No connection to selfhosted onlyoffice instance

Hey,

I’d like to integrate onlyoffice in my self hosted k3s cluster, but I’m always hitting a wall when trying to connect to it. I’ve pretty much tried everything, hopefully someone can help me to figure it out! The thing is, I have nextcloud running in docker as well (same setup with traefikv2.3), which works great. But even if I try to connect to that very instance, it fails to connect.

Err log with cluster addresses
  Error    index              InvalidArgumentException: Key may not be empty at                                            2021-01-22T12:55:32+01:00 
                              custom_apps/onlyoffice/3rdparty/jwt/JWT.php line 72                                                                    
                                                                                                                                                     
                              0. custom_apps/onlyoffice/lib/crypt.php line 70                                                                        
                                 Firebase\JWT\JWT::decode(                                                                                           
                                   "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJl ... s",                                                    
                                   "",                                                                                                               
                                   ["HS256"]                                                                                                         
                                 )                                                                                                                   
                              1. .../controller/callbackcontroller.php line 318                                                                      
                                 OCA\Onlyoffice\Crypt->ReadHash("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb2 ... s")                             
                              2. .../Dispatcher.php line 169                                                                                         
                                 OCA\Onlyoffice\Controller\CallbackController->emptyfile("eyJ0eXAiOiJKV1QiLCJhbG ... s")                             
                              3. .../Http/Dispatcher.php line 100                                                                                    
                                 OC\AppFramework\Http\Dispatcher->executeController(                                                                 
                                   OCA\Onlyoffice\Controller\Ca ... {},                                                                              
                                   "emptyfile"                                                                                                       
                                 )                                                                                                                   
                              4. lib/private/AppFramework/App.php line 152                                                                           
                                 OC\AppFramework\Http\Dispatcher->dispatch(                                                                          
                                   OCA\Onlyoffice\Controller\CallbackCon ... {},                                                                     
                                   "emptyfile"                                                                                                       
                                 )                                                                                                                   
                              5. lib/private/Route/Router.php line 309                                                                               
                                 OC\AppFramework\App::main(                                                                                          
                                   "OCA\\Onlyoffice\\Controller\\CallbackController",                                                                
                                   "emptyfile",                                                                                                      
                                   OC\AppFramework\DependencyInjection\DIContainer {},                                                               
                                   {_route:"onlyoffice.callback.emptyfile"}                                                                          
                                 )                                                                                                                   
                              6. lib/base.php line 1008                                                                                              
                                 OC\Route\Router->match("\/apps\/onlyoffice\/empty")                                                                 
                              7. index.php line 37                                                                                                   
                                 OC::handleRequest(                                                                                                  
                                                                                                                                                     
                                 )                                                                                                                   

  Error    index              InvalidArgumentException: Key may not be empty at                                            2021-01-22T12:55:33+01:00 
                              custom_apps/onlyoffice/3rdparty/jwt/JWT.php line 72                                                                    
                                                                                                                                                     
                              0. custom_apps/onlyoffice/lib/crypt.php line 70                                                                        
                                 Firebase\JWT\JWT::decode(                                                                                           
                                   "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJl ... s",                                                    
                                   "",                                                                                                               
                                   ["HS256"]                                                                                                         
                                 )                                                                                                                   
                              1. .../controller/callbackcontroller.php line 318                                                                      
                                 OCA\Onlyoffice\Crypt->ReadHash("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb2 ... s")                             
                              2. .../Dispatcher.php line 169                                                                                         
                                 OCA\Onlyoffice\Controller\CallbackController->emptyfile("eyJ0eXAiOiJKV1QiLCJhbG ... s")                             
                              3. .../Http/Dispatcher.php line 100                                                                                    
                                 OC\AppFramework\Http\Dispatcher->executeController(                                                                 
                                   OCA\Onlyoffice\Controller\Ca ... {},                                                                              
                                   "emptyfile"                                                                                                       
                                 )                                                                                                                   
                              4. lib/private/AppFramework/App.php line 152                                                                           
                                 OC\AppFramework\Http\Dispatcher->dispatch(                                                                          
                                   OCA\Onlyoffice\Controller\CallbackCon ... {},                                                                     
                                   "emptyfile"                                                                                                       
                                 )                                                                                                                   
                              5. lib/private/Route/Router.php line 309                                                                               
                                 OC\AppFramework\App::main(                                                                                          
                                   "OCA\\Onlyoffice\\Controller\\CallbackController",                                                                
                                   "emptyfile",                                                                                                      
                                   OC\AppFramework\DependencyInjection\DIContainer {},                                                               
                                   {_route:"onlyoffice.callback.emptyfile"}                                                                          
                                 )                                                                                                                   
                              6. lib/base.php line 1008                                                                                              
                                 OC\Route\Router->match("\/apps\/onlyoffice\/empty")                                                                 
                              7. index.php line 37                                                                                                   
                                 OC::handleRequest(                                                                                                  
                                                                                                                                                     
