
"drawio": ["application/x-drawio"]
然後執行更新指令
sudo -u www-data php occ maintenance:mimetype:update-js
sudo -u www-data php occ maintenance:mimetype:update-db
若是docker請執行
docker exec --user www-data nextcloud php occ maintenance:mimetype:update-js
docker exec --user www-data nextcloud php occ maintenance:mimetype:update-db
然後再到nextcloud的設定, 重新勾選drawio的相關設定

2. 若drawio檔案分享連結, 若想要讓大家直接開啟編輯畫面, 需要修改連結

https://xxx/s/YoJWBkg7EgiyXpPdd
改成
https://xxx/apps/drawio/s/YoJWBkg7EgiyXpPdd

docker的nextcloud手動升級經驗17->20

公司 nextcloud 版本號為 17 , 今天突然心血來潮, 手動pull 最新版的nextcloud 20, 結果系統直接進入維護模式, 再起不能...
我自己犯了跨兩個大版本不能升級禁忌, 原本想說若失敗, 再把舊的啟用即可, 甚至連設定檔都懶得備份,
當我發現新版啟用失敗時, 只好回到舊的nextcloud,
哎呀! 居然無法啟動, 應該是新版本有改動到舊版設定檔案, 於是就GG了.
這下慘了! 我得趕緊想辦法解決, 在公司同仁發現前, 解決升版, 降版都失敗的窘境,
最後靈光一閃, 終於成功升級到最新版本!
以下真實記錄一下解決的過程:


1. pull nextcloud 最新版號20, 掛載舊的設定檔案, 啟動後出現維護模式, 無法使用. 我於是下指令解除維護模式, 瀏覽器上顯示出現可升級的選項, 上吧, 皮卡丘!

docker exec --user www-data nextcloud_2 php occ maintenance:mode --off

皮卡丘上場了, 但是不給力... 瀏覽器出現升級失敗, 版本不支援的訊息(Updates between multiple major versions are unsupported),
好險docker還能進入nextcloud, 我找到version.php這個檔案, 發現裡面指定只能從19升級到20

$OC_Version = array(20,0,5,2);
$OC_VersionString = '20.0.5';
$OC_Edition = '';
$OC_Channel = 'stable';
$OC_VersionCanBeUpgradedFrom = array (
   'nextcloud' => 
   array (
     '19.0' => true,
     '20.0' => true,
   ),
   'owncloud' => 
   array (
     '10.5' => true,
   ),
 );

2. 死馬當活馬醫, 把version.php的資料改成讓17能升級到18 (19改成17, 20改成18), 然後pull nextcloud 18版 , 再掛上舊有的設定檔案後, 啟動 nextcloud 18版, log 居然神奇的啪啪啪, 出現17升級到18的訊息, 瀏覽器也能成功登入nextcloud, 並且顯示幕前版本18版

Initializing nextcloud 18.0.13.1 …
Upgrading nextcloud from 17.0.5.2 …
Initializing finished
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
 Setting log level to debug
 Turned on maintenance mode
 Updating database schema
 Updated database
 Disabled incompatible app: workflow_pdf_converter
 Updating  …
 Migrate old user config
 Starting …
     0/0 [>---------------------------]   0%

3. pull nextcloud 19版 , 掛上舊設定檔案, 啟動後也成功升級到19版

4. 掛上之前最新的nextcloud 20版, 也能從19升到20囉 , 驚險完成升級任務.

nextcloud連接onlyoffice體驗

我自己的nextcloud原本連結 Collabora Online 達到可線上編輯office檔案的功能, 但是最近發現only office更相容M$ office, 於是想試用only office線上編輯的功能, 這次也是使用docker 安裝,不使用only office內建的let's encrypt功能, 使用docker本體主機上的let's encrypt 與 onlyoffice 進行mapping.

docker volume create onlyoffice_fonts
docker run --restart always -v onlyoffice_fonts:/usr/share/fonts -v /etc/letsencrypt:/etc/letsencrypt  --name onlyoffice -d  -p 8443:443 onlyoffice/documentserver

這樣就安裝完畢了, 接下來就是進入only office, 進行憑證的對應
** onlyoffice_fonts 的路徑可以存放其他字型(TTF), 再進入only office執行 /usr/bin/documentserver-generate-allfonts.sh即可使用新的字型

docker exec -it onlyoffice bash
######
mkdir /var/www/onlyoffice/Data/certs
cd /var/www/onlyoffice/Data/certs/
openssl dhparam -out dhparam.pem 2048
ln -s /etc/letsencrypt/live/onlyoffice.test.com/fullchain.pem /var/www/onlyoffice/Data/certs/onlyoffice.crt
ln -s /etc/letsencrypt/live/onlyoffice.test.com/privkey.pem /var/www/onlyoffice/Data/certs/onlyoffice.key
######
docker restart onlyoffice

