Общий ресурс Nextcloud не работает в обратном прокси-сервере nginx

Question

то, что я обнаружил, работает для меня, это использование контейнера nginx перед контейнером nextcloud, оба за прокси. Чтобы это работало, вам также нужно будет добавить свой собственный nginx.conf. файл ymal, например, такой.

version: '2'
services:
  web:
    image: nginx
    container_name: nextcloud_webserver
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    links:
      - app
    volumes_from:
      - app
    environment:
      - VIRTUAL_HOST=nextcloud_url
      - VIRTUAL_NETWORK=nextcloud_network
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=nextcloud_url
      - LETSENCRYPT_EMAIL=uremailforthe
    networks:
      - proxy-tier
    restart: unless-stopped

  app:
    image: nextcloud:fpm
    container_name: nextcloud_app
    links:
      - db
    volumes:
      - ./nextcloud/apps:/var/www/html/apps
      - ./nextcloud/config:/var/www/html/config
      - ./nextcloud/data:/var/www/html/data
    networks:
      - proxy-tier
    restart: unless-stopped

  db:
    image: mariadb
    container_name: db
    volumes:
      - ./db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=urpassword
      - MYSQL_DATABASE=urdbname
      - MYSQL_USER=mysqluser
      - MYSQL_PASSWORD=mysqluserpassword
    networks:
      - proxy-tier
    restart: unless-stopped

networks:
  proxy-tier:
    external:
      name: nextcloud_network

Затем добавьте следующий файл nginx в то же место, где вы запускаете файл docker-compose up.

user www-data;

    events {

     worker_connections 768;
    }
    
    http {
     upstream backend {
       server app:9000;
     }
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
    
     server {
      listen 80;
    
      # Add headers to serve security related headers
      add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Robots-Tag none;
      add_header X-Download-Options noopen;
      add_header X-Permitted-Cross-Domain-Policies none;
    
      root /var/www/html;
      client_max_body_size 10G; # 0=unlimited - set max upload size
      fastcgi_buffers 64 4K;
    
      gzip on;
      gzip_vary on;
      gzip_min_length 10240;
      gzip_proxied expired no-cache no-store private auth;
      gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
      gzip_disable "MSIE [1-6]\.";
    
      index index.php;
      error_page 403 /core/templates/403.php;
      error_page 404 /core/templates/404.php;
    
      rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
      rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
    
      location = /robots.txt {
       allow all;
       log_not_found off;
       access_log off;
      }
    
      location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
      }
    
      location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;
      }
    
      location / {
       rewrite ^/remote/(.*) /remote.php last;
       rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
       try_files $uri $uri/ =404;
      }
    
      location ~ \.php(?:$|/) {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       include fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       fastcgi_param HTTPS on;
       fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
       fastcgi_pass backend;
       fastcgi_intercept_errors on;
      }
    
      # Adding the cache control header for js and css files
      # Make sure it is BELOW the location ~ \.php(?:$|/) { block
      location ~* \.(?:css|js)$ {
       add_header Cache-Control "public, max-age=7200";
       # Add headers to serve security related headers
       add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
       add_header X-Content-Type-Options nosniff;
       add_header X-Frame-Options "SAMEORIGIN";
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
       add_header X-Permitted-Cross-Domain-Policies none;
       # Optional: Don't log access to assets
       access_log off;
      }
    
      # Optional: Don't log access to other assets
      location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
       access_log off;
      }
     }
    
    }

Answer 1

то, что я обнаружил, работает для меня, это использование контейнера nginx перед контейнером nextcloud, оба за прокси. Чтобы это работало, вам также нужно будет добавить свой собственный nginx.conf. файл ymal, например, такой.

version: '2'
services:
  web:
    image: nginx
    container_name: nextcloud_webserver
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    links:
      - app
    volumes_from:
      - app
    environment:
      - VIRTUAL_HOST=nextcloud_url
      - VIRTUAL_NETWORK=nextcloud_network
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=nextcloud_url
      - LETSENCRYPT_EMAIL=uremailforthe
    networks:
      - proxy-tier
    restart: unless-stopped

  app:
    image: nextcloud:fpm
    container_name: nextcloud_app
    links:
      - db
    volumes:
      - ./nextcloud/apps:/var/www/html/apps
      - ./nextcloud/config:/var/www/html/config
      - ./nextcloud/data:/var/www/html/data
    networks:
      - proxy-tier
    restart: unless-stopped

  db:
    image: mariadb
    container_name: db
    volumes:
      - ./db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=urpassword
      - MYSQL_DATABASE=urdbname
      - MYSQL_USER=mysqluser
      - MYSQL_PASSWORD=mysqluserpassword
    networks:
      - proxy-tier
    restart: unless-stopped

networks:
  proxy-tier:
    external:
      name: nextcloud_network

Затем добавьте следующий файл nginx в то же место, где вы запускаете файл docker-compose up.

user www-data;

    events {

     worker_connections 768;
    }
    
    http {
     upstream backend {
       server app:9000;
     }
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
    
     server {
      listen 80;
    
      # Add headers to serve security related headers
      add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Robots-Tag none;
      add_header X-Download-Options noopen;
      add_header X-Permitted-Cross-Domain-Policies none;
    
      root /var/www/html;
      client_max_body_size 10G; # 0=unlimited - set max upload size
      fastcgi_buffers 64 4K;
    
      gzip on;
      gzip_vary on;
      gzip_min_length 10240;
      gzip_proxied expired no-cache no-store private auth;
      gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
      gzip_disable "MSIE [1-6]\.";
    
      index index.php;
      error_page 403 /core/templates/403.php;
      error_page 404 /core/templates/404.php;
    
      rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
      rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
    
      location = /robots.txt {
       allow all;
       log_not_found off;
       access_log off;
      }
    
      location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
      }
    
      location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;
      }
    
      location / {
       rewrite ^/remote/(.*) /remote.php last;
       rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
       try_files $uri $uri/ =404;
      }
    
      location ~ \.php(?:$|/) {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       include fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       fastcgi_param HTTPS on;
       fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
       fastcgi_pass backend;
       fastcgi_intercept_errors on;
      }
    
      # Adding the cache control header for js and css files
      # Make sure it is BELOW the location ~ \.php(?:$|/) { block
      location ~* \.(?:css|js)$ {
       add_header Cache-Control "public, max-age=7200";
       # Add headers to serve security related headers
       add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
       add_header X-Content-Type-Options nosniff;
       add_header X-Frame-Options "SAMEORIGIN";
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
       add_header X-Permitted-Cross-Domain-Policies none;
       # Optional: Don't log access to assets
       access_log off;
      }
    
      # Optional: Don't log access to other assets
      location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
       access_log off;
      }
     }
    
    }

Общий ресурс Nextcloud не работает в обратном прокси-сервере nginx

решение1

Связанный контент