# pwgen
pwgen -s 20產生20字符的密碼
Month: December 2025
-
密碼產生器
-
Nextcloud + Onlyoffice deploy by using yml
最近一段時間密集使用 Docker 佈署各種應用服務,一開始其實沒有特別留意系統資源的使用狀況。直到某一天,突然發現主機前方的系統運作指示燈幾乎沒有熄滅過,心裡只覺得怪怪的。打開系統監控工具一看,才發現事情大條了 —— RAM 幾乎被吃光。
檢查後發現,原來「資源消耗怪獸」是:
Nextcloud + OnlyOffice(Community Server + Document Server + Elasticsearch)+ MySQL
光是完成佈署、系統閒置、甚至還沒做任何壓力測試,記憶體使用量就已經輕鬆突破 10GB。
「好吧,那就買 RAM 來改善把~~~」
一查價格,我的老天鵝啊~~~~~ 今年 2 月才剛組了一台新電腦,同樣品牌、同樣型號。 32GB RAM,當時大約 NT$2,800。現在再查看一次價格 —— 接近3倍旳 NT$9,900。
回想幾個星期前,曾在某個平台(一時想不起來是哪裡)聽到有人提到:
由於 AI 需求動能強勁,記憶體(RAM)價格正在快速上漲,且漲勢仍在持續。
當時心裡還想:「能漲到什麼程度?」
現在才發現自己真的是天真了。目前先將佈署流程與設定完整記錄下來,才不會以後忘記佈署的細節。接下來打算利用現有的 2 台電腦,練習如何將不同的 service 佈署在不同的 server 上協同運作,分散 RAM 與 I/O 的資源消耗。
Bash Script × 2, dirCREATOR / initSQL
Docker Compose(yml)× 1
.env x1dirCREATOR
負責根據docker-compose.yml中定義的 volume 結構,自動建立所有必要的資料夾與目錄階層。initSQL
剛開始佈署,在這卡了很久。 Docker Compose 初始啟動時,SQL 初始化存在 bug,如果沒有先將SQL初始化搞定,會一直卡關。佈署流程
dirCREATOR
↓
initSQL
↓
docker compose up -d
dirCREATOR
#!/usr/bin/env bash # Base data directory relative to the script location BASE_DIR="./data" echo "Creating directory structure for Nextcloud + OnlyOffice ( community + document + elacticsearch ) + MySQL" # Format: "path:owner_uid:group_gid:permissions" DIRS=( "$BASE_DIR/nextcloud_data:33:33:750" "$BASE_DIR/mysql/conf.d:0:0:755" "$BASE_DIR/mysql/docker-entrypoint-initdb.d:0:0:755" "$BASE_DIR/mysql_data:999:999:750" "$BASE_DIR/community_data:0:0:755" "$BASE_DIR/community_log:0:0:755" "$BASE_DIR/community_letsencrypt:0:0:755" "$BASE_DIR/document_data:0:0:755" "$BASE_DIR/document_log:0:0:755" "$BASE_DIR/document_forgotten:0:0:755" "$BASE_DIR/document_fonts:0:0:755" "$BASE_DIR/certs:0:0:755" "$BASE_DIR/es_data:1000:1000:775" "$BASE_DIR/mail_data:0:0:755" "$BASE_DIR/mail_certs:0:0:755" "$BASE_DIR/mail_log:0:0:755" "$BASE_DIR/controlpanel_data:0:0:755" "$BASE_DIR/controlpanel_log:0:0:755" ) if [ "$EUID" -ne 0 ]; then echo "Please run as root (use sudo)" exit 1 fi for entry in "${DIRS[@]}"; do IFS=':' read -r path uid gid perm <<< "$entry" echo "Processing: $path" mkdir -p "$path" chown "$uid:$gid" "$path" chmod "$perm" "$path" done echo "Directory setup complete."
