[英]Can't get Reverse Proxy Header / https set up right on Nextcloud through Docker and Nginx Proxy Manager
我以为我可以忽略来自 Nextcloud 的这些警告:
最后一次后台作业执行是在 22 小时前运行的。 似乎有些不对劲。 检查后台作业设置 ↗。
- 反向代理 header 配置不正确,或者您正在从受信任的代理访问 Nextcloud。 如果不是,这是一个安全问题,可以让攻击者欺骗他们的 IP 地址,使其对 Nextcloud 可见。 可以在文档 ↗ 中找到更多信息。
- 您正在通过安全连接访问您的实例,但是您的实例正在生成不安全的 URL。 这很可能意味着您在反向代理后面,并且覆盖配置变量设置不正确。 请阅读有关此 ↗ 的文档页面。
然而,当网站运行时,我的桌面客户端应用程序不允许我连接,它说“尽管登录 URL 以 HTTPS 开始,但轮询 URL 不以 HTTPS 开始。登录将不可能,因为这可能是一个安全问题。请联系您的管理员”。 无论我输入http://cloud.mydomain.com还是https://cloud.mydomain.com 都会发生这种情况。 我正在使用 docker,并且在他们自己的 docker 容器上有 Nginx 代理管理器和 Nextcloud,但它们在同一个 nginx2_default.network 上。 我在 web gui 中有它作为通过端口 80 传递容器名称,因为 443 由于某种原因无法工作,但只要我告诉 Nginx 代理管理器 HTTP 仍然以 SSL 连接结束,但仍然通过证书。
我已经坚持了一段时间,并且发表了许多不同的帖子,但每次都是不同的情况,这是我最接近的,但我仍然以 0 功能告终。 它必须很简单。
我觉得在这里做一个要点会更容易,这样所有 docker-compose 文件都可以访问,以及 .htaccess 和 nextcloud 的配置文件,我还将 docker output 放在那里。
为了更容易,我将在下面粘贴最相关的文件。 /home/james/newNextcloud/config/config.php
'trusted_domains' => array (
0 => 'cloud.[redacted].com', ), array (
'trusted_proxies' => ['172.20.0.12'],
'overwritehost' => 'ssl-proxy.tld',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/cloud.[redacted].com',
'overwritecondaddr' => '^172\.20\.0\.12$', ), 'forwarded_for_headers' =>
array (
0 => 'X-Forwarded-For',
1 => 'HTTP_X_FORWARDED_FOR', ), 'datadirectory' => '/var/www/html/data', 'dbtype' => 'mysql', 'version' => '23.0.0.10', 'overwrite.cli.url' => 'https://cloud.[redacted].com', 'dbname' => 'nextcloud', 'dbhost' => 'nextcloud_db', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser'
=> '[redacted]', 'dbpassword' => '[redacted]', 'installed' => true, 'default_phone_region' => 'US', 'skeletondirectory' => '/var/www/html/fakeskeleton',
Docker output:
docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7792ac3452db nextcloud "/entrypoint.sh apac…" 2 hours ago Up 2 hours 0.0.0.0:8080->80/tcp, :::8080->80/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp nextcloud 8d5a1a2ebc05 nextcloud:fpm-alpine "/cron.sh" 2 hours ago Up 2 hours 9000/tcp nextcloud2_cron_1 64d024d6ff0c redis:alpine "docker-entrypoint.s…" 2 hours ago Up 2 hours 6379/tcp nextcloud2_redis_1 d1e40d50cd5f mariadb "docker-entrypoint.s…" 2 hours ago Up 2 hours 3306/tcp nextcloud_db 29fb4aa53f89 plexinc/pms-docker "/init" 6 hours ago Up 2 hours (healthy) 0.0.0.0:3005->3005/tcp, :::3005->3005/tcp, 0.0.0.0:8324->8324/tcp, :::8324->8324/tcp,
0.0.0.0:1900->1900/udp, :::1900->1900/udp, 0.0.0.0:32410->32410/udp, :::32410->32410/udp, 0.0.0.0:32400->32400/tcp, :::32400->32400/tcp,
0.0.0.0:32412-32414->32412-32414/udp, :::32412-32414->32412-32414/udp, 0.0.0.0:32469->32469/tcp, :::32469->32469/tcp plex 236b0aba1a38 jc21/nginx-proxy-manager:latest "/init" 6 hours ago Up 2 hours 0.0.0.0:80-81->80-81/tcp, :::80-81->80-81/tcp,
0.0.0.0:443->443/tcp, :::443->443/tcp npm-ui f81959067233 jc21/mariadb-aria:latest "/scripts/run.sh" 6 hours ago Up 2 hours 3306/tcp npm-db
docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7792ac3452db nextcloud "/entrypoint.sh apac…" 2 hours ago Up 2 hours 0.0.0.0:8080->80/tcp, :::8080->80/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp nextcloud 8d5a1a2ebc05 nextcloud:fpm-alpine "/cron.sh" 2 hours ago Up 2 hours 9000/tcp nextcloud2_cron_1 64d024d6ff0c redis:alpine "docker-entrypoint.s…" 2 hours ago Up 2 hours 6379/tcp nextcloud2_redis_1 d1e40d50cd5f mariadb "docker-entrypoint.s…" 2 hours ago Up 2 hours 3306/tcp nextcloud_db 29fb4aa53f89 plexinc/pms-docker "/init" 6 hours ago Up 2 hours (healthy) 0.0.0.0:3005->3005/tcp, :::3005->3005/tcp, 0.0.0.0:8324->8324/tcp, :::8324->8324/tcp,
0.0.0.0:1900->1900/udp, :::1900->1900/udp, 0.0.0.0:32410->32410/udp, :::32410->32410/udp, 0.0.0.0:32400->32400/tcp, :::32400->32400/tcp,
