Hai Habr! Ina gabatar muku da fassarar labarin .
Yana da wuya a raina ƙimar ofis ɗin kan layi kamar Google Docs da ajiyar girgije a cikin rayuwar mutane masu dogaro da fasaha. Fasaha ta yadu sosai har ma Microsoft, wanda ya dade yana mamaye kasuwar aikace-aikacen ofis, kwanan nan ya mayar da hankali kan haɓaka aikace-aikacen gidan yanar gizo na Office 365 tare da jan hankalin masu amfani da su canza zuwa tsarin biyan kuɗi don amfani da nasu ayyukan. Muna gayyatar waɗanda ke da sha'awar aiwatar da shigarwa da daidaita nasu ajiya a ƙarƙashin cat.
Wani lokaci da ya gabata mun kalli mafitacin ajiyar girgije da buɗaɗɗen ofis ɗin gidan yanar gizo waɗanda za a iya tura su cikin sauƙi don amfani a cikin ƙaramin kamfani. Babban abin ƙarfafawa don adana duk takaddun akan layi shine kiyaye takarda zuwa mafi ƙanƙanta da aiwatar da kyawawan ayyukan kasuwanci duk da ƙarancin ma'amala. Wani bangaren tsabar kudin shine hayan uwar garken gajimare don samar da wannan sabis ɗin ba shi da tsaro fiye da adana shi kai tsaye a harabar kamfani, tunda ba ku da wata hanya ta tantance damar shiga sabar ko zirga-zirgar ku. Don haka, ana kuma buƙatar ɓoyayyen ɓoyayyen ƙarshen-zuwa-ƙarshe da software na buɗe tushen.
Yin la'akari da duk bayanan da ake samu game da mafita na tushen budewa, mun sami ayyuka biyu masu aiki (tare da ƙaddamarwa a cikin ma'ajin git na watanni 12 da suka gabata) waɗanda aka haɓaka don ajiyar girgije: NextCloud da OwnCloud, kuma kawai ofishin ONLYOFFICE mai aiki. Duk kayan aikin ajiyar girgije suna da kusan ayyuka iri ɗaya, kuma shawarar zaɓar NextCloud ya dogara ne akan kasancewar shaidar cewa ana iya haɗa shi tare da KAWAI don kyakkyawar hulɗar mai amfani tare da software. Koyaya, lokacin da muka fara tura ayyukan, rashin bayanin haɗa ayyukan da ke sama ya bayyana. Mun sami bidiyon koyawa 3 kan yadda ake haɗawa:
Babu ɗayan bidiyon ukun da ya amsa tambayar shigar da sabis ɗin takaddar ONLYOFFICE akan sabar jiki iri ɗaya kamar NextCloud tare da nginx mai raba. Madadin haka, sun yi amfani da dabarun rabuwa kamar amfani da tashoshin jiragen ruwa daban don api sabis na takaddun. Wani zaɓin da aka ba da shawarar shi ne tura sabar daban don Sabis na Takardun, da hannu yana daidaita misalin nginx da aka gina a cikin Sabis na Takardun don shigar da maɓallin shiga (maɓallin shiga da aka riga aka sani wanda ke tabbatar da haƙƙin shiga gajimaren bayanai) da takaddun takaddun TLS. Hanyoyin da ke sama an yi la'akari da su ba su da aminci kuma ba su da tasiri sosai, don haka mun haɗa NextCloud, ONLYOFFICE da nginx na kowa wanda ke raba buƙatun ta sunayen yanki ta amfani da docker-compose. Anan akwai bayanin mataki-mataki akan yadda ake yin shi.
Mataki 1: akwati nginx
Wannan saitin ne mai sauƙi, amma wannan matakin yana buƙatar mafi yawan aiki don saita uwar garken wakili na baya. Mun fara ƙirƙira ƙa'idar docker-compose don nginx: hoton tsayayye.
version: '2'
services:
nginx:
image : nginx:stable
restart: always
volumes:
- ./nginx/nginx-vhost.conf:/etc/nginx/conf.d/default.conf:ro
- ./nginx/certificates:/mycerts
ports:
- 443:443
- 80:80
Wannan yana haifar da akwati tare da tashar jiragen ruwa 80 da 443 bude ga jama'a, taswirar daidaitawa zuwa nginx/nginx-vhost.conf , kuma ya bayyana kantin sayar da takardun shaida da aka samar a matsayin takaddun shaida mai sanya hannu ko amfani da Mu encryptbot's certbot a /nginx/certificates. Wannan wurin yakamata ya ƙunshi manyan fayiloli na office.yourdomain.com da cloud.yourdomain.com, tare da fullchain1.pem da fayilolin sirri1.pem a kowanne don sarkar takardar shaida da maɓallin keɓaɓɓen uwar garken, bi da bi. Kuna iya karanta ƙarin game da yadda ake samar da takardar shedar sanya hannu a nan. (sake suna .key da .crt zuwa .pem suna aiki ba tare da canza tsarin fayil don nginx ba).
