前言
禅道集成OnlyOffice时,为了避免跨域问题(虽然OnlyOffice已经做好跨域),需要将OnlyOffice的地址引入到和禅道同一域名下。
使用的是禅道的官方docker镜像:hub.zentao.net/app/zentao:latest ,其hash值为: sha256:4c0d2bc36dbee2433e9a01348298fd4dff3c15f5afb3a5cf83dd1f1d1fa99071
以这个镜像为基础:
由于官方镜像中的httpd没有反向代理的模块,所以需要先编译httpd的模块。
任务列表如下:
- 编译httpd-2.4.62
- 将编译好的httpd模块替换容器中的module目录
- 修改禅道镜像httpd配置文件
- 测试
任务开始
1. 编译httpd
编译使用的环境,直接用禅道的docker镜像来进行编译,这样避免环境兼容问题。禅道的docker用的是debain。我们可以使用Dockerfile来准备编译环境,也可以用禅道镜像启动一个容器,在容器里直接操作。
这里选择在容器里直接操作。
启动容器:
docker run -it zentao_test bash
【容器内】安装编译环境
禅道的镜像,已经将apt源改为了腾讯的镜像,所以直接进行安装。
更新apt缓存
apt update
安装编译工具和依赖包
apt install build-essential zlib1g-dev libncurses5-dev \
libgdbm-dev libnss3-dev libssl-dev libreadline-dev \
libffi-dev libapr1 libaprutil1 libapr1-dev libaprutil1-dev
【容器内】下载并编译httpd
由于httpd的2.4.62已经是旧版本,所以要从archive.apache.org下载源码包
wget https://archive.apache.org/dist/httpd/httpd-2.4.62.tar.gz
解压
tar zxf httpd-2.4.62.tar.gz
进入到httpd-2.4.62源码目录,进行配置、编译、安装
./configure --prefix=/opt/zbox/run/apache --enable-so --enable-modules="all"
make -j
make install
httpd编译成功
2. 替换容器的httpd模块
【宿主机】导出httpd模块
在宿主机上执行如下命令
docker cp zentao_test:/opt/zbox/run/apache/modules ./apache_modules
【宿主机】修改禅道docker-compose.yml
加入如下volumes映射
services:
zentao:
volumes:
- ./apache_modules:/opt/zbox/run/apache/modules
3. 修改httpd.conf.tpl文件
【宿主机】导出配置文件模板
docker cp zentao_test:/opt/zbox/etc/apache/httpd.conf.tpl ./apache/
【宿主机】修改配置文件模板
完整内容如下
# httpd.conf
ServerRoot "/opt/zbox/run/apache"
PidFile /opt/zbox/tmp/apache/httpd.pid
DocumentRoot "{{DOCUMENT_ROOT}}"
Listen {{APP_DEFAULT_PORT}}
User nobody
Group nogroup
ServerAdmin zentao@localhost.net
ServerName localhost
EnableMMAP off
EnableSendfile off
TypesConfig /opt/zbox/etc/apache/mime.types
# performance settings.
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 10
UseCanonicalName Off
HostnameLookups Off
# security.
ServerTokens Prod
ServerSignature Off
# deflat.
AddType image/x-icon .ico
AddType image/gif .gif
AddType image/jpeg .jpg .jpeg
AddType image/png .png
AddType application/javascript .js
DeflateCompressionLevel 9
AddOutputFilterByType DEFLATE text/html text/css application/javascript
# modules.
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule alias_module modules/mod_alias.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule filter_module modules/mod_filter.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_express_module modules/mod_proxy_express.so
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
SSLSessionCache "shmcb:/opt/zbox/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
