主页 / server / 问题

问题[nextcloud](server)

Martin Hope
Andy
Asked: 2022-04-07 13:04:36 +0800 CST
  • 0

我使用 Docker 来实现 Nextcloud 服务。为此,我使用了官方的 nextcloud-apache 映像、一个 Nginx 反向代理、certbot 和 MariaDB。没什么特别的,真的。

我的 docker 实例以 swarm 模式运行。所有容器与管理器一起在同一主机上运行,​​每个服务只有一个副本,标准覆盖网络。swarm 是通过使用标准的 compose 文件启动的。

我的设置已经稳定运行了好几个月,直到昨晚它神秘地崩溃了。据我所知,没有任何更新或重新启动,对于操作系统(Ubuntu Server LTS)、Docker-CE 或任何图像(我定期手动进行所有更新,我当然没有在昨晚凌晨 4 点)。我追查到 Nextcloud 容器的原因(但我认为这是一个 Docker 问题,因此我的问题在这里......):

Nginx 反向代理的日志显示以下行:

2022/04/06 20:16:45 [error] 10#10: *3 nextcloud-app could not be resolved (3: Host not found), client: 10.135.40.1, server: <redacted>, request: "GET / HTTP/1.1", host: "<redacted>"

Nginx 无法解析后端服务器并向客户端抛出 502/Bad Gateway。

我检查了一下,Nextcloud 容器(“nextcloud-app”)的主机名确实没有在 docker-internal DNS 中注册(在每个容器的 127.0.0.11 下可用)。我可以登录到任何容器并触发 DNS 请求(在after apt-get update && apt-get install iputils-ping dnsutils容器内运行之后),名称“nextcloud-app”在任何地方都没有解析。例子:

root@nextcloud-app:/var/www/html# nslookup nextcloud-app
Server:     127.0.0.11
Address:    127.0.0.11#53

** server can't find nextcloud-app: NXDOMAIN

所有其他容器名称都按应有的方式解析。解析外部地址也可以。“nextcloud-app”是唯一无法解析的容器名称。

但是,我可以直接使用 docker-internal IP 地址与 nextcloud-app 容器进行 ping 操作。连接在那里,只有 DNS 解析失败。

我不知道如何进一步调试。我一周没有碰我的 compose.yml 文件。据我所知,一切都没有改变。然而,该设置在一夜之间停止工作。

如何强制 Nextcloud 容器在 docker-internal DNS 上注册自己的主机名?任何建议表示赞赏。

domain-name-system docker docker-compose nextcloud docker-swarm
Martin Hope
peris
Asked: 2022-04-06 14:10:18 +0800 CST
  • 0

编辑 Nextcloud 构建了自己的 Webdav 实现 Sabredav。

会不会是以下 nginx 模块在干扰?--with-http_dav_module --add-module=/var/tmp/nginx-dav-ext-module

有人知道我应该如何动态编译它们?所以我能够在每个虚拟主机配置的运行时加载/卸载?

谢谢 :) 编辑结束

Ubuntu server 20.04在个人服务器上运行,在该服务器上部署了手动安装,Nextcloud除了webdav.

整个事情在nginx 1.19.3,php-8.0和下运行FPM

尝试通过davfs挂载nextcloud私有目录:

# mount -t davfs https://drive.example.com/remote.php/dav/files/myuser/ /mnt
Please enter the username to authenticate with server
https://drive.example.com/remote.php/dav/files/myuser/ or hit enter for none.
  Username: myuser
Please enter the password to authenticate user myuser with server
https://drive.example.com/remote.php/dav/files/myuser/ or hit enter for none.
  Password:
/sbin/mount.davfs: Mounting failed.
Could not authenticate to server: rejected Basic challenge

Nextcloud 与上一条mount命令相关的日志:

# cat /home/nginx/Tools/nextcloud_data/nextcloud.log
{"reqId":"gf8ZgEQVDV7AoHp667YG","level":2,"time":"2022-04-05T17:50:58+00:00","remoteAddr":"x.y.z.w","user":"--","app":"core","method":"OPTIONS","url":"/remote.php/dav/files/myuser/","message":"Login failed: 'myuser' (Remote IP: 'x.y.z.w')","userAgent":"davfs2/1.5.5 neon/0.30.2","version":"23.0.3.2"}

上一条命令相关的Nginx日志mount

# cat /var/log/nginx/nextcloud.log
x.y.z.w drive.example.com - [05/Apr/2022:13:53:31 -0400] "OPTIONS /remote.php/dav/files/myuser/ HTTP/1.1" 401 569 "-" "davfs2/1.5.5 neon/0.30.2" "-" "-"
x.y.z.w drive.example.com myuser [05/Apr/2022:13:53:57 -0400] "OPTIONS /remote.php/dav/files/myuser/ HTTP/1.1" 401 427 "-" "davfs2/1.5.5 neon/0.30.2" "-" "Basic CRYPTED_PASSWORD"

一些不相​​关的 Ubuntu 信息:

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.4 LTS
Release:    20.04
Codename:   focal

# uname -a
Linux host.example.com 5.4.0-107-generic #121-Ubuntu SMP Thu Mar 24 16:04:27 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Nginx 已经从 nginx 官方 repo 的源代码和通过 apt 下载和编译:

# apt source nginx
# cd nginx-0.8.54
# edit debian/rules
# dpkg-buildpackage -b nginx

Nginx版本、特性和编译参数:

# nginx -vV
nginx version: nginx/1.19.3
built by gcc 9.3.0 (Ubuntu 9.3.0-10ubuntu2)
built with OpenSSL 1.1.1g  21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/var/tmp/nginx-1.19.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' --add-dynamic-module=/var/tmp/ngx_http_geoip2_module --with-http_geoip_module --with-http_dav_module --add-module=/var/tmp/nginx-dav-ext-module --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --without-http_limit_conn_module --add-module=/var/tmp/incubator-pagespeed-ngx-1.13.35.2-stable/ --add-module=/home/nginx/Tools/openproject/.rbenv/versions/2.6.1//lib/ruby/gems/2.6.0//gems/passenger-6.0.6/src/nginx_module/

PHP信息:

# php8.0 --version
PHP 8.0.15 (cli) (built: Jan 29 2022 07:24:52) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.15, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.15, Copyright (c), by Zend Technologies


# php8.0 -m
[PHP Modules]
apcu
bcmath
bz2
calendar
Core
ctype
curl
date
dom
exif
FFI
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
igbinary
imagick
intl
json
libxml
mbstring
memcache
mongodb
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
posix
pspell
readline
redis
Reflection
session
shmop
SimpleXML
soap
sockets
sodium
SPL
sqlite3
standard
sysvmsg
sysvsem
sysvshm
tokenizer
xml
xmlreader
xmlrpc
xmlwriter
xsl
Zend OPcache
zip
zlib

[Zend Modules]
Zend OPcache

Nextcloud信息:

# sudo -u nginx php8.0 /home/nginx/Tools/nextcloud/occ status
  - installed: true
  - version: 23.0.3.2
  - versionstring: 23.0.3
  - edition:
  - maintenance: false
  - needsDbUpgrade: false
  - productname: Nextcloud
  - extendedSupport: false

Nginx 虚拟主机文件:

# cat /etc/nginx/sites-enabled/nextcloud.conf

cat /etc/nginx/sites-enabled/nextcloud.conf
upstream php-handler {
    server unix:/var/run/php/php8.0-fpm.sock;
}

# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
    "" "";
    default "immutable";
}

server {
    listen 80;
    listen [::]:80;
    server_name drive.foobar.es drive.foobar.com cloud.foobar.es cloud.foobar.com cloud.example.es cloud.example.com cloud.example.net cloud.example.org cloud.example.info drive.example.es drive.example.com drive.example.org drive.example.net drive.example.info drive.example.cat cloud.example.cat;

    access_log  /var/log/nginx/nextcloud.access.log main;
    error_log   /var/log/nginx/nextcloud.error.log crit;

    return 301 https://$host$request_uri;
#    return 302 https://$host$request_uri;
}

server {
    listen      443 ssl http2;
    listen      [::]:443 ssl http2;
    server_name     drive.foobar.es drive.foobar.com cloud.foobar.es cloud.foobar.com cloud.example.es cloud.example.com cloud.example.net cloud.example.org cloud.example.info drive.example.es drive.example.com drive.example.org drive.example.net drive.example.info drive.example.cat cloud.example.cat;

    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/example.com/privkey.pem;
    include         /etc/nginx/conf.d-enabled/ssl-security.conf;
    ssl_trusted_certificate /etc/letsencrypt/live/example.es/cert.pem;

    access_log          /var/log/nginx/nextcloud_ssl.access.log main;
    error_log           /var/log/nginx/nextcloud_ssl.error.log crit;

    # Codi per habilitar la renovació dels certificats Letsencrypt
    include /etc/nginx/snippets/letsencrypt-cert-renewal-dir.conf;

    if ($http_host != "drive.example.com" ) {
    rewrite ^ https://drive.example.com$request_uri permanent;
    break;
    }

    # HSTS settings
    # WARNING: Only add the preload option once you read about
    # the consequences in hstspreload.org. This option
    # will add the domain to a hardcoded list that is shipped
    # in all major browsers and getting removed from this list
    # could take several months.
    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Make a regex exception for `/.well-known` so that clients can still
    # access it despite the existence of the regex rule
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

        location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
        return 301 /index.php$request_uri;
    }

#location ^~ / {
    # set max upload size and increase upload timeout:
    client_max_body_size 50G;
    client_body_timeout 300s;
    fastcgi_buffers 64 4K;

    client_body_temp_path /home/nginx/Tools/nextcloud_data/tmp/;
    fastcgi_param PHP_VALUE "upload_tmp_dir=/home/nginx/Tools/nextcloud_data/tmp/;";
    fastcgi_param PHP_VALUE "output_buffering=0;";
    add_header X-Accel-Buffering no;

