1. 先準備好redis server
如何安裝redis
2.修改nextcloud 設定檔案
docker exec -it nextcloud bash
root@a764952ce51b:/var/www/html# vi config/config.php
###
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
'memcache.local' => '\\OC\\Memcache\\APCu',
'redis' => array(
'host' => '127.0.0.1',
'port' => 6379,
),
...
...
3. 重啟nextcloud , 然後回到redis 可下指令查看
redis 很常看到,好多容器都自帶這個服務,說是快取用的;今天問google查一下為何nextcloud很慢,答案都指向redis,因此還是裝一下redis,再來研究怎讓nextcloud使用。
1. 修改容器本體主機 /etc/sysctl.conf
vm.overcommit_memory = 1 net.core.somaxconn = 65535
修改完執行 sysctl -p 讓設定生效。
2. 執行redis(很好運的是,新版本6.2.12 與 7.0.11 一直出現 Fatal: Can’t initialize Background Jobs ,只好降版改用 6.2.11 )
docker run --name redis --restart=always -d -p 6379:6379 --sysctl net.core.somaxconn=511 redis:6.2.11 redis-server
為何sysctl 已經設定 somaxconn,指令還要設定一次? 我也不知道,反正這樣可行,以後有空再說。
nextcloud可以連接多個ldap server,這對於IT來說很方便。
隨著時間推移,越來越多使用者離職,帳號設定成停用,當我們確認可以刪除後,nextcloud卻無法正常透過UI介面刪除帳號,這會造成一些困擾;很懶的我後來我爬文,解方居然是下指令才能刪除,更麻煩的是只能一個一個帳號刪除,真真嚇死我。
好險有個神人寫shell script就能批次刪除。
for i in $(php occ ldap:show-remnants | awk -F'| ' '{print $2}'); do
echo "Delete user: $i"
php occ user:delete $i
done
因為我用的是容器(docker),指令如下:
for i in $(docker exec -u www-data -it nextcloud php occ ldap:show-remnants | awk -F'| ' '{print $2}'); do
echo "Delete user: $i"
docker exec -u www-data -it nextcloud php occ user:delete $i
done
Done.
警告:刪除帳號會導致該帳號所有檔案一併被刪除。
nextcloud的背景排程,預設為 AJAX,雖說nextcloud建議使用系統cron,但是nextcloud容器cron是「不啟用」的,每次改用Cron,還要進容器另外處哩,非常麻煩,容器升級又要做一次,折磨人啊 。 久而久之,nextcloud一律使用預設值AJAX,我測試過AJAX不會失敗(私、失敗しないので)。
直到最近我使用nextcloud的看板系統(Deck),需要有「email通知 Deck系統裡 卡片異動通知」之功能,因此AJAX單人用還可以,但公司用我就得改用Cron,可是一想到要進容器啟用cron就覺得好煩,才來才知道我錯了。
原來改用cron意外地簡單!
不管是RockLinux、CentOS還是ubuntu,只要在容器宿主(Host)裡的cron,加上一條指令就完事了。
/usr/bin/docker exec -t -u www-data <容器名稱> php -d memory_limit=512M -f /var/www/html/cron.php
真是太棒了!
以下是排程我建議要執行的
docker exec -t -u www-data nextcloud php occ trashbin:expire --quiet
docker exec -t -u www-data nextcloud php occ versions:expire --quiet
docker exec -t -u www-data nextcloud php -d memory_limit=512M -f /var/www/html/cron.php
docker exec -u www-data -it nextcloud php occ files:scan --all
docker exec -u www-data -it nextcloud php occ files:scan --unscanned --all
我以前文章「超簡單安裝collabora online」敘述如何讓nextcloud搭配online document server達到線上編輯功能 ; 後來發現Onlyoffice 更好用, 版面格式比較不會跑掉,就變心改用onlyoffice。
隨著公司越來越多人使用onlyoffice ,沒想到onlyoffice免費版有10人開啟檔案的上限,預算考量,只能另想辦法。
我回過頭來看collabora online , 雖是免費,但官方編譯一樣有20人數限制;照這樣子應該真的要去拍桌,跟老闆說要加錢購買onlyoffice。
可是偶然間發現有個群組, 協助編譯開源版collabora online,並且解除20人限制, 甚至編譯成 docker 版本, 真是佛心來的。
以下請參考github與docker網站:
https://github.com/tiredofit/docker-collabora-online
https://hub.docker.com/r/tiredofit/collabora-online/tags
官方文件很少。但不囉嗦, 我測試後直接寫如何安裝。
wget https://github.com/tiredofit/docker-collabora-online/raw/master/examples/docker-compose.yml
mv docker-compose.yml.traefik docker-compose.yml
vi docker-compose.yml#改成醬
#紅色字需要修改
version: '3.7'
services:
collabora-online-app:
image: tiredofit/collabora-online:2.4.17
container_name: collabora-online-app
hostname: collabora-online.test.com
expose:
- 9980
ports:
- "9980:9980"
cap_add:
- MKNOD
- NET_ADMIN
privileged: true
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:collabora-online.test.com
- traefik.port=9980
- traefik.protocol=http
- traefik.docker.network=proxy
- traefik.backend=collabora-online-app
volumes:
- ./logs:/logs
environment:
- CONTAINER_NAME=collabora-online-app
- ADMIN_USER=admin
- ADMIN_PASS=collabora-online
# 允許哪些網站存取
- ALLOWED_HOSTS=cloud.test.com,xxx.test.com
- ENABLE_TLS=FALSE
- ENABLE_TLS_REVERSE_PROXY=TRUE
restart: always
#2023/6/14
#2.4.17這版本pdf下載會出問題,因此更換2.4.34版,但是無法啟用成功,出現:
#ERROR: Cannot create container for service collabora-online-app: Conflict
#若要換新版本,需docker-compose down; docker rm collabora-online;
#修改yml檔案,改成新的版本號碼2.4.34後,再重新docker-compose up -d才能執行成功
<VirtualHost *:443>
ServerName collabora-online.test.com:443