initSQL
#!/usr/bin/env bash # --- ONLYOFFICE & NEXTCLOUD MySQL Configuration Creator --- set -e # --- 1. Define Paths and Credentials --- BASE_DIR="./data/mysql" CONF_DIR="${BASE_DIR}/conf.d" INIT_DB_DIR="${BASE_DIR}/docker-entrypoint-initdb.d" CONF_FILE="${CONF_DIR}/onlyoffice.cnf" INIT_SQL_FILE="${INIT_DB_DIR}/init.sql" # Credentials OO_USER="onlyoffice" OO_PASS="adjust to your pass" MAIL_USER="onlyoffice_mail" MAIL_PASS="adjust to your pass" # Nextcloud Credentials NC_DB="nextcloud" NC_USER="onlyoffice" NC_PASS="adjust to your pass" # --- 2. Ensure Directories Exist --- echo "Ensuring configuration directories exist..." mkdir -p "$CONF_DIR" mkdir -p "$INIT_DB_DIR" # --- 3. Write MySQL Configuration --- echo "Writing MySQL configuration to ${CONF_FILE}..." cat << 'EOF' > "$CONF_FILE" [mysqld] sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES max_allowed_packet=256M innodb_buffer_pool_size=1G innodb_log_file_size=256M innodb_flush_log_at_trx_commit=2 character-set-server=utf8mb4 collation-server=utf8mb4_unicode_ci binlog_format=ROW EOF # --- 4. Write Database Initialization Script --- echo "Writing database user initialization script to ${INIT_SQL_FILE}..." cat << EOF > "$INIT_SQL_FILE" -- 1. Create Databases CREATE DATABASE IF NOT EXISTS onlyoffice CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; CREATE DATABASE IF NOT EXISTS onlyoffice_mailserver CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; CREATE DATABASE IF NOT EXISTS ${NC_DB} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; -- 2. Create Users CREATE USER IF NOT EXISTS '${OO_USER}'@'%' IDENTIFIED WITH mysql_native_password BY '${OO_PASS}'; CREATE USER IF NOT EXISTS '${MAIL_USER}'@'%' IDENTIFIED WITH mysql_native_password BY '${MAIL_PASS}'; -- 3. Grant Privileges GRANT ALL PRIVILEGES ON onlyoffice.* TO '${OO_USER}'@'%'; GRANT ALL PRIVILEGES ON onlyoffice_mailserver.* TO '${MAIL_USER}'@'%'; GRANT ALL PRIVILEGES ON ${NC_DB}.* TO '${OO_USER}'@'%'; -- 4. Finalize FLUSH PRIVILEGES; -- Set to Taipei time (+08:00) SET GLOBAL time_zone = '+08:00'; EOF echo "Initial scripts created successfully."
.env
# ----------------------------- # SYSTEM # ----------------------------- TZ=Asia/Taipei MYSQL_ROOT_PASSWORD="adjust to your pass" # ----------------------------- # DATABASE # ----------------------------- MYSQL_SERVER_HOST=onlyoffice-mysql-server MYSQL_SERVER_USER=onlyoffice MYSQL_SERVER_PASS="adjust to your pass" MYSQL_SERVER_DB_NAME=onlyoffice # ----------------------------- # MAIL # ----------------------------- MAIL_SERVER_HOSTNAME="adjust to your hostname" MAIL_DB_NAME=onlyoffice_mailserver MAIL_DB_USER=onlyoffice_mail MAIL_DB_PASS="adjust to your pass" # ----------------------------- # SMTP RELAY # ----------------------------- MAIL_RELAY_HOST="adjust to your hostname" MAIL_RELAY_PORT=587 MAIL_RELAY_USER="adjust to your email" MAIL_RELAY_PASSWD="adjust to your pass" # ----------------------------- # SECURITY (UNIQUE FOR GERARDCHEN INSTANCE) # ----------------------------- JWT_SECRET="adjust to your secret" DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt ONLYOFFICE_CORE_MACHINEKEY="adjust to your key" # ----------------------------- # NEXTCLOUD # ----------------------------- NEXTCLOUD_DB_PASSWORD="adjust to your pass" # ----------------------------- # DOMAINS # ----------------------------- CLOUD_DOMAIN="adjust to your url" OFFICE_DOMAIN="adjust to your url" DOCUMENT_DOMAIN="adjust to your url"
docker-compose.yml
services:
# --- REDIS ---
redis:
image: redis:alpine
container_name: onlyoffice-redis
restart: always
networks:
- onlyoffice
# --- MYSQL SERVER ---
mysql-server:
container_name: onlyoffice-mysql-server
image: mysql:8.0.29
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- TZ=${TZ}
networks:
- onlyoffice
restart: always
volumes:
- ./data/mysql/conf.d:/etc/mysql/conf.d
- ./data/mysql/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
- ./data/mysql_data:/var/lib/mysql
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${MYSQL_ROOT_PASSWORD}"]
interval: 10s
timeout: 5s
retries: 10
start_period: 30s
# --- NEXTCLOUD ---
nextcloud:
image: nextcloud:latest
container_name: nextcloud
restart: always
depends_on:
mysql-server:
condition: service_healthy
redis:
condition: service_started
ports:
- "port:80"
environment:
- MYSQL_HOST=onlyoffice-mysql-server
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=${MYSQL_SERVER_USER}
- MYSQL_PASSWORD=${MYSQL_SERVER_PASS}
- NEXTCLOUD_TRUSTED_DOMAINS=${CLOUD_DOMAIN} domain.local 127.0.0.1
- REDIS_HOST=redis
- OVERWRITEPROTOCOL=https
- OVERWRITEHOST=${CLOUD_DOMAIN}
- TZ=${TZ}
volumes:
- ./data/nextcloud_data:/var/www/html
- /mnt/path to your physical harddisk:/path to your physical harddisk
- /mnt/path to your physical harddisk:/mnt/path to your physical harddisk
- /mnt/path to your physical harddisk:/mnt/path to your physical harddisk
- /mnt/path to your physical harddisk:/mnt/path to your physical harddisk:
- onlyoffice
# --- DOCUMENT SERVER ---
onlyoffice-document-server:
container_name: onlyoffice-document-server
image: onlyoffice/documentserver:8.1
restart: always
environment:
- JWT_ENABLED=true
- JWT_SECRET=${JWT_SECRET}
- JWT_HEADER=${DOCUMENT_SERVER_JWT_HEADER}
- TZ=${TZ}
- REDIS_SERVER_HOST=redis
networks:
- onlyoffice
ports:
- 'port:80'
volumes:
- ./data/document_data:/var/www/onlyoffice/Data
- ./data/document_log:/var/log/office
- ./data/document_fonts:/usr/share/fonts/truetype/custom
- ./data/document_forgotten:/var/lib/onlyoffice/documentserver/App_Data/cache/files/forgotten
# --- ONLYOFFICE COMMUNITY SERVER ---
onlyoffice-community-server:
container_name: onlyoffice-community-server
image: onlyoffice/communityserver:12.6.0.1900
depends_on:
mysql-server:
condition: service_healthy
onlyoffice-document-server:
condition: service_started
redis:
condition: service_started
environment:
- ONLYOFFICE_CORE_MACHINEKEY=${ONLYOFFICE_CORE_MACHINEKEY}
- TZ=${TZ}
- REDIS_SERVER_HOST=redis
- DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server
- DOCUMENT_SERVER_PORT_80_TCP_PROTO=http
- DOCUMENT_SERVER_URL_PUBLIC=https://${DOCUMENT_DOMAIN}/
- DOCUMENT_SERVER_URL_INTERNAL=http://onlyoffice-document-server/
- DOCUMENT_SERVER_JWT_ENABLED=true
- DOCUMENT_SERVER_JWT_SECRET=${JWT_SECRET}
- DOCUMENT_SERVER_JWT_HEADER=${DOCUMENT_SERVER_JWT_HEADER}
- MYSQL_SERVER_HOST=onlyoffice-mysql-server
- MYSQL_SERVER_DB_NAME=${MYSQL_SERVER_DB_NAME}
- MYSQL_SERVER_USER=${MYSQL_SERVER_USER}
- MYSQL_SERVER_PASS=${MYSQL_SERVER_PASS}
networks:
- onlyoffice
ports:
- 'port:80'
privileged: true
cgroup: host
restart: always
volumes:
- ./data/community_data:/var/www/onlyoffice/Data
- ./data/community_log:/var/log/onlyoffice
- ./data/community_ds_data:/var/www/onlyoffice/DocumentServerData
- /sys/fs/cgroup:/sys/fs/cgroup:rw
- ./data/certs:/var/www/onlyoffice/Data/certs
# --- ELASTICSEARCH ---
onlyoffice-elasticsearch:
image: onlyoffice/elasticsearch:7.16.3
container_name: onlyoffice-elasticsearch
restart: always
environment:
- discovery.type=single-node
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1g -Xmx1g"
networks:
- onlyoffice
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./data/es_data:/usr/share/elasticsearch/data
# --- MAIL SERVER ---
onlyoffice-mail-server:
container_name: onlyoffice-mail-server
image: onlyoffice/mailserver:1.6.75
depends_on:
mysql-server:
condition: service_healthy
hostname: ${MAIL_SERVER_HOSTNAME}
environment:
- MYSQL_SERVER=onlyoffice-mysql-server
- MYSQL_SERVER_PORT=3306
- MYSQL_ROOT_USER=${MAIL_DB_USER}
- MYSQL_ROOT_PASSWD=${MAIL_DB_PASS}
- MYSQL_SERVER_DB_NAME=${MAIL_DB_NAME}
- TZ=${TZ}
- MAIL_RELAY_HOST=${MAIL_RELAY_HOST}
- MAIL_RELAY_PORT=${MAIL_RELAY_PORT}
- MAIL_RELAY_USER=${MAIL_RELAY_USER}
- MAIL_RELAY_PASSWD=${MAIL_RELAY_PASSWD}
networks:
- onlyoffice
restart: always
privileged: true
volumes:
- ./data/mail_data:/var/vmail
- ./data/mail_certs:/etc/pki/tls/mailserver
- ./data/mail_log:/var/log
# --- CONTROL PANEL ---
onlyoffice-control-panel:
container_name: onlyoffice-control-panel
image: onlyoffice/controlpanel:3.5.2.530
depends_on:
- onlyoffice-document-server
- onlyoffice-mail-server
- onlyoffice-community-server
environment:
- ONLYOFFICE_CORE_MACHINEKEY=${ONLYOFFICE_CORE_MACHINEKEY}
- TZ=${TZ}
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data/controlpanel_data:/var/www/onlyoffice/Data
- ./data/controlpanel_log:/var/log/onlyoffice
networks:
- onlyoffice
networks:
onlyoffice:
driver: 'bridge'