上面紅色部分就是這個only office的網址, 請自行更改, 最後再到nextcloud啟用onlyoffice連結功能, 再輸入docker 的onlyoffice的網址, 如: https://onlyoffice.test.com , 就可以享用高度相容M$ office的線上編輯功能了

PS. 若docker onlyoffice的憑證是自己簽發的, 經過測試無法使用, 官網建議的做法一樣失敗, 請三思 https://api.onlyoffice.com/editors/nextcloud
測試的nextcloud 20.0.4 , 插件onlyoffice是6.1.0.83

使用docker安裝nextcloud

新版安裝方式請到這裡查看

-------------------以下是舊版安裝方式-------------------

  1. 建立volume
  2. 設定mariadb data
  3. 執行
  4. 設定trusted_domain

建立volume

 docker volume create nextcloud-www
 docker volume create nextcloud-app
 docker volume create nextcloud-config
 docker volume create nextcloud-data
 docker volume create nextcloud-theme 

確認 mariadb 資料庫伺服器是否準備好

執行docker指令

docker run -d -p <對應的port>:80 -v nextcloud-www:/var/www/html -v nextcloud-app:/var/www/html/custom_apps -v nextcloud-config:/var/www/html/config -v nextcloud-data:/var/www/html/data -v nextcloud-theme:/var/www/html/themes/mycustom --link <docker資料庫名稱>:mysql -e MYSQL_DATABASE=nextcloud -e MYSQL_USER=root -e MYSQL_PASSWORD=<密碼> -e MYSQL_HOST=mysql --restart=always --name nextcloud nextcloud 

若有apache或是nginx作為反向proxy, 將https帶到nextcloud, 需設定trust_domain(網站會提醒)

httpd設定

# for CalDav
RewriteEngine On 
RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] 
# form redirect
<VirtualHost *:80>
    ServerName <server name>
    Redirect permanent / https://<server name>/
</VirtualHost>

<VirtualHost *:443> 
  # form security
  <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  </IfModule>
</VirtualHost>

nextcloud config設定

若使用httpd proxy 的方式需要加入以下設定, 以免登入轉圈圈無法進入頁面, 修改 config.php 檔案

'overwritehost' => '<主機名稱>',
'overwriteprotocol' => 'https',

執行command

 docker exec --user www-data <CONTAINER_ID> php occ 

超簡單安裝collabora online

collabora online 加上 nextcloud 或 owncloud 可以實現線上協同編輯的功能, 很猛!

docker run -t -d -p 9980:9980 -e "domain=<your-dot-escaped-domain>" -e "username=admin" -e "password=your_password" --restart always --name collabora collabora/code
EX:
docker run -t -d -p 9980:9980 -e "domain=next\\.fromtw\\.com" -e "username=admin" -e "password=your_password" --restart always --name collabora collabora/code 

以上安裝collabora online 指令中, domain=nextcloud\\.fromtw\\.com代表允許next.fromtw.com這個網址使用協同編輯,

若需要多個網址,請加上 |

記得搭配 letsencrypt 讓collabora 擁有 https 加密功能 ,   安裝完畢,

ps. 網址https://collabora.fromtw.com/loleaflet/dist/admin/admin.html , 可查詢是否成功.(需輸入以上設定帳密)

**nextcloud,

找出 collabora online app 並安裝 , 並設定collabora online的https網址, 這樣就能實現文件線上協同編輯的功能.

**owncloud,

需要到 https://marketplace.owncloud.com/apps/richdocuments 這個地方下載, 然後複製到owncloud app區解開才能安裝, 安裝後找出設定,把collabor的網址輸入進去就可以使用了

ps. 若collabora online 為內部service, 需要透過對外的httpd proxy接應, 因此httpd proxy的設定如下:

 <VirtualHost *:443>
  ServerName collabora.fromtw.com:443
  Options -Indexes

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/collabora.fromtw.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/collabora.fromtw.com/privkey.pem
  SSLCACertificateFile /etc/letsencrypt/live/collabora.fromtw.com/fullchain.pem
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of Collabora Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Capabilities
  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
  ProxyPass / https://localhost:9980/
  ProxyPassReverse / https://localhost:9980/
</VirtualHost>