# php module.
{{#if PHP_VERSION_8}}
LoadModule php_module modules/libphp.so
<IfModule php_module>
DirectoryIndex index.html default.php index.php
AddHandler application/x-httpd-php .php
</IfModule>
{{else}}
LoadModule php7_module modules/libphp.so
<IfModule php7_module>
DirectoryIndex index.html default.php index.php
AddHandler application/x-httpd-php .php
</IfModule>
{{/if}}
AddType application/x-httpd-php .php .php3 .php4
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
SetHandler application/x-httpd-php-source
Require all denied
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(ar|p|ps|tml)$">
Require all denied
</FilesMatch>
<Files ".zt*">
Require all denied
</Files>
<Files ".ht*">
Require all denied
</Files>
# directory settings.
DirectoryIndex index.html index.htm index.php
# logs
ErrorLog "/dev/stderr"
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog "/dev/stdout" combined
<Directory "/apps/zentao/www">
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
{{#if ZT_WEB_ROOT}}
Alias {{ZT_WEB_ROOT}} "/apps/zentao/www"
{{/if}}
<VirtualHost *:{{APP_DEFAULT_PORT}}>
ServerAdmin zentao@local.net
DocumentRoot "{{DOCUMENT_ROOT}}"
ServerName localhost
<Directory />
AllowOverride all
Require all granted
</Directory>
# setting for admin
Alias /adminer "{{DOCUMENT_ROOT}}/dbview"
{{#if ZT_WEB_ROOT}}
Alias {{ZT_WEB_ROOT}}/adminer "{{DOCUMENT_ROOT}}/dbview"
{{/if}}
<Directory "{{DOCUMENT_ROOT}}/dbview">
DirectoryIndex index.php
<Files "index.php">
SetHandler application/x-httpd-php
</Files>
</Directory>
<DirectoryMatch "{{DOCUMENT_ROOT}}/dbview/.+/.*">
<FilesMatch ".+\.ph(p[3457]?|t|tml)$">
SetHandler text/plain
</FilesMatch>
</DirectoryMatch>
Define ONLYOFFICE_VPATH /onlyoffice-service
Define DS_ADDRESS 192.168.1.88:1234
<Location ${ONLYOFFICE_VPATH}>
Require all granted
SetEnvIf Host "^(.*)$" THE_HOST=$1
RequestHeader setifempty X-Forwarded-Proto http
RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
RequestHeader edit X-Forwarded-Host (.*) $1${ONLYOFFICE_VPATH}
ProxyAddHeaders Off
</Location>
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^\${ONLYOFFICE_VPATH}/?(.*) "ws://${DS_ADDRESS}/$1" [P,L]
ProxyPass ${ONLYOFFICE_VPATH} "http://${DS_ADDRESS}"
ProxyPassReverse ${ONLYOFFICE_VPATH} "http://${DS_ADDRESS}"
ErrorLog "/dev/stderr"
CustomLog "/dev/stdout" combined
</VirtualHost>
TraceEnable off
【宿主机】修改禅道docker-compose.yml
加入如下volumes映射
services:
zentao:
volumes:
- ./apache/httpd.conf.tpl:/opt/zbox/etc/apache/httpd.conf.tpl
4. 测试
打开浏览器,访问禅道地址:http://zentaohost/onlyoffice-service/
浏览器会自动跳转到:http://zentaohost/onlyoffice-service/welcome/
测试成功
附录
docker-compose.yaml中完整的禅道配置
servers:
zentao:
image: hub.zentao.net/app/zentao
container_name: zentao1
ports:
- 8089:80
environment:
- TZ=Area/Shanghai
- MYSQL_INTERNAL=false
- ZT_MYSQL_HOST=192.168.1.88
- ZT_MYSQL_PORT=3336
- ZT_MYSQL_USER=root
- ZT_MYSQL_PASSWORD=12345678
- ZT_MYSQL_DB=zentao
- GIT_TYPE=gitea
- GIT_DOMAIN=http://192.168.1.88:3000
- GIT_USERNAME=gitea
- GIT_PASSWORD=gitea
- GIT_PROTOCOL=http
- IS_CONTAINER=true
- PHP_UPLOAD_MAX_FILESIZE=512M
- PHP_POST_MAX_SIZE=512M
- ZT_DEBUG=1
volumes:
- ./zentao/data:/data
- ./src/zentao:/apps/zentao
- ./apache_modules:/opt/zbox/run/apache/modules
- ./apache/httpd.conf.tpl:/opt/zbox/etc/apache/httpd.conf.tpl
restart: always
privileged: true