0.0.0.0:32412-32414->32412-32414/udp, :::32412-32414->32412-32414/udp, 0.0.0.0:32469->32469/tcp, :::32469->32469/tcp plex 236b0aba1a38 jc21/nginx-proxy-manager:latest "/init" 6 hours ago Up 2 hours 0.0.0.0:80-81->80-81/tcp, :::80-81->80-81/tcp,
0.0.0.0:443->443/tcp, :::443->443/tcp npm-ui f81959067233 jc21/mariadb-aria:latest "/scripts/run.sh" 6 hours ago Up 2 hours 3306/tcp npm-db
docker volume ls DRIVER VOLUME NAME local f6e0828f8a826cf3c8faa9f11b9cda279999f034a8d9e09cfac26bfa0ba9eb16
docker network ls NETWORK ID NAME DRIVER SCOPE 9cf4b1fc4f1b bridge bridge local 78512dde6d1b host host local 135921ebe5b5 nextcloud2_default bridge local 4e52bbf25209 nginx2_default bridge local 4de38ef5961d none null local
nextcloud docker 撰写文件
version: '2.1'
networks:
nginx2_default:
external:
name: nginx2_default
services:
nextcloud:
image: nextcloud
container_name: nextcloud
restart: always
ports:
- 8080:80
- 8443:443
networks:
- nginx2_default
links:
- nextcloud_db
volumes:
- /home/james/newNextcloud:/var/www/html
- /newRaid/Nextcloud:/var/www/html/data
environment:
- MYSQL_PASSWORD=[redacted]
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=[redacted]
- MYSQL_HOST=nextcloud_db
- APACHE_DISABLE_REWRITE_IP=1
nextcloud_db:
image: mariadb
container_name: nextcloud_db
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
networks:
- nginx2_default
volumes:
- /mnt/nextcloud:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=[redacted]
- MYSQL_PASSWORD=[redacted]
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=[redacted]
redis:
image: redis:alpine
restart: always
cron:
image: nextcloud:fpm-alpine
restart: always
volumes:
- /home/james/newNextcloud:/var/www/html
entrypoint: /cron.sh
depends_on:
- nextcloud_db
- redis
Nginx 代理管理器 docker-compose.yml
version: "3"
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
container_name: npm-ui
restart: unless-stopped
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# - '32400:32400' For Plex
# Add any other Stream port you want to expose
# - '21:21' # FTP
environment:
DB_MYSQL_HOST: "db"
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: "[redacted]"
DB_MYSQL_PASSWORD: "[redacted]"
DB_MYSQL_NAME: "npm"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
networks:
default:
ipv4_address: 172.20.0.12
depends_on:
- db
db:
image: 'jc21/mariadb-aria:latest'
container_name: npm-db
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: '[redacted]'
MYSQL_DATABASE: 'npm'
MYSQL_USER: '[redacted]'
MYSQL_PASSWORD: '[redacted]'
volumes:
- ./data/mysql:/var/lib/mysql
networks:
default:
ipv4_address: 172.20.0.22
networks:
default:
ipam:
config:
- subnet: 172.20.0.0/16
所以你的文件帮我解决了这个问题,所以我会把我的配置文件分享给你。
root@linux:/apps/nextcloud/app/config# vim config.php
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
'memcache.local'`` => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'instanceid' => 'ocsdfgfsdg5',
'passwordsalt' => 'Wsdgsdfgsdfgsd2IO/nY',
'secret' => 'Asdfgsdfgsdfgsdfg',
'trusted_domains' =>
array (
0 => 'cloud.sdfgfdsgsfd.org',
),
'trusted_proxies' =>
array (
0 => '10.1.5.124',
),
'overwriteprotocol' => 'https',
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '23.0.2.1',
'overwrite.cli.url' => 'http://cloud.fsdghfgsdh.org',
'dbname' => 'fghfdgsh',
'dbhost' => 'fghjdfdg',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'dfhgfghdh',
'dbpassword' => 'dfghfdgh',
'installed' => true,
);
docker 反向代理:无法让 jwilder/nginx 反向代理与多个桥接网络一起工作
[英]docker reverse proxy : can't get jwilder/nginx reverse proxy work with serveral bridge networks
Docker Compose 和 Nginx 反向代理:我无法通过代理访问后端
[英]Docker Compose and Nginx reverse proxy: I can't access the backend through the proxy
Nginx作为Nexus的反向代理服务器 - 无法在docker环境中连接
[英]Nginx as reverse proxy server for Nexus - can't connect in docker environment
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.