                                 )                                                                                                                   

  Error    index              InvalidArgumentException: Key may not be empty at                                            2021-01-22T12:55:34+01:00 
                              custom_apps/onlyoffice/3rdparty/jwt/JWT.php line 72                                                                    
                                                                                                                                                     
                              0. custom_apps/onlyoffice/lib/crypt.php line 70                                                                        
                                 Firebase\JWT\JWT::decode(                                                                                           
                                   "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJl ... s",                                                    
                                   "",                                                                                                               
                                   ["HS256"]                                                                                                         
                                 )                                                                                                                   
                              1. .../controller/callbackcontroller.php line 318                                                                      
                                 OCA\Onlyoffice\Crypt->ReadHash("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb2 ... s")                             
                              2. .../Dispatcher.php line 169                                                                                         
                                 OCA\Onlyoffice\Controller\CallbackController->emptyfile("eyJ0eXAiOiJKV1QiLCJhbG ... s")                             
                              3. .../Http/Dispatcher.php line 100                                                                                    
                                 OC\AppFramework\Http\Dispatcher->executeController(                                                                 
                                   OCA\Onlyoffice\Controller\Ca ... {},                                                                              
                                   "emptyfile"                                                                                                       
                                 )                                                                                                                   
                              4. lib/private/AppFramework/App.php line 152                                                                           
                                 OC\AppFramework\Http\Dispatcher->dispatch(                                                                          
                                   OCA\Onlyoffice\Controller\CallbackCon ... {},                                                                     
                                   "emptyfile"                                                                                                       
                                 )                                                                                                                   
                              5. lib/private/Route/Router.php line 309                                                                               
                                 OC\AppFramework\App::main(                                                                                          
                                   "OCA\\Onlyoffice\\Controller\\CallbackController",                                                                
                                   "emptyfile",                                                                                                      
                                   OC\AppFramework\DependencyInjection\DIContainer {},                                                               
                                   {_route:"onlyoffice.callback.emptyfile"}                                                                          
                                 )                                                                                                                   
                              6. lib/base.php line 1008                                                                                              
                                 OC\Route\Router->match("\/apps\/onlyoffice\/empty")                                                                 
                              7. index.php line 37                                                                                                   
                                 OC::handleRequest(                                                                                                  
                                                                                                                                                     
                                 )                                                                                                                   

  Error    onlyoffice         Exception: Im Dokumentenservice ist ein Fehler aufgetreten: Error while downloading the      2021-01-22T12:55:36+01:00 
                              document file to be converted. at custom_apps/onlyoffice/lib/documentservice.php line 235                              
                                                                                                                                                     
