nextcloud 安装https
慕容宇
[root@nextcloud config]# sudo mkdir -p /data/ssl/ca
[root@nextcloud config]# sudo mkdir -p /data/ssl/server
[root@nextcloud config]# sudo mkdir -p /data/ssl/client
[root@nextcloud config]# sudo chown -R centos:centos /data/ssl^C
[root@nextcloud config]# ll
总用量 72
-rw-r--r--. 1 apache apache 0 7月 22 10:07 CAN_INSTALL
-rw-r-----. 1 apache apache 61 7月 25 10:30 config.php
-rw-r--r--. 1 apache apache 68224 7月 22 10:07 config.sample.php
[root@nextcloud config]# cd /data/
[root@nextcloud data]# ll
总用量 0
drwxr-xr-x. 5 root root 44 7月 25 10:56 ssl
[root@nextcloud data]# cd ..
[root@nextcloud /]# ls
bin data etc lib media opt root sbin sys usr
boot dev home lib64 mnt proc run srv tmp var
[root@nextcloud /]# ll
总用量 28
lrwxrwxrwx. 1 root root 7 6月 22 2021 bin -> usr/bin
dr-xr-xr-x. 5 root root 4096 7月 22 09:14 boot
drwxr-xr-x. 3 root root 17 7月 25 10:55 data
drwxr-xr-x. 20 root root 3220 7月 21 15:48 dev
drwxr-xr-x. 150 root root 8192 7月 25 10:38 etc
drwxr-xr-x. 3 root root 17 7月 22 08:31 home
lrwxrwxrwx. 1 root root 7 6月 22 2021 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 6月 22 2021 lib64 -> usr/lib64
drwxr-xr-x. 2 root root 6 6月 22 2021 media
drwxr-xr-x. 3 root root 18 7月 21 15:29 mnt
drwxr-xr-x. 3 root root 18 7月 22 09:21 opt
dr-xr-xr-x. 373 root root 0 7月 21 15:48 proc
dr-xr-x---. 16 root root 4096 7月 25 10:24 root
drwxr-xr-x. 48 root root 1340 7月 25 10:38 run
lrwxrwxrwx. 1 root root 8 6月 22 2021 sbin -> usr/sbin
drwxr-xr-x. 2 root root 6 6月 22 2021 srv
dr-xr-xr-x. 13 root root 0 7月 21 15:48 sys
drwxrwxrwt. 23 root root 4096 7月 25 10:56 tmp
drwxr-xr-x. 13 root root 158 7月 21 15:29 usr
drwxr-xr-x. 22 root root 4096 7月 22 09:15 var
[root@nextcloud /]# sudo chown -R centos:centos /data/ssl
chown: 无效的用户: “centos:centos”
[root@nextcloud /]# sudo chown -R apache:apache /data/ssl
1.OpenSSL 制作自签名证书
[root@nextcloud /]# openssl genrsa -des3 -out /data/ssl/ca/ca.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
..........+++++
...............+++++
e is 65537 (0x010001)
Enter pass phrase for /data/ssl/ca/ca.key:
139797931136832:error:28078065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:905:You must type in 4 to 1023 characters
Enter pass phrase for /data/ssl/ca/ca.key:
139797931136832:error:2807106B:UI routines:UI_process:processing error:crypto/ui/ui_lib.c:545:while reading strings
Enter pass phrase for /data/ssl/ca/ca.key:
139797931136832:error:28078065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:905:You must type in 4 to 1023 characters
Enter pass phrase for /data/ssl/ca/ca.key:
Verifying - Enter pass phrase for /data/ssl/ca/ca.key:
aborted!
139797931136832:error:2807106B:UI routines:UI_process:processing error:crypto/ui/ui_lib.c:545:while reading strings
139797931136832:error:28078065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:905:You must type in 4 to 1023 characters
139797931136832:error:2807106B:UI routines:UI_process:processing error:crypto/ui/ui_lib.c:545:while reading strings
139797931136832:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:crypto/pem/pem_lib.c:357:
[root@nextcloud /]# openssl genrsa -des3 -out /data/ssl/ca/ca.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
............+++++
....................................................................................................................................................................+++++
e is 65537 (0x010001)
Enter pass phrase for /data/ssl/ca/ca.key:
Verifying - Enter pass phrase for /data/ssl/ca/ca.key:
[root@nextcloud /]# openssl req -new -key /data/ssl/ca/ca.key -out /data/ssl/ca/ca.csr
Enter pass phrase for /data/ssl/ca/ca.key:
