📚 Digital Library
Trilium 部署及配置
使用教程#
安装#
应用使用教程#
https://docs.triliumnotes.org/user-guide/
共享页面配置#
https://docs.triliumnotes.org/user-guide/
Docker 部署#
使用 Docker compose 或在安装了1panel面板安装
项目地址: https://github.com/TriliumNext/Trilium
docker-compose.yml
# Running `docker-compose up` will create/use the "trilium-data" directory in the user home
# Run `TRILIUM_DATA_DIR=/path/of/your/choice docker-compose up` to set a different directory
# To run in the background, use `docker-compose up -d`
services:
trilium:
# Optionally, replace `latest` with a version tag like `v0.90.3`
# Using `latest` may cause unintended updates to the container
image: triliumnext/trilium:latest
# Restart the container unless it was stopped by the user
restart: unless-stopped
environment:
- TRILIUM_DATA_DIR=/home/node/trilium-data
ports:
# By default, Trilium will be available at http://localhost:8080
# It will also be accessible at http://<host-ip>:8080
# You might want to limit this with something like Docker Networks, reverse proxies, or firewall rules,
# however be aware that using UFW is known to not work with default Docker installations, see:
# https://docs.docker.com/engine/network/packet-filtering-firewalls/#docker-and-ufw
- '8080:8080'
volumes:
# Unless TRILIUM_DATA_DIR is set, the data will be stored in the "trilium-data" directory in the home directory.
# This can also be changed with by replacing the line below with `- /path/of/your/choice:/home/node/trilium-data
- ${TRILIUM_DATA_DIR:-~/trilium-data}:/home/node/trilium-data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro如需更多配置变量请参考: https://docs.triliumnotes.org/user-guide/advanced-usage/configuration
二进制安装#
创建trilium用户#
在 Linux 上新建一个专用用户 trilium(无登录权限、仅运行服务)可以用下面命令:
mkdir -p /var/lib/triliumsudo useradd -r -s /usr/sbin/nologin -d /var/lib/trilium trilium解释:
| 参数 | 含义 |
|---|---|
-r | 创建系统用户(UID < 1000,通常用于服务) |
-s /usr/sbin/nologin | 禁止登录系统,只能运行服务 |
-d /var/lib/trilium | 设置 home 目录为 /var/lib/trilium(即数据目录) |
trilium | 用户名 |
然后给该用户拥有 Trilium 数据目录权限:
sudo chown -R trilium:trilium /var/lib/trilium
sudo chown -R trilium:trilium /opt/trilium这样 systemd 启动 Trilium 服务时就用 trilium 用户运行,符合 Linux 服务最佳实践。
✅ **你的 trilium.service 分析**#
[Unit]
Description=Trilium Daemon
After=syslog.target network.target✔ 可以正常工作
✔ Trilium 需要网络,After=network.target 足够
建议:如果你用 systemd-networkd 或较严格的网络依赖,可以改成:
After=network-online.target
Wants=network-online.target[Service]
User=trilium
Group=trilium✔ 正确
Trilium 运行用户使用最小权限用户,这是标准且安全的做法。
Type=simple
ExecStart=/opt/trilium/trilium.sh
WorkingDirectory=/opt/trilium/✔ 正确
但 建议改为绝对路径版本的 Node 启动脚本(官方推荐),例如:
ExecStart=/opt/trilium/trilium.sh是 OK 的,只要脚本内部路径正确。
Environment="TRILIUM_GENERAL_INSTANCENAME=GuiZhuo"
Environment="TRILIUM_GENERAL_NOBACKUP=true"
Environment="TRILIUM_PORT=4567"
Environment="TRILIUM_DATA_DIR=/var/lib/trilium"✔ 全部正确
✔ TRILIUM_DATA_DIR=/var/lib/trilium 最佳实践路径正确
✔ 禁用内置 backup(你自己外部备份)✔
如果你未来准备用 反向代理 + 子路径:
可以加:
Environment="TRILIUM_PATH=trilium"TimeoutStopSec=20
Restart=always✔ 正确