                              0. .../documentservice.php line 94                                                                                     
                                 OCA\Onlyoffice\DocumentService->ProcessConvServResponceError("-4")                                                  
                              1. .../lib/documentservice.php line 432                                                                                
                                 OCA\Onlyoffice\DocumentService->GetConvertedUri(                                                                    
                                   "https:\/\/nextcloud.mydomain.c ... s",                                                                           
                                   "docx",                                                                                                           
                                   "docx",                                                                                                           
                                   "check_365051401"                                                                                                 
                                 )                                                                                                                   
                              2. .../settingscontroller.php line 168                                                                                 
                                 OCA\Onlyoffice\DocumentService->checkDocServiceUrl(                                                                 
                                   OC\URLGenerator {},                                                                                               
                                   OCA\Onlyoffice\Crypt {}                                                                                           
                                 )                                                                                                                   
                              3. .../Dispatcher.php line 169                                                                                         
                                 OCA\Onlyoffice\Controller\SettingsController->SaveAddress(                                                          
                                   "https:\/\/office.nex ... /",                                                                                     
                                   "https:\/\/office.nex ... d",                                                                                     
                                   "https:\/\/nextcloud. ... /",                                                                                     
                                   false,                                                                                                            
                                   "",                                                                                                               
                                   false                                                                                                             
                                 )                                                                                                                   
                              4. .../Http/Dispatcher.php line 100                                                                                    
                                 OC\AppFramework\Http\Dispatcher->executeController(                                                                 
                                   OCA\Onlyoffice\Controller\Se ... {},                                                                              
                                   "saveAddress"                                                                                                     
                                 )                                                                                                                   
                              5. lib/private/AppFramework/App.php line 152                                                                           
                                 OC\AppFramework\Http\Dispatcher->dispatch(                                                                          
                                   OCA\Onlyoffice\Controller\SettingsCon ... {},                                                                     
                                   "saveAddress"                                                                                                     
                                 )                                                                                                                   
                              6. lib/private/Route/Router.php line 309                                                                               
                                 OC\AppFramework\App::main(                                                                                          
                                   "SettingsController",                                                                                             
                                   "saveAddress",                                                                                                    
                                   OC\AppFramework\DependencyInjection\DIContainer {},                                                               
                                   {_route:"onlyoffice.settings.save_address"}                                                                       
                                 )                                                                                                                   
                              7. lib/base.php line 1008                                                                                              
                                 OC\Route\Router->match("\/apps\/onlyoffice\/ajax\/settings\/address")                                               
                              8. index.php line 37                                                                                                   
                                 OC::handleRequest(                                                                                                  
                                                                                                                                                     
                                 )
My traefik configuration
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: nextcloud-onlyoffice
  namespace: nextcloud
  labels:
    app: nextcloud
    tier: onlyoffice-backend
spec:
  entryPoints:
  - websecure
  routes:
  - kind: Rule
    match: Host(`office.nextcloud.mydomain.com`)
    middlewares:
    - name: nextcloud-office
      namespace: nextcloud
    services:
    - kind: Service
      name: nextcloud-onlyoffice
      port: 80
  tls:
    secretName: nextcloud-onlyoffice-cert

apiVersion: v1
kind: Service
metadata:
  name: nextcloud-onlyoffice
  namespace: nextcloud
  labels:
    app: nextcloud
    tier: onlyoffice-backend
spec:
  ports:
    - port: 80
  selector:
    app: nextcloud
    tier: onlyoffice-backend
  type: ClusterIP

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: nextcloud-office
  namespace: nextcloud
  labels:
    app: nextcloud
    tier: onlyoffice-backend
spec:
  headers:
    accessControlMaxAge: 100
    referrerPolicy: "no-referrer"
    stsSeconds: 31536000
    forceSTSHeader: true
    stsPreload: true
    stsIncludeSubdomains: true
    browserXssFilter: true
    customRequestHeaders:
      X-Forwarded-Proto: "https"

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nextcloud-onlyoffice
  namespace: nextcloud
  labels:
    app: nextcloud
    tier: onlyoffice-backend
spec:
  selector:
    matchLabels:
      app: nextcloud
      tier: onlyoffice-backend
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nextcloud
        tier: onlyoffice-backend
    spec:
      containers:
      - image: docker.io/onlyoffice/documentserver:latest
        name: nextcloud-nginx
        ports:
        - containerPort: 80
          name: onlyoffice
Extra onlyoffice config
<?php
$CONFIG = array (
  'onlyoffice' =>
  array (
    'verify_peer_off' => true,
  ),
  'allow_local_remote_servers' => true,
);

Thank you!

If you need anything else, please ask!

