outline-docker-compose
outline-docker-compose copied to clipboard
Published
20 hours ago •
vicalloy
vicalloy
请问宿主机的nginx配置怎么写。
由于服务器限制,需要跟其他服务共存,无法直接映射到80端口进行暴漏。通过宿主机nginx代理参考了nginx_outline.conf。提示找不到winki_nginx。如果直接proxy_pass http://127.0.0.1:8888 的话,提示重定向的次数过多
使用
proxy_pass http://127.0.0.1:8888/设置里面URL=换成你实际访问的outline所使用的URL。
访问502
是的,我的设置 cat scripts/config.sh
URL=https://xxx.xxx.xxx
ALLOWED_DOMAINS=xxx.xxx.xxx
访问502
我也是vps, 如何用域名登录?现在这样可以访问,但提示“Redirect URI Error”
# The url used to vist this web site.
URL=http://xxx.com:8080
# Nginx
HTTP_IP=0.0.0.0
HTTP_PORT_IP=8080
Same problem here, Impossible to connect to outline (502 error) but the django administation panel is available
Same problem here, Impossible to connect to outline (502 error) but the django administation panel is available
Outline's image don't support ARM platform. If you use ARM, you should build outline's image by youself.
如下,忘记是参考的哪里了
server{
listen 80;
server_name domain.com;
index index.php index.html index.htm;
add_header Strict-Transport-Security "max-age=31536000; preload";
client_max_body_size 20m;
location / {
proxy_pass http://127.0.0.1:8888; # 转发规则
proxy_set_header Host $host; # 修改转发请求头,让8080端口的应用可以受到真实的请求
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; #此处配置 上面定义的变量
proxy_set_header Connection $connection_upgrade;
}
location /realtime {
proxy_pass http://127.0.0.1:8888/realtime;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_read_timeout 86400;
}
}
scripts/config.sh 中URL也需要改为对应域名
如下,忘记是参考的哪里了
server{ listen 80; server_name domain.com; index index.php index.html index.htm; add_header Strict-Transport-Security "max-age=31536000; preload"; client_max_body_size 20m; location / { proxy_pass http://127.0.0.1:8889; # 转发规则 proxy_set_header Host $host; # 修改转发请求头,让8080端口的应用可以受到真实的请求 proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; #此处配置 上面定义的变量 proxy_set_header Connection $connection_upgrade; } location /realtime { proxy_pass http://127.0.0.1:8888/realtime; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_read_timeout 86400; } }
scripts/config.sh中URL也需要改为对应域名
8889是什么服务端口?我这里没这个端口监听,只有一个8888
如下,忘记是参考的哪里了
server{ listen 80; server_name domain.com; index index.php index.html index.htm; add_header Strict-Transport-Security "max-age=31536000; preload"; client_max_body_size 20m; location / { proxy_pass http://127.0.0.1:8889; # 转发规则 proxy_set_header Host $host; # 修改转发请求头,让8080端口的应用可以受到真实的请求 proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; #此处配置 上面定义的变量 proxy_set_header Connection $connection_upgrade; } location /realtime { proxy_pass http://127.0.0.1:8888/realtime; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_read_timeout 86400; } }
scripts/config.sh中URL也需要改为对应域名8889是什么服务端口?我这里没这个端口监听,只有一个8888
写错了,也是8888
#8 (comment) 写错了,也是8888
scripts/config.sh URL改为了
URL=http://xxx.xxx.com
Nginx
server{
listen 80;
server_name xxx.xxx.com;
index index.php index.html index.htm;
add_header Strict-Transport-Security "max-age=31536000; preload";
client_max_body_size 20m;
location / {
proxy_pass http://127.0.0.1:8888; # 转发规则
proxy_set_header Host $host; # 修改转发请求头,让8080端口的应用可以受到真实的请求
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; #此处配置 上面定义的变量
proxy_set_header Connection $connection_upgrade;
}
location /realtime {
proxy_pass http://127.0.0.1:8888/realtime;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_read_timeout 86400;
}
}
Nginx正常,outline访问还是502,oidc账户后台访问正常。麻烦看看哪里出了问题?谢谢
#8 (comment) 写错了,也是8888
scripts/config.sh URL改为了
URL=http://xxx.xxx.comNginx
