差分
この文書の現在のバージョンと選択したバージョンの差分を表示します。
次のリビジョン | 前のリビジョン | ||
vps:040-110nextcloud [2017/09/25 13:31] admin 作成 |
vps:040-110nextcloud [2017/09/25 13:47] (現在) admin |
||
---|---|---|---|
ライン 1: | ライン 1: | ||
======NextCloud(Docker)====== | ======NextCloud(Docker)====== | ||
+ | |||
+ | =====DockerでNextCloudを準備===== | ||
+ | 参考 | ||
+ | http://denor.daa.jp/docker-for-windows%E3%81%A7nextcloud%E3%82%B5%E3%83%BC%E3%83%90%E6%A7%8B%E7%AF%89 | ||
+ | |||
+ | =====作業フォルダ準備===== | ||
+ | # cd /var/nextcloud | ||
+ | |||
+ | =====証明書の作成===== | ||
+ | <file> | ||
+ | # mkdir certs | ||
+ | # cd certs | ||
+ | # openssl req -new -x509 -nodes -out server.crt -keyout server.key | ||
+ | </file> | ||
+ | |||
+ | =====docker-compose.yml===== | ||
+ | # vi docker-compose.yml | ||
+ | <file> | ||
+ | version: '2' | ||
+ | networks: | ||
+ | lb_web: | ||
+ | external: true | ||
+ | back: | ||
+ | driver: bridge | ||
+ | services: | ||
+ | web: | ||
+ | image: nginx | ||
+ | volumes: | ||
+ | - ./nginx.conf:/etc/nginx/nginx.conf:ro | ||
+ | # add certs | ||
+ | - ./certs:/etc/nginx/certs:ro | ||
+ | links: | ||
+ | - app | ||
+ | volumes_from: | ||
+ | - app | ||
+ | environment: | ||
+ | - VIRTUAL_HOST | ||
+ | networks: | ||
+ | - back | ||
+ | - lb_web | ||
+ | # add ports | ||
+ | ports: | ||
+ | - 80:80 | ||
+ | - 443:443 | ||
+ | app: | ||
+ | image: nextcloud:12-fpm | ||
+ | links: | ||
+ | - db | ||
+ | volumes: | ||
+ | - ./data/apps:/var/www/html/apps | ||
+ | - ./data/config:/var/www/html/config | ||
+ | - ./data/data:/var/www/html/data | ||
+ | networks: | ||
+ | - back | ||
+ | db: | ||
+ | image: mysql | ||
+ | volumes: | ||
+ | - ./mysql/runtime:/var/lib/mysql | ||
+ | environment: | ||
+ | # - MYSQL_ROOT_PASSWORD | ||
+ | MYSQL_ROOT_PASSWORD: XXXXXXXX | ||
+ | networks: | ||
+ | - back | ||
+ | cron: | ||
+ | image: nextcloud:12-fpm | ||
+ | links: | ||
+ | - db | ||
+ | volumes_from: | ||
+ | - app | ||
+ | user: www-data | ||
+ | entrypoint: | | ||
+ | bash -c 'bash -s <<EOF | ||
+ | trap "break;exit" SIGHUP SIGINT SIGTERM | ||
+ | while /bin/true; do | ||
+ | /usr/local/bin/php /var/www/html/cron.php | ||
+ | sleep 900 | ||
+ | done | ||
+ | EOF' | ||
+ | networks: | ||
+ | - back | ||
+ | </file> | ||
+ | |||
+ | =====nginx.conf===== | ||
+ | # vi nginx.conf | ||
+ | <file> | ||
+ | user www-data; | ||
+ | |||
+ | events { | ||
+ | worker_connections 768; | ||
+ | } | ||
+ | |||
+ | http { | ||
+ | upstream backend { | ||
+ | server app:9000; | ||
+ | } | ||
+ | include /etc/nginx/mime.types; | ||
+ | default_type application/octet-stream; | ||
+ | |||
+ | server { | ||
+ | listen 80; | ||
+ | listen 443 ssl; | ||
+ | ssl_certificate /etc/nginx/certs/server.crt; | ||
+ | ssl_certificate_key /etc/nginx/certs/server.key; | ||
+ | |||
+ | # Add headers to serve security related headers | ||
+ | add_header X-Content-Type-Options nosniff; | ||
+ | add_header X-Frame-Options "SAMEORIGIN"; | ||
+ | add_header X-XSS-Protection "1; mode=block"; | ||
+ | add_header X-Robots-Tag none; | ||
+ | add_header X-Download-Options noopen; | ||
+ | add_header X-Permitted-Cross-Domain-Policies none; | ||
+ | |||
+ | root /var/www/html; | ||
