참고 사이트
Behind External Proxy | OpenCloud Docs
구성도
https://cloud.gnsinfo.mooo.com/s/plcAjtyTHgGJOPy
도메인 신청
- Subdomains 5개 까지 무료 입니다.
OpenCloud Container 준비 하기
incus instance 추가
- OS : Debian 13
- CPU : 4
- Memory : 8G
- SSD : 25G for /root
- HDD : 100G for /var
Continer 기본 설정하기
계정 생성하기
adduser hoonisudo 권한 획득하기
vi /etc/sudoers
- 위와 같이 입력 후 저장하고 나오기
- hooni 로 로그인
IP 주소 설정하기
vi /etc/systemd/network/eth0.network
- 위와 같이 설정하고 저장하고 나와서 서비스 재시작
systemctl restart systemd-networkdopenssh 설치하기
apt install openssh-server -yping 권한 설정하기
hooni@ReverseProxy:~$ ping 1.1.1.1
ping: socktype: SOCK_RAW
ping: socket: Operation not permitted
ping: => missing cap_net_raw+p capability or setuid?
hooni@ReverseProxy:~$
hooni@ReverseProxy:~$ sudo chmod u+s /bin/ping
hooni@ReverseProxy:~$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=3.55 ms
^C
--- 1.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.547/3.547/3.547/0.000 msdocker 설치하기
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin인증서 및 Reverse Proxy 준비하기
Reverse Proxy 에 접속하기
ssh hooni@192.168.55.100Webroot 디렉토리 준비하기
sudo mkdir -p /var/www/certbot
sudo chown -R www-data:www-data /var/www/certbotTemporary Nginx Config for HTTP Challenge
sudo vi /etc/nginx/sites-available/certbot-challenge- 아래 값 입력하기
server {
listen 80;
server_name cloud.YOUR.DOMAIN collabora.YOUR.DOMAIN wopiserver.YOUR.DOMAIN;
root /var/www/certbot;
location /.well-known/acme-challenge/ {
allow all;
try_files $uri =404;
}
}- certbot-challenge enable 에 링크 걸고 Nginx reload
sudo ln -s /etc/nginx/sites-available/certbot-challenge /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginxSSL 인증서 획득하기
- 아래 입력 후 실행
certbot certonly --webroot \
-w /var/www/certbot \
-d cloud.gnsinfo.mooo.com \
-d collabora.gnsinfo.mooo.com \
-d wopiserver.gnsinfo.mooo.com \
--email leejh76@gmail.com \
--agree-tos \
--no-eff-email- 하면 /etc/letsencrypt/live/도메인 밑에 인증서가 저장 됨
Reverse Proxy 설정하기
- proxy config
sudo vi /etc/nginx/sites-available/opencloud- 아래 값 입력
# Redirect HTTP to HTTPS
server {
listen 80;
server_name cloud.gnsinfo.mooo.com collabora.gnsinfo.mooo.com wopiserver.gnsinfo.mooo.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
# OpenCloud
server {
listen 443 ssl;
server_name cloud.gnsinfo.mooo.com;
ssl_certificate /etc/letsencrypt/live/cloud.gnsinfo.mooo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.gnsinfo.mooo.com/privkey.pem;
client_max_body_size 5G;
proxy_request_buffering off;
location / {
proxy_pass http://192.168.55.12:9200;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# Collabora
server {
listen 443 ssl;
server_name collabora.gnsinfo.mooo.com;
ssl_certificate /etc/letsencrypt/live/cloud.gnsinfo.mooo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.gnsinfo.mooo.com/privkey.pem;
client_max_body_size 5G;
proxy_request_buffering off;
location / {
proxy_pass http://192.168.55.12:9980;
proxy_set_header Host $host;
}
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://192.168.55.12:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}
# WOPI Server
server {
listen 443 ssl;
server_name wopiserver.gnsinfo.mooo.com;
ssl_certificate /etc/letsencrypt/live/cloud.gnsinfo.mooo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cloud.gnsinfo.mooo.com/privkey.pem;
client_max_body_size 5G;
proxy_request_buffering off;
location / {
proxy_pass http://192.168.55.12:9300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}enable 에 링크 걸고 재시작
sudo ln -s /etc/nginx/sites-available/opencloud /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginxOpenCloud 설치하기
opencloud 에 접속하기
ssh hooni@192.168.55.12/opt/ 폴더 생성 및 이동
sudo mkdir /opt
cd /optgit 에서 docker-compose 파일 내려 받기
git clone https://github.com/opencloud-eu/opencloud-compose.git
cd opencloud-compose
cp .env.example .env
vi .env- vi .env 에서 아래 내용 변경 입력
COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:external-proxy/opencloud.yml:external-proxy/collabora.yml
OC_DOMAIN=cloud.gnsinfo.mooo.com
INITIAL_ADMIN_PASSWORD=xxxxxxxx
OC_CONFIG_DIR=/var/opencloud/config
OC_DATA_DIR=/var/opencloud/data
OC_APPS_DIR=/var/opencloud/apps
SMTP_HOST=hooni.mooo.com
SMTP_PORT=587
SMTP_SENDER=gnsinfo@hooni.mooo.com
SMTP_USERNAME=gnsinfo
SMTP_PASSWORD=xxxxxxxx
SMTP_AUTHENTICATION=plain
SMTP_TRANSPORT_ENCRYPTION=starttls
SMTP_INSECURE=true
COLLABORA_DOMAIN=collabora.gnsinfo.mooo.com
WOPISERVER_DOMAIN=wopiserver.gnsinfo.mooo.com
COLLABORA_ADMIN_USER=admin
COLLABORA_ADMIN_PASSWORD=xxxxxxxx
COLLABORA_SSL_ENABLE=false
COLLABORA_SSL_VERIFICATION=false도커 실행
docker compose up -d- 하고 웹 브라우저에서 https://cloud.hooni.mooo.com 입력하면
- 도커 ps 현황
- collabora 는 계속 Restarting 상태 임.
느낀점
- 빠르게 만들기 위해 Go 언어를 사용해서 인지 클릭 반응이 빠름
- 도커를 기반으로 설치해서 인지 opencloud 는 비교적 쉬움
- 하지만 collabora, weboffice 는 실행이 되지 않아 아쉬움
Ubuntu 에서는 collabora 가 되네요..
