Home A - Z Changelog
Page Index 
# OnlyOffice 

> [!NOTE]
> For Nextcloud

The Onlyoffice server is set as a docker service, for
[office.happyngreen.fr](https://office.happyngreen.fr)(the link send to
a information page as it is not designed for direct access).

## Docker Compose

Here is the present docker compose file used to drive the service. The
setup is minimum to only support Nextcloud (No DB...)

``` yaml
services:
  onlyoffice-document-server:
    image: onlyoffice/documentserver:latest
    container_name: onlyoffice-document-server
    restart: always
    environment:
      JWT_ENABLED: "true"
      JWT_SECRET: ${ONLYOFFICE_JWT_SECRET}
      JWT_HEADER: Authorization
      JWT_IN_BODY: "true"
    volumes:
      - /mnt/data/office/Data:/var/www/onlyoffice/Data
      - /var/log:/var/log/onlyoffice
      - /var/cache/onlyoffice:/var/lib/onlyoffice/documentserver/App_Data/cache
    networks:
      - office
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=office"
      - "traefik.http.routers.office.entrypoints=web"
      - "traefik.http.routers.office.rule=Host(`${ONLYOFFICE_DOMAIN}`)"
      # Workaround a bug in OnlyOffice, see the issue tracker: https://github.com/ONLYOFFICE/DocumentServer/issues/2186
      - "traefik.http.middlewares.onlyoffice_redirect_http2https_header.headers.contentSecurityPolicy=upgrade-insecure-requests"
      - "traefik.http.routers.office.middlewares=onlyoffice_redirect_http2https_header,redirect-to-https@docker"
      - "traefik.http.routers.office-secure.entrypoints=web-secure"
      - "traefik.http.routers.office-secure.rule=Host(`${ONLYOFFICE_DOMAIN}`)"
      - "traefik.http.routers.office-secure.middlewares=onlyoffice_redirect_http2https_header"
      - "traefik.http.routers.office-secure.service=office-secure"
      - "traefik.http.services.office-secure.loadbalancer.server.port=80"

networks:
  office:
    name: office
    driver: bridge

```

The secret is set in the corresponding .env (value is in Bitwarden)
alongsite the site URL A Json token is used to allow Nextcloud to use
the Onlyoffice service. For the volume part, the cache is set to the SSD
disk to improve performance while the log is sent to regular `/var/log`,
into a directory `documentserver` 

> [!WARNING]
> Beware, a specific Traefik set up needs to be done to avoid the browser
> triggering a mixed content error (Http in Https page)

As
usual, the port 80 is redirected to 443, but also, the header field
contentSecurityPolicy is set to upgrade-insecure-requests in both
routers to force to https protocol!
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9