Can`t connect ONLYOFFICE from Nextcloud in docker


#1

Nextcloud version---------------------Docker pull nextcloud
Operating system and version-----Debian GNU/Linux 9 (stretch)
Web server------------------------------Caddy in docker
Docker version-------------------------18.06.0-ce

Hi,
I am tring to connect OnlyOffice from Nextcloud.Both OnlyOffice and Nextcloud are running in docker.

I am using portainer and running OnlyOffice with selecting interactive mode and TTY (-i -t) and using HTTPS.Now everything is running well.But I just can`t connect OnlyOffice from the nextcloud.The note said

Error when trying to connect (Bad Request or timeout error)

I am 100% sure both the containers are in one docker network.And in the OnlyOffice container the nginx is running well.

Because I am running other sites on the server,so I am running a Caddy docker as proxy.So there are 4 containers running and they are all in the same network.

Container Note
Caddy docker As proxy
Nextcloud Full version with Apache inside
Mysql Database
Onlyoffice Fulle version with everthing inside

The Caddyfile looks like this:

[nextcloud.url.me]
{
    gzip
    proxy / 172.17.0.4:80 {
        websocket
        transparent
    }
}

As the Onlyoffice container\s IP is 172.17.0.6,so I enter https://172.17.0.6 in the Onlyoffice settings,but that does not work.

The OnlyOffice container ENV details are here.

Name Value
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
LANG en_US.UTF-8
LANGUAGE en_US:en
LC_ALL en_US.UTF-8
DEBIAN_FRONTEND noninteractive
ONLYOFFICE_HTTPS_HSTS_ENABLED true
SSL_CERTIFICATE_PATH /var/www/onlyoffice/Data/certs/onlyoffice.crt
SSL_KEY_PATH /var/www/onlyoffice/Data/certs/onlyoffice.key
SSL_DHPARAM_PATH /var/www/onlyoffice/Data/certs/dhparam.pem

The log in Nextcloud is here.

Log
Error onlyoffice HealthcheckRequest on check error: Bad Request or timeout error
Error PHP file_get_contents(https://172.17.0.6/healthcheck): failed to open stream: operation failed at /var/www/html/custom_apps/onlyoffice/lib/documentservice.php#381
Error PHP file_get_contents(): Failed to enable crypto at /var/www/html/custom_apps/onlyoffice/lib/documentservice.php#381
Error PHP file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /var/www/html/custom_apps/onlyoffice/lib/documentservice.php#381

I have tried to fix this issue but failed.Can somebody help me?


#2

Have fixed it by myself.


#3

So, I struggled for a very long time to get ONLYOFFICE to work. So, I want to put here what I did.

Assumptions:

  1. Nextcloud 13.0.*
  2. Had a working Collabora docker installed
  3. Using apache2 reverse proxy to connect to ONLYOFFICE docker container
  4. You’ve installed postgresql at some point in time

How to install:
NOTE: There is a lot of info, and a lot of it is noise and not simple to understand.

  1. Install the docker container
    sudo docker pull onlyoffice/documentserver
  2. Create these directories
    sudo mkdir -p /var/log/onlyoffice
    sudo mkdir -p /var/lib/onlyoffice
  3. Start ONLYOFFICE container
    sudo docker run -i -t -d --restart=always -p 127.0.0.1:9981:80 -p 127.0.0.1:9982:443 -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver
  4. Make your onlyoffice.conf file
    `

< IfModule mod_ssl.c >

ServerTokens Prod
SSLStaplingCache "shmcb:${APACHE_LOG_DIR}/stapling-cache(150000)"
SSLSessionCache "shmcb:${APACHE_LOG_DIR}/ssl_scache(512000)"
SSLSessionCacheTimeout 300

<VirtualHost *:443>

Basic Info

ServerName ds.server.name
ServerAdmin support@ds.server.name
ErrorLog ${APACHE_LOG_DIR}/ds.server.name.error.log
CustomLog ${APACHE_LOG_DIR}/ds.server.name.access.log combined

SSL Info

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/ds.server.name/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ds.server.name/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Security Hardening

SSLProxyEngine On
AddDefaultCharset utf-8
HostnameLookups Off
UseCanonicalName Off
ProxyBadHeader Ignore
KeepAlive Off
ProxyPreserveHost On
ProxyRequests Off
ProxyTimeout 600
ProxyReceiveBufferSize 4096
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
SSLProtocol All -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder On
#Header always set Strict-Transport-Security "max-age=11536000;
#Header set X-Content-Type-Options "nosniff"
#RequestHeader unset Accept-Encoding

Magic stuff from: https://github.com/ONLYOFFICE/document-server-proxy/blob/master/apache/proxy-https-to-http.conf

SetEnvIf Host "^(.*)$" THE_HOST=$1
RequestHeader setifempty X-Forwarded-Proto https
RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
ProxyAddHeaders Off

If you used a different port, be sure to change 9981

ProxyPassMatch (.*)(\/websocket)$ "ws://127.0.0.1:9981/$1$2"
ProxyPass / "http://127.0.0.1:9981/"
ProxyPassReverse / "http://127.0.0.1:9981/"

Since ONLYOFFICE is not SSL (using 9981->80)

SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

< /VirtualHost>
< /IfModule>`

  1. If you have access to a browser from the local machine, type
    ` http://127.0.0.1:9981/

  2. Should get
    2018-09-13_13-54-47

  3. Add your ds domain to Nextcloud i.e. ds.server.name
    2018-09-13_13-51-48

  4. Should be good to go!
    onof1