Bayan haka, mun ayyana fayil ɗin vhost. Da farko mun ayyana halayen tashar tashar jiragen ruwa 80 a matsayin mai sauƙin turawa zuwa https, saboda ba ma so mu ƙyale kowane zirga-zirgar http
server {
listen 80;
location / {
return 301
https://$host$request_uri;
}
}
Sannan mun ƙirƙiri sabar sabar guda biyu akan tashar jiragen ruwa 443 don ayyukanmu:
server {
listen 443 ssl;
server_name cloud.yourdomain.com ;
root /var/www/html;
ssl_certificate /mycerts/cloud.yourdomain.com/fullchain1.pem;
ssl_certificate_key /mycerts/cloud.yourdomain.com/privkey1.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app:80;
}
}
server {
listen 443 ssl;
server_name office.yourdomain.com;
root /var/www/html;
ssl_certificate /mycerts/office.yourdomain.com/fullchain1.pem;
ssl_certificate_key /mycerts/office.yourdomain.com/privkey1.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://onlyoffice:80;
}
}
Mataki 2: daftarin aiki sabis
Yanzu muna buƙatar ƙara kwandon sabis ɗin daftarin aiki zuwa docker-compose.yml. Babu wani abu na musamman don daidaitawa a nan.
services:
...
onlyoffice:
image: onlyoffice/documentserver
restart: always
Amma kar a manta da haɗa kwandon nginx zuwa sabis ɗin takaddun:
services:
...
nginx:
...
depends_on:
- onlyoffice
Mataki 3: NextCloud
Na farko, ƙara sabbin ayyuka:
services:
...
db:
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- /data/nextcloud_db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=#put some password here
- MYSQL_PASSWORD=#put some other password here
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
app:
image: nextcloud
depends_on:
- db
- onlyoffice
restart: always
kuma ƙara hanyar haɗi zuwa nginx:
services:
...
nginx:
...
depends_on:
- app
Yanzu lokaci yayi da za a loda kwantena.
docker-compose up -d
Bayan ɗan lokaci, nginx zai fara tura ku zuwa ƙarshen gaba na NextCloud, wanda shine shafin daidaitawa na tsoho. Kuna buƙatar shigar da sunan mai amfani da kalmar sirri don mai amfani na farko da kuma bayanan bayanan da kuka bayar a docker-compose.yml Da zarar an gama saitin, zaku iya shiga. A cikin yanayinmu, jira ya ɗauki kusan minti ɗaya kuma yana buƙatar ƙarin sabuntawa na shafin shiga kafin mu iya shiga sabis ɗin girgije.
Tagar saitunan sabis na NextCloud
Mataki 4: Haɗa NextCloud da KAWAIOFFICE
A wannan matakin, kuna buƙatar shigar da aikace-aikacen don NextCloud, wanda ke haɗa ayyukan ONLYOFFICE. Bari mu fara da aikace-aikacen kula da panel a saman kusurwar dama na menu. Nemo kawai app ɗin (a ƙarƙashin Office & rubutu ko amfani da bincike), shigar kuma kunna shi.
Bayan haka je zuwa Saituna ta hanyar menu a saman kusurwar dama kuma ya kamata ku nemo abin KAWAI a menu na hagu. Shiga ciki. Kuna buƙatar yin rajistar adiresoshin kamar yadda aka nuna a ƙasa.
Saitunan aikace-aikacen haɗin gwiwa
Ana amfani da adireshi na farko don haɗa wasu fayilolin js da css kai tsaye daga aikace-aikacen da ke gudana a cikin burauzar (wannan shine abin da muke buƙatar buɗe damar shiga sabis na ONLYOFFICE ta hanyar nginx). Ba a amfani da maɓallin sirrin saboda mun amince da keɓancewar Docker fiye da maɓallin tabbatarwa na dindindin. Adireshin na uku yana amfani da akwati na NextCloud don haɗa kai tsaye zuwa API ONLYOFFICE, kuma yana amfani da tsoho sunan mai masauki daga Docker. Da kyau, ana amfani da filin na ƙarshe don KAWAI na iya yin buƙatun komawa zuwa NextCloud API ta amfani da adireshin IP na waje ko adireshin Docker na ciki idan kuna amfani da cibiyoyin sadarwar Docker, amma ba a amfani da wannan a cikin yanayinmu. Tabbatar da saitunan Tacewar zaɓi naka suna ba da damar irin waɗannan hulɗar.
Bayan adanawa, NextCloud zai gwada haɗin kuma, idan duk abin da yake daidai, zai nuna maka saitunan da suka danganci haɗin kai - alal misali, wane nau'in fayiloli za a iya gyara ta wannan haɗin. Keɓance yadda kuka ga dama.
Mataki na ƙarshe: inda zan sami edita
Idan kun koma manyan fayilolin ajiyar girgijenku kuma danna kan "+" don ƙirƙirar sabon fayil, to zaku sami sabon zaɓi don ƙirƙirar daftarin aiki, falle ko gabatarwa. Tare da taimakonsu, zaku ƙirƙira kuma nan da nan zaku iya gyara waɗannan nau'ikan fayiloli ta amfani da KAWAI.
Menu na ƙirƙirar fayil
Ƙarin 1
Ana iya samun cikakken abun ciki na docker-compose.yml anan:
source: www.habr.com