server{ listen 80; server_name xxx.xxx.com; index index.php index.html index.htm; add_header Strict-Transport-Security "max-age=31536000; preload"; client_max_body_size 20m; location / { proxy_pass http://127.0.0.1:8888; # 转发规则 proxy_set_header Host $host; # 修改转发请求头,让8080端口的应用可以受到真实的请求 proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; #此处配置 上面定义的变量 proxy_set_header Connection $connection_upgrade; } location /realtime { proxy_pass http://127.0.0.1:8888/realtime; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_read_timeout 86400; } }Nginx正常,outline访问还是502,oidc账户后台访问正常。麻烦看看哪里出了问题?谢谢
那看下outline的容器报错没有(使用docker logs <container_id>),新版本可能需要增加些配置; 有必要的话可以把outline的3000端口暴露出来试试
最简单办法是直接将docker-compose里的nginx端口修改成其他端口,host nginx 反代过去即可,
下面提供一个不含 nginx 容器的方案,移除了docker-compose里的nginx后,将outline和 oicd 端口暴露出来,同时oicd的回调需要做出改动,否则会认证失败(env.oidc的内容修改更好的办法是用config.sh里的URL环境变量替换,而不是硬编码进去),最后将使用docker-compose里的nginx配置文件应用到host到nginx即可
config.sh 基本不改,URL 设置成你最后的访问地址如: https://wiki.example.com
之后做出如下改动,以下内容可以保存成patch,使用 git apply
diff --git a/Makefile b/Makefile
index cb7fb67..97091ca 100644
--- a/Makefile
+++ b/Makefile
@@ -7,13 +7,11 @@ gen-conf:
start:
${docker-compose} up -d
- cd ./scripts && bash ./main.sh reload_nginx
install: gen-conf start
sleep 1
${docker-compose} exec ${oidc_server_container} bash -c "make init"
${docker-compose} exec ${oidc_server_container} bash -c "python manage.py loaddata oidc-server-outline-client"
- cd ./scripts && bash ./main.sh reload_nginx
-
diff --git a/scripts/templates/docker-compose.yml b/scripts/templates/docker-compose.yml
index 1172931..fe8942f 100644
--- a/scripts/templates/docker-compose.yml
+++ b/scripts/templates/docker-compose.yml
@@ -58,6 +58,8 @@ services:
volumes:
- ./data/outline:/var/lib/outline/data
restart: always
+ ports:
+ - ${HTTP_IP}:${HTTP_PORT_IP}:3000
depends_on:
- wk-postgres
- wk-redis
@@ -73,26 +75,12 @@ services:
- ./data/uc/db:/app/db:z
- ./data/uc/static_root:/app/static_root:z
restart: always
+ ports:
+ - ${HTTP_IP}:8000:8000
env_file:
- ./env.oidc-server
networks:
- ${NETWORKS}
- wk-nginx:
- image: nginx
- ports:
- - ${HTTP_IP}:${HTTP_PORT_IP}:80
- volumes:
- - ./config/nginx/:/etc/nginx/conf.d/:ro
- - ./data/uc/static_root:/uc/static_root:ro
- restart: always
- depends_on:
-##BEGIN MINIO
- - wk-minio
-##END
- - wk-outline
- - wk-oidc-server
- networks:
- - ${NETWORKS}
-
diff --git a/scripts/templates/env.oidc b/scripts/templates/env.oidc
index 97bf153..7c66440 100644
--- a/scripts/templates/env.oidc
+++ b/scripts/templates/env.oidc
@@ -4,8 +4,8 @@
OIDC_CLIENT_ID=050984
OIDC_CLIENT_SECRET=
OIDC_AUTH_URI=
-OIDC_TOKEN_URI=http://wk-nginx/uc/oauth/token/
-OIDC_USERINFO_URI=http://wk-nginx/uc/oauth/userinfo/
+OIDC_TOKEN_URI=https://wiki.example.com/uc/oauth/token/
+OIDC_USERINFO_URI=https://wiki.example.com/uc/oauth/userinfo/
新增Nginx配置
server {
server_name wiki.example.com;
client_max_body_size 100m;
# Outline Wiki
location / {
include /etc/nginx/conf.d/include/proxy.conf;
proxy_pass http://127.0.0.1:3000;
}
# Static file FOR OIDC Server
location /uc/static {
alias /uc/static_root;
}
# OIDC Server
location /uc {
include /etc/nginx/conf.d/include/proxy.conf;
proxy_set_header SCRIPT_NAME /uc;
proxy_pass http://127.0.0.1:8000;
}
按照 @undeflife 的方法对脚本部分内容进行修改后,使用以下 Nginx 配置达成正常使用 SSL 进行连接和登录等:
server {
listen 443 ssl;
server_name docs.xxxx.cn;
ssl_certificate xxxx.crt;
ssl_certificate_key xxxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
index index.php index.html index.htm;
add_header Strict-Transport-Security "max-age=31536000; preload";
client_max_body_size 120m;
location / {
proxy_pass http://127.0.0.1:8888;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
location /uc/static {
alias /uc/static_root;
}
location /uc {
proxy_set_header SCRIPT_NAME /uc;
proxy_pass http://127.0.0.1:8000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
expires -1;
}
}
2024.02.14 把这段直接放在长亭雷池后面失败了,不知道如何修改。
