I have nextcloud and onlyoffice dockerized. Both on the same server and behind traefik (2.0) as reverse proxy.
Unfortunately, i cannot get onlyoffice to work via my domain. Yet I can make it accessible in my local network (http:). Again unfortunately, non-SSL connetion of apps are denied by nextcloud. So I created a certificate (selfsigned) and added it to onlyoffice. Again I get it working on https yet I have to add an exception to my browser as self-signed certs are not trusted.
Now when I want to connect to onlyoffice documentserver with onlyoffice app I get
> cURL error 60: SSL certificate problem: self signed certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html))
Is there a was to make nextcloud accept selfigned certs with a docker-compose command (I know there is sudo nextcloud.enable-https self-signed yet I couldn’t find a proper docker-compose command.
onlyoffice doesn’t accept the selfsigned cert from nextcloud. you have to set a env variable USE_UNAUTHORIZED_STORAGE=true in docker-compose file of onlyoffice.
Thanks for the hint! Yet, I have CA working for nextcloud - so presumably USE_UNOTHORIZED_STORAGE is not needed. The problem is on nextclouds side - as far as I can determine.
oh, I do not want to use tls at all! I just couldn’t figure out how to:
Use the 80 port with nextcloud - as nextcloud demands a SSL connection… If you can help with that I am all ears!!!
Since non-SSL is not allowed, I tried it with a selfsigned cert to use port 443. Which again - is not accepted by nextcloud.
So I got to the third option which isn’t working either: Use my default traefik 2.0 and letsencrypt setup to access onlyoffice-documentserver “from outside” (onlyoffice.mydomain.com) - getting a 504 timeout error every time I try to access it.
As you see I’ve come some way to get it working to no avail so far. If you can provide a solution to make the non-encrypted version working I would be delighted!
plain vanilla nextcloud? just ignore the warnings. but nextcloud doesn’t care about tls or not.
why do you want to do this? did you go through my config? nextcloud and onlyoffice are both behind the nginx webserver. both without tls on port 80. (because it’s docker internal traffic.)
if you want to disable traefik redirect from port 80 to 443 just remove the line that looks like this:
I first had to figure out what an Ansible is. While I am sure, this is a very helpful - for me right now not an option - too little time to learn new stuff with two little kiddies at home for the next two years…
Some additional research brought me one step closer to the solution from https://github.com/ONLYOFFICE/onlyoffice-nextcloud#known-issues check the last point. Follow the instructions on the last issue and tataaaaa. Nextcloud is willing to connect yet throws another errormessage at me:
Fehler beim AnschlieĂźen (Im Dokumentenservice ist ein Fehler aufgetreten: Error while downloading the document file to be converted.) (version 5.5)
Any ideas on that one?
Further info:
In the onlyoffice app on nextcloud I tried pointing documentserver to the local ssl port of nextcloud as well as the nexcloud.mydomain.com adress. Since at least the later one is signed with certs traefik gets via let’s encrypt. Hence this should not be an issue. Am I right?
My certs are issued to *.mydomain.com and not to every single subdomain - is that a problem for onlyoffice?
BTW: ONLYOFFICE_HTTPS_HSTS_ENABLED=false is set now in docker-compose.
I’ll keep looking and update the thread if I find something. If you can provide some insights I would very much appreciate it.
Update: I managed to get it working - a simple typo prevented proper working.
YET NEXT PROBLEM: When I want to edit a document it only works when I first add an exception to the browser for my documentserver, due to self signed certs. I can connect and change settings with any browser and from everywhere. Error message was: ONLYOFFICE not reachable. Contact admin
Hence, no one but myself can edit documents as one needs to be within my LAN to be able to access documentserver-IP and add that exception.
Any idea how to somehow mask the different containers for borwsers so that the browser assumes everything is coming form nextcloud?
Btw. I also tried to use the nextcloud internal document_community (server) app - with exactly the same error message. Of course after pointing the onlyoffice app to the internal server app…
Woohoooooooooo I made it - across the board! Here is my working environment. I will summarize everything I know below for others to check. I don’t know if all set parameter/variable are necessary (made a remark when unsure).
Software used
As of today I use the latest
UbuntuServer 18.04
docker
docker-compose
nextcloud image for docker
onlyoffice image for docker
traefik 2.0 image for docker
Design/Goal
Nextcloud and Onlyoffice document server in seperate containers on the same host system. Make Nextcloud use Onlyoffice document server from the seperate container. I will not go into the detail of the problem as it is described above. In essence: get an CA certificate for onlyoffice.
Solution Get the certificate: As for some reason onlyoffice cannot directly use letsencrypt certificates, which traefik is pulling (*.mydomain.com). I manually created a onlyoffice.pem file from the traefik acme.json file (to be found in the acme-folder in traefik container). Put it in the right folder in the onlyoffice container and ready you are.
@akrea Hello, I’ve encountered the same need. I managed to make onlyoffice works with another way, but that’s not the subject I bring back.
I’m trying to setup nextcloud, I had the exact same traefik labels as you. My issue is that I Nextcloud is proving the self-signed certificate and my browser is complaining about that. Due to passthrough=true, the LE certificate managed by traefik is not used.
Did you have the same issue and managed to solve it?