安装MySQL

1
2
3
4
5
6
7
8
9
10
11
# 安装
yum install mysql mysql-server
# 设置开机自启
systemctl enable --now mysqld
# 初始化数据库
mysql_secure_installation
# 设置开启远程登录
mysql -u root -p
use mysql;
update user set host = '%' where user = 'root';
FLUSH PRIVILEGES;

安装Docker

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# 安装containerd
yum install https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
# 安装相关依赖
yum install -y yum-utils device-mapper-persistent-data lvm2
# 添加docker源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 安装docker
yum install docker-ce docker-ce-cli
# 设置开机自启
systemctl enable --now docker
# 添加国内镜像
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}
EOF
# 重新加载
systemctl daemon-reload
systemctl restart docker

Docker安装NextCloud

1
2
3
4
5
6
# 拉取NextCloud镜像
docker pull nextcloud
# 创建nextcloud映射目录,我的为/data/nextcloud
# -name为容器名,--restart为Docker重启容器自启动,-p指定端口映射 -v指定映射目录
docker run --name nextcloud --restart=always -p 8001:80 -p 8002:443 -v /data/nextcloud:/var/www/html/ -d nextcloud
# 访问http://127.0.0.1:8001

开启Https登陆

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# 由于宿主机防火墙原因,容器内无法访问外网
firewall-cmd --permanent --zone=trusted --change-interface=docker0
firewall-cmd --reload
# 重启docker
systemctl restart docker
# 进入容器
docker exec -it 容器ID /bin/bash
# 获取软件包
apt update
# 安装vim
apt install vim
# 开启ssl模块
a2enmod ssl
# 生成ssl模板
a2ensite default-ssl
# 开启headers模块
a2enmod headers

# 上传ssl证书
# 我的放在/etc/apache2/ssl/ 需创建ssl目录
mkdir /etc/apache2/ssl

# 宿主机拷贝证书到容器
docker cp ssl/ 容器ID:/etc/apache2/

# 修改 /etc/apache2/sites-enabled/default-ssl.conf
...
ServerName xxx.jixian.io
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
DocumentRoot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
SSLCertificateFile /etc/apache2/ssl/xxx_public.crt
SSLCertificateKeyFile /etc/apache2/ssl/xxx.key
SSLCertificateChainFile /etc/apache2/ssl/xxx_chain.crt
...

# 重启加载Apache
service apache2 reload
# 访问https://127.0.0.1:8002

安装后续

允许相关IP和域名登陆

1
2
3
4
5
6
7
8
# 容器内编辑
vim /var/www/html/config/config.php

'trusted_domains' =>
array (
0 => 'xxx.jixian.io:8002',
1 => '10.1.1.2:8002',
),

使用occ命令格式为

1
docker exec --user www-data 容器ID php occ 命令

在设置的概览里完成相关优化操作