大体架构是:前端 Nginx 卸载SSL后反代给 OnlyOffice,OnlyOffice 将监控信息喂给 statsd-exporter,Prometheus 从 statsd-exporter 拉取数据,最终用 Grafana 可视化展示。
先来 docker-compose.yml 配置如下,有一些注意修改的地方:
- 可以把一些onlyoffice插件挂进容器中 /var/www/onlyoffice/documentserver/sdkjs-plugins/ 目录下,启动时会自动加载。
- onlyoffice自带的中文字体少的可怜,一定要整理一些常用字体(特别是Windows/Office自带的字体),将ttf/otf字体文件挂进容器中 /usr/share/fonts/ 目录下,启动时会自动加载。
- onlyoffice的持久化配置挂进容器 /etc/onlyoffice/documentserver/local-production-linux.json,这样升级重启的时候配置才能保留下来;容器里面的配置文件改了也没用,重建就全丢了。
- JWT_SECRET 配置一个足够强的Token,和应用软件配置要一样。
services:
onlyoffice:
image: onlyoffice/documentserver-ee
container_name: onlyoffice
volumes:
- ./onlyoffice/logs:/var/log/onlyoffice
- ./onlyoffice/data:/var/www/onlyoffice/Data
- ./onlyoffice/lib:/var/lib/onlyoffice
- ./onlyoffice/db:/var/lib/postgresql
- ./onlyoffice/fonts/dejavu:/usr/share/fonts/dejavu
- ./onlyoffice/fonts/founder:/usr/share/fonts/founder
- ./onlyoffice/fonts/liberation:/usr/share/fonts/liberation
- ./onlyoffice/fonts/libertinus:/usr/share/fonts/libertinus
- ./onlyoffice/fonts/noto-cjk:/usr/share/fonts/noto-cjk
- ./onlyoffice/fonts/noto-emoji:/usr/share/fonts/noto-emoji
- ./onlyoffice/fonts/sarasa-gothic:/usr/share/fonts/sarasa-gothic
- ./onlyoffice/fonts/source-code-pro:/usr/share/fonts/source-code-pro
- ./onlyoffice/fonts/source-han-sans:/usr/share/fonts/source-han-sans
- ./onlyoffice/fonts/source-han-serif:/usr/share/fonts/source-han-serif
- ./onlyoffice/fonts/source-sans:/usr/share/fonts/source-sans
- ./onlyoffice/fonts/source-serif:/usr/share/fonts/source-serif
- ./onlyoffice/fonts/windows:/usr/share/fonts/windows
- ./onlyoffice/local-production-linux.json:/etc/onlyoffice/documentserver/local-production-linux.json
environment:
- TZ=Asia/Shanghai
- JWT_ENABLED=true
- JWT_SECRET=yaoge123
statsd-exporter:
image: prom/statsd-exporter
container_name: statsd-exporter
ports:
- 9102:9102
depends_on:
- onlyoffice
nginx:
image: nginx:alpine
container_name: nginx
ports:
- 80:80
- 443:443
volumes:
- ./nginx/conf.d/:/etc/nginx/conf.d/:ro
- ./nginx/ssl/:/etc/nginx/ssl/:ro
environment:
- TZ=Asia/Shanghai
nginx-exporter:
image: nginx/nginx-prometheus-exporter
container_name: nginx-prometheus-exporter
ports:
- 9113:9113
command:
- -nginx.scrape-uri
- http://nginx:8080/stub_status
depends_on:
- nginx
……在 local-production-linux.json 对 OnlyOffice 进行持久化配置,主要是三部分:
- 开启statsd监控推送,填写statsd-exporter的主机名和端口
- 开启自动保存
- 打开文件尺寸扩大至1GB(默认是100MB)
{
"statsd": {
"useMetrics": true,
"host": "statsd-exporter",
"port": "9125",
"prefix": "ds."
},
"services": {
"CoAuthoring": {
"autoAssembly": {
"enable": true,
"interval": "5m"
}
}
},
"FileConverter": {
"converter": {
"maxDownloadBytes": 1073741824,
"downloadAttemptMaxCount": 3
}
}
}
Nginx 配置反代卸载SSL
map $http_host $this_host {
"" $host;
default $http_host;
}
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $this_host;
}
map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}
server {
listen 80;
listen [::]:80;
server_name onlyoffice.nju.edu.cn;
rewrite ^ https://$http_host$request_uri? permanent;
server_tokens off;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name onlyoffice.nju.edu.cn;
server_tokens off;
include ssl/nju_edu_cn.conf;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://onlyoffice;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $the_host;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 8080;
listen [::]:8080;
server_name localhost;
location /stub_status {
stub_status on;
access_log off;
}
}
在 Consul 中注册 OnlyOffice 和 Nginx 的监控
[yaoge123 ~]$ curl -X PUT -d '{"id": "onlyoffice.nju.edu.cn_statsd-exporter","name": "statsd_exporter","address": "onlyoffice.nju.edu.cn","port": 9102,"tags": ["prometheus","vm"],"checks": [{"http": "http://onlyoffice.nju.edu.cn:9102/metrics","interval": "30s"}]}' http://consul:8500/v1/agent/service/register
[yaoge123 ~]$ curl -X PUT -d '{"id": "onlyoffice.nju.edu.cn_nginx-exporter","name": "nginx_exporter","address": "onlyoffice.nju.edu.cn","port": 9113,"tags": ["prometheus","vm"],"checks": [{"http": "http://onlyoffice.nju.edu.cn:9113/metrics","interval": "30s"}]}' http://consul:8500/v1/agent/service/register在Grafana中导入基于官方Dashboard的修改版
