1.启动mariadb

docker run -d \
--name mysql \
-e MYSQL_ROOT_PASSWORD=<你的mysql密码> \
-p 13306:3306 \
-v /docker/volumns/mysql/data:/var/lib/mysql \
--restart unless-stopped \
mariadb:10.4.7-bionic

2.启动nextcloud-fpm

docker run -d \
--name nextcloud \
-v /mnt/hdd2/nextcloud/html:/var/www/html \
-v /mnt/hdd2/nextcloud/custom_apps:/var/www/html/custom_apps \
-v /mnt/hdd2/nextcloud/config:/var/www/html/config \
-v /mnt/hdd2/nextcloud/data:/var/www/html/data \
--link mysql:mysql \
--restart unless-stopped \
nextcloud:16.0.4-fpm

3.启动nginx

1.nginx配置

1.将ssl证书放入宿主机/docker/volumns/nginx/ssl_certs 目录下

2.将下方配置文件放入宿主机/docker/volumns/nginx/conf.d目录下,并以.conf为后缀

upstream php-handler {
server nextcloud:9000; } server {
listen 80;
listen [::]:80;
server_name <你的站点地址>;
# enforce https
return 301 https://$server_name:443$request_uri;
} server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <你的站点地址>; # Use Mozilla's guidelines for SSL/TLS settings
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
# NOTE: some settings below might be redundant
ssl_certificate /etc/nginx/ssl_certs/<你的SSL证书>.pem;
ssl_certificate_key /etc/nginx/ssl_certs/<你的SSL证书>.key; # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security 15552000;
# add_header X-Frame-Options SAMEORIGIN; # Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By; # Path to the root of your installation
root /var/www/html; # The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; # The following rule is only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/webfinger /public.php?service=webfinger last; location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
} # set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off; location / {
rewrite ^ /index.php$request_uri;
} location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
} location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
} location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
} # Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer; # Optional: Don't log access to assets
access_log off;
} location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}

2.启动nginx

docker run -d   \
--name nginx \
-p 80:80 -p 443:443 \
-v /mnt/hdd2/nextcloud/html:/var/www/html \
-v /docker/volumns/nginx/conf.d:/etc/nginx/conf.d \
-v /docker/volumns/nginx/ssl_certs:/etc/nginx/ssl_certs \
--link mysql:mysql \
--link nextcloud:nextcloud \
--restart unless-stopped \
nginx

4.Nextcloud安装

打开浏览器输入https://<你的站点地址>/index.php

根据 --link mysql:mysql ,数据库主机地址中填写“mysql”

5.Nextcloud更新

1.删除容器和程序

docker stop nginx nextcloud
docker rm nginx nextcloud
rm -rvf /mnt/hdd2/nextcloud/html

2.启动服务

docker run -d \
--name nextcloud \
-v /mnt/hdd2/nextcloud/html:/var/www/html \
-v /mnt/hdd2/nextcloud/custom_apps:/var/www/html/custom_apps \
-v /mnt/hdd2/nextcloud/config:/var/www/html/config \
-v /mnt/hdd2/nextcloud/data:/var/www/html/data \
--link mysql:mysql \
--restart unless-stopped \
nextcloud:17.0.0beta2-fpm
docker run -d   \
--name nginx \
-p 80:80 -p 443:443 \
-v /mnt/hdd2/nextcloud/html:/var/www/html \
-v /docker/volumns/nginx/conf.d:/etc/nginx/conf.d \
-v /docker/volumns/nginx/ssl_certs:/etc/nginx/ssl_certs \
--link mysql:mysql \
--link nextcloud:nextcloud \
--restart unless-stopped \
nginx

使用nextcloud:17.0.0beta2-fpm,需要在nginx配置中注释掉的 X-Frame-Options 启用

add_header X-Frame-Options SAMEORIGIN;

Have Fun!

使用Docker搭建Nextcloud SSL站点的更多相关文章

  1. 使用Docker搭建Nextcloud私有网盘

    一.准备材料 安装环境:linux 工具:docker 软件:MySql.Nextcloud 二.安装Docker 安装Docker:https://www.cnblogs.com/jzcn/p/15 ...

  2. [Docker]docker搭建私有仓库(ssl、身份认证)

    docker搭建私有仓库(ssl.身份认证) 环境:CentOS 7.Docker 1.13.1 CentOS 7相关: https://www.cnblogs.com/ttkl/p/11041124 ...