Error message (with occ log:watch -vvv and settings for my docker instance of onlyoffice)
  Error    index              InvalidArgumentException: Key may not be empty at                                            2021-01-22T12:49:30+01:00 
                              custom_apps/onlyoffice/3rdparty/jwt/JWT.php line 72                                                                    
                                                                                                                                                     
                              0. custom_apps/onlyoffice/lib/crypt.php line 70                                                                        
                                 Firebase\JWT\JWT::decode(                                                                                           
                                   "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJl ... s",                                                    
                                   "",                                                                                                               
                                   ["HS256"]                                                                                                         
                                 )                                                                                                                   
                              1. .../controller/callbackcontroller.php line 318                                                                      
                                 OCA\Onlyoffice\Crypt->ReadHash("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb2 ... s")                             
                              2. .../Dispatcher.php line 169                                                                                         
                                 OCA\Onlyoffice\Controller\CallbackController->emptyfile("eyJ0eXAiOiJKV1QiLCJhbG ... s")                             
                              3. .../Http/Dispatcher.php line 100                                                                                    
                                 OC\AppFramework\Http\Dispatcher->executeController(                                                                 
                                   OCA\Onlyoffice\Controller\Ca ... {},                                                                              
                                   "emptyfile"                                                                                                       
                                 )                                                                                                                   
                              4. lib/private/AppFramework/App.php line 152                                                                           
                                 OC\AppFramework\Http\Dispatcher->dispatch(                                                                          
                                   OCA\Onlyoffice\Controller\CallbackCon ... {},                                                                     
                                   "emptyfile"                                                                                                       
                                 )                                                                                                                   
                              5. lib/private/Route/Router.php line 309                                                                               
                                 OC\AppFramework\App::main(                                                                                          
                                   "OCA\\Onlyoffice\\Controller\\CallbackController",                                                                
                                   "emptyfile",                                                                                                      
                                   OC\AppFramework\DependencyInjection\DIContainer {},                                                               
                                   {_route:"onlyoffice.callback.emptyfile"}                                                                          
                                 )                                                                                                                   
                              6. lib/base.php line 1008                                                                                              
                                 OC\Route\Router->match("\/apps\/onlyoffice\/empty")                                                                 
                              7. index.php line 37                                                                                                   
                                 OC::handleRequest(                                                                                                  
                                                                                                                                                     
                                 )                                                                                                                   

  Error    index              InvalidArgumentException: Key may not be empty at                                            2021-01-22T12:49:31+01:00 
                              custom_apps/onlyoffice/3rdparty/jwt/JWT.php line 72                                                                    
                                                                                                                                                     
                              0. custom_apps/onlyoffice/lib/crypt.php line 70                                                                        
                                 Firebase\JWT\JWT::decode(                                                                                           
                                   "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJl ... s",                                                    
                                   "",                                                                                                               
                                   ["HS256"]                                                                                                         
                                 )                                                                                                                   
                              1. .../controller/callbackcontroller.php line 318                                                                      
                                 OCA\Onlyoffice\Crypt->ReadHash("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb2 ... s")                             
                              2. .../Dispatcher.php line 169                                                                                         
                                 OCA\Onlyoffice\Controller\CallbackController->emptyfile("eyJ0eXAiOiJKV1QiLCJhbG ... s")                             
                              3. .../Http/Dispatcher.php line 100                                                                                    
                                 OC\AppFramework\Http\Dispatcher->executeController(                                                                 
                                   OCA\Onlyoffice\Controller\Ca ... {},                                                                              
                                   "emptyfile"                                                                                                       
                                 )                                                                                                                   
                              4. lib/private/AppFramework/App.php line 152                                                                           
                                 OC\AppFramework\Http\Dispatcher->dispatch(                                                                          
                                   OCA\Onlyoffice\Controller\CallbackCon ... {},                                                                     
                                   "emptyfile"                                                                                                       
                                 )                                                                                                                   
                              5. lib/private/Route/Router.php line 309                                                                               
                                 OC\AppFramework\App::main(                                                                                          
                                   "OCA\\Onlyoffice\\Controller\\CallbackController",                                                                
                                   "emptyfile",                                                                                                      
                                   OC\AppFramework\DependencyInjection\DIContainer {},                                                               
                                   {_route:"onlyoffice.callback.emptyfile"}                                                                          
                                 )                                                                                                                   
                              6. lib/base.php line 1008                                                                                              
                                 OC\Route\Router->match("\/apps\/onlyoffice\/empty")                                                                 
                              7. index.php line 37                                                                                                   
                                 OC::handleRequest(                                                                                                  
                                                                                                                                                     
                                 )                                                                                                                   