    # Because php-fpm can’t read PHP settings in .htaccess these settings
    # must be set in the nextcloud/.user.ini
    # fastcgi_param PHP_VALUE "upload_max_filesize=5M;\n error_reporting=E_ALL;";
    fastcgi_param PHP_VALUE "upload_max_filesize=50G;";
    fastcgi_param PHP_VALUE "post_max_size=50G;";
    fastcgi_param PHP_VALUE "max_input_time=4600;";
    fastcgi_param PHP_VALUE "max_execution_time=3600;";
    fastcgi_param PHP_VALUE "request_terminate_timeout=3600;";
    fastcgi_read_timeout 3600;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # Pagespeed is not supported by Nextcloud, so if your server is built
    # with the `ngx_pagespeed` module, uncomment this line to disable it.
    pagespeed off;

    # HTTP response headers borrowed from Nextcloud `.htaccess`
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /home/nginx/Tools/nextcloud/;

    # Specify how to handle directories -- specifying `/index.php$request_uri`
    # here as the fallback means that Nginx always exhibits the desired behaviour
    # when a client requests a path that corresponds to a directory that exists
    # on the server. In particular, if that directory contains an index.php file,
    # that file is correctly served; if it doesn't, then the request is passed to
    # the front-end controller. This consistent behaviour means that we don't need
    # to specify custom rules for certain paths (e.g. images and other assets,
    # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
    # `try_files $uri $uri/ /index.php$request_uri`
    # always provides the desired behaviour.
    index index.php index.html /index.php$request_uri;

    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
    location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }

    # Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
    # which handle static assets (as seen below). If this block is not declared first,
    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
    # to the URI, resulting in a HTTP 500 error response.
    location ~ \.php(?:$|/) {
        # Required for legacy support
        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;

        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;

        try_files $fastcgi_script_name =404;

        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;

        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass php-handler;

        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;

        fastcgi_max_temp_file_size 0;
    }

   location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463, $asset_immutable";
        access_log off;     # Optional: Don't log access to assets

        location ~ \.wasm$ {
            default_type application/wasm;
        }
    }

    location ~ \.woff2?$ {
        try_files $uri /index.php$request_uri;
        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    # Suppressing log messages
    # If you’re seeing meaningless messages in your logfile, for example client denied by server configuration: /var/www/data/htaccesstest.txt, add this section to your nginx configuration to suppress them:
    location = /data/htaccesstest.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Rule borrowed from `.htaccess`
    location /remote {
        return 301 /remote.php$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }
#}
}

Nginx SSL 配置文件包含在nginx virtual host config file

# cat /etc/nginx/conf.d-enabled/ssl-security.conf
  # enable session resumption to improve https performance
  # vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
  ssl_session_cache shared:SSL:50m;
  ssl_session_timeout 1d;
  ssl_session_tickets off;

  # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  #ssl_dhparam /etc/ssl/certs/dhparam.pem;
  # openssl dhparam -dsaparam -out /etc/ssl/private/dhparam.pem 4096
  ssl_dhparam /etc/ssl/certs/dhparam4096.pem;

  # enables server-side protection from BEAST attacks
  # blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
  ssl_prefer_server_ciphers on;

  # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0
  # Disabled protocols: TLSv1 TLSv1.1
  ssl_protocols SSLv3 TLSv1.2 TLSv1.3;
#  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  # ciphers chosen for forward secrecy and compatibility
  # blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

  # enable ocsp stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner)
  # blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
  resolver 8.8.8.8 8.8.4.4;
  ssl_stapling on;
  ssl_stapling_verify on;
#  ssl_trusted_certificate /etc/nginx/ssl/star_forgott_com.crt;

  # config to enable HSTS(HTTP Strict Transport Security) developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
  # to avoid ssl stripping en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
  # also hstspreload.org/
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

# cat /etc/nginx/fastcgi
fastcgi.conf              fastcgi_params            fastcgi_params.dpkg-dist
root@we:~# cat /etc/nginx/fastcgi_params
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

### SET GEOIP Variables ###
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;

fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;

非常感谢你。

希望有人可以提供帮助:)

linux ubuntu nginx webdav nextcloud
Martin Hope
sealionuss
Asked: 2022-02-06 05:46:29 +0800 CST
  • 1

我想配置服务器,以便服务器的根目录提供一些静态文件,这些文件是特定的端点,/nextcloud 为同一域上的 nextcloud 提供服务。

这是我的 nginx.conf -

worker_processes  8;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
        listen       80 http2;
        listen [::]:80 http2;
        server_name  localhost;
        root   /srv/http/;
        location / {
            index  index.html index.php;
            try_files $uri $uri/ =404;
            autoindex on;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }
    include /etc/nginx/sites-enabled/*;
}

这是我的 /etc/nginx/sites-enabled/nextcloud.conf

upstream php-handler {
    server unix:/run/nextcloud/nextcloud.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name nextcloud;

    root /usr/share/webapps/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ^~ /.well-known {
        location = /.well-known/carddav { return 301 /nextcloud/remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /nextcloud/remote.php/dav/; }

        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }

        return 301 /nextcloud/index.php$request_uri;
    }

    location ^~ /nextcloud {
        client_max_body_size 512M;
        client_body_timeout 300s;
        fastcgi_buffers 64 4K;