139679236949824:error:28078065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:905:You must type in 4 to 1023 characters
Enter pass phrase for /data/ssl/ca/ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:xg
Organization Name (eg, company) [Default Company Ltd]:ga
Organizational Unit Name (eg, section) []:wqb
Common Name (eg, your name or your server's hostname) []:nextcloud
Email Address []:896514475@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@nextcloud /]# openssl req -in /data/ssl/ca/ca.csr -noout -text
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = ch, ST = hb, L = xg, O = ga, OU = wqb, CN = nextcloud, emailAddress = 896514475@qq.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:cf:c0:60:ea:af:08:1e:29:47:61:18:28:32:
61:4e:60:0a:7a:b2:2a:2e:a3:8d:11:12:99:8c:f2:
12:16:75:54:89:88:60:7f:88:e6:ac:86:84:c5:37:
ff:93:69:a3:cc:d5:31:5a:7a:a8:d8:98:a2:58:16:
fe:5f:3f:54:db:c5:97:49:50:dc:c0:5f:36:05:a5:
d1:62:fc:ff:6c:71:ad:eb:cf:f1:80:61:96:a1:0c:
89:69:98:94:8b:37:c1:00:95:ce:af:8b:d2:e4:d9:
ef:75:0c:75:6e:7c:f4:ae:ec:0c:7a:f9:7a:57:8e:
35:b7:1e:b2:5f:ec:50:5b:ee:c3:ec:02:4b:66:0c:
d1:c6:59:75:d6:85:27:5d:c9:42:0b:d7:5d:0e:2d:
41:1b:0f:cb:2d:6e:d2:95:79:dd:42:36:67:aa:48:
5c:43:ac:40:86:60:88:39:44:e6:25:42:91:e7:c3:
74:a3:ce:ff:36:5b:48:aa:36:cd:a0:3c:05:12:66:
6e:1e:b4:f3:58:84:55:5f:9a:45:33:0d:8c:bc:b5:
dd:0c:58:1a:e0:84:83:87:ba:9d:36:6b:5e:ed:8e:
ba:b8:b2:99:10:84:43:d9:4d:f8:af:c3:e5:7b:b6:
1f:48:d3:21:53:a0:de:c1:de:00:e2:4d:e1:0c:94:
3d:c1
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
89:7f:c0:a6:56:1d:35:de:b6:b6:5f:8d:8a:a6:50:22:c0:8f:
84:9e:d3:88:7a:bb:46:fd:db:dd:7d:51:5e:b4:60:30:1e:16:
98:d6:3d:d6:07:03:12:f7:db:57:fd:9f:7f:21:88:78:e0:a6:
5b:e5:27:7c:21:85:af:4a:fa:42:33:17:66:05:b9:db:48:0f:
4a:0c:3a:33:36:b9:d4:82:83:a9:b2:a4:a1:a3:b2:fe:01:b4:
a3:da:b8:60:34:d9:11:27:ab:b9:4d:6c:45:e2:81:eb:af:b0:
6e:55:33:0f:e4:12:f1:76:86:d4:14:1f:43:c6:20:75:f3:74:
74:43:09:a6:73:c5:7a:eb:75:00:5f:7c:b7:46:f1:25:06:63:
25:13:d7:1a:05:f4:d2:2c:a8:39:82:12:2d:a1:50:ad:85:6f:
05:00:0f:e5:6b:84:b6:1b:da:0f:4f:6e:d4:87:b8:09:3e:1d:
a6:d7:22:89:6d:51:bd:cb:73:a5:c1:5a:8c:73:48:24:83:d6:
75:75:3b:95:4f:5e:14:95:01:6b:ee:b3:6d:d9:dd:80:b5:fc:
46:1f:dd:a4:5f:9a:ec:53:bb:df:08:a6:cc:95:6f:ce:66:e2:
af:c6:d0:33:ac:8a:05:5e:51:c5:23:38:3b:4e:c6:ca:70:9c:
64:bd:19:e7
[root@nextcloud /]# openssl x509 -req -days 3650 -signkey /data/ssl/ca/ca.key -in /data/ssl/ca/ca.csr -out /data/ssl/ca/ca.pem
Signature ok
subject=C = ch, ST = hb, L = xg, O = ga, OU = wqb, CN = nextcloud, emailAddress = 896514475@qq.com
Getting Private key
Enter pass phrase for /data/ssl/ca/ca.key:
[root@nextcloud /]# openssl x509 -in /data/ssl/ca/ca.pem -noout -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
49:80:cb:c2:b6:dd:f1:87:e6:0f:bd:f4:0c:25:d2:9c:df:2d:8b:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = ch, ST = hb, L = xg, O = ga, OU = wqb, CN = nextcloud, emailAddress = 896514475@qq.com
Validity
Not Before: Jul 25 03:12:50 2022 GMT
Not After : Jul 22 03:12:50 2032 GMT
Subject: C = ch, ST = hb, L = xg, O = ga, OU = wqb, CN = nextcloud, emailAddress = 896514475@qq.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:cf:c0:60:ea:af:08:1e:29:47:61:18:28:32:
61:4e:60:0a:7a:b2:2a:2e:a3:8d:11:12:99:8c:f2:
12:16:75:54:89:88:60:7f:88:e6:ac:86:84:c5:37:
ff:93:69:a3:cc:d5:31:5a:7a:a8:d8:98:a2:58:16:
fe:5f:3f:54:db:c5:97:49:50:dc:c0:5f:36:05:a5:
d1:62:fc:ff:6c:71:ad:eb:cf:f1:80:61:96:a1:0c:
89:69:98:94:8b:37:c1:00:95:ce:af:8b:d2:e4:d9:
ef:75:0c:75:6e:7c:f4:ae:ec:0c:7a:f9:7a:57:8e:
35:b7:1e:b2:5f:ec:50:5b:ee:c3:ec:02:4b:66:0c:
d1:c6:59:75:d6:85:27:5d:c9:42:0b:d7:5d:0e:2d:
41:1b:0f:cb:2d:6e:d2:95:79:dd:42:36:67:aa:48:
5c:43:ac:40:86:60:88:39:44:e6:25:42:91:e7:c3:
74:a3:ce:ff:36:5b:48:aa:36:cd:a0:3c:05:12:66:
6e:1e:b4:f3:58:84:55:5f:9a:45:33:0d:8c:bc:b5:
dd:0c:58:1a:e0:84:83:87:ba:9d:36:6b:5e:ed:8e:
ba:b8:b2:99:10:84:43:d9:4d:f8:af:c3:e5:7b:b6:
1f:48:d3:21:53:a0:de:c1:de:00:e2:4d:e1:0c:94:
3d:c1
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
72:8a:0f:d5:99:8f:bd:4c:1c:ec:3a:c1:be:c1:4e:77:fd:b7:
8f:88:7f:c6:1e:e2:b8:54:80:dd:d2:35:b7:cf:40:5d:d3:9e:
f7:13:f3:59:e7:da:4c:44:1e:62:40:7b:0c:44:25:17:03:f1:
34:69:a7:4f:59:98:c5:4d:d6:f3:e1:58:43:b2:f1:69:70:db:
37:66:c1:82:5a:2a:5c:86:4e:09:09:1e:91:0f:16:db:90:fc:
6b:ee:16:d5:b0:3f:54:4d:ba:ff:b9:9a:c0:65:f3:37:38:75:
5a:3e:57:98:64:5b:3c:ba:ec:94:70:77:45:f4:30:f5:b2:a5:
3d:7e:1d:c2:95:3c:d2:0c:b3:6d:8c:dd:2c:64:89:ca:a4:06:
21:1a:b0:c2:01:6b:2d:6a:b0:38:80:99:52:da:73:08:0f:5a:
a2:c3:4a:71:8a:92:b8:87:09:68:62:6a:58:3f:6d:17:80:3b:
cd:56:3d:71:42:a4:56:7e:df:2a:81:fd:cd:de:21:64:50:b4:
3d:e9:54:61:06:16:a1:fd:b4:d7:13:9a:3a:3e:2f:7c:7b:6b:
e4:43:50:b3:fd:71:57:31:6e:d2:b0:a5:c7:5a:c6:a4:e5:fb:
d1:5e:00:3d:f1:ba:5c:ee:26:fd:c3:d8:bb:f1:85:a9:11:c0:
ae:58:f9:b6
[root@nextcloud /]# openssl x509 -in /data/ssl/ca/ca.pem -noout -text^C
[root@nextcloud /]# openssl dhparam -out dhparam.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
........+............+..............................+..........+.......................................................................................................+.............................................................+.................................................................................................................................+..............................................................................................................................+.............................+............................+.....................................+...........................+..............................................................................................................................................................................................................+...+....................................................+............................................+..........+....+......................................................................+...........................................................................................+..................+.....................++*++*++*++*
[root@nextcloud /]# a2enmod ssl
bash: a2enmod: 未找到命令...
第二阶段:制作服务器证书
[root@nextcloud /]# sudo dnf install mod_ssl openssl
Repository extras is listed more than once in the configuration
上次元数据过期检查:1:37:20 前,执行于 2022年07月25日 星期一 09时40分34秒。
软件包 openssl-1:1.1.1k-5.el8_5.x86_64 已安装。
依赖关系解决。
===============================================================================
软件包 架构 版本 仓库 大小
===============================================================================
安装:
mod_ssl x86_64 1:2.4.37-43.module_el8.5.0+1022+b541f3b1 AppStream 136 k
事务概要
===============================================================================
安装 1 软件包
总下载:136 k
安装大小:266 k
确定吗?[y/N]: y
下载软件包:
mod_ssl-2.4.37-43.module_el8.5.0+1022+b541f3b1 398 kB/s | 136 kB 00:00
-------------------------------------------------------------------------------
总计 397 kB/s | 136 kB 00:00
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
安装 : mod_ssl-1:2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64 1/1
运行脚本: mod_ssl-1:2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64 1/1
验证 : mod_ssl-1:2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64 1/1
已安装:
mod_ssl-1:2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64
完毕!
