Hayi Habr! Ndinikela ingqalelo yakho ukuguqulelwa kwenqaku .
Kunzima ukujongela phantsi ixabiso leeofisi ze-intanethi ezifana neGoogle Docs kunye nokugcinwa kwelifu kubomi babantu abajolise kubuchwepheshe. Itekhnoloji ixhaphake kangangokuba neMicrosoft, ekudala ilawula kwimarike yezicelo zeofisi, isandula ukugxila ekuphuhliseni usetyenziso lwewebhu lweOfisi 365 nokucenga abasebenzisi ukuba batshintshele kwimodeli yomrhumo ukuze basebenzise iinkonzo zabo. Siyamema abo banomdla kwinkqubo yokufaka kunye nokuqwalasela ukugcinwa kwabo phantsi kwekati.
Ngexesha elidlulileyo sajonga izisombululo zokugcina ilifu kunye neendawo ezivulekileyo zeeofisi zewebhu ezinokuthi zisetyenziswe ngokulula ukuba zisetyenziswe kwi-micro-enterprise. Eyona nto ikhuthazayo yokugcina onke amaxwebhu kwi-intanethi kukugcina amaphepha asezantsi kunye nokuphumeza izenzo ezilungileyo zoshishino nangona umthamo ophantsi wentengiselwano. Elinye icala lengqekembe kukuba ukurenta iseva yelifu ukubonelela le nkonzo akukhuselekanga kancinci kunokugcina ngokuthe ngqo kwindawo yeshishini, kuba awunayo nayiphi na indlela yokuphicotha ukufikelela ngokwasemzimbeni kwiseva yakho okanye kwitrafikhi. Ke ngoko, ukufihlwa kokuphela ukuya ekupheleni kunye nesoftware yomthombo ovulekileyo nazo ziyafuneka.
Ukuthathela ingqalelo lonke ulwazi olukhoyo malunga nezisombululo zomthombo ovulekileyo, sifumene iiprojekthi ezimbini ezisebenzayo (ezinezibophelelo kwindawo yokugcina i-git kwiinyanga ezili-12 ezidlulileyo) eziphuhliselwe ukugcinwa kwelifu: I-NextCloud kunye ne-OwnCloud, kunye ne-ofisi esebenzayo kuphela ye-ONLYOFFICE. Zombini izixhobo zokugcina ilifu zisebenza ngokulinganayo, kwaye isigqibo sokukhetha i-NextCloud sasisekwe kubukho bobungqina bokuba inokudityaniswa ne-ONLYOFFICE ukusebenzisana komsebenzisi kunye nesoftware. Nangona kunjalo, xa saqala ukuhambisa iinkonzo, ukungabikho kolwazi malunga nokudibanisa iinkonzo ezingentla kwabonakala. Sifumene iividiyo ezi-3 zokufundisa ngendlela yokudibanisa:
Akukho nanye kwezi vidiyo zintathu iphendule umbuzo wokufaka inkonzo yoxwebhu lwe-ONLYOFFICE kwiseva yomzimba efanayo ne-NextCloud ene-nginx ekwabelwana ngayo. Endaweni yoko, basebenzisa iindlela zokwahlula ezinjengokusebenzisa izibuko ezahlukeneyo zenkonzo yoxwebhu api. Enye ingcebiso yayikukusasaza iseva eyahlukileyo yeNkonzo yoXwebhu, ukuqwalasela ngesandla inginx umzekelo owakhelwe kwiNkonzo yoXwebhu ukufaka isitshixo sofikelelo (iqhosha lofikelelo elaziwayo ngaphambili eliqinisekisa ilungelo lokufikelela kwilifu ledatha) kunye nezatifikethi zeTLS. Ezi ndlela zingasentla zazithathwa njengezingakhuselekanga kwaye zingasebenzi ngokwaneleyo, ngoko ke sidibanise i-NextCloud, ONLYOFFICE kunye ne-nginx eqhelekileyo eyahlula izicelo ngamagama esizinda usebenzisa i-docker-compose. Nantsi inyathelo ngenyathelo ulwazi malunga nendlela yokwenza.
Inyathelo 1: nginx isikhongozeli
Olu lucwangciso olulula kakhulu, kodwa eli nyathelo lifuna owona msebenzi mkhulu ukuqwalasela umva womncedisi weproxy. Siqale senze uqwalaselo lokuqamba idocker yenginx: umfanekiso ozinzileyo.
version: '2'
services:
nginx:
image : nginx:stable
restart: always
volumes:
- ./nginx/nginx-vhost.conf:/etc/nginx/conf.d/default.conf:ro
- ./nginx/certificates:/mycerts
ports:
- 443:443
- 80:80
Oku kudala isikhongozeli esinamachweba angama-80 kunye nama-443 avuleleke kuluntu, imephu yoqwalaselo nginx/nginx-vhost.conf , kwaye ichaza ivenkile yezatifikethi eziveliswe njengezatifikethi ezisayinileyo okanye kusetyenziswa Masibhale i-certbot kwi /nginx/izatifikethi. Le ndawo kufuneka iqulathe iziqulathi zeefayili ze-office.yourdomain.com kunye ne-cloud.yourdomain.com, ene-fullchain1.pem kunye neefayile ze-privkey1.pem kwindawo nganye yekhonkco lesatifikethi kunye neqhosha labucala leseva, ngokulandelelanayo. Unokufunda ngakumbi malunga nokwenza isatifikethi esizisayinileyo apha. (ukuthiya ngokutsha .isitshixo kunye .crt ukuya .pem isebenza ngaphandle kokuguqula isakhiwo sefayile ye nginx).
Emva koko, sichaze ifayile ye-vhost. Okokuqala sichaza indlela yokuziphatha kwe-80 ye-port njengendlela elula yokuqondisa kwakhona kwi-https, kuba asifuni kuvumela nayiphi na i-http traffic
server {
listen 80;
location / {
return 301
https://$host$request_uri;
}
}
Emva koko senze iiseva ezimbini ezinenyani kwizibuko 443 ngeenkonzo zethu:
server {
listen 443 ssl;
server_name cloud.yourdomain.com ;
root /var/www/html;
ssl_certificate /mycerts/cloud.yourdomain.com/fullchain1.pem;
ssl_certificate_key /mycerts/cloud.yourdomain.com/privkey1.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app:80;
}
}
server {
listen 443 ssl;
server_name office.yourdomain.com;
root /var/www/html;
ssl_certificate /mycerts/office.yourdomain.com/fullchain1.pem;
ssl_certificate_key /mycerts/office.yourdomain.com/privkey1.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://onlyoffice:80;
}
}
Inyathelo 2: inkonzo yoxwebhu
Ngoku kufuneka songeze isikhongozeli senkonzo yoxwebhu kwidocker-compose.yml yethu. Akukho nto ikhethekileyo yokuqwalasela apha.
services:
...
onlyoffice:
image: onlyoffice/documentserver
restart: always
Kodwa ungalibali ukudibanisa isikhongozeli se-nginx kwinkonzo yoxwebhu:
services:
...
nginx:
...
depends_on:
- onlyoffice
Inyathelo 3: NextCloud
Okokuqala, yongeza iinkonzo ezintsha:
services:
...
db:
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- /data/nextcloud_db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=#put some password here
- MYSQL_PASSWORD=#put some other password here
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
app:
image: nextcloud
depends_on:
- db
- onlyoffice
restart: always
kwaye yongeza ikhonkco kwi nginx:
services:
...
nginx:
...
depends_on:
- app
Ngoku lixesha lokulayisha izitya.
docker-compose up -d
Emva kwexesha, i-nginx iya kuqalisa ukukuthumela kwisiphelo sangaphambili se-NextCloud, eliliphepha loqwalaselo olungagqibekanga. Kuya kufuneka ufake igama lomsebenzisi kunye negama lokugqitha kumsebenzisi wakho wokuqala kunye nedatha yedatha enikezelweyo kwi-docker-compose.yml Nje ukuba ucwangciso lugqityiwe, uya kukwazi ukungena. Kwimeko yethu, ukulinda kuthathe phantse umzuzu kwaye kufuna uhlaziyo olongezelelweyo lwephepha lokungena ngaphambi kokuba singene kwinkonzo yelifu.
Ifestile ye-NextCloud yoseto lwenkonzo
Inyathelo 4: Ukuqhagamshela i-NextCloud kunye ne-ONLYOFFICE
Kweli nyathelo, kuya kufuneka ufake isicelo se-NextCloud, edibanisa ukusebenza kwe-ONLYOFFICE. Masiqale ngephaneli yolawulo yesicelo kwikona ephezulu ngasekunene kwimenyu. Fumana i-ONLYOFFICE app (phantsi kweOfisi & nombhalo okanye usebenzisa uphendlo), yifake kwaye uyivule.
Emva kwaloo ntloko ukuya kwiSeto ngemenyu ekwikona ephezulu ngasekunene kwaye kuya kufuneka ufumane into KUPHELA kwimenyu esekhohlo. Ngena kuyo. Kuya kufuneka ubhalise iidilesi njengoko kubonisiwe ngezantsi.
Useto lwesicelo sohlanganiso
Idilesi yokuqala isetyenziselwa ukudibanisa ezinye iifayile zejs kunye necss ngokuthe ngqo kwisicelo esisebenza kwisikhangeli (le yilento kufuneka sivule ufikelelo kwinkonzo ONLYOFFICE ngenginx). Isitshixo esiyimfihlo asisetyenziswanga kuba sithemba umaleko wokuzahlula we-Docker ngaphezu kweqhosha eliqhubekayo lokuqinisekisa. Idilesi yesithathu isetyenziswa sisikhongozeli se-NextCloud ukudibanisa ngokuthe ngqo kwi-ONLYOFFICE API, kwaye isebenzisa igama lenginginya langaphakathi elingagqibekanga kwiDocker. Ewe, indawo yokugqibela isetyenziswa ukuze I-ONLYOFFICE ikwazi ukwenza izicelo kwakhona kwi-NextCloud API isebenzisa idilesi ye-IP yangaphandle okanye idilesi ye-Docker yangaphakathi ukuba usebenzisa iinethiwekhi ze-Docker, kodwa oku akusetyenziswanga kwimeko yethu. Qinisekisa ukuba useto lwakho lwefirewall luvumela olu hlobo lonxibelelwano.
Emva kokugcina, i-NextCloud iya kuvavanya uxhulumaniso kwaye, ukuba yonke into ichanekile, iya kukubonisa izicwangciso ezinxulumene nokudibanisa - umzekelo, zeziphi iintlobo zeefayile ezinokuthi zihlelwe ngolu hlanganiso. Lungiselela njengoko ubona kufanelekile.
Inyathelo lokugqibela: ungamfumana phi umhleli
Ukuba ubuyela kwiifolda zakho zokugcina ilifu kwaye ucofe ku "+" ukwenza ifayile entsha, ngoko uya kuba nenketho entsha yokwenza uxwebhu, ispredishithi okanye intetho. Ngoncedo lwabo, uya kudala kwaye ngoko nangoko ukwazi ukuhlela ezi ntlobo zeefayile usebenzisa ONLYOFFICE.
Imenyu yokudala ifayile
Ukongeza ngo-1
Umxholo opheleleyo we-docker-compose.yml unokufumaneka apha:
umthombo: www.habr.com