O compartilhamento Nextcloud não funciona no proxy reverso nginx

Question

o que descobri que funciona para mim é usar um contêiner nginx na frente do contêiner nextcloud, ambos atrás de um proxy. Para que isso funcione, você também precisará adicionar seu próprio nginx.conf. um arquivo ymal como este.

version: '2'
services:
  web:
    image: nginx
    container_name: nextcloud_webserver
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    links:
      - app
    volumes_from:
      - app
    environment:
      - VIRTUAL_HOST=nextcloud_url
      - VIRTUAL_NETWORK=nextcloud_network
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=nextcloud_url
      - LETSENCRYPT_EMAIL=uremailforthe
    networks:
      - proxy-tier
    restart: unless-stopped

  app:
    image: nextcloud:fpm
    container_name: nextcloud_app
    links:
      - db
    volumes:
      - ./nextcloud/apps:/var/www/html/apps
      - ./nextcloud/config:/var/www/html/config
      - ./nextcloud/data:/var/www/html/data
    networks:
      - proxy-tier
    restart: unless-stopped

  db:
    image: mariadb
    container_name: db
    volumes:
      - ./db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=urpassword
      - MYSQL_DATABASE=urdbname
      - MYSQL_USER=mysqluser
      - MYSQL_PASSWORD=mysqluserpassword
    networks:
      - proxy-tier
    restart: unless-stopped

networks:
  proxy-tier:
    external:
      name: nextcloud_network

Em seguida, adicione o seguinte arquivo nginx ao mesmo local em que você executou o arquivo docker-compose up.

user www-data;

    events {

     worker_connections 768;
    }
    
    http {
     upstream backend {
       server app:9000;
     }
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
    
     server {
      listen 80;
    
      # Add headers to serve security related headers
      add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Robots-Tag none;
      add_header X-Download-Options noopen;
      add_header X-Permitted-Cross-Domain-Policies none;
    
      root /var/www/html;
      client_max_body_size 10G; # 0=unlimited - set max upload size
      fastcgi_buffers 64 4K;
    
      gzip on;
      gzip_vary on;
      gzip_min_length 10240;
      gzip_proxied expired no-cache no-store private auth;
      gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
      gzip_disable "MSIE [1-6]\.";
    
      index index.php;
      error_page 403 /core/templates/403.php;
      error_page 404 /core/templates/404.php;
    
      rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
      rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
    
      location = /robots.txt {
       allow all;
       log_not_found off;
       access_log off;
      }
    
      location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
      }
    
      location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;
      }
    
      location / {
       rewrite ^/remote/(.*) /remote.php last;
       rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
       try_files $uri $uri/ =404;
      }
    
      location ~ \.php(?:$|/) {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       include fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       fastcgi_param HTTPS on;
       fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
       fastcgi_pass backend;
       fastcgi_intercept_errors on;
      }
    
      # Adding the cache control header for js and css files
      # Make sure it is BELOW the location ~ \.php(?:$|/) { block
      location ~* \.(?:css|js)$ {
       add_header Cache-Control "public, max-age=7200";
       # Add headers to serve security related headers
       add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
       add_header X-Content-Type-Options nosniff;
       add_header X-Frame-Options "SAMEORIGIN";
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
       add_header X-Permitted-Cross-Domain-Policies none;
       # Optional: Don't log access to assets
       access_log off;
      }
    
      # Optional: Don't log access to other assets
      location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
       access_log off;
      }
     }
    
    }

Answer 1

o que descobri que funciona para mim é usar um contêiner nginx na frente do contêiner nextcloud, ambos atrás de um proxy. Para que isso funcione, você também precisará adicionar seu próprio nginx.conf. um arquivo ymal como este.

version: '2'
services:
  web:
    image: nginx
    container_name: nextcloud_webserver
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    links:
      - app
    volumes_from:
      - app
    environment:
      - VIRTUAL_HOST=nextcloud_url
      - VIRTUAL_NETWORK=nextcloud_network
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=nextcloud_url
      - LETSENCRYPT_EMAIL=uremailforthe
    networks:
      - proxy-tier
    restart: unless-stopped

  app:
    image: nextcloud:fpm
    container_name: nextcloud_app
    links:
      - db
    volumes:
      - ./nextcloud/apps:/var/www/html/apps
      - ./nextcloud/config:/var/www/html/config
      - ./nextcloud/data:/var/www/html/data
    networks:
      - proxy-tier
    restart: unless-stopped

  db:
    image: mariadb
    container_name: db
    volumes:
      - ./db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=urpassword
      - MYSQL_DATABASE=urdbname
      - MYSQL_USER=mysqluser
      - MYSQL_PASSWORD=mysqluserpassword
    networks:
      - proxy-tier
    restart: unless-stopped

networks:
  proxy-tier:
    external:
      name: nextcloud_network

Em seguida, adicione o seguinte arquivo nginx ao mesmo local em que você executou o arquivo docker-compose up.

user www-data;

    events {

     worker_connections 768;
    }
    
    http {
     upstream backend {
       server app:9000;
     }
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
    
     server {
      listen 80;
    
      # Add headers to serve security related headers
      add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Robots-Tag none;
      add_header X-Download-Options noopen;
      add_header X-Permitted-Cross-Domain-Policies none;
    
      root /var/www/html;
      client_max_body_size 10G; # 0=unlimited - set max upload size
      fastcgi_buffers 64 4K;
    
      gzip on;
      gzip_vary on;
      gzip_min_length 10240;
      gzip_proxied expired no-cache no-store private auth;
      gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
      gzip_disable "MSIE [1-6]\.";
    
      index index.php;
      error_page 403 /core/templates/403.php;
      error_page 404 /core/templates/404.php;
    
      rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
      rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
    
      location = /robots.txt {
       allow all;
       log_not_found off;
       access_log off;
      }
    
      location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
      }
    
      location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;
      }
    
      location / {
       rewrite ^/remote/(.*) /remote.php last;
       rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
       try_files $uri $uri/ =404;
      }
    
      location ~ \.php(?:$|/) {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       include fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       fastcgi_param HTTPS on;
       fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
       fastcgi_pass backend;
       fastcgi_intercept_errors on;
      }
    
      # Adding the cache control header for js and css files
      # Make sure it is BELOW the location ~ \.php(?:$|/) { block
      location ~* \.(?:css|js)$ {
       add_header Cache-Control "public, max-age=7200";
       # Add headers to serve security related headers
       add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
       add_header X-Content-Type-Options nosniff;
       add_header X-Frame-Options "SAMEORIGIN";
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
       add_header X-Permitted-Cross-Domain-Policies none;
       # Optional: Don't log access to assets
       access_log off;
      }
    
      # Optional: Don't log access to other assets
      location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
       access_log off;
      }
     }
    
    }

O compartilhamento Nextcloud não funciona no proxy reverso nginx

Responder1

informação relacionada