        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

        add_header Referrer-Policy                      "no-referrer"   always;
        add_header X-Content-Type-Options               "nosniff"       always;
        add_header X-Download-Options                   "noopen"        always;
        add_header X-Frame-Options                      "SAMEORIGIN"    always;
        add_header X-Permitted-Cross-Domain-Policies    "none"          always;
        add_header X-Robots-Tag                         "none"          always;
        add_header X-XSS-Protection                     "1; mode=block" always;

        fastcgi_hide_header X-Powered-By;

        index index.php index.html /nextcloud/index.php$request_uri;

        location = /nextcloud {
            if ( $http_user_agent ~ ^DavClnt ) {
                return 302 /nextcloud/remote.php/webdav/$is_args$args;
            }
        }

        location ~ ^/nextcloud/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)    { return 404; }
        location ~ ^/nextcloud/(?:\.|autotest|occ|issue|indie|db_|console)                  { return 404; }

        location ~ \.php(?:$|/) {
            rewrite ^/nextcloud/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /nextcloud/index.php$request_uri;

            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            set $path_info $fastcgi_path_info;

            try_files $fastcgi_script_name =404;

            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $path_info;

            fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
            fastcgi_param front_controller_active true;     # Enable pretty urls
            fastcgi_pass php-handler;

            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;

            fastcgi_max_temp_file_size 0;
        }

        location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite)$ {
            try_files $uri /nextcloud/index.php$request_uri;
            expires 6M;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets

            location ~ \.wasm$ {
                default_type application/wasm;
            }
        }

        location ~ \.woff2?$ {
            try_files $uri /nextcloud/index.php$request_uri;
            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets
        }

        location /nextcloud/remote {
            return 301 /nextcloud/remote.php$request_uri;
        }

        location /nextcloud {
            try_files $uri $uri/ /nextcloud/index.php$request_uri;
        }
    }
}

问题是这个配置不起作用。使用此配置,当我尝试访问 /nextcloud/ 时得到 404。

如果我在 nginx.conf 中禁用静态文件服务器块,我可以访问 /nextcloud/,但是我无法访问我的静态文件。如何配置使两者都在同一主机和同一端口上工作?

linux http nginx reverse-proxy nextcloud
Martin Hope
france1
Asked: 2021-10-18 00:17:02 +0800 CST
  • -1

我正在使用具有以下配置的 Apache:

Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
<FilesMatch \.php$>
        SetHandler "proxy:unix:/var/run/php/php7.4-fpm.sock|fcgi://localhost/"
</FilesMatch>
HostnameLookups Off
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
<Directory /var/www/html/>
   Options +FollowSymlinks
   AllowOverride All
</Directory>
<IfModule mod_expires.c>
ExpiresActive On
FileETag None
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType text/html "access plus 1 month"
</IfModule>

<IfModule worker.c>
StartServers 2
MaxClients 50
MinSpareThreads 1
MaxSpareThreads 2
ThreadsPerChild 15
MaxRequestsPerChild 0
</IfModule>

<IfModule prefork.c>
          StartServers          2
          MinSpareServers       1
          MaxSpareServers       2
          MaxClients           60
          MaxRequestsPerChild 1000
</IfModule>

然后这是我的 external.conf(来自 varnish 的流量将被加密的地方):

<VirtualHost *:443>
        Protocols h2 http/1.1
        ServerName cloud.privacyy.ch
        ErrorLog              /var/log/apache2/external-https_error.log
        CustomLog             /var/log/apache2/external-https_access.log combined

        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/cloud.privacyy.ch/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/cloud.privacyy.ch/privkey.pem


    ProxyPreserveHost       On
    ProxyPass               / http://127.0.0.1:8080/
    ProxyPassReverse        / http://127.0.0.1:8080/

    <IfModule mod_rewrite.c>
          RewriteEngine On
          RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
          RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
          #RewriteRule ^/\.aurora https://cloud.privacyy.ch/aurora-staefa.ch/ [R=301,L]                                                                                                                    
    </IfModule>

    Header set Cache-Control "max-age=84600, private"
    <FilesMatch "\.(js|css|php)$">
           Header set Cache-Control "max-age=63072000, private"
    </FilesMatch>


    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
    Header always set X-Content-Security-Policy "allow 'self';"
    Header always set x-xss-protection "1; mode=block"
    Header always set X-Robots-Tag "none"
    Header always set X-Download-Options "noopen"
    Header always set X-Permitted-Cross-Domain-Policies "none"
    Header set X-Content-Type-Options: "nosniff"
    Header set X-Frame-Options: "sameorigin"
    SSLCompression off
</VirtualHost>

这是 internal.conf:

<VirtualHost *:8181>
        protocols h2 http/1.1

    DocumentRoot /var/www/html
    <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost/"
    </FilesMatch>

    <IfModule mod_headers.c>
            Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
    </IfModule>

       Header set Cache-Control "max-age=84600, public"
        <FilesMatch "\.(iso|mp3|mp4|m4a|mov)$">
         Header set Cache-Control "max-age=42300, private"
        </FilesMatch>
</VirtualHost>

请注意,我没有在此处包含评论或喜欢日志设置

当我使用网络浏览器下载任何东西时,apache 服务器使用越来越多的内存(并且即使我不下载 12.3GB 文件也使用整个 12.3GB 交换空间)并且下载速度正在下降。使用 Nextcloud(桌面/手机)应用程序时也会发生同样的情况