  Error    index              InvalidArgumentException: Key may not be empty at                                            2021-01-22T12:49:32+01:00 
                              custom_apps/onlyoffice/3rdparty/jwt/JWT.php line 72                                                                    
                                                                                                                                                     
                              0. custom_apps/onlyoffice/lib/crypt.php line 70                                                                        
                                 Firebase\JWT\JWT::decode(                                                                                           
                                   "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJl ... s",                                                    
                                   "",                                                                                                               
                                   ["HS256"]                                                                                                         
                                 )                                                                                                                   
                              1. .../controller/callbackcontroller.php line 318                                                                      
                                 OCA\Onlyoffice\Crypt->ReadHash("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb2 ... s")                             
                              2. .../Dispatcher.php line 169                                                                                         
                                 OCA\Onlyoffice\Controller\CallbackController->emptyfile("eyJ0eXAiOiJKV1QiLCJhbG ... s")                             
                              3. .../Http/Dispatcher.php line 100                                                                                    
                                 OC\AppFramework\Http\Dispatcher->executeController(                                                                 
                                   OCA\Onlyoffice\Controller\Ca ... {},                                                                              
                                   "emptyfile"                                                                                                       
                                 )                                                                                                                   
                              4. lib/private/AppFramework/App.php line 152                                                                           
                                 OC\AppFramework\Http\Dispatcher->dispatch(                                                                          
                                   OCA\Onlyoffice\Controller\CallbackCon ... {},                                                                     
                                   "emptyfile"                                                                                                       
                                 )                                                                                                                   
                              5. lib/private/Route/Router.php line 309                                                                               
                                 OC\AppFramework\App::main(                                                                                          
                                   "OCA\\Onlyoffice\\Controller\\CallbackController",                                                                
                                   "emptyfile",                                                                                                      
                                   OC\AppFramework\DependencyInjection\DIContainer {},                                                               
                                   {_route:"onlyoffice.callback.emptyfile"}                                                                          
                                 )                                                                                                                   
                              6. lib/base.php line 1008                                                                                              
                                 OC\Route\Router->match("\/apps\/onlyoffice\/empty")                                                                 
                              7. index.php line 37                                                                                                   
                                 OC::handleRequest(                                                                                                  
                                                                                                                                                     
                                 )                                                                                                                   

  Error    onlyoffice         Exception: Im Dokumentenservice ist ein Fehler aufgetreten: Error while downloading the      2021-01-22T12:49:34+01:00 
                              document file to be converted. at custom_apps/onlyoffice/lib/documentservice.php line 235                              
                                                                                                                                                     
                              0. .../documentservice.php line 94                                                                                     
                                 OCA\Onlyoffice\DocumentService->ProcessConvServResponceError("-4")                                                  
                              1. .../lib/documentservice.php line 432                                                                                
                                 OCA\Onlyoffice\DocumentService->GetConvertedUri(                                                                    
                                   "https:\/\/nextcloud.mydomain.co ... s",                                                                           
                                   "docx",                                                                                                           
                                   "docx",                                                                                                           
                                   "check_434668502"                                                                                                 
                                 )                                                                                                                   
                              2. .../settingscontroller.php line 168                                                                                 
                                 OCA\Onlyoffice\DocumentService->checkDocServiceUrl(                                                                 
                                   OC\URLGenerator {},                                                                                               
                                   OCA\Onlyoffice\Crypt {}                                                                                           
                                 )                                                                                                                   
                              3. .../Dispatcher.php line 169                                                                                         
                                 OCA\Onlyoffice\Controller\SettingsController->SaveAddress(                                                          
                                   "https:\/\/office.myd ... /",                                                                                     
                                   "https:\/\/office.myd ... /",                                                                                     
                                   "https:\/\/nextcloud. ... /",                                                                                     
                                   false,                                                                                                            
                                   "",                                                                                                               
                                   false                                                                                                             
                                 )                                                                                                                   
                              4. .../Http/Dispatcher.php line 100                                                                                    
                                 OC\AppFramework\Http\Dispatcher->executeController(                                                                 
                                   OCA\Onlyoffice\Controller\Se ... {},                                                                              
                                   "saveAddress"                                                                                                     
                                 )                                                                                                                   
                              5. lib/private/AppFramework/App.php line 152                                                                           
                                 OC\AppFramework\Http\Dispatcher->dispatch(                                                                          
                                   OCA\Onlyoffice\Controller\SettingsCon ... {},                                                                     
                                   "saveAddress"                                                                                                     
                                 )                                                                                                                   
                              6. lib/private/Route/Router.php line 309                                                                               
                                 OC\AppFramework\App::main(                                                                                          
                                   "SettingsController",                                                                                             
                                   "saveAddress",                                                                                                    
                                   OC\AppFramework\DependencyInjection\DIContainer {},                                                               
                                   {_route:"onlyoffice.settings.save_address"}                                                                       
                                 )                                                                                                                   
                              7. lib/base.php line 1008                                                                                              
                                 OC\Route\Router->match("\/apps\/onlyoffice\/ajax\/settings\/address")                                               
                              8. index.php line 37                                                                                                   
                                 OC::handleRequest(                                                                                                  
                                                                                                                                                     
