I’m really struggling trying to get a onlyoffice docker container setup behind a traefik reverse proxy. It’s likely I’m doing something really wrong with the configuration but it seems like I’m close. If someone could take a look at this it would be great. The traefik dashboard is reachable and it would seem the routing is correct but I cant reach the onlyoffice back end
Here is my docker-compose.yml file:
version: '3.7'
networks:
net:
name: net
driver: bridge
ipam:
config:
- subnet: 10.50.0.0/24
secrets:
CF_DNS_API_TOKEN_secret:
file: /etc/docker/compose/office.gohilton.com/CF_DNS_API_TOKEN.secret
CF_ZONE_API_TOKEN_secret:
file: /etc/docker/compose/office.gohilton.com/CF_ZONE_API_TOKEN.secret
services:
onlyoffice-document-server:
container_name: onlyoffice-document-server
image: onlyoffice/documentserver:latest
stdin_open: true
tty: true
restart: unless-stopped
networks:
- net
labels:
- com.centurylinklabs.watchtower.enable=false
- "traefik.enable=true"
- "traefik.docker.network=net"
- "traefik.http.routers.onlyoffice.entrypoints=web,websecure"
- "traefik.http.routers.onlyoffice.rule=Host(`onlyoffice.domain.com`)"
- "traefik.http.routers.onlyoffice.tls=true"
- "traefik.http.routers.onlyoffice.tls.options=intermediate@file"
- "traefik.http.routers.onlyoffice.tls.certresolver=le"
- "traefik.http.routers.onlyoffice.tls.domains[0].main=onlyoffice.domain.com"
- "traefik.http.routers.onlyoffice.tls.domains[0].sans=onlyoffice.domain.com"
- "traefik.http.services.onlyoffice.loadbalancer.server.port=80"
- "traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers"
- "traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.onlyoffice-headers.headers.accessControlAllowOrigin=*"
volumes:
- /var/log/onlyoffice:/var/log/onlyoffice
environment:
- TZ=America/Chicago
- ONLYOFFICE_HTTPS_HSTS_ENABLED=false
- JWT_ENABLED=true
- JWT_SECRET=<super secret>
- JWT_HEADER=Authorization
traefik:
build:
context: .
dockerfile: Dockerfile
container_name: traefik
hostname: traefik
restart: unless-stopped
secrets:
- CF_DNS_API_TOKEN_secret
- CF_ZONE_API_TOKEN_secret
networks:
- net
ports:
- 80:80
- 443:443
- 8082:8082
- 3000:3000
labels:
- "traefik.enable=true"
- "traefik.docker.network=net"
- "traefik.http.routers.dashboard.rule=Host(`office.domain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.options=modern@file"
- "traefik.http.routers.dashboard.tls.certresolver=le"
- "traefik.http.routers.dashboard.tls.domains[0].main=office.domain.com"
- "traefik.http.routers.dashboard.tls.domains[0].sans=office.domain.com"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=admin:<pass>
- "traefik.http.routers.dashboard.entrypoints=web,websecure"
environment:
- TZ
- CLOUDFLARE_EMAIL
- CF_DNS_API_TOKEN_FILE=/run/secrets/CF_DNS_API_TOKEN_secret
- CF_ZONE_API_TOKEN_FILE=/run/secrets/CF_ZONE_API_TOKEN_secret
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/traefik:/etc/traefik:ro
- /etc/letsencrypt/certificates:/etc/letsencrypt
My static config is traefik.yml and is shown below:
entryPoints:
web:
address: :80
forwardedHeaders:
insecure: true
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
forwardedHeaders:
insecure: true
metrics:
address: :8082
ping:
address: :3000
certificatesResolvers:
le:
acme:
email: xxx@gmail.com
#Staging Server
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
#Production Server
#caServer: https://acme-v02.api.letsencrypt.org/directory
storage: /etc/letsencrypt/acme.json
keyType: 'EC384'
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 0
resolvers:
- "1.1.1.1:53"
- "9.9.9.9:53"
serversTransport:
insecureSkipVerify: false
rootCAs:
- /etc/ssl/certs/ca-certificates.crt
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedbydefault: false
watch: true
network: net
file:
# Dynamic Configuration file is contained in the following directory
directory: /etc/traefik/dynamic
watch: true
api:
# insecure: true
debug: true
dashboard: true
log:
level: DEBUG
ping:
entryPoint: ping
metrics:
prometheus:
buckets: [0.1, 0.3, 1.2, 5.0]
addEntryPointsLabels: true
addServicesLabels: true
entryPoint: metrics
And finally I do have a dynamic configuration file with the /etc/traefik/dynamic directory known as dynamic_conf.yml
http:
routers:
office.domain.com:
rule: "Host(`office.domain.com`)"
entryPoints:
- web
- websecure
middlewares:
- mw_compress_headers
service:
- sv_proxy_pass_office.com
tls:
options: modern@file
certResolver: le
domains:
- main: office.domain.com
middlewares:
mw_compress_headers:
compress: {}
services:
sv_proxy_pass_office.com:
loadBalancer:
servers:
- url: https://office.domain.com
passHostHeader: true
tls:
options:
default:
minVersion: VersionTLS12
sniStrict: true
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
intermediate:
minVersion: VersionTLS12
sniStrict: true
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
modern:
minVersion: VersionTLS13
sniStrict: true
So with the above in place I start the stack with: sudo docker-compose up -d
Onlyoffice takes awhile to spin up but here are the logs which are pretty consise:
* Starting PostgreSQL 12 database server [ OK ]
* Starting RabbitMQ Messaging Server rabbitmq-server [ OK ]
Starting supervisor: supervisord.
