[英]Can't get Reverse Proxy Header / https set up right on Nextcloud through Docker and Nginx Proxy Manager
我以為我可以忽略來自 Nextcloud 的這些警告:
最后一次后台作業執行是在 22 小時前運行的。 似乎有些不對勁。 檢查后台作業設置 ↗。
- 反向代理 header 配置不正確,或者您正在從受信任的代理訪問 Nextcloud。 如果不是,這是一個安全問題,可以讓攻擊者欺騙他們的 IP 地址,使其對 Nextcloud 可見。 可以在文檔 ↗ 中找到更多信息。
- 您正在通過安全連接訪問您的實例,但是您的實例正在生成不安全的 URL。 這很可能意味着您在反向代理后面,並且覆蓋配置變量設置不正確。 請閱讀有關此 ↗ 的文檔頁面。
然而,當網站運行時,我的桌面客戶端應用程序不允許我連接,它說“盡管登錄 URL 以 HTTPS 開始,但輪詢 URL 不以 HTTPS 開始。登錄將不可能,因為這可能是一個安全問題。請聯系您的管理員”。 無論我輸入http://cloud.mydomain.com還是https://cloud.mydomain.com 都會發生這種情況。 我正在使用 docker,並且在他們自己的 docker 容器上有 Nginx 代理管理器和 Nextcloud,但它們在同一個 nginx2_default.network 上。 我在 web gui 中有它作為通過端口 80 傳遞容器名稱,因為 443 由於某種原因無法工作,但只要我告訴 Nginx 代理管理器 HTTP 仍然以 SSL 連接結束,但仍然通過證書。
我已經堅持了一段時間,並且發表了許多不同的帖子,但每次都是不同的情況,這是我最接近的,但我仍然以 0 功能告終。 它必須很簡單。
我覺得在這里做一個要點會更容易,這樣所有 docker-compose 文件都可以訪問,以及 .htaccess 和 nextcloud 的配置文件,我還將 docker output 放在那里。
為了更容易,我將在下面粘貼最相關的文件。 /home/james/newNextcloud/config/config.php
'trusted_domains' => array (
0 => 'cloud.[redacted].com', ), array (
'trusted_proxies' => ['172.20.0.12'],
'overwritehost' => 'ssl-proxy.tld',
'overwriteprotocol' => 'https',
'overwritewebroot' => '/cloud.[redacted].com',
'overwritecondaddr' => '^172\.20\.0\.12$', ), 'forwarded_for_headers' =>
array (
0 => 'X-Forwarded-For',
1 => 'HTTP_X_FORWARDED_FOR', ), 'datadirectory' => '/var/www/html/data', 'dbtype' => 'mysql', 'version' => '23.0.0.10', 'overwrite.cli.url' => 'https://cloud.[redacted].com', 'dbname' => 'nextcloud', 'dbhost' => 'nextcloud_db', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser'
=> '[redacted]', 'dbpassword' => '[redacted]', 'installed' => true, 'default_phone_region' => 'US', 'skeletondirectory' => '/var/www/html/fakeskeleton',
Docker output:
docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7792ac3452db nextcloud "/entrypoint.sh apac…" 2 hours ago Up 2 hours 0.0.0.0:8080->80/tcp, :::8080->80/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp nextcloud 8d5a1a2ebc05 nextcloud:fpm-alpine "/cron.sh" 2 hours ago Up 2 hours 9000/tcp nextcloud2_cron_1 64d024d6ff0c redis:alpine "docker-entrypoint.s…" 2 hours ago Up 2 hours 6379/tcp nextcloud2_redis_1 d1e40d50cd5f mariadb "docker-entrypoint.s…" 2 hours ago Up 2 hours 3306/tcp nextcloud_db 29fb4aa53f89 plexinc/pms-docker "/init" 6 hours ago Up 2 hours (healthy) 0.0.0.0:3005->3005/tcp, :::3005->3005/tcp, 0.0.0.0:8324->8324/tcp, :::8324->8324/tcp,
0.0.0.0:1900->1900/udp, :::1900->1900/udp, 0.0.0.0:32410->32410/udp, :::32410->32410/udp, 0.0.0.0:32400->32400/tcp, :::32400->32400/tcp,
0.0.0.0:32412-32414->32412-32414/udp, :::32412-32414->32412-32414/udp, 0.0.0.0:32469->32469/tcp, :::32469->32469/tcp plex 236b0aba1a38 jc21/nginx-proxy-manager:latest "/init" 6 hours ago Up 2 hours 0.0.0.0:80-81->80-81/tcp, :::80-81->80-81/tcp,
0.0.0.0:443->443/tcp, :::443->443/tcp npm-ui f81959067233 jc21/mariadb-aria:latest "/scripts/run.sh" 6 hours ago Up 2 hours 3306/tcp npm-db
docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7792ac3452db nextcloud "/entrypoint.sh apac…" 2 hours ago Up 2 hours 0.0.0.0:8080->80/tcp, :::8080->80/tcp, 0.0.0.0:8443->443/tcp, :::8443->443/tcp nextcloud 8d5a1a2ebc05 nextcloud:fpm-alpine "/cron.sh" 2 hours ago Up 2 hours 9000/tcp nextcloud2_cron_1 64d024d6ff0c redis:alpine "docker-entrypoint.s…" 2 hours ago Up 2 hours 6379/tcp nextcloud2_redis_1 d1e40d50cd5f mariadb "docker-entrypoint.s…" 2 hours ago Up 2 hours 3306/tcp nextcloud_db 29fb4aa53f89 plexinc/pms-docker "/init" 6 hours ago Up 2 hours (healthy) 0.0.0.0:3005->3005/tcp, :::3005->3005/tcp, 0.0.0.0:8324->8324/tcp, :::8324->8324/tcp,
0.0.0.0:1900->1900/udp, :::1900->1900/udp, 0.0.0.0:32410->32410/udp, :::32410->32410/udp, 0.0.0.0:32400->32400/tcp, :::32400->32400/tcp,
