官方原版 trilium
部署docker容器
- trilium docker配置文件
[ghost@instance-20210526-1514 trilium]$ cat docker-compose.yml
# Running `docker-compose up` will create/use the "trilium-data" directory in the user home
# # Run `TRILIUM_DATA_DIR=/path/of/your/choice docker-compose up` to set a different directory
version: '3.8'
services:
trilium:
container_name: "trilium"
image: zadam/trilium:0.63.7
restart: unless-stopped
environment:
- TRILIUM_DATA_DIR=/home/node/trilium-data
#ports:
# - "3000:8080"
volumes:
- /www/trilium/data:/home/node/trilium-data
privileged: true
networks: [ghost_net]
networks:
ghost_net:
external: true- trilium docker启动容器
[ghost@instance-20210526-1514 trilium]$ docker-compose up -d
[+] Building 0.0s (0/0)
[+] Running 1/1
✔ Container trilium Started nginx代理
- trilium nginx代理配置文件
[ghost@instance-20210526-1514 conf.d]$ cat trilium.conf
# redirect all http traffic to https
server {
listen 80;
server_name trilium.atibm.com;
# google adsense ads.txt
location /ads.txt {
alias /usr/share/nginx/html/trilium/ads.txt;
}
return 301 https://$host$request_uri;
}
# defined trilium.atibm.com 443
server {
listen 443 ssl;
server_name trilium.atibm.com;
ssl_certificate /etc/letsencrypt/ghost.atibm.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ghost.atibm.com/privkey.pem;
#ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/trilium-access.log main;
error_log /var/log/nginx/trilium-error.log warn;
location /ads.txt {
alias /usr/share/nginx/html/trilium/ads.txt;
}
location / {
proxy_pass http://trilium:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 10m;
client_body_buffer_size 128;
}
}
docker exec nginx nginx -s reload 重新加载反向代理配置SSL证书
略
域名解析
略
中文翻译版 trilium-cn
- 便于自己维护可以复用,所以中文版的目录也用的trilium,如果你部署两套,则需要一个不同的关键词
部署docker容器
- trilium-cn docker原始配置文件
[ghost@instance-20210526-1514 trilium]$ wget https://raw.githubusercontent.com/Nriver/trilium-translation/main/docker-compose.yml
--2024-06-12 00:53:51-- https://raw.githubusercontent.com/Nriver/trilium-translation/main/docker-compose.yml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.110.133, 185.199.111.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 639 [text/plain]
Saving to: ‘docker-compose.yml’
100%[=================================================================================================================>] 639 --.-K/s in 0s
2024-06-12 00:53:51 (42.9 MB/s) - ‘docker-compose.yml’ saved [639/639]- 稍作修改
[ghost@instance-20210526-1514 trilium]$ vi docker-compose.yml
[ghost@instance-20210526-1514 trilium]$ cat docker-compose.yml
version: '3'
services:
triliumc:
container_name: "trilium"
image: nriver/trilium-cn:latest #0.62.4
restart: unless-stopped
#ports:
# - "3001:8080"
volumes:
# 把官方版的 trilium-data 目录映射到容器内,两个版本共用一套数据
- ./data:/root/trilium-data
environment:
# 环境变量表示容器内笔记数据的存储路径
- TRILIUM_DATA_DIR=/root/trilium-data
networks: [ghost_net]
# 可选功能: 健康检查。需要启用的话,把下面的注释去掉
#healthcheck:
# test: ["CMD-SHELL", "curl --fail http://localhost:8080/api/health-check | jq -e '.status == "ok"' || exit 1"]
# interval: 30s
# timeout: 10s
# retries: 3
networks:
ghost_net:
external: truedocker映射目录权限解决
- trilium映射的data目录,文件权限是root的,导致ghost用户无法维护,针对这个目录提权
[ghost@instance-20210526-1514 ~]$ sudo setfacl -R -m u:ghost:rX /www/trilium/datanginx代理
- trilium-cn nginx代理配置文件
[ghost@instance-20210526-1514 trilium]$ cat /www/nginx/data/conf.d/trilium.conf
# redirect all http traffic to https
server {
listen 80;
server_name trilium.atibm.com;
# google adsense ads.txt
location /ads.txt {
alias /usr/share/nginx/html/trilium/ads.txt;
}
return 301 https://$host$request_uri;
}
# defined triliumcn.atibm.com 443
server {
listen 443 ssl;
server_name triliumcn.atibm.com;
ssl_certificate /etc/letsencrypt/live/ghost.atibm.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ghost.atibm.com/privkey.pem;
access_log /var/log/nginx/trilium-access.log;
error_log /var/log/nginx/trilium-error.log;
location /ads.txt {
alias /usr/share/nginx/html/trilium/ads.txt;
}
location / {
proxy_pass http://trilium:8080;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 10m;
client_body_buffer_size 128;
}
}- nginx容器创建参考 centos7+nginx+docker+ghost1.18.0部署手册
SSL证书
略
域名解析
略
访问排查
# 容器内访问
[ghost@instance-20210526-1514 triliumcn]$ docker exec -it nginx /bin/bash
root@9cb513e6401a:/# curl http://triliumcn:8080
# 宿主机访问 - localhost
[ghost@instance-20210526-1514 triliumcn]$ curl localhost:3001
# 宿主机访问 - 127
[ghost@instance-20210526-1514 triliumcn]$ curl 127.0.0.1:3001
# 公网访问 - http
[ghost@instance-20210526-1514 triliumcn]$ curl triliumcn.atibm.com 301跳转 (顺带把端口暴露去掉)
# 公网访问 - https
[ghost@instance-20210526-1514 triliumcn]$ curl https://triliumcn.atibm.com 成功