* Starting periodic command scheduler cron [ OK ]
* Starting nginx nginx [ OK ]
Generating AllFonts.js, please wait...Done
Generating presentation themes, please wait...Done
ds:docservice: stopped
ds:docservice: started
ds:converter: stopped
ds:converter: started
* Reloading nginx configuration nginx [ OK ]
==> /var/log/onlyoffice/documentserver/converter/err.log <==
==> /var/log/onlyoffice/documentserver/converter/out.log <==
[2020-12-04T23:46:42.011] [WARN] nodeJS - update cluster with 1 workers
[2020-12-04T23:47:21.952] [WARN] nodeJS - update cluster with 1 workers
[2020-12-04T23:47:21.960] [WARN] nodeJS - worker 1081 started.
[2020-12-04T23:47:21.963] [WARN] nodeJS - update cluster with 1 workers
[2020-12-05T00:07:27.522] [WARN] nodeJS - update cluster with 1 workers
[2020-12-05T00:07:27.568] [WARN] nodeJS - worker 958 started.
[2020-12-05T00:07:27.571] [WARN] nodeJS - update cluster with 1 workers
[2020-12-05T00:09:53.036] [WARN] nodeJS - update cluster with 1 workers
[2020-12-05T00:09:53.046] [WARN] nodeJS - worker 1154 started.
[2020-12-05T00:09:53.061] [WARN] nodeJS - update cluster with 1 workers
==> /var/log/onlyoffice/documentserver/docservice/err.log <==
==> /var/log/onlyoffice/documentserver/docservice/out.log <==
[2020-12-04T23:46:43.221] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode
[2020-12-04T23:47:20.558] [WARN] nodeJS - Express server starting...
[2020-12-04T23:47:20.565] [WARN] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2020-12-04T23:47:20.618] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode
[2020-12-05T00:07:45.158] [WARN] nodeJS - Express server starting...
[2020-12-05T00:07:45.184] [WARN] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2020-12-05T00:07:45.721] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode
[2020-12-05T00:10:07.980] [WARN] nodeJS - Express server starting...
[2020-12-05T00:10:07.983] [WARN] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2020-12-05T00:10:08.215] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode
==> /var/log/onlyoffice/documentserver/metrics/err.log <==
==> /var/log/onlyoffice/documentserver/metrics/out.log <==
counter_rates:
{ 'statsd.bad_lines_seen': 0,
'statsd.packets_received': 0,
'statsd.metrics_received': 0 },
sets: {},
pctThreshold: [ 90 ] }
4 Dec 23:46:42 - [908] reading config file: ./config/config.js
4 Dec 23:46:42 - server is up INFO
5 Dec 00:07:26 - [890] reading config file: ./config/config.js
5 Dec 00:07:26 - server is up INFO
==> /var/log/onlyoffice/documentserver/nginx.error.log <==
2020/12/04 17:25:41 [error] 5700#5700: *394 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_461105993_docx/output.docx" failed (2: No such file or directory), client: 172.18.0.1, server: , request: "GET /cache/files/conv_check_461105993_docx/output.docx/check_461105993.docx?md5=M_BPY2M2q-CxIK35qIHHRg&expires=1607103642&disposition=attachment&filename=check_461105993.docx HTTP/1.1", host: "localhost:8080"
2020/12/04 17:25:47 [error] 5700#5700: *395 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_1149805838_docx/output.docx" failed (2: No such file or directory), client: 172.18.0.1, server: , request: "GET /cache/files/conv_check_1149805838_docx/output.docx/check_1149805838.docx?md5=QMg9uNGP4ddoSS-gTA_7lg&expires=1607103648&disposition=attachment&filename=check_1149805838.docx HTTP/1.1", host: "localhost:8080"
2020/12/04 17:25:51 [error] 5700#5700: *396 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_707425322_docx/output.docx" failed (2: No such file or directory), client: 172.18.0.1, server: , request: "GET /cache/files/conv_check_707425322_docx/output.docx/check_707425322.docx?md5=dAZR87SF9aJEV4E02FMV4A&expires=1607103652&disposition=attachment&filename=check_707425322.docx HTTP/1.1", host: "localhost:8080"
2020/12/04 17:26:02 [error] 5700#5700: *397 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_363846733_docx/output.docx" failed (2: No such file or directory), client: 172.18.0.1, server: , request: "GET /cache/files/conv_check_363846733_docx/output.docx/check_363846733.docx?md5=l_6VjYTGjKmh6xyDeLGRww&expires=1607103663&disposition=attachment&filename=check_363846733.docx HTTP/1.1", host: "localhost:8080"