0.0.0.0:32412-32414->32412-32414/udp, :::32412-32414->32412-32414/udp, 0.0.0.0:32469->32469/tcp, :::32469->32469/tcp plex 236b0aba1a38 jc21/nginx-proxy-manager:latest "/init" 6 hours ago Up 2 hours 0.0.0.0:80-81->80-81/tcp, :::80-81->80-81/tcp,
0.0.0.0:443->443/tcp, :::443->443/tcp npm-ui f81959067233 jc21/mariadb-aria:latest "/scripts/run.sh" 6 hours ago Up 2 hours 3306/tcp npm-db
docker volume ls DRIVER VOLUME NAME local f6e0828f8a826cf3c8faa9f11b9cda279999f034a8d9e09cfac26bfa0ba9eb16
docker network ls NETWORK ID NAME DRIVER SCOPE 9cf4b1fc4f1b bridge bridge local 78512dde6d1b host host local 135921ebe5b5 nextcloud2_default bridge local 4e52bbf25209 nginx2_default bridge local 4de38ef5961d none null local
nextcloud docker 撰寫文件
version: '2.1'
networks:
nginx2_default:
external:
name: nginx2_default
services:
nextcloud:
image: nextcloud
container_name: nextcloud
restart: always
ports:
- 8080:80
- 8443:443
networks:
- nginx2_default
links:
- nextcloud_db
volumes:
- /home/james/newNextcloud:/var/www/html
- /newRaid/Nextcloud:/var/www/html/data
environment:
- MYSQL_PASSWORD=[redacted]
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=[redacted]
- MYSQL_HOST=nextcloud_db
- APACHE_DISABLE_REWRITE_IP=1
nextcloud_db:
image: mariadb
container_name: nextcloud_db
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
networks:
- nginx2_default
volumes:
- /mnt/nextcloud:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=[redacted]
- MYSQL_PASSWORD=[redacted]
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=[redacted]
redis:
image: redis:alpine
restart: always
cron:
image: nextcloud:fpm-alpine
restart: always
volumes:
- /home/james/newNextcloud:/var/www/html
entrypoint: /cron.sh
depends_on:
- nextcloud_db
- redis
Nginx 代理管理器 docker-compose.yml
version: "3"
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
container_name: npm-ui
restart: unless-stopped
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '81:81' # Admin Web Port
# - '32400:32400' For Plex
# Add any other Stream port you want to expose
# - '21:21' # FTP
environment:
DB_MYSQL_HOST: "db"
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: "[redacted]"
DB_MYSQL_PASSWORD: "[redacted]"
DB_MYSQL_NAME: "npm"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
networks:
default:
ipv4_address: 172.20.0.12
depends_on:
- db
db:
image: 'jc21/mariadb-aria:latest'
container_name: npm-db
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: '[redacted]'
MYSQL_DATABASE: 'npm'
MYSQL_USER: '[redacted]'
MYSQL_PASSWORD: '[redacted]'
volumes:
- ./data/mysql:/var/lib/mysql
networks:
default:
ipv4_address: 172.20.0.22
networks:
default:
ipam:
config:
- subnet: 172.20.0.0/16
所以你的文件幫我解決了這個問題,所以我會把我的配置文件分享給你。
root@linux:/apps/nextcloud/app/config# vim config.php
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
'memcache.local'`` => '\\OC\\Memcache\\APCu',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'instanceid' => 'ocsdfgfsdg5',
'passwordsalt' => 'Wsdgsdfgsdfgsd2IO/nY',
'secret' => 'Asdfgsdfgsdfgsdfg',
'trusted_domains' =>
array (
0 => 'cloud.sdfgfdsgsfd.org',
),
'trusted_proxies' =>
array (
0 => '10.1.5.124',
),
'overwriteprotocol' => 'https',
'datadirectory' => '/var/www/html/data',
'dbtype' => 'mysql',
'version' => '23.0.2.1',
'overwrite.cli.url' => 'http://cloud.fsdghfgsdh.org',
'dbname' => 'fghfdgsh',
'dbhost' => 'fghjdfdg',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'dfhgfghdh',
'dbpassword' => 'dfghfdgh',
'installed' => true,
);
docker 反向代理:無法讓 jwilder/nginx 反向代理與多個橋接網絡一起工作
[英]docker reverse proxy : can't get jwilder/nginx reverse proxy work with serveral bridge networks
Docker Compose 和 Nginx 反向代理:我無法通過代理訪問后端
[英]Docker Compose and Nginx reverse proxy: I can't access the backend through the proxy
Nginx作為Nexus的反向代理服務器 - 無法在docker環境中連接
[英]Nginx as reverse proxy server for Nexus - can't connect in docker environment
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.