  3. docker安装nextcloud私人网盘,开启https配置证书

    docker安装nextcloud私人网盘 之前一直用的百度网盘最近svip超级会员到期了,续费要¥199元,对于一个打工人的我来说有点儿贵.作为技术人的一员,我就来发挥发挥自己的长处,来搭建一个私人 ...

  4. win10系统iis下部署搭建https (ssl/tls)本地测试环境

    有时想要把公司的某些XX项目部署成https站点,是为了在传输层加密传输,防止他人嗅探站点重要数据信息,平常我们使用的http方式都是明文方式传输的很不安全,容易被他人窃取.而有些时候要在本地搭建ht ...

  5. Docker 搭建 etcd 集群

    阅读目录: 主机安装 集群搭建 API 操作 API 说明和 etcdctl 命令说明 etcd 是 CoreOS 团队发起的一个开源项目(Go 语言,其实很多这类项目都是 Go 语言实现的,只能说很 ...

  6. 超详细动手搭建一个Vuepress站点及开启PWA与自动部署

    超详细动手搭建一个Vuepress站点及开启PWA与自动部署 五一之前就想写一篇关于Vuepress的文章,结果朋友结婚就不了了之了. 记得最后一定要看注意事项! Vuepress介绍 官网:http ...

  7. 利用Docker搭建本地https环境的完整步骤

    利用Docker搭建本地https环境的完整步骤 这篇文章主要给大家介绍了关于如何利用Docker搭建本地https环境的完整步骤,文中通过示例代码将实现的步骤介绍的非常详细,对大家的学习或者工作具有 ...

  8. 基于Docker搭建大数据集群(六)Hive搭建

    基于Docker搭建大数据集群(六)Hive搭建 前言 之前搭建的都是1.x版本,这次搭建的是hive3.1.2版本的..还是有一点细节不一样的 Hive现在解析引擎可以选择spark,我是用spar ...

  9. Docker入门详解——安装docker并利用docker搭建lnmp

    首先我们需先安装docker环境,这个比较简单,以centos7为例 docker在centos7上安装需要系统内核版本3.10+,可以通过uname -r查看内核版本号,如果版本不符请自行查阅资料更 ...

随机推荐

  1. zabbix监控redis多实例cpu mem-自动发现

    1.自动发现实例端口脚本,用于zbx item prototypes #!/bin/bash REDIS_PORT=`ps aux |grep redis-server | grep -v 'grep ...

  2. 启动独立的tomcat服务器,没有自动创建ServletContext,对Context生命周期的监听失败

    1.可能web.xml文件里对ContextListener没有进行配置 2.web.xml文件有关对ContextListener的配置,出现了错误的单词拼写问题 比如 <listener&g ...

  3. 填坑!线上Presto查询Hudi表异常排查

    1. 引入 线上用户反馈使用Presto查询Hudi表出现错误,而将Hudi表的文件单独创建parquet类型表时查询无任何问题,关键报错信息如下 40931f6e-3422-4ffd-a692-6c ...

  4. 【持续更新】springboot相关配置

    @Configuration public class MyWebMvcConfig implements WebMvcConfigurer { //注册了新的访问路径 @Override publi ...

  5. JVM中的垃圾收集

    引用计数(Reference Counting) 循环引用问题 标记­清除(Mark and Sweep) 内存池(Memory Pools) Eden 是内存中的一个区域, 用来分配新创建的对象 . ...

  6. Longest Mountain in Array 数组中的最长山脉

    我们把数组 A 中符合下列属性的任意连续子数组 B 称为 “山脉”: B.length >= 3 存在 0 < i < B.length - 1 使得 B[0] < B[1] ...

  7. python调用大漠插件教程03窗口绑定实例

    怎样利用注册好的大漠对象来绑定窗口? 直接上代码,根据代码分析 from win32com.client import Dispatch import os from win32gui import ...

  8. 使用Burpsuite对手机抓包的配置

    之前使用dSploit的时候就一直在想怎么对手机进行抓包分析,前两天使用了Burpsuite神器,发现通过简单的配置就可以抓手机app的数据包了,进而分析手机app的流量. 配置环境: 1.win7下 ...

  9. 【JVM】GCRoots和JVM的参数配置

    如何理解GCRoots? 为了解决引用计数法的循环引用问题,Java使用了可达性分析的方法.GC Roots是一组活跃的引用,通过一系列名为GC Roots的对象作为起始点,沿着该对象向下搜索,如果一 ...

  10. Rocket - debug - TLDebugModuleOuter

    https://mp.weixin.qq.com/s/9nMo6IYmDCz7S-ALFx824g 简单介绍TLDebugModuleOuter的实现. 1. DebugModuleAccessTyp ...