Home A - Z Changelog
Page Index

Commit a5dbc9

2025-09-03 14:24:35 admin: added original dokuwiki page
/dev/null .. onlyoffice.md
@@ 0,0 1,66 @@
+ # OnlyOffice
+
+ > [!NOTE]
+ > For Nextcloud
+
+ The Onlyoffice server is set as a docker service, for
+ [office.happyngreen.fr](https://office.happyngreen.fr)(the link send to
+ a information page as it is not designed for direct access).
+
+ ## Docker Compose
+
+ Here is the present docker compose file used to drive the service. The
+ setup is minimum to only support Nextcloud (No DB...)
+
+ ``` yaml
+ services:
+ onlyoffice-document-server:
+ image: onlyoffice/documentserver:latest
+ container_name: onlyoffice-document-server
+ restart: always
+ environment:
+ JWT_ENABLED: "true"
+ JWT_SECRET: ${ONLYOFFICE_JWT_SECRET}
+ JWT_HEADER: Authorization
+ JWT_IN_BODY: "true"
+ volumes:
+ - /mnt/data/office/Data:/var/www/onlyoffice/Data
+ - /var/log:/var/log/onlyoffice
+ - /var/cache/onlyoffice:/var/lib/onlyoffice/documentserver/App_Data/cache
+ networks:
+ - office
+ labels:
+ - "traefik.enable=true"
+ - "traefik.docker.network=office"
+ - "traefik.http.routers.office.entrypoints=web"
+ - "traefik.http.routers.office.rule=Host(`${ONLYOFFICE_DOMAIN}`)"
+ # Workaround a bug in OnlyOffice, see the issue tracker: https://github.com/ONLYOFFICE/DocumentServer/issues/2186
+ - "traefik.http.middlewares.onlyoffice_redirect_http2https_header.headers.contentSecurityPolicy=upgrade-insecure-requests"
+ - "traefik.http.routers.office.middlewares=onlyoffice_redirect_http2https_header,redirect-to-https@docker"
+ - "traefik.http.routers.office-secure.entrypoints=web-secure"
+ - "traefik.http.routers.office-secure.rule=Host(`${ONLYOFFICE_DOMAIN}`)"
+ - "traefik.http.routers.office-secure.middlewares=onlyoffice_redirect_http2https_header"
+ - "traefik.http.routers.office-secure.service=office-secure"
+ - "traefik.http.services.office-secure.loadbalancer.server.port=80"
+
+ networks:
+ office:
+ name: office
+ driver: bridge
+
+ ```
+
+ The secret is set in the corresponding .env (value is in Bitwarden)
+ alongsite the site URL A Json token is used to allow Nextcloud to use
+ the Onlyoffice service. For the volume part, the cache is set to the SSD
+ disk to improve performance while the log is sent to regular `/var/log`,
+ into a directory `documentserver`
+
+ > [!WARNING]
+ > Beware, a specific Traefik set up needs to be done to avoid the browser
+ > triggering a mixed content error (Http in Https page)
+
+ As
+ usual, the port 80 is redirected to 443, but also, the header field
+ contentSecurityPolicy is set to upgrade-insecure-requests in both
+ routers to force to https protocol!
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9