                                 )

Is it relevant that this nextcloud instance is not available publicly?

Hi,

did you set the secret the same?
Do you use onlyoffice in the docker?

I had endless issues, until:
nc-config

  'onlyoffice' => array (
    'verify_peer_off' => true,
    'jwt_secret' => 'newsecret',
    'jwt_header' => 'newheader',
  )

start the docker with the new secret PLUS header. using the default header never worked for me

docker run -i -t -d -p 8443:443 --restart=always -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -e JWT_ENABLED='true' -e JWT_SECRET='newsecret' -e JWT_HEADER='newheader' onlyoffice/documentserver

Wow that did the trick, thank you! I’m still wondering why it works in my docker setup?!

For anyone curious, those are the deployments or changes I did to make it work:

secret.yml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: nextcloud-onlyoffice-secret
  namespace: nextcloud
  labels:
    app: nextcloud
    tier: onlyoffice-backend
data:
  secret: MDYwNzhmNjc5YzFlNTI1NjY3ZmUxMDliYzA1NzM1ZTg=
  header: bmV4dGNsb3Vkb25seW9mZmljZWhlYWRlcg==
configmap.yml
apiVersion: v1
kind: ConfigMap
metadata:
  name: nextcloud-fpm
  namespace: nextcloud
  labels:
    app: nextcloud
    tier: backend
data:
  onlyoffice.config.php: |-
    <?php
    $CONFIG = array (
      'onlyoffice' =>
      array (
        'verify_peer_off' => true,
        'jwt_secret' => '06078f679c1e525667fe109bc05735e8',
        'jwt_header' => 'nextcloudonlyofficeheader',
      ),
      'allow_local_remote_servers' => true,
    );
php-fpm.yml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nextcloud-fpm
  namespace: nextcloud
  labels:
    app: nextcloud
spec:
  selector:
    matchLabels:
      app: nextcloud
      tier: fpm-backend
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nextcloud
        tier: fpm-backend
    spec:
      containers:
      - image: docker.io/library/nextcloud:stable-fpm
        name: nextcloud-fpm
        env:
        - name: MYSQL_HOST
          value: nextcloud-mariadb
        - name: MYSQL_PASSWORD
          valueFrom:
            secretKeyRef:
              name: nextcloud-mariadb-secret
              key: DatabasePassword
        - name: MYSQL_DATABASE
          valueFrom:
            secretKeyRef:
              name: nextcloud-secret
              key: DatabaseName
        - name: MYSQL_USER
          valueFrom:
            secretKeyRef:
              name: nextcloud-secret
              key: DatabaseUser
        - name: REDIS_HOST
          value: nextcloud-redis
        - name: REDIS_HOST_PASSWORD
          valueFrom:
            secretKeyRef:
              name: nextcloud-redis-secret
              key: Password
        - name: NEXTCLOUD_TRUSTED_DOMAINS
          value: "nextcloud.mydomain.com"
        ports:
        - containerPort: 9000
          name: fpm
        volumeMounts:
        - name: nextcloud-html-storage
          mountPath: /var/www/html
        - name: nextcloud-persistent-storage
          mountPath: /var/www/html/data
        - name: configs
          mountPath: /var/www/html/config/proxy.config.php
