OpenCloudをApacheのReverse Proxyで運用する

提供: First Wiki
ナビゲーションに移動 検索に移動

Apache の Reverse Proxy で運用してみよう

機器構成

  • Ubuntu 24.04.4
  • docker.io 29.1.3-0ubuntu3~24.04.1
  • docker-compose-v2 2.40.3+ds1-0ubuntu1~24.04.1
  • git 2.43.0-1ubuntu7.3
  • apache2 2.4.58-1ubuntu8.11

ドメインと証明書の用意

自ドメインに以下を追加しました

  • cloud.MYDOMAIN.TLD → OpenCloud フロントエンド
  • collabora.MYDOMAIN.TLD → Collabora Online サーバー
  • wopiserver.MYDOMAIN.TLD → ドキュメント編集用 WOPI サーバー

上の 3 ドメインについて certbot にて 証明書を取得しました

Ubuntu サーバーの準備

  • Ubuntu 24.04
$ sudo apt update && apt full-upgrade
$ sudo apt install docker.io docker-compose-v2 git

OpenCloud リポジトリをクローンする

root にチェンジして以降、そのまま操作しています 

$ sudo -i
# git clone https://github.com/opencloud-eu/opencloud-compose.git

環境の設定ファイル(.env)を構成する

# cd opencloud-compose
# cp .env.example .env
# vi .env

INSECURE=true
--
COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:external-proxy/opencloud.yml:external-proxy/collabora.yml:radicale/radicale.yml
OC_DOCKER_IMAGE=opencloudeu/opencloud
OC_DOCKER_TAG=4
OC_DOMAIN=cloud.MYDOMAIN.TLD
INITIAL_ADMIN_PASSWORD=ほにゃら~ら
LOG_PRETTY=true
OC_CONFIG_DIR=/srv/opencloud/config
OC_DATA_DIR=/srv/opencloud/data
OC_APPS_DIR=/srv/opencloud/apps
DEFAULT_LANGUAGE=ja
--
COLLABORA_DOMAIN=collabora.MYDOMAIN.TLD
WOPISERVER_DOMAIN=wopiserver.MYDOMAIN.TLD
--
RADICALE_DATA_DIR=/srv/radicale/data
--
OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS=0
  • OC_DOCKER_IMAGE=opencloudeu/opencloud - Stable だと思われる方で
  • OC_DOCKER_TAG=4 - stable 4.0.5 が入りました (2026-4-14)

ファイルシステムにフォルダを用意する

# mkdir -p /srv/opencloud/{config,data,apps}
# mkdir -p /srv/radicale/data
# chown -R 1000:1000 /srv/opencloud /srv/radicale

起動と確認

# docker compose up -d
--
# docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED       STATUS                 PORTS                                NAMES
99d57b09a273   opencloudeu/opencloud:4       "/bin/sh -c 'openclo…"   3 hours ago   Up 3 hours             9200/tcp, 127.0.0.1:9300->9300/tcp   opencloud-compose-collaboration-1
af0a1082cc8b   opencloudeu/radicale:latest   "/app/bin/python /ap…"   3 hours ago   Up 3 hours             5232/tcp                             opencloud-compose-radicale-1
867d77273ebf   opencloudeu/opencloud:4       "/bin/sh -c 'openclo…"   3 hours ago   Up 3 hours             127.0.0.1:9200->9200/tcp             opencloud-compose-opencloud-1
a9bbe3037a80   collabora/code:25.04.9.4.1    "/bin/bash -c 'coolc…"   3 hours ago   Up 3 hours (healthy)   127.0.0.1:9980->9980/tcp             opencloud-compose-collabora-1

Apache の Reverse Proxy 設定

/etc/apache2/sites-available に cloud.conf collabora.conf wopiserver.conf を用意する

cloud.conf

<VirtualHost *:80>
        ServerName cloud.MYDOMAIN.TLD
        Redirect permanent / https://cloud.MYDOMAIN.TLD/
</VirtualHost>

<VirtualHost *:443>
        ServerName cloud.MYDOMAIN.TLD
        ServerAdmin webmaster@MYDOMAIN.TLD

        SSLEngine on
        SSLCertificateFile      /etc/letsencrypt/live/cloud.MYDOMAIN.TLD/cert.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/cloud.MYDOMAIN.TLD/privkey.pem

        Protocols h2 http/1.1

        proxyPreserveHost On
        ProxyPass / http://localhost:9200/
        ProxyPassReverse / http://localhost:9200/

        ErrorLog ${APACHE_LOG_DIR}/cloud-error.log
        CustomLog ${APACHE_LOG_DIR}/cloud-access.log combined env=!dontlog
</VirtualHost>

collabora.conf

<VirtualHost *:80>
        ServerName collabora.MYDOMAIN.TLD
        Redirect permanent / https://collabora.MYDOMAIN.TLD/
</VirtualHost>

<VirtualHost *:443>
        ServerName collabora.MYDOMAIN.TLD
        ServerAdmin webmaster@MYDOMAIN.TLD

        SSLEngine on
        SSLCertificateFile      /etc/letsencrypt/live/cloud.MYDOMAIN.TLD/cert.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/cloud.MYDOMAIN.TLD/privkey.pem

        Protocols h2 http/1.1

        ProxyPreserveHost On
        AllowEncodedSlashes NoDecode

        # WebSockets
        ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:9980/cool/$1/ws nocanon
        ProxyPassMatch "^/cool/adminws$" ws://127.0.0.1:9980/cool/adminws

        # Default routes
        ProxyPass /cool http://127.0.0.1:9980/cool
        ProxyPassReverse /cool http://127.0.0.1:9980/cool
        ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery
        ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery
        ProxyPass /browser http://127.0.0.1:9980/browser
        ProxyPassReverse /browser http://127.0.0.1:9980/browser

        # important header for HTTPS connection
        RequestHeader set X-Forwarded-Proto "https"

        # increase timeout limits
        ProxyTimeout 300
        ProxyIOBufferSize 65536

        ErrorLog ${APACHE_LOG_DIR}/collabora-error.log
        CustomLog ${APACHE_LOG_DIR}/collabora-access.log combined env=!dontlog
</VirtualHost>

wopiserver.conf 例

<VirtualHost *:80>
        ServerName wopiserver.MYDOMAIN.TLD
        Redirect permanent / https://wopiserver.MYDOMAIN.TLD/
</VirtualHost>

<VirtualHost *:443>
        ServerName wopiserver.MYDOMAIN.TLD
        ServerAdmin webmaster@MYDOMAIN.TLD

        SSLEngine on
        SSLCertificateFile      /etc/letsencrypt/live/cloud.MYDOMAIN.TLD/cert.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/cloud.MYDOMAIN.TLD/privkey.pem

        ProxyPass / http://localhost:9300/
        ProxyPassReverse / http://localhost:9300/
        proxyPreserveHost On
        RequestHeader set X-Forwarded-Proto "https"
        RequestHeader set X-Real-IP "%{REMOTE_ADDR}s"

        ErrorLog ${APACHE_LOG_DIR}/wopiserver-error.log
        CustomLog ${APACHE_LOG_DIR}/wopiserver-access.log combined env=!dontlog
</VirtualHost>

上記を有効化

  • 必要なモジュールを有効化 # a2enmod proxy proxy_http ssl headers proxy_connect proxy_wstunnel
  • 上記のサイトを有効化 # a2ensite cloud collabora wopi
https://wiki.fatyas.com/w/index.php?title=OpenCloudをApacheのReverse_Proxyで運用する&oldid=1909」から取得