[root@nextcloud /]# sudo setenforce 0
[root@nextcloud /]# sudo gedit /etc/httpd/conf.d/ssl.conf
Unable to init server: 无法连接:拒绝连接
(gedit:221204): Gtk-WARNING **: 11:18:14.140: cannot open display:
[root@nextcloud /]# vi /etc/httpd/conf.d/ssl.conf
[root@nextcloud /]#
[root@nextcloud /]# openssl genrsa -des3 -out /data/ssl/server/server.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
........................+++++
...................................................................................+++++
e is 65537 (0x010001)
Enter pass phrase for /data/ssl/server/server.key:
Verifying - Enter pass phrase for /data/ssl/server/server.key:
[root@nextcloud /]# openssl req -new -key /data/ssl/server/server.key -out /data/ssl/server/server.csr
Enter pass phrase for /data/ssl/server/server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ch
State or Province Name (full name) []:hb
Locality Name (eg, city) [Default City]:xg
Organization Name (eg, company) [Default Company Ltd]:ga
Organizational Unit Name (eg, section) []:wqb
Common Name (eg, your name or your server's hostname) []:nextcloud
Email Address []:896514475@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@nextcloud /]# openssl req -in /data/ssl/server/server.csr -noout -text
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = ch, ST = hb, L = xg, O = ga, OU = wqb, CN = nextcloud, emailAddress = 896514475@qq.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:d0:9d:e9:76:c7:50:c9:44:6d:34:30:17:81:
5e:8b:c0:90:dc:f2:5c:e1:8d:b7:c3:56:00:eb:34:
54:4f:83:3a:3f:87:33:93:a9:5a:87:dc:81:0b:31:
68:ea:3c:72:85:67:38:6a:b6:6c:aa:27:cc:8a:5f:
89:f9:dc:6c:0c:db:4d:de:5d:9c:9a:04:88:d1:15:
e3:7d:2a:44:57:f0:ff:50:6e:1d:ba:7d:a2:f8:05:
a3:f2:48:0c:77:33:2a:01:a5:15:68:fe:4b:b7:1a:
42:fc:10:e0:dc:8d:8e:7e:24:f3:89:c3:60:0f:c5:
9e:e9:88:19:59:97:ed:9a:21:03:b4:08:29:c6:30:
c7:f8:46:30:d7:d5:6c:36:1b:e7:39:64:16:92:c3:
c5:8f:b9:0f:5b:a4:65:99:2b:b1:95:8a:5d:81:70:
77:72:fb:e2:a0:9a:15:6e:fa:85:b8:5e:b5:fe:1f:
11:0a:77:86:a5:80:dd:73:85:38:bf:24:79:fa:73:
01:89:76:5f:06:3f:7c:ad:bf:5c:97:1c:fe:d9:e2:
6b:89:1f:c1:ab:72:78:4b:21:dd:de:ce:e6:ca:1d:
11:ca:02:31:8a:7e:cb:b9:6a:9e:e7:07:71:81:cc:
f6:a7:11:14:5f:37:46:69:00:63:6d:2d:14:36:9f:
ca:03
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
06:bf:3d:f8:e5:1c:51:35:17:47:db:d7:0f:92:0b:66:65:6d:
3b:34:46:05:bd:18:dc:87:e0:99:98:ed:97:a8:91:a6:2f:01:
71:1d:4b:ba:86:1a:70:ed:c9:2e:e1:b9:6f:ec:57:7c:84:9c:
9c:7b:b4:0c:d9:d6:46:00:96:91:19:be:e2:76:6a:f3:7c:6d:
05:ec:74:f0:e2:c1:56:13:fa:ff:e6:8a:96:ca:dc:50:2f:13:
0a:4e:06:0f:9f:68:7d:fd:f5:ff:be:51:a9:7f:c9:26:65:f7:
7c:1c:dd:42:b9:20:d3:69:39:30:93:99:5d:e4:46:dc:e7:67:
c5:53:dd:4a:13:80:38:fa:91:6a:31:dd:fc:ea:3e:fa:80:d1:
b7:5c:24:7e:ec:00:68:af:85:62:9a:49:be:02:5b:7d:5c:03:
16:18:88:94:da:9c:b0:2d:35:2f:64:86:3e:7e:cd:89:f3:c2:
62:6d:86:64:df:74:7e:81:7e:69:81:67:d5:bb:4f:0d:85:59:
ad:ff:4f:7d:03:32:ff:d2:4e:7b:35:46:71:1d:8e:42:e2:ef:
b2:44:59:76:d4:96:98:e1:30:a4:2a:dd:5f:a2:9e:1f:3c:5c:
f7:c9:b9:d6:8f:f6:d0:ba:90:97:58:2f:a7:10:86:eb:de:e0:
15:25:1b:33
[root@nextcloud /]# openssl x509 -req -days 3650 -CA /data/ssl/ca/ca.pem -CAkey /data/ssl/ca/ca.key -CAcreateserial -in /data/ssl/server/server.csr -out /data/ssl/server/server.pem
Signature ok
subject=C = ch, ST = hb, L = xg, O = ga, OU = wqb, CN = nextcloud, emailAddress = 896514475@qq.com
Getting CA Private Key
Enter pass phrase for /data/ssl/ca/ca.key:
[root@nextcloud /]# openssl x509 -in /data/ssl/server/server.pem -noout -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
16:a0:96:db:fb:bf:ea:e1:05:57:1d:3d:e3:00:f2:53:0b:84:0a:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = ch, ST = hb, L = xg, O = ga, OU = wqb, CN = nextcloud, emailAddress = 896514475@qq.com
Validity
Not Before: Jul 25 03:25:52 2022 GMT
Not After : Jul 22 03:25:52 2032 GMT
Subject: C = ch, ST = hb, L = xg, O = ga, OU = wqb, CN = nextcloud, emailAddress = 896514475@qq.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:d0:9d:e9:76:c7:50:c9:44:6d:34:30:17:81:
5e:8b:c0:90:dc:f2:5c:e1:8d:b7:c3:56:00:eb:34:
54:4f:83:3a:3f:87:33:93:a9:5a:87:dc:81:0b:31:
68:ea:3c:72:85:67:38:6a:b6:6c:aa:27:cc:8a:5f:
89:f9:dc:6c:0c:db:4d:de:5d:9c:9a:04:88:d1:15:
e3:7d:2a:44:57:f0:ff:50:6e:1d:ba:7d:a2:f8:05:
a3:f2:48:0c:77:33:2a:01:a5:15:68:fe:4b:b7:1a:
42:fc:10:e0:dc:8d:8e:7e:24:f3:89:c3:60:0f:c5:
9e:e9:88:19:59:97:ed:9a:21:03:b4:08:29:c6:30:
c7:f8:46:30:d7:d5:6c:36:1b:e7:39:64:16:92:c3:
c5:8f:b9:0f:5b:a4:65:99:2b:b1:95:8a:5d:81:70:
77:72:fb:e2:a0:9a:15:6e:fa:85:b8:5e:b5:fe:1f:
11:0a:77:86:a5:80:dd:73:85:38:bf:24:79:fa:73:
01:89:76:5f:06:3f:7c:ad:bf:5c:97:1c:fe:d9:e2:
6b:89:1f:c1:ab:72:78:4b:21:dd:de:ce:e6:ca:1d:
11:ca:02:31:8a:7e:cb:b9:6a:9e:e7:07:71:81:cc:
f6:a7:11:14:5f:37:46:69:00:63:6d:2d:14:36:9f:
ca:03
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
ab:f7:b7:ef:a3:b9:53:69:af:64:c6:1b:6d:8f:16:da:86:ce:
1b:ec:79:53:55:d2:5d:67:e3:52:d1:41:b8:a0:8f:29:37:af:
57:08:59:47:a3:5b:fe:f3:32:48:0b:1c:8a:72:44:27:b6:c3:
ae:ca:3c:a1:93:c1:6c:2d:52:23:62:87:db:00:d4:ee:e1:a8:
d2:ce:d9:20:1e:e8:15:85:9e:4f:cc:0a:23:cd:1f:31:a7:9c:
d9:ba:f0:ff:48:fe:37:00:76:97:bb:93:1a:f8:7a:46:78:77:
ca:9e:1f:9e:02:04:c0:ed:4c:37:74:ce:3b:5d:5c:bc:7c:fd:
21:2f:28:dd:b0:59:28:89:1f:e1:05:4d:a3:7e:86:d8:83:93:
b1:c7:41:48:37:b6:c8:ca:6b:43:f7:e3:96:f1:50:5e:18:a1:
27:25:31:4a:d4:6c:a9:35:46:95:f8:4b:c5:0c:6b:cb:71:d9:
77:5c:f0:98:06:eb:51:c0:d7:24:9f:bc:85:08:4a:5a:11:46:
3f:bd:b0:46:a4:f6:75:2a:69:5e:99:95:bd:79:bc:ee:fa:dd:
0a:a3:f8:58:e9:bc:bb:f8:3b:6f:34:2d:da:bb:13:2c:91:8a:
8d:e3:a0:a4:15:a6:b6:9b:93:49:03:2b:7c:2b:d0:e8:6f:9e:
fd:13:2f:b6
[root@nextcloud /]# openssl pkcs12 -export -in /data/ssl/server/server.pem -inkey /data/ssl/server/server.key -out /data/ssl/server/server.p12 -name https_cert
Enter pass phrase for /data/ssl/server/server.key:
Enter Export Password:
Verifying - Enter Export Password:
[root@nextcloud /]# ls /data/ssl/server/
server.csr server.key server.p12 server.pem
[root@nextcloud /]# ls /data/ssl/ca
ca.csr ca.key ca.pem ca.srl
[root@nextcloud /]# gmssl pkcs12 -export -in /data/ssl/ca/ca.pem -inkey /data/ssl/ca/ca.key -out /data/ssl/ca/ca.p12 -name ca
bash: gmssl: 未找到命令...
[root@nextcloud /]# openssl pkcs12 -export -in /data/ssl/ca/ca.pem -inkey /data/ssl/ca/ca.key -out /data/ssl/ca/ca.p12 -name ca
Enter pass phrase for /data/ssl/ca/ca.key:
Enter Export Password:
Verifying - Enter Export Password:
[root@nextcloud /]#
修改SSL配置文件
[root@nextcloud data]# cd /etc/httpd/conf.
conf.d/ conf.modules.d/
[root@nextcloud data]# cd /etc/httpd/conf.d/
# 监听端口
Listen 443 https
# Https 根路径
DocumentRoot "/var/www/html/nextcloud"
# 服务器域名
ServerName localhost
# 服务器签名证书文件
SSLCertificateFile /data/ssl/server/server.pem
# 服务器秘钥文件
SSLCertificateKeyFile /data/ssl/server/server.key
# 开启客户端证书认证(双向认证)
# SSLVerifyClient require
# CA 证书(双向认证)
# SSLCACertificateFile /data/ssl/ca/ca.pem
查看SSL。
[root@nextcloud conf.d]# cat ssl.conf
#
# When we also provide SSL we have to listen to the
# standard HTTPS port in addition.
#
#Listen 443 https
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html/nextcloud"
#ServerName nextcloud:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# List the protocol versions which clients are allowed to connect with.
# The OpenSSL system profile is used by default. See
# update-crypto-policies(8) for more details.
#SSLProtocol all -SSLv3
#SSLProxyProtocol all -SSLv3
# User agents such as web browsers are not configured for the user's
# own preference of either security or performance, therefore this
# must be the prerogative of the web server administrator who manages
# cpu load versus confidentiality, so enforce the server's cipher order.
SSLHonorCipherOrder on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
# The OpenSSL system profile is configured by default. See
# update-crypto-policies(8) for more details.
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that restarting httpd will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
