主页 / computer / 问题 / 1418939
Accepted
psky
Asked: 2019-03-30 00:03:16 +0800 CST

Nextcloud 共享在 nginx 反向代理中不起作用

  • 772

我使用 jwilder 图像和 letsencrypt 设置了一个 nginx 反向代理。一切正常,我有几个容器按预期运行。

但是,我现在已经在我的一个开发服务器上创建了一个 nextcloud 容器,我无法使用它与舞台服务器上具有相同设置的另一个 nextcloud 容器共享文件。

我看到的错误是Failed to perform action当我接受共享文件时。当我检查登录控制台时,我看到

Refused to connect to 'http://dev.domain.com/ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/2' because it violates the following Content Security Policy directive: "connect-src 'self'".

我已经阅读了一段时间。我在官方文档网站上找到了这个,但我无法让它工作。nextcloud 本身有 ssl,但当我分享它时,它看起来像使用 http 服务。我知道这与反向代理有关,但我不确定我是否知道如何解决这个问题。

欢迎任何帮助。

笔记

使用

图片:nextcloud:最新

图片:玛丽亚布

图片:jwilder/nginx-proxy:0.7.0

图片:jrcs/letsencrypt-nginx-proxy-companion

nginx letsencrypt reverse-proxy

1 个回答

  1. Best Answer

    我发现对我有用的是在代理后面的 nextcloud 容器前面使用一个 nginx 容器。为此,您还需要添加自己的 nginx.conf。像这样的 ymal 文件。

    version: '2'
services:
  web:
    image: nginx
    container_name: nextcloud_webserver
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    links:
      - app
    volumes_from:
      - app
    environment:
      - VIRTUAL_HOST=nextcloud_url
      - VIRTUAL_NETWORK=nextcloud_network
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=nextcloud_url
      - LETSENCRYPT_EMAIL=uremailforthe
    networks:
      - proxy-tier
    restart: unless-stopped

  app:
    image: nextcloud:fpm
    container_name: nextcloud_app
    links:
      - db
    volumes:
      - ./nextcloud/apps:/var/www/html/apps
      - ./nextcloud/config:/var/www/html/config
      - ./nextcloud/data:/var/www/html/data
    networks:
      - proxy-tier
    restart: unless-stopped

  db:
    image: mariadb
    container_name: db
    volumes:
      - ./db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=urpassword
      - MYSQL_DATABASE=urdbname
      - MYSQL_USER=mysqluser
      - MYSQL_PASSWORD=mysqluserpassword
    networks:
      - proxy-tier
    restart: unless-stopped

networks:
  proxy-tier:
    external:
      name: nextcloud_network

    然后将以下 nginx 文件添加到运行 docker-compose up 文件的同一位置。

    user www-data;

    events {

     worker_connections 768;
    }
    ​
    http {
     upstream backend {
       server app:9000;
     }
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
    ​
     server {
      listen 80;
    ​
      # Add headers to serve security related headers
      add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Robots-Tag none;
      add_header X-Download-Options noopen;
      add_header X-Permitted-Cross-Domain-Policies none;
    ​
      root /var/www/html;
      client_max_body_size 10G; # 0=unlimited - set max upload size
      fastcgi_buffers 64 4K;
    ​
      gzip on;
      gzip_vary on;
      gzip_min_length 10240;
      gzip_proxied expired no-cache no-store private auth;
      gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
      gzip_disable "MSIE [1-6]\.";
    ​
      index index.php;
      error_page 403 /core/templates/403.php;
      error_page 404 /core/templates/404.php;
    ​
      rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
      rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
    ​
      location = /robots.txt {
       allow all;
       log_not_found off;
       access_log off;
      }
    ​
      location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
      }
    ​
      location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;
      }
    ​
      location / {
       rewrite ^/remote/(.*) /remote.php last;
       rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
       try_files $uri $uri/ =404;
      }
    ​
      location ~ \.php(?:$|/) {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       include fastcgi_params;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       fastcgi_param HTTPS on;
       fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
       fastcgi_pass backend;
       fastcgi_intercept_errors on;
      }
    ​
      # Adding the cache control header for js and css files
      # Make sure it is BELOW the location ~ \.php(?:$|/) { block
      location ~* \.(?:css|js)$ {
       add_header Cache-Control "public, max-age=7200";
       # Add headers to serve security related headers
       add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
       add_header X-Content-Type-Options nosniff;
       add_header X-Frame-Options "SAMEORIGIN";
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
       add_header X-Permitted-Cross-Domain-Policies none;
       # Optional: Don't log access to assets
       access_log off;
      }
    ​
      # Optional: Don't log access to other assets
      location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
       access_log off;
      }
     }
    ​
    }
    • 1

相关问题