+ | |||
+ | location = /robots.txt { | ||
+ | allow all; | ||
+ | log_not_found off; | ||
+ | access_log off; | ||
+ | } | ||
+ | |||
+ | location = /.well-known/carddav { | ||
+ | return 301 $scheme://$host/remote.php/dav; | ||
+ | } | ||
+ | location = /.well-known/caldav { | ||
+ | return 301 $scheme://$host/remote.php/dav; | ||
+ | } | ||
+ | |||
+ | client_max_body_size 1G; | ||
+ | fastcgi_buffers 64 4K; | ||
+ | |||
+ | gzip off; | ||
+ | |||
+ | index index.php; | ||
+ | error_page 403 /core/templates/403.php; | ||
+ | error_page 404 /core/templates/404.php; | ||
+ | |||
+ | location / { | ||
+ | rewrite ^ /index.php$uri; | ||
+ | } | ||
+ | |||
+ | location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { | ||
+ | deny all; | ||
+ | } | ||
+ | location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { | ||
+ | deny all; | ||
+ | } | ||
+ | |||
+ | location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { | ||
+ | include fastcgi_params; | ||
+ | fastcgi_split_path_info ^(.+\.php)(/.*)$; | ||
+ | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
+ | fastcgi_param PATH_INFO $fastcgi_path_info; | ||
+ | fastcgi_param HTTPS on; | ||
+ | #Avoid sending the security headers twice | ||
+ | fastcgi_param modHeadersAvailable true; | ||
+ | fastcgi_param front_controller_active true; | ||
+ | fastcgi_pass backend; | ||
+ | fastcgi_intercept_errors on; | ||
+ | fastcgi_request_buffering off; | ||
+ | } | ||
+ | |||
+ | location ~ ^/(?:updater|ocs-provider)(?:$|/) { | ||
+ | try_files $uri/ =404; | ||
+ | index index.php; | ||
+ | } | ||
+ | |||
+ | # Adding the cache control header for js and css files | ||
+ | # Make sure it is BELOW the PHP block | ||
+ | location ~* \.(?:css|js)$ { | ||
+ | try_files $uri /index.php$uri$is_args$args; | ||
+ | add_header Cache-Control "public, max-age=7200"; | ||
+ | # Add headers to serve security related headers (It is intended to | ||
+ | # have those duplicated to the ones above) | ||
+ | # Before enabling Strict-Transport-Security headers please read into | ||
+ | # this topic first. | ||
+ | # add_header Strict-Transport-Security "max-age=15768000; | ||
+ | # includeSubDomains; preload;"; | ||
+ | add_header X-Content-Type-Options nosniff; | ||
+ | add_header X-Frame-Options "SAMEORIGIN"; | ||
+ | add_header X-XSS-Protection "1; mode=block"; | ||
+ | add_header X-Robots-Tag none; | ||
+ | add_header X-Download-Options noopen; | ||
+ | add_header X-Permitted-Cross-Domain-Policies none; | ||
+ | # Optional: Don't log access to assets | ||
+ | access_log off; | ||
+ | } | ||
+ | |||
+ | location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { | ||
+ | try_files $uri /index.php$uri$is_args$args; | ||
+ | # Optional: Don't log access to other assets | ||
+ | access_log off; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </file> | ||
+ | |||
+ | =====Dockerでネットワークの作成===== | ||
+ | <file> | ||
+ | # docker network create lb_web | ||
+ | </file> | ||
+ | |||
+ | =====起動===== | ||
+ | <file> | ||
+ | # docker-compose up -d | ||
+ | </file> | ||
+ | |||
+ | =====起動確認===== | ||
+ | <file> | ||
+ | # docker-compose ps | ||
+ | </file> |