Haye Habr! Waxaan kuu soo bandhigayaa tarjumaada maqaalka .
Way adag tahay in la dhayalsado qiimaha xafiisyada onlineka sida Google Docs iyo kaydinta daruuraha ee nolosha dadka farsamada ku jihaysan. Tignoolajiyada ayaa noqotay mid aad u baahsan oo xitaa Microsoft, oo in muddo ah gacanta ku haysay suuqa codsiyada xafiiska, waxay beryahan xooga saartay sidii ay u samayn lahayd arjiga mareegaha ee Office 365 iyo ka dhaadhicinta dadka isticmaala inay u beddelaan qaabka is-diiwaangelinta si ay u isticmaalaan adeegyadooda gaarka ah. Waxaan ku martiqaadeynaa kuwa xiiseynaya habka rakibidda iyo habeynta kaydkooda bisadda hoosteeda.
Waqti ka hor waxaan eegnay xalalka kaydinta daruuraha iyo xafiisyo xafiis shabakadeed oo furan oo si fudud loo geyn karo si loogu isticmaalo ganacsi-yar. Dhiirigelinta ugu weyn ee ku haynta dhammaan dukumeentiyada khadka tooska ah waa in la ilaaliyo waraaqaha ugu yar oo la hirgeliyo dhaqamada ganacsi ee wanaagsan inkasta oo mugga wax kala iibsiga uu yar yahay. Dhinaca kale ee qadaadiicda ah ayaa ah in kiraysashada Cloud server-ka lagu bixiyo adeegan ay ka badbaado yar tahay in si toos ah loogu kaydiyo dhismaha shirkada, maadaama aanad haysan wax hab ah oo aad ku hubin karto gelitaanka server-kaaga ama gaadiidkaaga. Sidaa darteed, dhamaadka-ilaa-dhamaadka sirta ah iyo software il furan ayaa sidoo kale loo baahan yahay.
Iyadoo la tixgelinayo dhammaan macluumaadka la heli karo ee ku saabsan xalalka isha furan, waxaan helnay laba mashruuc oo firfircoon (oo leh ballanqaad ku jira kaydka git ee bilihii 12 ee la soo dhaafay) oo loo sameeyay kaydinta daruuraha: NextCloud iyo OwnCloud, iyo xafiiska kaliya ee firfircoon ee ONLYOFFICE. Labada qalab ee kaydinta daruuraha waxay leeyihiin qiyaas isku mid ah shaqada, iyo go'aanka xulashada NextCloud waxay ku salaysan tahay jiritaanka caddaynta in lagu dhex dari karo KALIYA si loogu isticmaalo isdhexgalka raaxada leh ee software-ka. Si kastaba ha ahaatee, markii aan bilownay keenista adeegyada, waxaa soo ifbaxday xog la'aanta ku saabsan isku dhafka adeegyada kor ku xusan. Waxaan helnay 3 fiidiyow oo casharro ah oo ku saabsan sida loo dhexgalo:
Saddexda fiidyow midkoodna kama jawaabin su'aasha ku saabsan ku rakibidda adeegga dukumeentiga ONLYOFFICE isla server-ka jireed ee NextCloud oo leh nginx la wadaago. Taa beddelkeeda, waxay isticmaaleen farsamooyinka kala-soocidda sida adeegsiga dekedo gaar ah adeegga dukumeentiga api. Soo jeedin kale waxay ahayd in la geeyo adeeg gaar ah oo loogu talagalay Adeegga Dukumentiga, iyada oo gacanta lagu habeynayo tusaale nginx ah oo lagu dhex dhisay Adeegga Dukumentiga si loo rakibo furaha gelitaanka (furaha gelitaanka horay loo yaqaan ee xaqiijinaya xaqa gelitaanka daruuraha xogta) iyo shahaadooyinka TLS. Hababka kor ku xusan waxaa loo tixgeliyey inaysan badbaado lahayn oo aan waxtar lahayn, sidaa darteed waxaan isku darnay NextCloud, ONLYOFFICE iyo nginx caadi ah, kaas oo kala sooca codsiyada magacyada domain, iyadoo la adeegsanayo docker-compose. Halkan waxaa ah macluumaad tallaabo tallaabo ah oo ku saabsan sida loo sameeyo.