原始下载速度为 10MB/s

我启用了以下 apache mods:

access_compat alias auth_basic authn_core authn_file authz_core authz_host authz_user autoindex deflate dir env expires fcgid filter headers http2 mime mpm_event negotiation pagespeed proxy proxy_balancer proxy_fcgi proxy_http reqtimeout rewrite setenvif slotmem_shm socache_shmcb ssl status unique_id

我正在使用 maria 数据库(最近切换但没有做太多)

Nextcloud 使用 redis-server 作为 php 缓存,我已经使用 nextcloud 的推荐设置启用了 opcache。我已经禁用它进行测试,但这并没有解决问题。

Accessibility
1.8.0
Vorgestellt
Activity
2.15.0
Vorgestellt
Brute-force settings
2.2.0
Vorgestellt
Calendar
2.3.4
Vorgestellt
Camera RAW Previews
0.7.12
Checksum
1.1.2
Circles
22.1.1
Vorgestellt
Collaborative tags
1.12.0
Vorgestellt
Comments
1.12.0
Vorgestellt
Contacts
4.0.3
Vorgestellt
Contacts Interaction
1.3.0
Vorgestellt
Dashboard
7.2.0
Vorgestellt
Default encryption module
2.10.0
Vorgestellt
Deleted files
1.12.0
Vorgestellt
End-to-End Encryption
1.7.1
Vorgestellt
Federation
1.12.0
Vorgestellt
File sharing
1.14.0
Vorgestellt
 Group folders
10.0.0
Vorgestellt
Log Reader
2.7.0
Vorgestellt
Mail
1.10.5
Vorgestellt
Maps
0.1.9
Vorgestellt
Metadata
0.14.0
Monitoring
1.12.0
Vorgestellt
Nextcloud announcements
1.11.0
Vorgestellt
Notes
4.1.1
Vorgestellt
Notifications
2.10.1
Vorgestellt
Password policy
1.12.0
Vorgestellt
PDF viewer
2.3.0
Vorgestellt
Photos
1.4.0
Vorgestellt
Privacy
1.6.0
Vorgestellt
Quota warning
1.11.0
Recognize
1.6.10
Registration
1.3.0
Right click
1.1.0
Vorgestellt 
 Share by mail
1.12.0
Vorgestellt
Support
1.5.0
Vorgestellt
Talk
12.1.2
Vorgestellt
Text
3.3.0
Vorgestellt
Theming
1.13.0
Vorgestellt
Two-Factor Email
2.1.1
Update notification
1.12.0
Vorgestellt
Usage survey
1.10.0
Vorgestellt
User status
1.2.0
Vorgestellt
Versions
1.15.0
Vorgestellt
Video converter
1.0.3
Video player
1.11.0
Vorgestellt
Weather status
1.2.0
Vorgestellt

(vorgestellt 表示推荐)

只有 apache 使用那么多 RAM - 其他一切都很好 此外,在我重新加载/重新启动 apache 服务器之前,这些东西不会从 RAM(&swap)中删除

从浏览器下载时,下载仅停止在 383MB - 并且浏览器没有说明要下载的文件有多大(Onedrive 也有这个问题,在较大的文件夹上下载速度低于 1MB/s,就像:未知剩余时间- 已经下载了多少 - 下载速度)

我配置错了什么?或者是别的什么?

我的服务器是苹果 macbook air 4GB RAM 2GHz - 2.2GHz(boost) Intel 多线程 2 核 cpu,xanmod 内核 如果缺少某些东西,请通知我一件事:如果没有可用 RAM,earlyoom 会杀死 apache 服务器另一件事:我在没有 x-server 的 Ubuntu21.04 和 400MB RAM 使用量(如果没有发生任何事情)

apache-2.4 nextcloud
Martin Hope
Kyoshi
Asked: 2021-07-22 05:05:47 +0800 CST
  • 2

我最近开始在提供商托管的 Ubuntu 机器上使用 Nextcloud 托管我自己的云。昨天我想对配置进行更改,但注意到管理员帐户已被阻止,因为我最多启用了 3 次尝试,直到用户被阻止。

现在我正在尝试找到一种方法来解除对管理员帐户的阻止。我尝试通过 SSH 访问我的服务器,然后尝试运行 occ 脚本来解除对管理员帐户的阻止,但是我似乎无法正确访问该文件。我正在运行 Ubuntu 18.04.5 LTS:

sudo -u www-data php /var/lib/docker/volumes/nextcloud/_data/occ
Could not open input file: /var/lib/docker/volumes/nextcloud/_data/occ

