Nextcloud: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 15: | Zeile 15: | ||
= Installation = | = Installation = | ||
== Startscript == | |||
* /usr/local/bin/StartMarkt | |||
<pre> | |||
#! /bin/bash | |||
PORT=8090 | |||
DATA_DIR=/srv/data/markt | |||
sudo docker run \ | |||
--init \ | |||
--sig-proxy=false \ | |||
--name nextcloud-aio-mastercontainer \ | |||
--restart always \ | |||
--publish $PORT:8080 \ | |||
--env APACHE_PORT=11000 \ | |||
--env APACHE_IP_BINDING=127.0.0.1 \ | |||
--env NEXTCLOUD_DATADIR="$DATA_DIR" \ | |||
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ | |||
--volume /var/run/docker.sock:/var/run/docker.sock:ro \ | |||
ghcr.io/nextcloud-releases/all-in-one:latest | |||
</pre> | |||
== Reverse Proxy == | |||
<pre> | |||
map $http_upgrade $connection_upgrade { | |||
default upgrade; | |||
'' close; | |||
} | |||
server { | |||
listen 80; | |||
listen [::]:80; # comment to disable IPv6 | |||
if ($scheme = "http") { | |||
return 301 https://$host$request_uri; | |||
} | |||
if ($http_x_forwarded_proto = "http") { | |||
return 301 https://$host$request_uri; | |||
} | |||
listen 443 ssl; | |||
# listen [::]:443 ssl; | |||
http2 on; | |||
listen 443 quic reuseport; | |||
# listen [::]:443 quic reuseport; | |||
http3 on; | |||
quic_gso on; | |||
quic_retry on; | |||
quic_bpf on; | |||
add_header Alt-Svc 'h3=":443"; ma=86400'; | |||
proxy_buffering off; | |||
proxy_request_buffering off; | |||
client_max_body_size 0; | |||
client_body_buffer_size 512k; | |||
http3_stream_buffer_size 512k; | |||
proxy_read_timeout 3600s; | |||
server_name markt.gemeinwohl-gesellschaft.de; | |||
location / { | |||
proxy_pass http://127.0.0.1:11000$request_uri; | |||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
proxy_set_header X-Forwarded-Port $server_port; | |||
proxy_set_header X-Forwarded-Scheme $scheme; | |||
proxy_set_header X-Forwarded-Proto $scheme; | |||
proxy_set_header X-Real-IP $remote_addr; | |||
proxy_set_header Host $host; | |||
proxy_set_header Early-Data $ssl_early_data; | |||
# Websocket | |||
proxy_http_version 1.1; | |||
proxy_set_header Upgrade $http_upgrade; | |||
proxy_set_header Connection $connection_upgrade; | |||
} | |||
ssl_certificate /etc/letsencrypt/live/markt.gemeinwohl-gesellschaft.de/fullchain.pem; | |||
ssl_certificate_key /etc/letsencrypt/live/markt.gemeinwohl-gesellschaft.de/privkey.pem; | |||
# curl -L https://ssl-config.mozilla.org/ffdhe2048.txt -o /etc/dhparam | |||
ssl_dhparam /etc/dhparam; | |||
ssl_early_data on; | |||
ssl_session_timeout 1d; | |||
ssl_session_cache shared:SSL:10m; | |||
ssl_protocols TLSv1.2 TLSv1.3; | |||
ssl_ecdh_curve x25519:x448:secp521r1:secp384r1:secp256r1; | |||
ssl_prefer_server_ciphers on; | |||
ssl_conf_command Options PrioritizeChaCha; | |||
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256; | |||
} | |||
</pre> | |||
Aktuelle Version vom 6. September 2025, 19:24 Uhr
Links
[Bearbeiten]Zielsetzung
[Bearbeiten]Installation von Nextcloud als Docker-Image:
Wahl der Variante
[Bearbeiten]- Nextcloud läuft im Docker
- Docker-Image soll in vordefiniertem Platz /media/docker liegen
- Die Daten liegen auf /srv/data/nextcloud.files
- Nginx als Reverse Proxy und zum Ausliefern der statischen Dateien. Nextcloud-Web-Port: 8090
- Domäne: markt.gemeinwohl-gesellschaft.de
- MySQL-DB mit ncmarkt, nextcloud und TopSecret
Installation
[Bearbeiten]Startscript
[Bearbeiten]- /usr/local/bin/StartMarkt
#! /bin/bash PORT=8090 DATA_DIR=/srv/data/markt sudo docker run \ --init \ --sig-proxy=false \ --name nextcloud-aio-mastercontainer \ --restart always \ --publish $PORT:8080 \ --env APACHE_PORT=11000 \ --env APACHE_IP_BINDING=127.0.0.1 \ --env NEXTCLOUD_DATADIR="$DATA_DIR" \ --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \ --volume /var/run/docker.sock:/var/run/docker.sock:ro \ ghcr.io/nextcloud-releases/all-in-one:latest
Reverse Proxy
[Bearbeiten]map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80; # comment to disable IPv6
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
listen 443 ssl;
# listen [::]:443 ssl;
http2 on;
listen 443 quic reuseport;
# listen [::]:443 quic reuseport;
http3 on;
quic_gso on;
quic_retry on;
quic_bpf on;
add_header Alt-Svc 'h3=":443"; ma=86400';
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
client_body_buffer_size 512k;
http3_stream_buffer_size 512k;
proxy_read_timeout 3600s;
server_name markt.gemeinwohl-gesellschaft.de;
location / {
proxy_pass http://127.0.0.1:11000$request_uri;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Early-Data $ssl_early_data;
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
ssl_certificate /etc/letsencrypt/live/markt.gemeinwohl-gesellschaft.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/markt.gemeinwohl-gesellschaft.de/privkey.pem;
# curl -L https://ssl-config.mozilla.org/ffdhe2048.txt -o /etc/dhparam
ssl_dhparam /etc/dhparam;
ssl_early_data on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve x25519:x448:secp521r1:secp384r1:secp256r1;
ssl_prefer_server_ciphers on;
ssl_conf_command Options PrioritizeChaCha;
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
}