          subPath: proxy.config.php
        - name: configs
          mountPath: /var/www/html/config/smtp.config.php
          subPath: smtp.config.php
        - name: configs
          mountPath: /var/www/html/config/onlyoffice.config.php
          subPath: onlyoffice.config.php
        - name: configs
          mountPath: /var/www/html/config/extra.config.php
          subPath: extra.config.php
      volumes:
      - name: nextcloud-html-storage
        persistentVolumeClaim:
          claimName: nextcloud-html-pv-claim
      - name: nextcloud-persistent-storage
        persistentVolumeClaim:
          claimName: nextcloud-pv-claim
      - name: configs
        configMap:
          name: nextcloud-fpm
nginx.yml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nextcloud-nginx
  namespace: nextcloud
  labels:
    app: nextcloud
spec:
  selector:
    matchLabels:
      app: nextcloud
      tier: frontend
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nextcloud
        tier: frontend
    spec:
      containers:
      - image: docker.io/modzilla/nextcloud-nginx:latest
        name: nextcloud-nginx
        ports:
        - containerPort: 80
          name: nginx
        volumeMounts:
        - name: nextcloud-html-storage
          mountPath: /var/www/html
        - name: nextcloud-persistent-storage
          mountPath: /var/www/html/data
        - name: configs
          mountPath: /var/www/html/config/proxy.config.php
          subPath: proxy.config.php
        - name: configs
          mountPath: /var/www/html/config/smtp.config.php
          subPath: smtp.config.php
        - name: configs
          mountPath: /var/www/html/config/onlyoffice.config.php
          subPath: onlyoffice.config.php
        - name: configs
          mountPath: /var/www/html/config/extra.config.php
          subPath: extra.config.php
      volumes:
      - name: nextcloud-html-storage
        persistentVolumeClaim:
          claimName: nextcloud-html-pv-claim
      - name: nextcloud-persistent-storage
        persistentVolumeClaim:
          claimName: nextcloud-pv-claim
      - name: configs
        configMap:
          name: nextcloud-fpm
onlyoffice.yml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nextcloud-onlyoffice
  namespace: nextcloud
  labels:
    app: nextcloud
    tier: onlyoffice-backend
spec:
  selector:
    matchLabels:
      app: nextcloud
      tier: onlyoffice-backend
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nextcloud
        tier: onlyoffice-backend
    spec:
      containers:
      - image: docker.io/onlyoffice/documentserver:latest
        name: nextcloud-nginx
        ports:
        - containerPort: 80
          name: onlyoffice
        env:
          - name: JWT_ENABLED
            value: "true"
          - name: JWT_SECRET
            valueFrom:
              secretKeyRef:
                name: nextcloud-onlyoffice-secret
                key: secret
          - name: JWT_HEADER
            valueFrom:
              secretKeyRef:
                name: nextcloud-onlyoffice-secret
                key: header

Guess I’ll just might as well post my whole config then:

mariadb.yml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nextcloud-mariadb
  namespace: nextcloud
  labels:
    app: nextcloud
spec:
  selector:
    matchLabels:
      app: nextcloud
      tier: mariadb-backend
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: nextcloud
        tier: mariadb-backend
    spec:
      containers:
      - image: docker.io/library/mariadb:10.5
        name: nextcloud-mariadb
        args:
        - "--transaction-isolation=READ-COMMITTED"
        - "--binlog-format=ROW"
        env:
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: nextcloud-mariadb-secret
              key: RootPassword
        - name: MYSQL_PASSWORD
          valueFrom:
            secretKeyRef:
              name: nextcloud-mariadb-secret
              key: DatabasePassword
        - name: MYSQL_USER
          valueFrom:
            secretKeyRef:
              name: nextcloud-secret
              key: DatabaseUser
        - name: MYSQL_DATABASE
          valueFrom:
            secretKeyRef:
              name: nextcloud-secret
              key: DatabaseName
        ports:
        - containerPort: 3306
          name: mariadb
        volumeMounts:
        - name: mariadb-persistent-storage
          mountPath: /var/lib/mysql
      volumes:
      - name: mariadb-persistent-storage
        persistentVolumeClaim:
          claimName: nextcloud-mariadb-pv-claim
services.yml
kind: List
items:
- apiVersion: v1
  kind: Service
  metadata:
    name: nextcloud-fpm
    namespace: nextcloud
    labels:
      app: nextcloud
  spec:
    ports:
      - name: http
        protocol: TCP
        port: 80
        targetPort: 80
    selector:
      app: nextcloud
      tier: frontend
    type: ClusterIP
- apiVersion: v1
  kind: Service
  metadata:
    name: nextcloud-fpm
    namespace: nextcloud
    labels:
      app: nextcloud
  spec:
    ports:
      - port: 9000
    selector:
      app: nextcloud
      tier: fpm-backend
    type: ClusterIP
- apiVersion: v1
  kind: Service
  metadata:
    name: nextcloud-mariadb
    namespace: nextcloud
    labels:
      app: nextcloud
  spec:
    ports:
      - port: 3306
    selector:
      app: nextcloud
      tier: mariadb-backend
    type: ClusterIP
    clusterIP: None
- apiVersion: v1
  kind: Service
  metadata:
    name: nextcloud-redis
    namespace: nextcloud
    labels:
      app: nextcloud
  spec:
    ports:
      - port: 6379
    selector:
      app: nextcloud
      tier: redis-backend
    type: ClusterIP
    clusterIP: None
- apiVersion: v1
  kind: Service
  metadata:
    name: nextcloud-onlyoffice
    namespace: nextcloud
    labels:
      app: nextcloud
      tier: onlyoffice-backend
  spec:
    ports:
      - port: 80
    selector:
      app: nextcloud
      tier: onlyoffice-backend
    type: ClusterIP
Ingresses-traefik.yml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: nextcloud
  namespace: nextcloud
  labels:
    app: nextcloud
    tier: frontend
spec:
  entryPoints:
  - websecure
  routes:
  - kind: Rule
    match: Host(`nextcloud.mydomain.com`)
    middlewares:
    - name: nextcloud-dav
      namespace: nextcloud
    - name: nextcloud-headers
      namespace: nextcloud
    services:
    - kind: Service
      name: nextcloud
      port: 80
  tls:
    secretName: nextcloud-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: nextcloud-onlyoffice
  namespace: nextcloud
  labels:
    app: nextcloud
    tier: onlyoffice-backend
spec:
  entryPoints:
  - websecure
  routes:
  - kind: Rule
    match: Host(`office.nextcloud.mydomain.com`)
    middlewares:
    - name: nextcloud-office
      namespace: nextcloud
    services:
    - kind: Service
      name: nextcloud-onlyoffice
      port: 80
  tls:
    secretName: nextcloud-onlyoffice-cert
traefik-middleware.yml
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: nextcloud-dav
  namespace: nextcloud
  labels:
    app: nextcloud
    tier: frontend
spec:
  replacePathRegex:
    regex: ^/.well-known/ca(l|rd)dav
    replacement: /remote.php/dav/
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: nextcloud-headers
  namespace: nextcloud
  labels:
    app: nextcloud
    tier: frontend
spec:
  headers:
    accessControlAllowOriginList:
      - "*"
    stsSeconds: 31536000
    forceSTSHeader: true
    stsPreload: true
    stsIncludeSubdomains: true
    browserXssFilter: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: nextcloud-office
  namespace: nextcloud
  labels:
    app: nextcloud
    tier: onlyoffice-backend
spec:
  headers:
    accessControlMaxAge: 100
    referrerPolicy: "no-referrer"
    stsSeconds: 31536000
    forceSTSHeader: true
    stsPreload: true
    stsIncludeSubdomains: true
    browserXssFilter: true

I hope this will help someone trying to get nextcloud running in kubernetes. I’ll eventually putt all files on github as well.

I don´t know what the issue around the header-value
took quite some wasted time :frowning:

1 Like

wondering if this is my solution to get out of this endless Nextcloud 21 and OnlyOfficeDocumentServer pissing contest I’m currently in.

OnlyOfficeDocumentServer…

https://documentserver.mydomain.com/healthcheck = true

Nextcloud…

Error when trying to connect (Server error: `GET https://documentserver.mydomain.com/healthcheck` resulted in a `503 Service Temporarily Unavailable` response:

do i just add to NC config.php

  'onlyoffice' => array (
    'verify_peer_off' => true,
    'jwt_secret' => 'mynewsecret',
    'jwt_header' => 'mynewheader',
  ),

also do i need to edit the template and add the variables to the docker image?