I’m really stuck now. I’m going to email support@onlyoffice.com and see if I can get some advice from the source.
I found a list of environment variables in the readme.md here: https://github.com/ONLYOFFICE/Docker-DocumentServer However I couldn’t get any of them to work in an --env-file. If I put anything in the env-file it would fail to run the webserver in the docker container.
I experimented with different settings, but this is the farthest I can get right now. I’m just going to dump my current configs here.
sudo docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 --sysctl net.ipv6.conf.default.disable_ipv6=1 -i -t -d -p 8443:443 --restart=always --add-host=cloud.chillstice.com:127.0.0.1 -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver
<VirtualHost *:80>
ServerName office.chillstice.com
ServerAlias www.office.chillstice.com
DocumentRoot /var/www/office/public_html
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin chris@chillstice.com
ServerName office.chillstice.com
ServerAlias www.office.chillstice.com
DocumentRoot /var/www/office/public_html
<Directory "/var/www/office/public_html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/office.chillstice.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/office.chillstice.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
#SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
#SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
#SSLCompression off
#SSLHonorCipherOrder on
SSLProxyEngine on
#SSLProxyVerify none
SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off
ProxyPassMatch (.*)(/websocket)$ "ws://127.0.0.1:8443/$1$2"
ProxyPass / "https://127.0.0.1:8443/"
ProxyPassReverse / "https://127.0.0.1:8443/"
ProxyPassReverseCookieDomain https://127.0.0.1:8443 https://office.chillstice.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Let me take a step back a minute
Describe your setup to me
Is Apache and this docker image all running on the same machine?
What exactly is running on this docker image – nextcloud and onlyoffice?
Is cloud.chillstice.com a FQDN - fully qualified domain name? – seems like it is if I do an nslookup.
What mods have you enabled for apache (apachectl -M)?
Going on some assumptions right now that everything is on the same machine, I make the following changes:
In you docker run statement:
–add-host=cloud.chillstice.com:127.0.0.1 — are you sure this shouldn’t be: --add-host=cloud.chillstice.com?
In your Virtual host file in Section <443>
Put back in the following:
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-
SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-
AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE
-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLOptions +StrictRequire
<IfModule mod_headers.c>
# HSTS (mod_headers is required) (15768000 seconds = 6 months)
Header always set Strict-Transport-Security "max-age=15552000; inclu
deSubDomains"
</IfModule>
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
For now we are going to terminate all SSL connections at the proxy – we can enable SSL proxy later when things are working so (The following are all proxy directives):
#SSLProxyEngine on
#SSLProxyVerify none
#SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off
And then since we are terminating the SSL at the proxy, we can change the following (something seems weird about these proxy statements to me – you sure the documentation you are pulling these from is correct? What documentation are you looking at for help with installation?:
I don’t think you need to modify anything in your config.php. I’d just put it back how it was.
I have no idea about these statements – something tells me for testing purposes I would make first line false to turn off HTTPS but I’m not sure. Really depends on documentation.
I tried --add-host=cloud.chillstice.com and it literally doesn’t run without the ip.
I tried your suggested changes for the Apache config and get this error:
[ssl:error] [pid 31859] [remote 127.0.0.1:8443] AH01961: SSL Proxy requested for office.chillstice.com:443 but not enabled [Hint: SSLProxyEngine]
[proxy:error] [pid 31859] AH00961: HTTPS: failed to enable ssl support for 127.0.0.1:8443 (127.0.0.1)
I literally got the ProxyPass lines from op in this thread and I got the environment variables from the github repo I posted.
I’m not sure I can help you exactly with this problem since I don’t specifically have OnlyOffice installed. I would surmise however there has to be better documentation than the sources you have referenced.
Yea I looked over some of the documentation – specifically I needed to search onlyoffice server since the link you gave me wasn’t entirely that great. It seems many of the things you are doing are concordant with the documentation, however you’re definitely changing things and such. I can see this getting into a hot mess real quick since I had a lot of problems initially with setting up my Collabora docker image — which is actually a lot less steps than what you’re trying to do – and that drove me nuts. Without actually setting up openoffice myself and painfully trying to debug all the steps involved it would be very difficult for me to help you – my goodness you potentially have a database, redis server, mail server, etc.
I got a quick little reply on my ticket to support@onlyoffice.com and they asked for my license file or proof of purchase? Excuse me?!?! It’s FOSS on github???
Thanks for your tuto ! Works perfectly for me with letsencrypt. I just didn’t have to create the myoffice-le-ssl.conf. I added the ssl configuration in myoffice.conf.
I don’t know if someone is running this kind of configuration on Debian Buster (10) but docker have some issue with this version. After a reboot, your docker service doesn’t start. Debian Buster works with nftables, and when you look in the journalctl, you see that docker try to modify iptables configuration causing docker service to don’t start.
To prevent this issue, you have to tell to docker daemon to don’t try to do any iptables modification. For this, you have to :
sudo mkdir -p /etc/systemd/system/docker.service.d
sudo vi /etc/systemd/system/docker.service.d/no-iptables.conf
And put this config inside :
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --iptables=false
After this, do a reload of daemon :
systemctl daemon-reload
Then restart docker. You should see docker running.
“Error when trying to connect (Will not follow more than 5 redirects)”
I keep getting this error when I put my server name in the Document Editing Service address in Nextcloud admin.
I can’t include “ProxyPassMatch (.*)(/websocket)$ “ws://127.0.0.1:81/$1$2”” or "ProxyPass / “http://127.0.0.1:81/” in myoffice-le-ssl.conf because apache2 server will not restart. I am lost and could use some help. Please let me know if you need more info.
mhbot, I’ve decided to cut and run on trying to use the same server for nextcloud and onlyoffice. I have a 2nd server now and I will install onlyoffice on it’s own server. I like the idea of using one server but I don’t have the experience to solve the problems I encountered. Thank you for your help.
mhhbot, Thank you very much for responding and your help. I got a second server and installed OO document server on it using docker. I’m still a complete noob when it comes to applications and linux, but I am learning. I have Nextcloud up and running and am able to use OO in nextcloud. Thanks again for taking your time to respond.
I followed the first post from Nemskiller for onlyoffice installation with docker on the same host as nextcloud(running on host). Everything is working until i try to connect nextcloud with onlyoffice. I’m using Let’s Encrypt for both “nextcloud.mydomain.com” and “ooffice.mydomain.com” with apache webserver.
The following error I get from “docker logs onlyoffice”:
[ERROR] nodeJS - error
downloadFile:url=https://nextcloud.mydomain.com/index.php/apps/onlyoffice/empty?
doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.hluEzYdoJVVmP8F-
TsIwznxzY7T8UF0LzCVgYtXtKeU;attempt=3;code:SELF_SIGNED_CERT_IN_CHAIN;connect:null;
(id=conv_check_138253076_docx)
Error: self signed certificate in certificate chain
at TLSSocket.<anonymous> (_tls_wrap.js:1116:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:643:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:473:38)
Hello @sidr and other users, thank you very much @Nemskiller for your tuto I tried to follow it as close as possible, but never managed to make it working on NC19 and Apache, with similar issues as the ones mentioned above If @sidr or others have finally managed it, I’d be interested to know! And for information, I posted and discussed a lot with the OO team here, without success either: https://dev.onlyoffice.org/viewtopic.php?f=53&t=24615&start=20
Thanks!
If