Blame
|
1 | # OnlyOffice |
||||||
| 2 | ||||||||
| 3 | > [!NOTE] |
|||||||
| 4 | > For Nextcloud |
|||||||
| 5 | ||||||||
| 6 | The Onlyoffice server is set as a docker service, for |
|||||||
| 7 | [office.happyngreen.fr](https://office.happyngreen.fr)(the link send to |
|||||||
| 8 | a information page as it is not designed for direct access). |
|||||||
| 9 | ||||||||
| 10 | ## Docker Compose |
|||||||
| 11 | ||||||||
| 12 | Here is the present docker compose file used to drive the service. The |
|||||||
| 13 | setup is minimum to only support Nextcloud (No DB...) |
|||||||
| 14 | ||||||||
| 15 | ``` yaml |
|||||||
| 16 | services: |
|||||||
| 17 | onlyoffice-document-server: |
|||||||
| 18 | image: onlyoffice/documentserver:latest |
|||||||
| 19 | container_name: onlyoffice-document-server |
|||||||
| 20 | restart: always |
|||||||
| 21 | environment: |
|||||||
| 22 | JWT_ENABLED: "true" |
|||||||
| 23 | JWT_SECRET: ${ONLYOFFICE_JWT_SECRET} |
|||||||
| 24 | JWT_HEADER: Authorization |
|||||||
| 25 | JWT_IN_BODY: "true" |
|||||||
| 26 | volumes: |
|||||||
| 27 | - /mnt/data/office/Data:/var/www/onlyoffice/Data |
|||||||
| 28 | - /var/log:/var/log/onlyoffice |
|||||||
| 29 | - /var/cache/onlyoffice:/var/lib/onlyoffice/documentserver/App_Data/cache |
|||||||
| 30 | networks: |
|||||||
| 31 | - office |
|||||||
| 32 | labels: |
|||||||
| 33 | - "traefik.enable=true" |
|||||||
| 34 | - "traefik.docker.network=office" |
|||||||
| 35 | - "traefik.http.routers.office.entrypoints=web" |
|||||||
| 36 | - "traefik.http.routers.office.rule=Host(`${ONLYOFFICE_DOMAIN}`)" |
|||||||
| 37 | # Workaround a bug in OnlyOffice, see the issue tracker: https://github.com/ONLYOFFICE/DocumentServer/issues/2186 |
|||||||
| 38 | - "traefik.http.middlewares.onlyoffice_redirect_http2https_header.headers.contentSecurityPolicy=upgrade-insecure-requests" |
|||||||
| 39 | - "traefik.http.routers.office.middlewares=onlyoffice_redirect_http2https_header,redirect-to-https@docker" |
|||||||
| 40 | - "traefik.http.routers.office-secure.entrypoints=web-secure" |
|||||||
| 41 | - "traefik.http.routers.office-secure.rule=Host(`${ONLYOFFICE_DOMAIN}`)" |
|||||||
| 42 | - "traefik.http.routers.office-secure.middlewares=onlyoffice_redirect_http2https_header" |
|||||||
| 43 | - "traefik.http.routers.office-secure.service=office-secure" |
|||||||
| 44 | - "traefik.http.services.office-secure.loadbalancer.server.port=80" |
|||||||
| 45 | ||||||||
| 46 | networks: |
|||||||
| 47 | office: |
|||||||
| 48 | name: office |
|||||||
| 49 | driver: bridge |
|||||||
| 50 | ||||||||
| 51 | ``` |
|||||||
| 52 | ||||||||
| 53 | The secret is set in the corresponding .env (value is in Bitwarden) |
|||||||
| 54 | alongsite the site URL A Json token is used to allow Nextcloud to use |
|||||||
| 55 | the Onlyoffice service. For the volume part, the cache is set to the SSD |
|||||||
| 56 | disk to improve performance while the log is sent to regular `/var/log`, |
|||||||
| 57 | into a directory `documentserver` |
|||||||
| 58 | ||||||||
| 59 | > [!WARNING] |
|||||||
| 60 | > Beware, a specific Traefik set up needs to be done to avoid the browser |
|||||||
| 61 | > triggering a mixed content error (Http in Https page) |
|||||||
| 62 | ||||||||
| 63 | As |
|||||||
| 64 | usual, the port 80 is redirected to 443, but also, the header field |
|||||||
| 65 | contentSecurityPolicy is set to upgrade-insecure-requests in both |
|||||||
| 66 | routers to force to https protocol! |
|||||||