# require an ECC certificate which can also be configured in
# parallel.
#SSLCertificateFile /etc/pki/tls/certs/cert.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
#SSLCertificateKeyFile /etc/pki/tls/private/cert.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convenience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is sent or allowed to be received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is sent and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
# 监听端口
Listen 443 https
# Https 根路径
DocumentRoot "/var/www/html/nextcloud"
# 服务器域名
ServerName localhost
# 服务器签名证书文件
SSLCertificateFile /data/ssl/server/server.pem
# 服务器秘钥文件
SSLCertificateKeyFile /data/ssl/server/server.key
# 开启客户端证书认证(双向认证)
# SSLVerifyClient require
# CA 证书(双向认证)
# SSLCACertificateFile /data/ssl/ca/ca.pem
[root@nextcloud data]# systemctl restart httpd
Enter TLS private key passphrase for localhost:443 (RSA) : ******
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@nextcloud data]# systemctl restart httpd
Enter TLS private key passphrase for localhost:443 (RSA) : ******
[root@nextcloud data]# firewall-cmd --zone=public --add-port=443/tcp --permanent
success
[root@nextcloud data]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor >
Active: active (running) since Thu 2022-07-21 15:48:33 CST; 3 days ago
Docs: man:firewalld(1)
Main PID: 1055 (firewalld)
Tasks: 3 (limit: 23372)
Memory: 21.5M
CGroup: /system.slice/firewalld.service
└─1055 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork>
7月 21 15:48:32 nextcloud systemd[1]: Starting firewalld - dynamic firewall da>
7月 21 15:48:33 nextcloud systemd[1]: Started firewalld - dynamic firewall dae>
7月 21 15:48:33 nextcloud firewalld[1055]: WARNING: AllowZoneDrifting is enabl>
7月 22 10:08:57 nextcloud firewalld[1055]: WARNING: AllowZoneDrifting is enabl>
[root@nextcloud data]# systemctl stop firewalld.service
[root@nextcloud data]# firewall-cmd --zone=public --add-port=80/tcp --permanent
FirewallD is not running
[root@nextcloud data]# systemctl start firewalld.service [root@nextcloud data]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
[root@nextcloud data]# firewall-cmd --zone=public --add-port=443/tcp --permanent
Warning: ALREADY_ENABLED: 443:tcp
success
[root@nextcloud conf.d]#
系统重启报错,必须关闭Selinux
[root@nextcloud conf.d]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@nextcloud conf.d]# systemctl stop firewalld.service
[root@nextcloud conf.d]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@nextcloud conf.d]# journalctl -xe
7月 25 15:08:34 nextcloud dbus-daemon[953]: [system] Activating service name='org.fedoraproject.Setroubleshoo>
7月 25 15:08:35 nextcloud dbus-daemon[953]: [system] Successfully activated service 'org.fedoraproject.Setrou>
7月 25 15:08:36 nextcloud setroubleshoot[8154]: AnalyzeThread.run(): Cancel pending alarm
7月 25 15:08:36 nextcloud setroubleshoot[8154]: failed to retrieve rpm info for /data/ssl/server/server.pem
7月 25 15:08:36 nextcloud dbus-daemon[953]: [system] Activating service name='org.fedoraproject.Setroubleshoo>
7月 25 15:08:36 nextcloud dbus-daemon[953]: [system] Successfully activated service 'org.fedoraproject.Setrou>
7月 25 15:08:39 nextcloud setroubleshoot[8154]: SELinux is preventing /usr/sbin/httpd from getattr access on >
7月 25 15:08:39 nextcloud setroubleshoot[8154]: SELinux is preventing /usr/sbin/httpd from getattr access on >
***** Plugin catchall_labels (83.8 confidence) suggests *>
If you want to allow httpd to have getattr access on the ser>
Then you need to change the label on /data/ssl/server/server>
Do
# semanage fcontext -a -t FILE_TYPE '/data/ssl/server/server>
where FILE_TYPE is one of the following: NetworkManager_exec>
Then execute:
restorecon -v '/data/ssl/server/server.pem'
***** Plugin catchall (17.1 confidence) suggests ********>
If you believe that httpd should be allowed getattr access o>
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -X 300 -i my-httpd.pp
7月 25 15:08:39 nextcloud setroubleshoot[8154]: AnalyzeThread.run(): Set alarm timeout to 10
lines 2703-2733/2733 (END)
7月 25 15:08:34 nextcloud dbus-daemon[953]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.39' (uid=0 pid>
7月 25 15:08:35 nextcloud dbus-daemon[953]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
7月 25 15:08:36 nextcloud setroubleshoot[8154]: AnalyzeThread.run(): Cancel pending alarm
7月 25 15:08:36 nextcloud setroubleshoot[8154]: failed to retrieve rpm info for /data/ssl/server/server.pem
7月 25 15:08:36 nextcloud dbus-daemon[953]: [system] Activating service name='org.fedoraproject.SetroubleshootPrivileged' requested by ':1.454' >
7月 25 15:08:36 nextcloud dbus-daemon[953]: [system] Successfully activated service 'org.fedoraproject.SetroubleshootPrivileged'
7月 25 15:08:39 nextcloud setroubleshoot[8154]: SELinux is preventing /usr/sbin/httpd from getattr access on the file /data/ssl/server/server.pe>
7月 25 15:08:39 nextcloud setroubleshoot[8154]: SELinux is preventing /usr/sbin/httpd from getattr access on the file /data/ssl/server/server.pe>
***** Plugin catchall_labels (83.8 confidence) suggests *******************
If you want to allow httpd to have getattr access on the server.pem file
Then you need to change the label on /data/ssl/server/server.pem
Do
# semanage fcontext -a -t FILE_TYPE '/data/ssl/server/server.pem'
where FILE_TYPE is one of the following: NetworkManager_exec_t, NetworkManager_log_t, NetworkMa>
Then execute:
