Hello,
I am trying to add a container for load balancing with a stack using traefik.
I have already make the two coaniners collabora working, but as said in the documentation: « it is vital to ensure that all users editing the same document end up being served by the same Collabora Office instance. ».
This my problem, my containers works, but sometimes the document can be edited not with the same server !
here is my docker-compose
version: '2.4'
services:
nextcloud:
image: numericoop/nc_full:25.0.4-apache
# container_name: nextcloud
# cpu_count: 10
# mem_limit: 10g
# mem_reservation: 2g
# links:
# - pgsql:pgsql
restart: always
volumes:
- ${VOLUMES_PATH}/${NAME_SERVICE}-${NAME_ENV}_html:/var/www/html
- ${VOLUMES_PATH}/${NAME_SERVICE}-${NAME_ENV}_data:/var/www/data
# - ${VOLUMES_PATH}/config/config.php:/var/www/html/config/config.php
# - /media/snp-tmp_Numcld-Habicoop/nuage.numericloud.eu_data/_data/:/var/www/data
depends_on:
- redis
- pgsql
labels:
- traefik.enable=true
- traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}.entrypoints=https
- traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}.rule=Host(`${NEXTCLOUD_DOMAIN}`)
- traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}.tls.certresolver=letsencrypt
- traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}.tls=true
- traefik.docker.network=proxy
- traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}.middlewares=${NAME_SERVICE}-${NAME_ENV}_redir,${NAME_SERVICE}-${NAME_ENV}_ssl
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_redir.redirectregex.permanent=true
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_redir.redirectregex.regex=https://(.*)/.well-known/(?:card|cal)dav
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_redir.redirectregex.replacement=https://$$1/remote.php/dav/
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.customFrameOptionsValue=SAMEORIGIN
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.framedeny=true
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.contentTypeNosniff=true
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.forceSTSHeader=true
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.stsPreload=true
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.stsSeconds=315360000
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.stsIncludeSubdomains=true
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.sslProxyHeaders.X-Forwarded-Proto=https
- traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_ssl.headers.sslredirect=true
environment:
- REDIS_HOST=redis
- REDIS_HOST_PASSWORD=${REDIS_HOST_PASSWORD}
- TRUSTED_PROXIES=${TRUSTED_PROXIES}
- OVERWRITEPROTOCOL=${OVERWRITEPROTOCOL}
- OVERWRITECLIURL=${OVERWRITECLIURL}
networks:
- proxy
- db
redis:
image: redis:latest
restart: always
command: >
--requirepass ${REDIS_HOST_PASSWORD}
networks:
- db
pgsql:
image: postgres:14
restart: always
# container_name: db
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- ${VOLUMES_PATH}/${NAME_SERVICE}-${NAME_ENV}_pg_data:/var/lib/postgresql/data
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
labels:
- "traefik.enable=true"
- "traefik.tcp.routers.${NAME_SERVICE}-${NAME_ENV}_pg.tls=true"
- "traefik.tcp.routers.${NAME_SERVICE}-${NAME_ENV}_pg.rule=HostSNI(`pgsql.localhost`)"
- "traefik.tcp.routers.${NAME_SERVICE}-${NAME_ENV}_pg.service=${NAME_SERVICE}-${NAME_ENV}_pg"
- "traefik.tcp.services.${NAME_SERVICE}-${NAME_ENV}_pg.loadbalancer.server.port=5432"
networks:
- db
security_opt:
- no-new-privileges:true
collabora:
image: editt.numericloud/code:v20230213
networks:
- proxy
cap_add:
- SYS_ADMIN
ports:
- "9993:9980"
cpu_count: 1
cpus: 0.500
mem_limit: 2.2g
mem_reservation: 2g
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- aliasgroup1=https://${NEXTCLOUD_DOMAIN}:443
- server_name=https://${COLLABORA_SERVER_NAME}
- username=${COLLABORA_USERNAME}
- password=${COLLABORA_PASSWORD}
- "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
- PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- LC_CTYPE=en_US.UTF-8
restart: unless-stopped
command: bash start-collabora-online.sh
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
# Redirection http -> https
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code-httpredir.rule=Host(`${COLLABORA_DOMAIN}`)"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code-httpredir.entrypoints=http"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code-httpredir.middlewares=${NAME_SERVICE}-${NAME_ENV}_code-https-redirect,${NAME_SERVICE}-${NAME_ENV}_code-header"
- "traefik.http.services.${NAME_SERVICE}-${NAME_ENV}_code.loadbalancer.server.port=9980"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.stsSeconds=15552000"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.stsPreload=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
# configuration https avec le backend
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.rule=Host(`${COLLABORA_DOMAIN}`)"
# - "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.service=collabora-${NAME_SERVICE}-${NAME_ENV}"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.entrypoints=https"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.tls=true"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.tls.certresolver=letsencrypt"
collabora2:
image: editt.numericloud/code:v20230213
networks:
- proxy
cap_add:
- SYS_ADMIN
ports:
- "9994:9980"
cpu_count: 1
cpus: 0.500
mem_limit: 2.2g
mem_reservation: 2g
volumes:
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- aliasgroup1=https://${NEXTCLOUD_DOMAIN}:443
- server_name=https://${COLLABORA_SERVER_NAME}
- username=${COLLABORA_USERNAME}
- password=${COLLABORA_PASSWORD}
- "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
- PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- LC_CTYPE=en_US.UTF-8
restart: unless-stopped
command: bash start-collabora-online.sh
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
# Redirection http -> https
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code-httpredir.rule=Host(`${COLLABORA_DOMAIN}`)"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code-httpredir.entrypoints=http"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code-httpredir.middlewares=${NAME_SERVICE}-${NAME_ENV}_code-https-redirect,${NAME_SERVICE}-${NAME_ENV}_code-header"
- "traefik.http.services.${NAME_SERVICE}-${NAME_ENV}_code.loadbalancer.server.port=9980"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.stsSeconds=15552000"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.forceSTSHeader=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.stsPreload=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.${NAME_SERVICE}-${NAME_ENV}_code-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
# configuration https avec le backend
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.rule=Host(`${COLLABORA_DOMAIN}`)"
# - "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.service=collabora2-${NAME_SERVICE}-${NAME_ENV}"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.entrypoints=https"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.tls=true"
- "traefik.http.routers.${NAME_SERVICE}-${NAME_ENV}_code.tls.certresolver=letsencrypt"
networks:
db:
proxy:
external:
name: proxy
In taefik I could see the loadbalancer
numericloud-dev_code@docker with
http://172.18.0.18:9980
http://172.18.0.17:9980
I have made few test with two users on nextcloud, sometime the file is not edited with the same server…
How can I fix this ? In the documentation they show an exemple with HAProxy Proxy settings — SDK https://sdk.collaboraonline.com/ documentation
Do I need add a container with HAProxy ? Is there a rule to add ? in coolwsd.xml perhaps ?
Could someone help me ?