官方原版 trilium
部署docker容器
- trilium docker配置文件
[ghost@instance-20210526-1514 trilium]$ cat docker-compose.yml
# Running `docker-compose up` will create/use the "trilium-data" directory in the user home
# # Run `TRILIUM_DATA_DIR=/path/of/your/choice docker-compose up` to set a different directory
version: '3.8'
services:
trilium:
container_name: "trilium"
image: zadam/trilium:0.63.7
restart: unless-stopped
environment:
- TRILIUM_DATA_DIR=/home/node/trilium-data
#ports:
# - "3000:8080"
volumes:
- /www/trilium/data:/home/node/trilium-data
privileged: true
networks: [ghost_net]
networks:
ghost_net:
external: true- trilium docker启动容器
[ghost@instance-20210526-1514 trilium]$ docker-compose up -d
[+] Building 0.0s (0/0)
[+] Running 1/1
✔ Container trilium Started nginx代理
- trilium nginx代理配置文件
[ghost@instance-20210526-1514 conf.d]$ cat trilium.conf
# redirect all http traffic to https
server {
listen 80;
server_name trilium.atibm.com;
# google adsense ads.txt
location /ads.txt {
alias /usr/share/nginx/html/trilium/ads.txt;
}
return 301 https://$host$request_uri;
}
# defined trilium.atibm.com 443
server {
listen 443 ssl;
server_name trilium.atibm.com;
ssl_certificate /etc/letsencrypt/ghost.atibm.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ghost.atibm.com/privkey.pem;
#ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/trilium-access.log main;
error_log /var/log/nginx/trilium-error.log warn;
location /ads.txt {
alias /usr/share/nginx/html/trilium/ads.txt;
}
location / {
proxy_pass http://trilium:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 10m;
client_body_buffer_size 128;
}
}
docker exec nginx nginx -s reload 重新加载反向代理配置SSL证书
略
域名解析
略
中文翻译版 trilium-cn
- 便于自己维护可以复用,所以中文版的目录也用的trilium,如果你部署两套,则需要一个不同的关键词
部署docker容器
- trilium-cn docker原始配置文件
[ghost@instance-20210526-1514 trilium]$ wget https://raw.githubusercontent.com/Nriver/trilium-translation/main/docker-compose.yml
--2024-06-12 00:53:51-- https://raw.githubusercontent.com/Nriver/trilium-translation/main/docker-compose.yml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.110.133, 185.199.111.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 639 [text/plain]
Saving to: ‘docker-compose.yml’
100%[=================================================================================================================>] 639 --.-K/s in 0s
2024-06-12 00:53:51 (42.9 MB/s) - ‘docker-compose.yml’ saved [639/639]- 稍作修改
[ghost@instance-20210526-1514 trilium]$ vi docker-compose.yml
[ghost@instance-20210526-1514 trilium]$ cat docker-compose.yml
version: '3'
services:
triliumc:
container_name: "trilium"
image: nriver/trilium-cn:latest #0.62.4
restart: unless-stopped
#ports:
# - "3001:8080"
volumes:
# 把官方版的 trilium-data 目录映射到容器内,两个版本共用一套数据
- ./data:/root/trilium-data
environment:
# 环境变量表示容器内笔记数据的存储路径
- TRILIUM_DATA_DIR=/root/trilium-data
networks: [ghost_net]
# 可选功能: 健康检查。需要启用的话,把下面的注释去掉
#healthcheck:
# test: ["CMD-SHELL", "curl --fail http://localhost:8080/api/health-check | jq -e '.status == "ok"' || exit 1"]
# interval: 30s
# timeout: 10s
# retries: 3
networks:
ghost_net:
external: true性能优化版
services: triliumc: container_name: "trilium" image: nriver/trilium-cn:latest restart: unless-stopped volumes: - ./data:/root/trilium-data environment: - TRILIUM_DATA_DIR=/root/trilium-data networks: [ghost_net] # --- 优化建议 --- deploy: resources: limits: memory: 400M # 给高频工具留足 400M,确保搜索笔记不卡顿 # 可选功能: 健康检查。需要启用的话,把下面的注释去掉 #healthcheck: # test: ["CMD-SHELL", "curl --fail http://localhost:8080/api/health-check | jq -e '.status == "ok"' || exit 1"] # interval: 60s # timeout: 10s # retries: 3 networks: ghost_net: external: true
docker映射目录权限
- trilium映射的data目录,文件权限是root的,导致ghost用户无法维护,针对这个目录提权
[ghost@instance-20210526-1514 ~]$ sudo setfacl -R -m u:ghost:rX /www/trilium/datanginx代理
- trilium-cn nginx代理配置文件
[ghost@instance-20210526-1514 trilium]$ cat /www/nginx/data/conf.d/trilium.conf
# 80 端口:验证 + 跳转
server {
listen 80;
server_name trilium.atibm.com;
# Certbot 证书验证路径 (建议保留,方便续签)
location ^~ /.well-known/acme-challenge/ {
root /usr/share/nginx/html;
}
# 其他全部跳转
location / {
return 301 https://$host$request_uri;
}
}
# 443 端口:Trilium 主服务
server {
listen 443 ssl;
http2 on; # 针对你的 1.29.4 版本开启 H2
server_name trilium.atibm.com;
ssl_certificate /etc/letsencrypt/live/ghost.atibm.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ghost.atibm.com/privkey.pem;
# 日志路径
access_log /var/log/nginx/trilium-access.log main;
error_log /var/log/nginx/trilium-error.log warn;
# 静态文件 (Ads/Robots)
location /ads.txt { alias /usr/share/nginx/html/trilium/ads.txt; }
location /robots.txt { alias /usr/share/nginx/html/trilium/robots.txt; }
# Trilium 反向代理核心配置
location / {
proxy_pass http://trilium:8080; # 确保 Docker 网络内能通过 trilium 这个 hostname 访问
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 核心:WebSocket 支持
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 针对笔记同步的优化
proxy_buffering off;
proxy_request_buffering off; # 建议也关闭请求缓冲,大附件上传更直接
client_max_body_size 100m; # 允许上传 100MB 以内的笔记附件
# 超时控制
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
}
}
- nginx容器创建参考 ghost博客部署手册
SSL证书
略
域名解析
略
访问排查
# 容器内访问
[ghost@instance-20210526-1514 triliumcn]$ docker exec -it nginx /bin/bash
root@9cb513e6401a:/# curl http://triliumcn:8080
# 宿主机访问 - localhost
[ghost@instance-20210526-1514 triliumcn]$ curl localhost:3001
# 宿主机访问 - 127
[ghost@instance-20210526-1514 triliumcn]$ curl 127.0.0.1:3001
# 公网访问 - http
[ghost@instance-20210526-1514 triliumcn]$ curl triliumcn.atibm.com 301跳转 (顺带把端口暴露去掉)
# 公网访问 - https
[ghost@instance-20210526-1514 triliumcn]$ curl https://triliumcn.atibm.com 成功oracle vps
更换公网IP
- 操作入口:oracle vps管理后台 → 实例列表 → 实例详情页:左侧底部resources > 附加的 VNIC -> VNIC列表:实例名称 → VNIC详情页:左侧底部资源 > IPv4地址:列表项的菜单点击编辑 → 【编辑专用IP地址页面】
- 更换临时公共IP操作
- 选择没有公共IP>更新:则取消已有ip的分配
- 再次选择临时公共IP>更新:重新分配一个新IP
- 更换预留公共IP操作
- 删除已有的公共IP:在根菜单>网络>预留的公共IPv4地址列表删除
- 选择预留公共IP,设置名称,更新:获得一个新预留公共IP
- IP测试
- name更新dns解析
- 开代理访问云笔记
- IP测速:tool.chinaz.com/speedtest/trilium.atibm.com
- 国际测速
- 国内测速
- 访问云笔记
- name更新dns解析