Onlyoffice docker container behind NGINX, virtualhost settings

Dear all,

I have been trying hard to find a solution but in vain. In short, onlyoffice (docker) + nextcloud (docker) doesn’t work at a particular situation.

  1. If I run onlyoffice docker image and forward external ports (say 1080/1443) to onlyoffice ports (80/443) under docker, and nextcloud point to 1080/1443 port, everything works.

  2. However, if I do not forward external ports in docker, but using ngnix reverse proxy + virtualhost setting, something weird really happens.

  3. Somehow, I am manage to visit https://nameofonlyoffice-virualhost/welcome, it works.

  4. But if I visit https://nameofonlyoffice-virualhost (i.e. without the trailing pathname), it would redirect to https://docservice, which, of course, not working.

  5. As nextcloud is relying on https://nameofonlyoffice-virualhost, nextcloud of course doesn’t work.

  6. One thing worths noting, onlyoffice docker in fact has a layer of nginx sitting in front of onlyoffice document server locally in one container.

Anyone succeed such kind of configuration before and share your nginx virtualhost file with the community here ?

To summarize:

browser (433) <-> (8443) nginx-in-docker (80) <-> (80) nginx-AAA (80-localhost) <-> (80-localhost) onlyoffice-AAA

nginx-AAA and onlyoffice-AAA are running inside the same container.

Thanks a lot !


yes. yesterday.

but not such kind of. just a working one. i don’t expose any ports of onlyoffice nor use I a sudomain for it.

Dear Reiner_Nippes

Good to hear that ! Do you mind to share you nginx conf file here ? Lemme try and see if it could work using virtualhost too.


Hope you can read (and process) jinjas templates (ansible). if not run the playbook in virtual server and examine the result.

are you using selfsigned certs for nextcloud?

And the config of nextcloud.

Thanks a lot. Lemme see if I could adopt your config file.

Self-signed certificate - Yes. I did successfullly after rounds and rounds of experiments. I use FreeNAS to generate CA and cert but openssl should also be the same.

Beware of SAN, valid period of the cert and SHA requirements by chrome and MacOS Catalina.

the certs may work in windows 7, but not in chromebook and after fixing, it work in safari but not in chrome in mac blah blah blah… It was a nightmare to me previously and turn out, I found out that the validty of the cert cannot be longer than 770 days otherwise chrome in macos will consider it as revoked.

Also, remember to put CA keychain (mac), /etc/somewhere in linux, chrome settings in chromeos and also use MMC to add CA without admin rights in windows 7.


it’s about the following issue. onlyoffice rejects nextcloud as a storage server if you don’t change a setting in an internal xml file.

the merge request to control this with docker ENV variables is not yet merge to master.

Be honest I forgot how to make it works exactly but according to my evernote archive:-

For nextcloud: I should have made changes to the followings:-

  1. NEXTCLOUD/data/resources/config/ca-bundle.crt OR
  2. /usr/share/ca-certificates
  3. change /etc/ca-certificates.conf

For onlyoffice: I should have done something to /var/www/onlyoffice/Data/certs


In fact, those SSL problems caused me to try to move everything behind a nginx reversed proxy (as i don’t know in which update would break my adhoc patching to nextcloud and onlyoffice), and then let nextcloud and onlyoffice behind the proxy (within the same docker network) to talk with each other with reject_unauthorized set to false at the backend.