大家好,最近在部署Seafile和collabora遇到无法连接到文件的问题,查了很多论坛、网站都没能找到解决办法,因此想向大家求助一下。
我是参考官方中文文档 - 用 Docker 部署 Seafile 专业版,做了一些小调整,下面是我的docker-compose.yml文件,我把collabora也写进docker-compose里了。
version: '2.0'
services:
db:
image: mariadb:10.1
restart: always
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=XXXXXX # Requested, set the root's password of MySQL service.
- MYSQL_LOG_CONSOLE=true
volumes:
- /opt/seafile-mysql/db:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store.
networks:
- seafile-net
memcached:
image: memcached:1.5.6
restart: always
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- seafile-net
elasticsearch:
image: seafileltd/elasticsearch-with-ik:5.6.16
restart: always
container_name: seafile-elasticsearch
environment:
- discovery.type=single-node
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1g -Xmx1g"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 2g
volumes:
- /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data # Requested, specifies the path to Elasticsearch data persistent store.
networks:
- seafile-net
collabora:
image: collabora/code
restart: always
container_name: collabora-online
ports:
- "9980:9980"
environment:
- domain=pan\\.callmsn\\.top
- username=admin
- password=XXXXXXXXXXX
- TIME_ZONE=Asia/Shanghai # Optional, default is UTC. Should be uncomment and set to your local time zone.
cap_add:
- MKNOD
networks:
- seafile-net
seafile:
image: docker.seafile.top/seafileltd/seafile-pro-mc:latest
restart: always
container_name: seafile
ports:
- "8000:80"
- "8080:8080"
# - "443:443" # If https is enabled, cancel the comment.
volumes:
- /opt/seafile-data:/shared # Requested, specifies the path to Seafile data persistent store.
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=XXXX # Requested, the value shuold be root's password of MySQL service.
- TIME_ZONE=Asia/Shanghai # Optional, default is UTC. Should be uncomment and set to your local time zone.
- SEAFILE_ADMIN_EMAIL=XXXXXXXX@outlook.com # Specifies Seafile admin user, default is 'me@example.com'
- SEAFILE_ADMIN_PASSWORD=XXXXXXX # Specifies Seafile admin password, default is 'asecret'
- SEAFILE_SERVER_LETSENCRYPT=false # Whether to use https or not
# - SEAFILE_SERVER_HOSTNAME=pan.callmsn.top # Specifies your host name if https is enabled
depends_on:
- db
- memcached
- elasticsearch
- collabora
networks:
- seafile-net
networks:
seafile-net:
下面是我的Collabora nginx配置文件,nginx没有跟seafile官网一致,跟Collabora官方教程一致:
server {
listen 80;
server_name collabora-online.callmsn.top;
rewrite ^ https://$http_host$request_uri? permanent; #强制将http重定向到https
server_tokens off;
}
server {
listen 443 ssl;
server_name collabora-oneline.callmsn.top;
ssl_certificate /etc/nginx/ssl/collabora-online/collabora-online.pem;
ssl_certificate_key /etc/nginx/ssl/collabora-online/collabora-online.key;
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
下面是我的seafile nginx文件:
server {
listen 80;
server_name pan.callmsn.top;
rewrite ^ https://$http_host$request_uri? permanent; #强制将http重定向到https
server_tokens off;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/pan/pan.pem; #pem 文件路径
ssl_certificate_key /etc/nginx/ssl/pan/pan.key; #key 文件路径
server_name pan.callmsn.top;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# secure settings (A+ at SSL Labs ssltest at time of writing)
# see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_prefer_server_ciphers on;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
proxy_read_timeout 1200s;
client_max_body_size 0;
}
#
# location /seafhttp {
# rewrite ^/seafhttp(.*)$ $1 break;
# proxy_pass http://127.0.0.1:8082;
# client_max_body_size 0;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_connect_timeout 36000s;
# proxy_read_timeout 36000s;
# proxy_send_timeout 36000s;
# send_timeout 36000s;
# }
# location /media {
# root /root/pan/seafile-server-latest/seahub;
# }
#
location /seafdav {
proxy_pass http://127.0.0.1:8080;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
# This option is only available for Nginx >= 1.8.0. See more details below.
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
目前可以正常登录seafile,同时访问https://collabora-online.callmsn.top/hosting/discovery可以出现xml配置文件,访问https://collabora-online.callmsn.top/loleaflet/dist/admin/admin.html可以进入管理员页面,说明seafile和Collabora都是正常工作的,无法访问的问题应该是Nginx配置问题、或者Seafile和Collabora之间的通信问题。
我从seafile打开office文件,显示“很抱歉,无法连接到您的文档。请重试。”:
下面是docker logs --tail 10 collabora-online的错误信息:
wsd-00029-00030 2019-08-30 08:19:17.815373 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/LOOLWSD.cpp:1795
wsd-00029-00064 2019-08-30 08:19:20.657871 [ docbroker_007 ] ERR Cannot get file info from WOPI storage uri [http://pan.callmsn.top/api2/wopi/files/44f5ec7a41898ab5552370326a703dd7baac4e24?access_token=779094d540444fa499c1e023b57d8d56&access_token_ttl=1567154903088&permission=edit]. Error: SSL Exception: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol| wsd/Storage.cpp:474
wsd-00029-00064 2019-08-30 08:19:20.658287 [ docbroker_007 ] ERR loading document exception: SSL Exception| wsd/DocumentBroker.cpp:1158
wsd-00029-00064 2019-08-30 08:19:20.658336 [ docbroker_007 ] ERR Failed to add session to [/api2/wopi/files/44f5ec7a41898ab5552370326a703dd7baac4e24] with URI [http://pan.callmsn.top/api2/wopi/files/44f5ec7a41898ab5552370326a703dd7baac4e24?access_token=779094d540444fa499c1e023b57d8d56&access_token_ttl=1567154903088&permission=edit]: SSL Exception| wsd/DocumentBroker.cpp:1120
wsd-00029-00064 2019-08-30 08:19:20.658366 [ docbroker_007 ] ERR Error while loading : SSL Exception| wsd/LOOLWSD.cpp:2699
wsd-00029-00064 2019-08-30 08:19:20.666126 [ docbroker_007 ] WRN Child session [000f] not found to forward message: load url=http://pan.callmsn.top/api2/wopi/files/44f5ec7a41898ab5552370326a703dd7baac4e24?access_token=779094d540444fa499c1e023b57d8d56&access_token_ttl=1567154903088&permission=edit readonly=0 lang=zh-CN| wsd/DocumentBroker.cpp:1770
wsd-00029-00064 2019-08-30 08:19:21.659685 [ docbroker_007 ] ERR Invalid or unknown session [000f] to remove.| wsd/DocumentBroker.cpp:1194
wsd-00029-00064 2019-08-30 08:19:21.659748 [ docbroker_007 ] ERR No socket associated with WebSocketHandler 0x7f5b28018490| ./net/WebSocketHandler.hpp:125
kit-00061-00031 2019-08-30 08:19:21.660043 [ loolkit ] WRN Kit connection lost without exit arriving from wsd. Setting TerminationFlag| kit/Kit.cpp:2236
wsd-00029-00030 2019-08-30 08:19:21.663458 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/LOOLWSD.cpp:1795
看错误信息应该就是两个容器之间的通信出了问题,或者是SSL没配置好(我的ssl都是申请的阿里云证书,放在nginx文件夹下),请问如何解决?谢谢。