2020/12/04 17:26:06 [error] 5700#5700: *398 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_1567219813_docx/output.docx" failed (2: No such file or directory), client: 172.18.0.1, server: , request: "GET /cache/files/conv_check_1567219813_docx/output.docx/check_1567219813.docx?md5=CYUcXX1hcTWXGwCVJcQMRg&expires=1607103667&disposition=attachment&filename=check_1567219813.docx HTTP/1.1", host: "localhost:8080"
2020/12/04 17:26:29 [error] 5700#5700: *399 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_1179148116_docx/output.docx" failed (2: No such file or directory), client: 172.18.0.1, server: , request: "GET /cache/files/conv_check_1179148116_docx/output.docx/check_1179148116.docx?md5=Jz_cbGRDYOoGbJpu4XUzKQ&expires=1607103690&disposition=attachment&filename=check_1179148116.docx HTTP/1.1", host: "localhost:8080"
2020/12/04 17:26:32 [error] 5700#5700: *400 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_878618498_docx/output.docx" failed (2: No such file or directory), client: 172.18.0.1, server: , request: "GET /cache/files/conv_check_878618498_docx/output.docx/check_878618498.docx?md5=B0ZfM_B2y934PN71VSIpVQ&expires=1607103693&disposition=attachment&filename=check_878618498.docx HTTP/1.1", host: "localhost:8080"
2020/12/04 17:26:38 [error] 5700#5700: *401 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_596096489_docx/output.docx" failed (2: No such file or directory), client: 172.18.0.1, server: , request: "GET /cache/files/conv_check_596096489_docx/output.docx/check_596096489.docx?md5=9eZPg2sZ-lxJYm0oEQUe2Q&expires=1607103699&disposition=attachment&filename=check_596096489.docx HTTP/1.1", host: "localhost:8080"
2020/12/04 17:27:21 [error] 5700#5700: *402 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_2109480323_docx/output.docx" failed (2: No such file or directory), client: 172.18.0.1, server: , request: "GET /cache/files/conv_check_2109480323_docx/output.docx/check_2109480323.docx?md5=VoxLGEuNluMOGnpX4CAEMg&expires=1607103742&disposition=attachment&filename=check_2109480323.docx HTTP/1.1", host: "localhost:8080"
2020/12/04 17:27:25 [error] 5700#5700: *403 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_1275686366_docx/output.docx" failed (2: No such file or directory), client: 172.18.0.1, server: , request: "GET /cache/files/conv_check_1275686366_docx/output.docx/check_1275686366.docx?md5=p_jAQaYZNmwt-IVauNqlhA&expires=1607103746&disposition=attachment&filename=check_1275686366.docx HTTP/1.1", host: "localhost:8080"
==> /var/log/onlyoffice/documentserver/spellchecker/err.log <==
==> /var/log/onlyoffice/documentserver/spellchecker/out.log <==
[2020-12-04T23:22:30.030] [WARN] nodeJS - Express server starting...
[2020-12-04T23:22:30.070] [WARN] nodeJS - Express server listening on port 8080 in production-linux mode
[2020-12-04T23:46:42.073] [WARN] nodeJS - start cluster with 1 workers
[2020-12-04T23:46:42.086] [WARN] nodeJS - worker 981 started.
[2020-12-04T23:46:43.017] [WARN] nodeJS - Express server starting...
[2020-12-04T23:46:43.072] [WARN] nodeJS - Express server listening on port 8080 in production-linux mode
[2020-12-05T00:07:27.310] [WARN] nodeJS - start cluster with 1 workers
[2020-12-05T00:07:27.364] [WARN] nodeJS - worker 949 started.
[2020-12-05T00:07:36.822] [WARN] nodeJS - Express server starting...
[2020-12-05T00:07:37.146] [WARN] nodeJS - Express server listening on port 8080 in production-linux mode
==> /var/log/onlyoffice/documentserver/metrics/out.log <==
Flushing stats at Sat Dec 05 2020 00:17:26 GMT+0000 (Coordinated Universal Time)
{ counters:
{ 'statsd.bad_lines_seen': 0,
'statsd.packets_received': 0,
'statsd.metrics_received': 0 },
timers: {},
gauges: {},
timer_data: {},
counter_rates:
{ 'statsd.bad_lines_seen': 0,
'statsd.packets_received': 0,
'statsd.metrics_received': 0 },
sets: {},
pctThreshold: [ 90 ] }
I have no idea if those errors are significant particularly with the IP address listed as such: client: 172.18.0.1 – No idea where that IP address comes from
Selecting a documents shows an empty screen:
Command line healthcheck which reaches nginx running inside the OnlyOffice Container
$ curl -k https://onlyoffice.domain.com
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>