/var/lib/docker/volumes/nextcloud/_data# ./occ user:enable admin

n unhandled exception has been thrown:
Doctrine\DBAL\Exception: Failed to connect to the database: An exception occurred in the driver: could not find driver in /var/lib/docker/volumes/nextcloud/_data/lib/private/DB/Connection.php:85
Stack trace:
#0 /var/lib/docker/volumes/nextcloud/_data/3rdparty/doctrine/dbal/src/Connection.php(1486): OC\DB\Connection->connect()
#1 /var/lib/docker/volumes/nextcloud/_data/3rdparty/doctrine/dbal/src/Connection.php(1014): Doctrine\DBAL\Connection->getWrappedConnection()
#2 /var/lib/docker/volumes/nextcloud/_data/lib/private/DB/Connection.php(226): Doctrine\DBAL\Connection->executeQuery()
#3 /var/lib/docker/volumes/nextcloud/_data/3rdparty/doctrine/dbal/src/Query/QueryBuilder.php(210): OC\DB\Connection->executeQuery()
#4 /var/lib/docker/volumes/nextcloud/_data/lib/private/DB/QueryBuilder/QueryBuilder.php(287): Doctrine\DBAL\Query\QueryBuilder->execute()
#5 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppConfig.php(345): OC\DB\QueryBuilder\QueryBuilder->execute()
#6 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppConfig.php(110): OC\AppConfig->loadConfigValues()
#7 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppConfig.php(301): OC\AppConfig->getApps()
#8 /var/lib/docker/volumes/nextcloud/_data/lib/private/legacy/OC_App.php(957): OC\AppConfig->getValues()
#9 /var/lib/docker/volumes/nextcloud/_data/lib/private/Server.php(682): OC_App::getAppVersions()
#10 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(155): OC\Server->OC\{closure}()
#11 /var/lib/docker/volumes/nextcloud/_data/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#12 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(122): Pimple\Container->offsetGet()
#13 /var/lib/docker/volumes/nextcloud/_data/lib/private/ServerContainer.php(137): OC\AppFramework\Utility\SimpleContainer->query()
#14 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(56): OC\ServerContainer->query()
#15 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(177): OC\AppFramework\Utility\SimpleContainer->get()
#16 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(155): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#17 /var/lib/docker/volumes/nextcloud/_data/3rdparty/pimple/pimple/src/Pimple/Container.php(114): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#18 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(122): Pimple\Container->offsetGet()
#19 /var/lib/docker/volumes/nextcloud/_data/lib/private/ServerContainer.php(137): OC\AppFramework\Utility\SimpleContainer->query()
#20 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(56): OC\ServerContainer->query()
#21 /var/lib/docker/volumes/nextcloud/_data/lib/private/Server.php(1031): OC\AppFramework\Utility\SimpleContainer->get()
#22 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(155): OC\Server->OC\{closure}()
#23 /var/lib/docker/volumes/nextcloud/_data/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#24 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(122): Pimple\Container->offsetGet()
#25 /var/lib/docker/volumes/nextcloud/_data/lib/private/ServerContainer.php(137): OC\AppFramework\Utility\SimpleContainer->query()
#26 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(56): OC\ServerContainer->query()
#27 /var/lib/docker/volumes/nextcloud/_data/lib/private/Server.php(1990): OC\AppFramework\Utility\SimpleContainer->get()
#28 /var/lib/docker/volumes/nextcloud/_data/lib/private/Files/View.php(119): OC\Server->getLockingProvider()
#29 /var/lib/docker/volumes/nextcloud/_data/lib/private/Server.php(430): OC\Files\View->__construct()
#30 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(155): OC\Server->OC\{closure}()
#31 /var/lib/docker/volumes/nextcloud/_data/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
#32 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(122): Pimple\Container->offsetGet()
#33 /var/lib/docker/volumes/nextcloud/_data/lib/private/ServerContainer.php(137): OC\AppFramework\Utility\SimpleContainer->query()
#34 /var/lib/docker/volumes/nextcloud/_data/lib/private/AppFramework/Utility/SimpleContainer.php(56): OC\ServerContainer->query()
#35 /var/lib/docker/volumes/nextcloud/_data/lib/private/Server.php(1353): OC\AppFramework\Utility\SimpleContainer->get()
#36 /var/lib/docker/volumes/nextcloud/_data/lib/base.php(588): OC\Server->boot()
#37 /var/lib/docker/volumes/nextcloud/_data/lib/base.php(1076): OC::init()
#38 /var/lib/docker/volumes/nextcloud/_data/console.php(49): require_once('/var/lib/docker...')
#39 /var/lib/docker/volumes/nextcloud/_data/occ(11): require_once('/var/lib/docker...')

有谁知道我现在可以尝试什么?

ubuntu nextcloud
Martin Hope
bignose
Asked: 2021-07-09 00:12:00 +0800 CST
  • 1

如何编写Ansible 任务以作为第三用户运行 PHP 脚本;不是root用户也不是连接用户,而是“webserver”用户?

occ根据文档,NextCloud 管理程序必须以网络服务器用户身份运行

sudo -u www-data php occ

为了成为运行命令的不同用户,Ansible 提供了该become功能。Ansible 文档强烈建议不要尝试以不同的非 root 用户身份运行命令

如果模块文件在不使用的情况下执行,则一切都很好become,当become_user是 root 时,或者当与远程计算机的连接以 root 身份建立时。在这些情况下,Ansible 创建的模块文件的权限只允许用户和 root 读取,或者只允许切换到的非特权用户读取。

但是,当连接用户和become_user都是非特权用户时,模块文件被写入为 Ansible 连接的用户 (the remote_user),但该文件需要被 Ansible 设置为的用户可读。

