DocumentServer
DocumentServer copied to clipboard
ONLYOFFICE
Behind Traefik v2
Do you want to request a feature or report a bug? Bug
What is the current behavior? Unable to configure traefik v2 with onlyoffice I can reach the welcome page, but when I try example, I get:
502 Bad Gateway
nginx
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem. My traefik tags:
"traefik.enable=true",
"traefik.http.routers.onlyoffice.tls=true",
"traefik.http.routers.onlyoffice.tls.certresolver=myresolver",
"traefik.http.routers.onlyoffice.tls.options=mintls12@file",
"traefik.http.routers.onlyoffice.entrypoints=https",
"traefik.http.routers.onlyoffice.rule=Host(`office.nextcloud.domain.com`)",
"traefik.http.middlewares.onlyoffice.redirectscheme.scheme=https",
"traefik.http.middlewares.onlyoffice.redirectscheme.permanent=true",
"traefik.http.middlewares.onlyoffice-headers.headers.customResponseHeaders.X-Robots-Tag=none",
"traefik.http.middlewares.onlyoffice-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000",
"traefik.http.middlewares.onlyoffice-headers.headers.frameDeny=true",
"traefik.http.middlewares.onlyoffice-headers.headers.browserXssFilter=true",
"traefik.http.middlewares.onlyoffice-headers.headers.contentTypeNosniff=true",
"traefik.http.middlewares.onlyoffice-headers.headers.stsIncludeSubdomains=true",
"traefik.http.middlewares.onlyoffice-headers.headers.stsPreload=true",
"traefik.http.middlewares.onlyoffice-headers.headers.stsSeconds=31536000",
"traefik.http.middlewares.onlyoffice-headers.headers.forceSTSHeader=true",
"traefik.http.middlewares.onlyoffice-headers.headers.accessControlMaxAge=15552000",
"traefik.http.middlewares.onlyoffice-headers.headers.customFrameOptionsValue=SAMEORIGIN",
"traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https",
"traefik.http.middlewares.onlyoffice-headers.headers.accesscontrolalloworiginlist=*",
"traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers@consulcatalog",
What is the expected behavior? Passed example and integrate to nextcloud.
Did this work in previous versions of DocumentServer? First install in standalone docker Works with onlyoffice from apps store nextcloud, but I prefer to outsource onlyoffice
DocumentServer version: 7.0.1.37
Operating System: Ubuntu 22.04 Docker version 20.10.15 Nomad 1.2.6 Traefik v2.6.1
Browser version: Firefox 100
🤔
Hi,
After many attemps, this is works:
"traefik.enable=true",
"traefik.http.routers.onlyoffice.tls=true",
"traefik.http.routers.onlyoffice.tls.certresolver=myresolver",
"traefik.http.routers.onlyoffice.tls.options=mintls12@file",
"traefik.http.routers.onlyoffice.entrypoints=https",
"traefik.http.routers.onlyoffice.rule=Host(`office.{{ fqdn }}`)",
"traefik.http.middlewares.onlyoffice-headers.headers.customResponseHeaders.X-Robots-Tag=none",
"traefik.http.middlewares.onlyoffice-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000",
"traefik.http.middlewares.onlyoffice-headers.headers.browserXssFilter=true",
"traefik.http.middlewares.onlyoffice-headers.headers.contentTypeNosniff=true",
"traefik.http.middlewares.onlyoffice-headers.headers.stsIncludeSubdomains=true",
"traefik.http.middlewares.onlyoffice-headers.headers.stsPreload=true",
"traefik.http.middlewares.onlyoffice-headers.headers.stsSeconds=31536000",
"traefik.http.middlewares.onlyoffice-headers.headers.forceSTSHeader=true",
"traefik.http.middlewares.onlyoffice-headers.headers.accessControlMaxAge=15552000",
"traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https",
"traefik.http.middlewares.onlyoffice-headers.headers.accesscontrolalloworiginlist=*",
"traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers@consulcatalog",
And find little mistake in volume data path (maybe the root cause)
Hope that can help someone
FYI, it seems that
"traefik.http.middlewares.onlyoffice-headers.headers.accesscontrolalloworiginlist=*",
is not needed, only setting X-Forwarded-Proto is required :P
for anyone else that comes looking, the above headers are needed for seafile to be able to use onlyoffice behind traefik. Note the "accesscontrolalloworiginlist=*" line is not needed. the following config worked for me to allow seafile (https://seafile.domain.com) to connect to onlyoffice correctly (https://docs.domain.com).
docker-compose:
onlyoffice:
image: onlyoffice/documentserver
container_name: onlyoffice
restart: unless-stopped
networks:
traefik_proxy:
#this env_file is only needed if you use portainer to pass environmental vairables
env_file:
- ../stack.env
environment:
- JWT_ENABLED=true #this is the default and probably not needed, but just in case
labels:
- "traefik.enable=true"
- "traefik.http.routers.onlyoffice.entrypoints=websecure"
- "traefik.http.routers.onlyoffice.rule=Host(`docs.domain.com`)"
- "traefik.http.routers.onlyoffice.tls=true"
- "traefik.http.routers.onlyoffice.tls.certresolver=myresolver"
- "traefik.http.services.onlyoffice.loadbalancer.server.port=80"
- "traefik.docker.network=traefik_proxy"
- "traefik.http.middlewares.onlyoffice-headers.headers.customResponseHeaders.X-Robots-Tag=none"
- "traefik.http.middlewares.onlyoffice-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000"
- "traefik.http.middlewares.onlyoffice-headers.headers.browserXssFilter=true"
- "traefik.http.middlewares.onlyoffice-headers.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.onlyoffice-headers.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.onlyoffice-headers.headers.stsPreload=true"
- "traefik.http.middlewares.onlyoffice-headers.headers.stsSeconds=31536000"
- "traefik.http.middlewares.onlyoffice-headers.headers.forceSTSHeader=true"
- "traefik.http.middlewares.onlyoffice-headers.headers.accessControlMaxAge=15552000"
- "traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers"
