差異處

這裏顯示兩個版本的差異處。

--- tech:nginx_proxy_manager [2023/10/30 00:28] – [安裝設定 Nginx Proxy Manager(NPM) 當 Revers Proxy Server] jonathan
+++ tech:nginx_proxy_manager [2024/09/11 10:38] (目前版本) – 強化 Proxy Host - NextCloud 的進階設定 jonathan
@@ 行 1: / 行 1: @@
-====== 安裝 Nginx Proxy Manager(NPM) 當 Revers Proxy Server(Docker) ======
+====== Nginx Proxy Manager(NPM) 當 Revers Proxy Server(Docker) ======
   * 環境 : [[tech/alpine_docker]]
   * 安裝的主機 IP : 192.168.11.231
@@ 行 5: / 行 5: @@
 ===== 編輯與啟動 ====
   * 編輯 yml 檔案 <cli>
-cd ~
+vi docker-compose.yml</cli><file>
-mkdir -p nginx-proxy-manager
-cd nginx-proxy-manager
-vi docker-compose.yml</cli><cli>
-version: '3'
 services:
-  app:
+  nginx-proxy-manager:
-    image: 'jc21/nginx-proxy-manager:latest'
+    image: jc21/nginx-proxy-manager:latest
-    restart: unless-stopped
+    container_name: nginx-proxy-manager
+    restart: always
     ports:
       - '80:80'
@@ 行 21: / 行 18: @@
       - ./data:/data
       - ./letsencrypt:/etc/letsencrypt
-</cli>
+  goaccess:
+    image: xavierh/goaccess-for-nginxproxymanager:latest
+    container_name: goaccess
+    restart: always
+    ports:
+      - '7880:7880'
+    environment:
+      - TZ=Asia/Taipei
+      - SKIP_ARCHIVED_LOGS=False #optional
+      - DEBUG=False #optional
+      - BASIC_AUTH=False #optional
+      - BASIC_AUTH_USERNAME=user #optional
+      - BASIC_AUTH_PASSWORD=pass #optional
+      - EXCLUDE_IPS=127.0.0.1 #optional - comma delimited
+      - LOG_TYPE=NPM #optional - more information below
+      - ENABLE_BROWSERS_LIST=True #optional - more information below
+      - CUSTOM_BROWSERS=Kuma:Uptime,TestBrowser:Crawler #optional - comma delimited, more information below
+      - HTML_REFRESH=5 #optional - Refresh the HTML report every X seconds. https://goaccess.io/man
+      - KEEP_LAST=30 #optional - Keep the last specified number of days in storage. https://goaccess.io/man
+    volumes:
+      - ./data/logs:/opt/log
+  watchtower:
+    image: containrrr/watchtower
+    container_name: watchtower
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - TZ=Asia/Taipei
+      - WATCHTOWER_SCHEDULE=0 0 4 * * *
+      - WATCHTOWER_CLEANUP=true
+    labels:
+      - "com.centurylinklabs.watchtower.enable=true"
+    restart: unless-stopped
+</file>
   * 啟動服務 <cli>
 docker compose up -d
@@ 行 51: / 行 83: @@
   * 編輯 Proxy Host -> Advanced -> Custom Nginx Configuration 加入 <cli>real_ip_header CF-Connecting-IP;</cli> 即可 \\ {{:tech:2022-09-03_22_42_06.png|}}
-==== 2. 解決無法下載後端 NextCloud 超過 1GB 大檔案的設定 ====
+==== 2. 解決無法下載Proxy Host 超過 1GB 大檔案的設定 ====
-  * https://rodrigolmti.medium.com/nextcloud-with-portainer-nginx-proxy-manager-63df45d62a0b
+  * Proxy Host 是 NextCloud 要提供檔案下載時發現預設下載檔案大小限制為 1GB
+  * 參考 - https://rodrigolmti.medium.com/nextcloud-with-portainer-nginx-proxy-manager-63df45d62a0b
+  * 另外 NextCloud/all-in-one 會開啟 TRACE and TRACK method, 會造成主機弱點, 也順便設定關閉
   * 編輯 Proxy Host -> Advanced -> Custom Nginx Configuration 加入 <cli>
-proxy_set_header Host $host;
+client_body_buffer_size 512k;
-proxy_set_header X-Forwarded-Proto $scheme;
+proxy_read_timeout 86400s;
-proxy_set_header X-Real-IP $remote_addr;
-proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-proxy_max_temp_file_size 16384m;
 client_max_body_size 0;
-location = /.well-known/carddav {
+if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS)$) {
-  return 301 $scheme://$host:$server_port/remote.php/dav;
+    return 405;
 }
-location = /.well-known/caldav {
+</cli>
-  return 301 $scheme://$host:$server_port/remote.php/dav;
-}</cli>
 ==== 3. 解決忘記登入資訊的做法 ====
@@ 行 72: / 行 101: @@
     * login: [email protected]
     * pass: changeme
+==== 4. 統計分析紀錄的做法 ====
+  * 可使用 [[https://github.com/xavier-hernandez/goaccess-for-nginxproxymanager|goaccess-for-nginxproxymanager]] 當簡易分析方案
+  * 安裝方式可參考 [[tech/goaccess-for-nginxproxymanager]]
+==== 5. 安裝環境無 IPv6 的議題 ====
+  * 參考 - https://nginxproxymanager.com/advanced-config/#docker-file-secrets
+  * 無 IPv6 的環境啟動時 log 內會出現類似以下的錯誤訊息 <cli>
+:
+app-1  | ❯ Starting nginx ...
+app-1  | nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
+app-1  | ❯ Starting nginx ...
+app-1  | nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
+:
+</cli>
+  * 只要在 docker-compose.yml 內的環境變數加上 **DISABLE_IPV6=true** 即可 Exp. <file>
+version: '3'
+services:
+  app:
+    image: 'jc21/nginx-proxy-manager:latest'
+    restart: unless-stopped
+    ports:
+      - '80:80'
+      - '81:81'
+      - '443:443'
+    environment:
+      - DISABLE_IPV6=true
+    volumes:
+      - ./data:/data
+      - ./letsencrypt:/etc/letsencrypt
+</file>
+==== 6. 升級到 v2.11 後 Custom locations 無法運作議題 ====
+  * 參考 - https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3474
+  * 目前 Workaround 作法
+    - 在 docker-compose.yml 目錄新增 _hsts_map.conf 檔案<cli>
+touch _hsts_map.conf
+</cli>
+    - 修改 docker-compose.yml 內增加 <cli>
+vi docker-compose.yml
+</cli><file>
+:
+- ./_hsts_map.conf:/app/templates/_hsts_map.conf
+</file>
+    - 重新啟動 docker compose <cli>
+docker compose up -d
+</cli>
+==== 7. 匯出設定資料到另外一台主機匯入的作法 ====
+  - 在來源主機匯出 <cli>
+cd nginx-proxy-manager
+tar -cvf data.tar data/
+tar -cvf letsencrypt.tar letsencrypt/
+</cli>
+  - 將 data.tar 與 letsencrypt.tar 複製到目標主機 Exp.<cli>
+scp *.tar 172.16.1.99:/root/
+</cli>
+  - 在目標主機匯入 <cli>
+mv *.tar nginx-proxy-manager/
+cd nginx-proxy-manager
+docker compose down
+mv data data.org
+mv letsencrypt letsencrypt.org
+tar -xvf data.tar
+tar -xvf letsencrypt.tar
+docker compose up -d
+docker compose logs -f
+</cli>
 ===== 參考網址 =====