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLCertificateFile /etc/letsencrypt/live/collabora-online.test.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/collabora-online.test.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/collabora-online.test.com/fullchain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLEngine on
SSLHonorCipherOrder on
AllowEncodedSlashes NoDecode
ProxyPreserveHost On
# static html, js, images, etc. served from coolwsd
# browser is the client part of Collabora Online
ProxyPass /browser http://127.0.0.1:9980/browser retry=0
ProxyPassReverse /browser http://127.0.0.1:9980/browser
# WOPI discovery URL
ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery
# Capabilities
ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities
# Main websocket
ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:9980/cool/$1/ws nocanon
# Admin Console websocket
ProxyPass /cool/adminws ws://127.0.0.1:9980/cool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /cool http://127.0.0.1:9980/cool
ProxyPassReverse /cool http://127.0.0.1:9980/cool
# Compatibility with integrations that use the /lool/convert-to endpoint
ProxyPass /lool http://127.0.0.1:9980/cool
ProxyPassReverse /lool http://127.0.0.1:9980/cool
</VirtualHost>
server {
listen 443 ssl;
server_name collaboraonline.example.com;
ssl_certificate /path/to/certificate;
ssl_certificate_key /path/to/key;
# static files
location ^~ /browser {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
設定URL,以後開檔案將導入到 Collabora Online-server 達到線上作業功能
完成了
https://collabora-online.test.com/browser/dist/admin/admin.html
docker exec -it <容器名稱> bash
vi etc/coolwsd/coolwsd.xml
<remote_font_config>
<url desc="URL of optional JSON file that lists fonts to be included in Online" type="string" default="">https://cloud.test.com/apps/richdocuments/settings/fonts.json</url>
</remote_font_config>
另外要設定安全機制WOPI,一樣是修改 coolwsd,只允許相關ip才能存取
docker exec -it <容器名稱> bash
vi etc/coolwsd/coolwsd.xml
#########################################################
<alias_groups desc="xxxxxx" mode="groups">
<group><host desc="hostname to allow or deny." allow="true">192.168.1.1</host></group>
<group><host desc="hostname to allow or deny." allow="true">cloud.test.com</host></group>
</alias_groups>
https://apps.nextcloud.com/apps/onlyoffice/releases?platform=14
避免與不相容的版本起衝突
目前2022/5/13 我升級到nextcloud 22.2.7 , 但因為docker上面的onlyoffice 最新的是7.1.0,
onlyoffice 只有支援7.2以上才支援 nextcloud 23 , 所以我就無法升級到nextcloud 23囉
'trusted_proxies' =>
array (
0 => '反向代理server的host ip',
1 => 'docker local ip',
),'trusted_proxies' =>
array (
0 => 'x.x.x.x',
1 => '172.0.0.1/8',
),
修改 config.php
過了31天清除
'trashbin_retention_obligation' => 'auto,31',
'versions_retention_obligation' => 'auto,31',若使用docker安裝, 建議停用容器內建的排程, 改用外面主機, 設定排程自行刪除垃圾桶
# 停用背景排程
docker exec -t -u www-data <container> php occ config:app:set --value=no files_trashbin background_job_expire_trash
docker exec -t -u www-data nextcloud php occ config:app:set --value=no files_versions background_job_expire_versions# 停用容器內建排程後,改用外面主機定期清除
docker exec -t -u www-data <container> php occ trashbin:expire --quiet
nextcloud 綁定公司兩台AD , 一台台北, 一台蘇州 , 兩台不同網域
但是今天發生蘇州網域伺服器停機(停電超過4小時), 居然造成nextcloud所有人員無法登入的情況
查了一下解法, 可以先暫時停用蘇州的ldap連線,
sudo -u www-data php occ ldap:set-config s02 ldapConfigurationActive 0
以下是ldap相關指令, 可以先查詢設定檔案名稱之後, 如s01 , s02 , 再停用連線
ldap
ldap:check-user checks whether a user exists on LDAP.
ldap:create-empty-config creates an empty LDAP configuration
ldap:delete-config deletes an existing LDAP configuration
ldap:search executes a user or group search
ldap:set-config modifies an LDAP configuration
ldap:show-config shows the LDAP configuration
ldap:show-remnants shows which users are not available on
LDAP anymore, but have remnants in
Nextcloud.
ldap:test-config tests an LDAP configuration