Tallaabada 1: weelka nginx
Tani waa habayn aad u fudud, laakiin tallaabadani waxay u baahan tahay shaqada ugu badan si loo habeeyo server-ka wakiilnimada. Waxaan markii hore u abuurnay qaabeynta docker-compose ee nginx: sawirka xasilloon.
version: '2'
services:
nginx:
image : nginx:stable
restart: always
volumes:
- ./nginx/nginx-vhost.conf:/etc/nginx/conf.d/default.conf:ro
- ./nginx/certificates:/mycerts
ports:
- 443:443
- 80:80
Tani waxay abuurtaa weel leh dekedaha 80 iyo 443 ee u furan dadweynaha, khariidadaha qaabeynta si nginx/nginx-vhost.conf , waxayna qeexaysaa dukaanka shahaadooyinka ee loo soo saaray shahaadooyin iskiis u saxeexay ama isticmaalaya Aan ku sirno certbot-ka / nginx/certificates. Goobtani waa inay ka kooban tahay faylalka office.yourdomain.com iyo Cloud.yourdomain.com, oo wata faylal fullchain1.pem iyo privkey1.pem mid walba ee silsilada shahaadada iyo furaha gaarka ah ee serferka, siday u kala horreeyaan. Waxaad ka akhrisan kartaa wax badan oo ku saabsan sida loo soo saaro shahaado is-saxiix ah halkan. (ka beddelka .key iyo .crt ee .pem waxay u shaqeysaa iyada oo aan loo beddelin qaab dhismeedka faylka nginx).
Taas ka dib, waxaan qeexnay faylka vhost. Waxaan marka hore ku qeexnay habdhaqanka dekedda 80 sida sahlan oo loo jiheeyo https, sababtoo ah Ma rabno inaan ogolaano taraafikada http
server {
listen 80;
location / {
return 301
https://$host$request_uri;
}
}
Kadibna waxaan ku abuurnay laba adeegayaal macmal ah dekeda 443 adeegyadayada:
server {
listen 443 ssl;
server_name cloud.yourdomain.com ;
root /var/www/html;
ssl_certificate /mycerts/cloud.yourdomain.com/fullchain1.pem;
ssl_certificate_key /mycerts/cloud.yourdomain.com/privkey1.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app:80;
}
}
server {
listen 443 ssl;
server_name office.yourdomain.com;
root /var/www/html;
ssl_certificate /mycerts/office.yourdomain.com/fullchain1.pem;
ssl_certificate_key /mycerts/office.yourdomain.com/privkey1.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://onlyoffice:80;
}
}
Tallaabada 2: adeegga dukumentiga
Hadda waxaan u baahanahay inaan ku darno weelka adeegga dukumeentiga docker-compose.yml. Ma jiraan wax gaar ah oo halkan lagu habeeyo.
services:
...
onlyoffice:
image: onlyoffice/documentserver
restart: always
Laakin ha ilaawin inaad ku xidho weelka nginx iyo adeega dukumentiga:
services:
...
nginx:
...
depends_on:
- onlyoffice
Tallaabada 3: NextCloud
Marka hore, ku dar adeegyo cusub:
services:
...
db:
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- /data/nextcloud_db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=#put some password here
- MYSQL_PASSWORD=#put some other password here
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
app:
image: nextcloud
depends_on:
- db
- onlyoffice
restart: always
oo kudar xiriirinta nginx:
services:
...
nginx:
...
depends_on:
- app
Hadda waa waqtigii la rari lahaa weelasha.
docker-compose up -d
Muddo ka dib, nginx wuxuu bilaabi doonaa inuu kuu jiheeyo dhinaca hore ee NextCloud, kaas oo ah bogga qaabeynta caadiga ah. Waxaad u baahan doontaa inaad geliso magaca isticmaalaha iyo erayga sirta ah ee isticmaalehaaga koowaad ee maamulka iyo xogta xogta xogta ee aad ku bixisay docker-compose.yml Marka habayntu dhammaato, waxaad awoodi doontaa inaad gasho. Xaaladeena, sugitaanku wuxuu qaatay ku dhawaad ββhal daqiiqo wuxuuna u baahday dib u cusboonaysiin dheeraad ah oo ku saabsan bogga galitaanka ka hor intaanan galin adeegga daruuraha.
Daaqada dejinta adeegga NextCloud
Tallaabada 4: Isku xidhka NextCloud iyo KALIYA
Tallaabadan, waxaad u baahan doontaa inaad ku rakibto arjiga NextCloud, kaas oo isku xira shaqada KALIYA. Aan ku bilowno guddiga kantaroolka codsiga ee ku yaal geeska sare ee midig ee liiska. Soo hel app-ka KALIYA (Xafiiska & qoraalka hoostiisa ama adoo isticmaalaya raadinta), rakib oo daar.
Intaa ka dib waxaad u sii gudubtaa Settings adoo sii maraya liiska ku yaal geeska midig ee sare waana inaad ka heshaa shay kaliya oo ku yaal liiska bidix. U gal. Waxaad u baahan doontaa inaad iska diiwaan geliso ciwaanada sida hoos ku cad.
Dejinta codsiga isdhexgalka
Cinwaanka ugu horeeya waxa loo isticmaalaa in lagu xidho qaar ka mid ah js iyo css files si toos ah ka codsiga ku shaqeeya browserka (tani waa waxa aan u baahanahay si ay u furaan gelitaanka adeega ONLYOFFICE iyada oo loo marayo nginx). Furaha sirta ah lama isticmaalo sababtoo ah waxaan ku kalsoonahay lakabka go'doominta Docker in ka badan furaha xaqiijinta joogtada ah. Ciwaanka saddexaad waxa isticmaala weelka NextCloud si uu si toos ah ugu xidho ONLYOFFICE API, oo waxa uu isticmaalaa magaca martida loo yahay ee Docker. Hagaag, goobta ugu dambeysa ayaa loo isticmaalaa si KALIYA uu codsiyo dib ugu soo celiyo NextCloud API iyadoo la adeegsanayo ciwaanka IP-ga dibadda ah ama ciwaanka Docker-ka gudaha ah haddii aad isticmaaleyso shabakadaha Docker, laakiin tan looma isticmaalo kiiskeena. Hubi in goobaha dab-damiskaagu ay ogol yihiin isdhexgalka noocaan ah.
Ka dib markii la keydiyo, NextCloud waxay tijaabin doontaa isku xirka, haddii wax walba ay sax yihiin, waxay ku tusi doontaa goobaha la xidhiidha isdhexgalka - tusaale ahaan, noocyada faylasha lagu hagaajin karo isdhexgalka. Habbee sida aad u aragto inay ku habboon tahay.
Talaabada u dambaysa: halka laga helo tifaftiraha
Haddii aad dib ugu noqoto faylalka kaydinta daruuraha oo aad gujiso "+" si aad u abuurto fayl cusub, markaa waxaad yeelan doontaa ikhtiyaar cusub oo aad ku abuurto dukumeenti, xaashida faafinta ama bandhigga. Caawintooda, waxaad abuuri doontaa oo isla markaaba awood u yeelan doontaa inaad wax ka beddesho noocyadan faylasha adoo isticmaalaya ONLYOFFICE.
Liiska abuurista faylka
Kaabista 1
Nuxurka buuxa ee docker-compose.yml waxaa laga heli karaa halkan:
Source: www.habr.com