用于become_user该用户

连接用户sudo有权作为第三个用户运行命令:

$ sudo -u www-data whoami
www-data

当我become_user在任务上使用时,以该用户身份运行命令:

- name: "NextCloud: Instance configuration"
  become_user: "{{ web_process_user }}"
  command:
    cmd: >-
        php "{{ apache_nextcloud_dir }}/occ" maintenance:install
            --no-interaction
            …

更新:嗯,它有效。我不知道发生了什么变化,但在尝试重现问题时,它停止了。

作为该用户使用shell显式sudo调用

当我使用命令配置 Ansible 任务时shell

shell: >-
    su '{{ web_process_user }}' --shell '/bin/bash' -c ' \
        php "{{ apache_nextcloud_dir }}/occ" …

Ansible 抱怨:

[警告]:考虑使用 'become'、'become_method' 和 'become_user' 而不是运行 su

我很乐意这样做。Ansiblebecome将是一种比这种shell: suhack 更优雅的方式。

但是在使用 时become,会出现 Ansible 文档中描述的问题:通过连接发送的用于运行该命令的任务模块,无法获得创建其临时文件的权限。

Ansible 文档建议:

  • “使用流水线”:这失去了默认任务模块系统的优势。
  • “避免成为非特权用户”:不是一个选项,因为正确运行此命令需要非特权网络服务器用户。

我应该如何制作一个以非特权第三用户身份运行的 Ansible 任务php "{{ apache_nextcloud_dir }}/occ" {{ web_process_user }}

更新:该become功能现在似乎可以正常工作。

nextcloud ansible
Martin Hope
Riccardo Cossu
Asked: 2021-06-22 23:19:33 +0800 CST
  • 0

我有一个相当标准的设置,使用 nginx 作为 Web 前端(带有 https 证书等)和 nextcloud FPM 后端;整个安装的流量非常低,因为我是唯一一个使用它的人。

在某一时刻 https 停止工作,来自外部的每个连接都会导致超时或连接被拒绝;在这种情况下,似乎 nextcloud 正在工作,而 nginx 没有。我认为这可能与我的主机上的一些节能有关,但事实并非如此,因为同一主机上的所有其他容器都可以正常工作;有趣的是,有一种简单的方法可以让它再次工作,那就是在主机上打开一个 shell 并执行以下操作:

cd $NEXTCLOUD_DIRECTORY

其中 NEXTCLOUD_DIRECTORY 是应用程序的基本目录,docker-compose.yml 文件和数据目录都在其中(位于 $HOME/docker/nextcloud-letsencrypt)。

我只是不明白为什么会发生这种情况以及为什么该操作是一种解决方案...

这是我的撰写文件:

version: '3'
  services:
    nginx:
      image: nginx:alpine
      ports:
        - "80:80"
        - "127.0.0.1:8443:443"
      volumes:
        - ./data/nginx:/etc/nginx/conf.d
        - ./data/certbot/conf:/etc/letsencrypt
        - ./data/certbot/www:/var/www/certbot
        - ./data/nextcloud/www:/var/www/html:ro
        - ./data/nextcloud/apps:/var/www/html/custom_apps:ro
      restart: unless-stopped
      command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
    certbot:
      image: certbot/certbot
      volumes:
        - ./data/certbot/conf:/etc/letsencrypt
        - ./data/certbot/www:/var/www/certbot
      entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
      restart: unless-stopped
    cloud-db:
      container_name: ${DB_CONTAINER_NAME}
      image: mariadb:${DB_IMAGE_TAG}
      restart: unless-stopped
      command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
      volumes:
        ...
      environment:
        MYSQL_DATABASE: ${MYSQL_DATABASE}
        MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
        MYSQL_USER: ${MYSQL_USER}
        MYSQL_PASSWORD: ${MYSQL_PASSWORD}
    app:
     image: nextcloud:21-fpm-alpine
     links:
       - cloud-db
     user: "1000:1004"
     volumes:
       - ./data/nextcloud/www:/var/www/html
       - ./data/nextcloud/apps:/var/www/html/custom_apps
       - ./data/nextcloud/config:/var/www/html/config
       - /mnt/usb/shared/nextcloud:/var/www/html/data
       - /mnt/usb/Expansion_2/serie:/mnt/serie:ro
       - /mnt/usb/archivio/archivio:/mnt/archivio:ro
     restart: unless-stopped

./data 位于根 FS 中,在用户 1000 的主目录中。

/mnt/usb/shared/nextcloud 在 ext4 USB 驱动器上(ext4 默认值,nofail 0 0),R/W 给用户

/mnt/usb/Expansion_2 是另一个通过 NC 服务的 ex4 USB 驱动器(ext4 默认值,nofail 0 0)(它们在 NC 中注册为外部存储)

nginx docker-compose nextcloud
Martin Hope
DhP
Asked: 2021-02-02 15:04:46 +0800 CST
  • 1

所以看起来在最近的 Arch 系统升级之后,我的 NextCloud 服务器不再工作,目前给了我"This version of Nextcloud is not compatible with > PHP 7.4. You are currently running 8.0.1."

