Woohoooooooooo I made it - across the board! Here is my working environment. I will summarize everything I know below for others to check. I don’t know if all set parameter/variable are necessary (made a remark when unsure).
Software used
As of today I use the latest
- UbuntuServer 18.04
- docker
- docker-compose
- nextcloud image for docker
- onlyoffice image for docker
- traefik 2.0 image for docker
Design/Goal
Nextcloud and Onlyoffice document server in seperate containers on the same host system. Make Nextcloud use Onlyoffice document server from the seperate container. I will not go into the detail of the problem as it is described above. In essence: get an CA certificate for onlyoffice.
Solution
Get the certificate: As for some reason onlyoffice cannot directly use letsencrypt certificates, which traefik is pulling (*.mydomain.com). I manually created a onlyoffice.pem
file from the traefik acme.json
file (to be found in the acme-folder in traefik container). Put it in the right folder in the onlyoffice container and ready you are.
docker-compose.yml sinppets (except for traefik)
nextcloud:
image: linuxserver/nextcloud
container_name: nextcloud
hostname: nextcloud
environment:
- PUID=$PUID8
- PGID=$PGID
- TZ=${TZ}
volumes:
- $USERDIR/nextcloud/config:/config
- $USERDIR/nextcloud/data:/data
- $USERDIR/Docs:/var/hda/files/Docs
- $USERDIR/Pictures:/var/hda/files/Pictures
- $USERDIR/Music:/var/hda/files/Music
networks:
- default
- t2_proxy
ports:
- $NEXTCLOUD_PORTS:443 #for LAN use only
depends_on:
- "mariadb"
labels:
- "traefik.enable=true"
## TCP Routers
- "traefik.tcp.routers.nextcloud-tcp.entrypoints=https"
- "traefik.tcp.routers.nextcloud-tcp.rule=HostSNI(`nextcloud.$DOMAINNAME`)"
- "traefik.tcp.routers.nextcloud-tcp.tls=true"
- "traefik.tcp.routers.nextcloud-tcp.tls.passthrough=true"
## TCP Services
- "traefik.tcp.routers.nextcloud-tcp.service=nextcloud-tcp-svc"
- "traefik.tcp.services.nextcloud-tcp-svc.loadbalancer.server.port=443"
restart: unless-stopped
.....
onlyoffice-documentserver:
container_name: onlyoffice-documentserver
image: onlyoffice/documentserver
environment:
- TZ=${TZ}
- FORCE_SSL=true
- CERT_FOLDER=/certs/
- /app/onlyoffice/DocumentServer/data/certs/onlyoffice.pem:/certs/cert1.pem
# Comment strings below to disable the JSON Web Token validation.
- JWT_ENABLED=true
- JWT_SECRET=${PW3}
- JWT_HEADER=Authorization
- JWT_IN_BODY=true
stdin_open: true
tty: true
networks:
- default
- t2_proxy
restart: always
volumes:
- $USERDIR/onlyoffice/data:/var/www/onlyoffice/Data/
- $USERDIR/onlyoffice/data/certs:/var/www/onlyoffice/Data/onlyoffice/documentserver
- $USERDIR/onlyoffice/log:/var/log/onlyoffice
- $USERDIR/onlyoffice/cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files
- $USERDIR/onlyoffice/example:/var/www/onlyoffice/documentserver-example/public/files
- $USERDIR/onlyoffice/fonts:/usr/share/fonts
labels:
- "traefik.enable=true"
## TCP Routers
- "traefik.tcp.routers.onlyoffice-tcp.entrypoints=https"
- "traefik.tcp.routers.onlyoffice-tcp.rule=HostSNI(`onlyoffice.$DOMAINNAME`)"
- "traefik.tcp.routers.onlyoffice-tcp.tls=true"
- "traefik.tcp.routers.onlyoffice-tcp.tls.passthrough=true"
## TCP Services
- "traefik.tcp.routers.onlyoffice-tcp.service=onlyoffice-tcp-svc"
- "traefik.tcp.services.onlyoffice-tcp-svc.loadbalancer.server.port=443"
With that you basically have the two containers working the right way. Now to the NC
config.php
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'datadirectory' => '/data',
'instanceid' => 'sensitive Data',
'passwordsalt' => 'sensitive Data',
'secret' => 'sensitive Data',
'trusted_domains' =>
array (
0 => 'XXX.XXX.XXX.XXX:YYYY',
1 => 'nextcloud.mydomain.com',
2 => 'onlyoffice.mydomain.com', #not sure if this line is needed
),
'overwrite.cli.url' => 'https://nextcloud.mydomain.com', #not sure if this line is needed
..... #non relevant content for this problem
);
Again thanks to everybody who is helping out with this stuff!