但是可以优化稳定性:
RestartSec=5避免瞬间狂重启。
[Install]
WantedBy=multi-user.target✔ 正确
⭐ **最终确认:你的写法是可以的**#
可以直接启用:
tar xvJf ***.tar.xz #解压下载的应用包,重命名到/opt/trilium
sudo systemctl daemon-reload
sudo systemctl enable --now trilium
sudo systemctl status trilium📌 **推荐你采用的增强版 trilium.service**#
如果你愿意,我建议你把 service 替换为 最佳实践增强版:
/etc/systemd/system/trilium.service
[Unit]
Description=Trilium Notes Service
After=network-online.target
Wants=network-online.target
[Service]
User=trilium
Group=trilium
Type=simple
WorkingDirectory=/opt/trilium
ExecStart=/opt/trilium/trilium.sh
Environment="TRILIUM_GENERAL_INSTANCENAME=GuiZhuo"
Environment="TRILIUM_GENERAL_NOBACKUP=true"
Environment="TRILIUM_PORT=4567"
Environment="TRILIUM_DATA_DIR=/var/lib/trilium"
Restart=always
RestartSec=5
TimeoutStopSec=20
[Install]
WantedBy=multi-user.target相比你的版本:
| 项 | 你的版本 | 优化版 |
|---|---|---|
| 网络依赖 | network.target | network-online.target ✔ |
| Restart 频率 | 默认 | 更安全,增加 RestartSec |
| 结构清晰度 | ✔ | ✔✔最佳 |
分享反代配置#
server {
listen 443 ssl http2;
server_name docs.isrv.cn;
ssl_certificate /www/sites/docs.isrv.cn/ssl/fullchain.pem;
ssl_certificate_key /www/sites/docs.isrv.cn/ssl/privkey.pem;
# -----------------------
# 首页
# -----------------------
location = / {
proxy_pass http://127.0.0.1:10001/share/library;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port 443;
proxy_buffering off;
}
# -----------------------
# Share 主路径
# -----------------------
location / {
proxy_pass http://127.0.0.1:10001/share/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port 443;
proxy_buffering off;
}
# -----------------------
# 字体专用修复(移动端关键)
# -----------------------
location ~* \.(woff|woff2|ttf|eot|otf)$ {
proxy_pass http://127.0.0.1:10001;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port 443;
add_header Access-Control-Allow-Origin * always;
types {
font/woff woff;
font/woff2 woff2;
}
}
# -----------------------
# 安全优化
# -----------------------
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header Referrer-Policy strict-origin-when-cross-origin always;
}
群晖部署记录#
/etc/systemd/system/trilium.service
[Unit]
Description=Trilium Notes Server
After=network.target
[Service]
Type=simple
User=ding
#WorkingDirectory=/volume1/docker/triliumnext/trilium
#ExecStart=/volume1/docker/triliumnext/trilium/trilium.sh
WorkingDirectory=/volume1/docker/data_root/opt/trilium
ExecStart=/volume1/docker/data_root/opt/trilium/trilium.sh
Environment="TRILIUM_GENERAL_INSTANCENAME=GuiZhuo"
Environment="TRILIUM_GENERAL_NOAUTHENTICATION=true"
Environment="TRILIUM_GENERAL_NOBACKUP=true"
Environment="TRILIUM_PORT=7000"
#Environment="TRILIUM_DATA_DIR=/var/lib/trilium"
# 以下的变量不再使用,直接修改用户配置
# ExecStart=/usr/bin/env TRILIUM_BIND=0.0.0.0 TRILIUM_PORT=8077 /volume1/docker/triliumnext/trilium-linux-x64-server/trilium.sh
# 自定义端口等配置修改 ~/trilium-data/config.ini
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target因 TRILIUM_DATA_DIR 变量注释,数据目录在用户家目录:
| 数据目录: | /var/services/homes/ding/trilium-data |
|---|
配置用于同步主服务器数据,当容灾备份。