php -v现在给了我PHP 8.0.1,但我也安装了/usr/bin/php7(PHP 7.4.14)。

我基本上只是将 PHP 用于nextcloud (cur. v20.0.6-1),通过 Apache +php-fpm

所以我想知道选择继续使用的正确“拱形方式”或解决方法是php7什么?(至少目前)

任何方式我可以例如降级phpphp-fm包或什么?(最好不要破坏其他东西)。还是我应该只是等待新nextcloud版本与当前php版本兼容?

php arch-linux php-fpm nextcloud php7
Martin Hope
Karoh
Asked: 2020-12-08 14:43:59 +0800 CST
  • 1
  • Nextcloud 目前在my-domain.dev/nextcloud.
  • 我想把它送到cloud.my-domain.dev
  • 我已经设置了一个 A 记录cloud.my-domain.dev来指向我的服务器的 IP 地址。
  • 坐在我的旁边/var/www/nextcloud,我还有一个/var/www/my-domain.dev我的主站点,我已经设置它使用 Let's-Encrypt 使用 HTTPS。
  • 我正在使用服务器版本:Apache/2.4.41 (Ubuntu)。

现在我需要设置虚拟主机一起玩。我假设我必须将 nextcloud.conf 转换为位于虚拟主机中,也许在不同的端口下?我该如何进行?

nextcloud.conf由 nextcloud 推荐

Alias /nextcloud "/var/www/nextcloud/"

<Directory /var/www/nextcloud/>
  Require all granted
  AllowOverride All
  Options FollowSymLinks MultiViews

  <IfModule mod_dav.c>
    Dav off
  </IfModule>    

  SetEnv HOME /var/www/nextcloud
  SetEnv HTTP_HOME /var/www/nextcloud

</Directory>

我的域.dev.conf

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName my-domain.dev
    ServerAlias www.my-domain.dev
    DocumentRoot /var/www/my-domain.dev
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

什么对我有用:

安德鲁舒尔曼的回答几乎对我有用,我只需要做一些小改动:

  • 删除“要求所有授予”。
  • 将“AllowOverride All”和“Options FollowSymLinks MultiViews”移动到目录标签中。

有人可以解释为什么这些步骤是必要的吗?

谢谢安德鲁!

nextcloud.conf:
  1 <VirtualHost *:80>
  2         ServerAdmin [email protected]
  3         ServerName cloud.b-t.dev
  4         DocumentRoot /var/www/nextcloud
  5
  6         #ErrorLog ${APACHE_LOG_DIR}/error.log
  7         #CustomLog ${APACHE_LOG_DIR}/access.log combined
  8
  9         <Directory "/var/www/nextcloud">
 10                 AllowOverride All
 11                 Options FollowSymLinks MultiViews
 12         </Directory>
 13
 14         #Satisfy Any
 15
 16         <IfModule mod_dav.c>
 17                 Dav off
 18         </IfModule>
 19
 20         SetEnv HOME /var/www/nextcloud
 21         SetEnv HTTP_HOME /var/www/nextcloud
 22 </VirtualHost>
ubuntu apache-2.4 ubuntu-20.04 nextcloud
Martin Hope
TornaxO7
Asked: 2020-11-15 03:44:51 +0800 CST
  • 2

目前,我已经设置了一个 nextcloud 服务器,nginx并使用sudo systemctl enable nginx.service. 当我重新启动时,我收到一条抱怨代理服务器的错误消息,如果我查看一下sudo systemctl status nginx.service,我会收到以下信息:

nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Sat 2020-11-14 12:20:55 CET; 16min ago

Nov 14 12:20:55 TORNAX-ARCH systemd[1]: Starting A high performance web server and a reverse proxy server...
Nov 14 12:20:55 TORNAX-ARCH nginx[473]: 2020/11/14 12:20:55 [warn] 473#473: could not build optimal types_hash, you should increase either types_hash_max_size: 1024 or types_hash_bucket_si>
Nov 14 12:20:55 TORNAX-ARCH nginx[473]: 2020/11/14 12:20:55 [emerg] 473#473: bind() to 192.168.178.35:443 failed (99: Unknown error)
Nov 14 12:20:55 TORNAX-ARCH systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
Nov 14 12:20:55 TORNAX-ARCH systemd[1]: nginx.service: Failed with result 'exit-code'.
Nov 14 12:20:55 TORNAX-ARCH systemd[1]: Failed to start A high performance web server and a reverse proxy server.

如果我跑步nginx -t,我会得到这个:

2020/11/14 12:37:40 [warn] 68391#68391: could not build optimal types_hash, you should increase either types_hash_max_size: 1024 or types_hash_bucket_size: 64; ignoring types_hash_bucket_size
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
2020/11/14 12:37:40 [emerg] 68391#68391: open() "/run/nginx.pid" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed

当我正在寻找有关此open() "/run/nginx.pid" failed (13: Permission denied)错误的解决方案时,我只能获得 docker + nginx 的解决方案,例如这些帖子:

它在手动重新启动服务后工作,sudo systemctl restart nginx.service但我仍然open() "/run/nginx.pid" failed (13: Permission denied)在运行时得到nginx -t

我做错了什么或者我能做些什么来解决这个问题?

permissions nginx arch-linux nextcloud