restorecon -v '/data/ssl/server/server.pem'
***** Plugin catchall (17.1 confidence) suggests **************************
If you believe that httpd should be allowed getattr access on the server.pem file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -X 300 -i my-httpd.pp
7月 25 15:08:39 nextcloud setroubleshoot[8154]: AnalyzeThread.run(): Set alarm timeout to 10
[root@nextcloud conf.d]# cd /data/
[root@nextcloud data]# ll
总用量 0
drwxr-xr-x. 5 root root 44 7月 25 10:56 ssl
[root@nextcloud data]# ls
ssl
[root@nextcloud data]# cd ssl/
[root@nextcloud ssl]# ls
ca client server
[root@nextcloud ssl]# cd server/
[root@nextcloud server]# ls
server.csr server.key server.p12 server.pem
[root@nextcloud server]# ll
总用量 16
-rw-r--r--. 1 root root 1025 7月 25 11:25 server.csr
-rw-------. 1 root root 1743 7月 25 11:23 server.key
-rw-------. 1 root root 2562 7月 25 11:26 server.p12
-rw-r--r--. 1 root root 1261 7月 25 11:25 server.pem
[root@nextcloud server]# ^C
[root@nextcloud server]# SELinuxgetenforce^C
[root@nextcloud server]# getenforce
Enforcing
[root@nextcloud server]# setenforce 0
[root@nextcloud server]# systemctl restart httpd
Enter TLS private key passphrase for localhost:443 (RSA) : ******
[root@nextcloud server]#
[root@nextcloud server]# vi /etc/selinux/config
[root@nextcloud server]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
#永久关闭
[root@vm01]# vi /etc/selinux/config
SELINUX=enforcing改为SELINUX=disabled
删除容器
[root@nextcloud ~]# docker ps -a
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d1124e5c2476 docker.io/onlyoffice/documentserver:latest 22 hours ago Exited (137) 6 seconds ago 0.0.0.0:8443->443/tcp quizzical_turing
8f05f6c81916 docker.io/onlyoffice/documentserver:latest 3 minutes ago Exited (137) 37 seconds ago 0.0.0.0:8080->80/tcp clever_newton
[root@nextcloud ~]# docker rm
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Error: you must provide at least one name or id
[root@nextcloud ~]# docker rm d1124e5c2476
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
d1124e5c247626f0a356a6abe6bd1abeaf39999be3b695c7e31e793a279ef01a
[root@nextcloud ~]# docker rm 8f05f6c81916
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
8f05f6c81916a3c7edce89173c4dc555dcf47160712e70a18a7173d41f6e100d
[root@nextcloud ~]# docker ps -a
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
修改证书目录用户、权限
[root@nextcloud ~]# cd /app/onlyoffice/DocumentServer/data/certs/
[root@nextcloud certs]# ls
dhparam.pem onlyoffice.crt onlyoffice.csr onlyoffice.key
[root@nextcloud certs]# ll
总用量 16
-rwxr-xr-x. 1 109 112 424 7月 27 11:52 dhparam.pem
-rwxr-xr-x. 1 109 112 1180 7月 27 11:52 onlyoffice.crt
-rwxr-xr-x. 1 109 112 985 7月 27 11:52 onlyoffice.csr
-rwxr-xr-x. 1 109 112 1679 7月 27 11:51 onlyoffice.key
[root@nextcloud certs]# cd ..
[root@nextcloud data]# cd ..
[root@nextcloud DocumentServer]# ls
data logs
[root@nextcloud DocumentServer]# ll
总用量 0
drwxr-xr-x. 4 109 112 35 7月 27 11:50 data
drwxr-xr-x. 4 109 112 58 7月 27 11:49 logs
[root@nextcloud DocumentServer]# cd ..
[root@nextcloud onlyoffice]# ls
DocumentServer
[root@nextcloud onlyoffice]# chown -R root:root DocumentServer/
[root@nextcloud onlyoffice]# ll
总用量 0
drwxr-xr-x. 4 root root 30 7月 27 11:48 DocumentServer
[root@nextcloud onlyoffice]# ll
总用量 0
drwxr-xr-x. 4 root root 30 7月 27 11:48 DocumentServer
重建onlyoffice容器
[root@nextcloud onlyoffice]# docker run -i -t -d -p 9000:443 -p 8080:80 --name onlyoffice -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
a7c97fb93556650c83dd763f9578705a82f34b2673f9759e8d0ce62afc63e77c
[root@nextcloud onlyoffice]# docker ps -a
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a7c97fb93556 docker.io/onlyoffice/documentserver:latest 42 seconds ago Up 41 seconds ago 0.0.0.0:8080->80/tcp, 0.0.0.0:9000->443/tcp onlyoffice
根据welcome提示,执行命令。
[root@nextcloud onlyoffice]# sudo docker exec a7c97fb93556 sudo supervisorctl start ds:example
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
sudo: unable to send audit message: Operation not permitted
ds:example: started
[root@nextcloud onlyoffice]# sudo docker exec a7c97fb93556 sudo supervisorctl start ds:examplesudo docker exec a7c97fb93556 sudo sed 's,autostart=false,autostart=true,' -i /etc/supervisor/conf.d/ds-example.conf
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
sudo: unable to send audit message: Operation not permitted
ds:examplesudo: ERROR (no such process)
docker: ERROR (no such process)
exec: ERROR (no such process)
a7c97fb93556: ERROR (no such process)
sudo: ERROR (no such process)
sed: ERROR (no such process)
s,autostart=false,autostart=true,: ERROR (no such process)
-i: ERROR (no such process)
/etc/supervisor/conf.d/ds-example.conf: ERROR (no such process)
[root@nextcloud onlyoffice]#
```提示
/app/onlyoffice/DocumentServer/data/certs/必须修改属主,权限
在设置nextcloud与onlyoffice连接时报错
连接是发生异常 (文档服务内部发生异常 Error while downloading the document file to be converted.) (版本 7.1.1.23)
由于
用signalr自签名证书错误(self signed certifi
```cpp
[root@nextcloud onlyoffice]# docker exec -it a7c97fb93556 /bin/bash
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
root@a7c97fb93556:/# cd /var/log/onlyoffice/documentserver/converter/
root@a7c97fb93556:/var/log/onlyoffice/documentserver/converter# ls
err.log out.log
root@a7c97fb93556:/var/log/onlyoffice/documentserver/converter# cat out.log
[2022-07-27T03:50:21.771] [WARN] nodeJS - update cluster with 1 workers
[2022-07-27T03:50:21.799] [WARN] nodeJS - worker 990 started.
