我花了很多时间在这上面,现在是时候使用救命稻草了。我正在运行 wonderwall/nextcloud Docker 容器,并设置了一个 Nginx 容器来代理它。它在我的内部网络中运行良好,但是当我尝试通过我的 Ubiquiti USG 进行端口转发时,每次从外部连接的尝试都会导致超时。我知道我的 USG 运行正常,因为我使用的另一个没有运行 Nginx 的 Docker 容器使用与下面相同的 macvlan 网络(物理)运行良好。
我的docker-compose文件:
networks:
backend:
driver: bridge
physical:
external: true
services:
nextcloud-app:
container_name: nextcloud-app
depends_on:
- nextcloud-db
environment:
- UID=1031
- GID=1031
- UPLOAD_MAX_SIZE=10G
- APC_SHM_SIZE=128M
- OPCACHE_MEM_SIZE=128
- CRON_PERIOD=15m
- TZ=(redacted)
- ADMIN_USER
- ADMIN_PASSWORD
- DOMAIN=(redacted)
- DB_TYPE=mysql
- DB_NAME=(redacted)
- DB_USER=(redacted)
- DB_PASSWORD=(redacted)
- DB_HOST=nextcloud-db
image: wonderfall/nextcloud:latest
networks:
backend: null
restart: unless-stopped
volumes:
- nextcloud_apps:/apps2
- nextcloud_config:/config
- nextcloud_data:/data
- nextcloud_themes:/nextcloud/themes
nextcloud-db:
container_name: nextcloud-db
environment:
- MYSQL_ROOT_PASSWORD=(redacted)
- MYSQL_DATABASE=(redacted)
- MYSQL_USER=(redacted)
- MYSQL_PASSWORD=(redacted)
image: mariadb:10
networks:
backend: null
restart: unless-stopped
volumes:
- nextcloud_db:/var/lib/mysql
nextcloud-web:
container_name: nextcloud-web
depends_on:
- nextcloud-app
image: nginx
networks:
backend: null
physical:
ipv4_address: 192.168.1.10
restart: unless-stopped
volumes:
- nextcloud_proxy_config:/etc/nginx/conf.d
- nextcloud_proxy_ssl:/certs
version: '3.0'
volumes:
nextcloud_apps:
external: true
nextcloud_config:
external: true
nextcloud_data:
external: true
nextcloud_db:
external: true
nextcloud_proxy_config:
external: true
nextcloud_proxy_ssl:
external: true
nextcloud_themes:
external: true
我的 /etc/nginx/conf.d/default.conf 文件:
server {
listen 80;
server_name (redacted);
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name (redacted);
client_max_body_size 10G;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key
location / {
proxy_pass http://nextcloud-app:8888;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
}
最后是物理macvlan网络的配置:
$ docker network inspect physical
[
{
"Name": "physical",
"Id": "999be40dea19b51fbeb3bda5501288f52365aa2ce155b5a5fedede3270fdf959",
"Created": "2017-04-12T00:45:37.306899171-07:00",
"Scope": "local",
"Driver": "macvlan",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.1.0/24",
"Gateway": "192.168.1.254"
}
]
},
"Internal": false,
"Attachable": false,
"Containers": {
"92f04d62dfd43c5b9bb6ef290186bd5f7926b82d8232ee1bd6e488694d086240": {
"Name": "(redacted)",
"EndpointID": "c547179a88c11681d9abd83f020a92b1a1f341575d12423a7e0e5f3efe1d9a40",
"MacAddress": "(redacted)",
"IPv4Address": "192.168.1.9/24",
"IPv6Address": ""
},
"cd14e07bbf7435274610ff10ec2a16035df71440772ab63f8e4973599d809b60": {
"Name": "nextcloud-web",
"EndpointID": "57e86f161ea2d578aadb6b99bfabe6da6dcdf2070ff91bfd30c0f450b076bc63",
"MacAddress": "(redacted)",
"IPv4Address": "192.168.1.10/24",
"IPv6Address": ""
}
},
"Options": {
"parent": "eno1"
},
"Labels": {}
}
]
如有任何见解我将非常感激!
答案1
除了桥接之外,我还没有成功让 nginx-proxy 在任何网络模式下工作。以下是我在我的机器上安装 nextcloud 的方法
### mysql ###
docker run \
-d \
--name mysql \
--network=host \
--restart=always \
-e MYSQL_ROOT_PASSWORD=redacted \
-v /home/redacted/docker/mysql/:/var/lib/mysql/ \
mysql
然后通过连接到容器来设置数据库和权限
docker exec -it mysql mysql -u root -p
create database nextcloud;
grant all privileges on nextcloud.* to nextcloud@'172.17.0.%' identified by 'nextcloud' with grant option;
flush privileges;
然后加载 nextcloud
### nextcloud ###
docker run \
-d \
--name nextcloud \
-p 8000:80 \
-p 8001:443 \
--restart=always \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=/etc/localtime:ro \
-e VIRTUAL_HOST=cloud.hostname.com \
-e LETSENCRYPT_HOST=cloud.hostname.com \
-e [email protected] \
-v /home/redacted/docker/nextcloud:/var/www/html \
nextcloud
然后加载 nginx-proxy 和 letsencrypt
### nginx-proxy ###
docker run \
-d \
-p 80:80 \
-p 443:443 \
--name nginx-proxy \
--restart=always \
-v /home/redacted/docker/nginx-proxy/certs:/etc/nginx/certs:ro \
-v /home/redacted/docker/nginx-proxy/vhost.d:/etc/nginx/vhost.d \
-v /home/redacted/docker/nginx-proxy/html:/usr/share/nginx/html \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxy
### letsencrypt ###
docker run \
-d \
--name=nginx-letsencrypt \
--volumes-from nginx-proxy \
--restart=always \
-v /home/redacted/docker/nginx-proxy/certs:/etc/nginx/certs:rw \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
jrcs/letsencrypt-nginx-proxy-companion
然后只需将client_max_body_size 10G;
其添加到nginx.conf
nginx-proxy 中并更改 nextcloud 中 .user.ini 和 .htaccess 中的最大大小。