[2022-07-27T03:50:21.833] [WARN] nodeJS - update cluster with 1 workers
[2022-07-27T03:51:07.489] [WARN] nodeJS - update cluster with 1 workers
[2022-07-29T01:39:14.368] [ERROR] nodeJS - error downloadFile:url=https://192.168.182.130/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.0VTdGtvy9jxLMNi9K8eOYIooFcVTFL3hKPx3iDhbRGE;attempt=1;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=conv_check_1488046828_docx)
Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
at TLSSocket.emit (events.js:400:28)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12)
[2022-07-29T01:39:15.372] [ERROR] nodeJS - error downloadFile:url=https://192.168.182.130/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.0VTdGtvy9jxLMNi9K8eOYIooFcVTFL3hKPx3iDhbRGE;attempt=2;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=conv_check_1488046828_docx)
Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
at TLSSocket.emit (events.js:400:28)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12)
[2022-07-29T01:39:16.377] [ERROR] nodeJS - error downloadFile:url=https://192.168.182.130/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.0VTdGtvy9jxLMNi9K8eOYIooFcVTFL3hKPx3iDhbRGE;attempt=3;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=conv_check_1488046828_docx)
Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
at TLSSocket.emit (events.js:400:28)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12)
[2022-07-29T01:39:28.617] [ERROR] nodeJS - error downloadFile:url=https://192.168.182.130/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.0VTdGtvy9jxLMNi9K8eOYIooFcVTFL3hKPx3iDhbRGE;attempt=1;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=conv_check_2063644578_docx)
Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
at TLSSocket.emit (events.js:400:28)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12)
[2022-07-29T01:39:29.621] [ERROR] nodeJS - error downloadFile:url=https://192.168.182.130/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.0VTdGtvy9jxLMNi9K8eOYIooFcVTFL3hKPx3iDhbRGE;attempt=2;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=conv_check_2063644578_docx)
Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
at TLSSocket.emit (events.js:400:28)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12)
[2022-07-29T01:39:30.628] [ERROR] nodeJS - error downloadFile:url=https://192.168.182.130/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.0VTdGtvy9jxLMNi9K8eOYIooFcVTFL3hKPx3iDhbRGE;attempt=3;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=conv_check_2063644578_docx)
Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
at TLSSocket.emit (events.js:400:28)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12)
[2022-07-29T01:40:53.719] [WARN] nodeJS - update cluster with 1 workers
[2022-07-29T01:53:25.418] [ERROR] nodeJS - error downloadFile:url=https://192.168.182.130/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.0VTdGtvy9jxLMNi9K8eOYIooFcVTFL3hKPx3iDhbRGE;attempt=1;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=conv_check_95109575_docx)
Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
at TLSSocket.emit (events.js:400:28)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12)
[2022-07-29T01:53:26.423] [ERROR] nodeJS - error downloadFile:url=https://192.168.182.130/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.0VTdGtvy9jxLMNi9K8eOYIooFcVTFL3hKPx3iDhbRGE;attempt=2;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=conv_check_95109575_docx)
Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
at TLSSocket.emit (events.js:400:28)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12)
[2022-07-29T01:53:27.427] [ERROR] nodeJS - error downloadFile:url=https://192.168.182.130/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.0VTdGtvy9jxLMNi9K8eOYIooFcVTFL3hKPx3iDhbRGE;attempt=3;code:DEPTH_ZERO_SELF_SIGNED_CERT;connect:undefined;(id=conv_check_95109575_docx)
Error: self signed certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1514:34)
at TLSSocket.emit (events.js:400:28)
at TLSSocket._finishInit (_tls_wrap.js:936:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:708:12)
root@a7c97fb93556:/var/log/onlyoffice/documentserver/converter# cd ..
root@a7c97fb93556:/var/log/onlyoffice/documentserver# ls
err.log
root@a7c97fb93556:/var/log/onlyoffice/documentserver/converter# exit
exit
使用centos8登录nextcloud,进行连接设置完成。而不能用宿主机。
类似资料: