Blame
| a5dbc9 | admin | 2025-09-03 14:24:35 | 1 | # OnlyOffice |
| 2 | ||||
| 3 | > [!NOTE] |
|||
| 4 | > For Nextcloud |
|||
| 5 | ||||
| 6 | The Onlyoffice server is set as a docker service, for |
|||
| 7 | [office.happyngreen.fr](https://office.happyngreen.fr)(the link send to |
|||
| 8 | a information page as it is not designed for direct access). |
|||
| 9 | ||||
| 10 | ## Docker Compose |
|||
| 11 | ||||
| 12 | Here is the present docker compose file used to drive the service. The |
|||
| 13 | setup is minimum to only support Nextcloud (No DB...) |
|||
| 14 | ||||
| 15 | ``` yaml |
|||
| 16 | services: |
|||
| 17 | onlyoffice-document-server: |
|||
| 18 | image: onlyoffice/documentserver:latest |
|||
| 19 | container_name: onlyoffice-document-server |
|||
| 20 | restart: always |
|||
| 21 | environment: |
|||
| 22 | JWT_ENABLED: "true" |
|||
| 23 | JWT_SECRET: ${ONLYOFFICE_JWT_SECRET} |
|||
| 24 | JWT_HEADER: Authorization |
|||
| 25 | JWT_IN_BODY: "true" |
|||
| 26 | volumes: |
|||
| 27 | - /mnt/data/office/Data:/var/www/onlyoffice/Data |
|||
| 28 | - /var/log:/var/log/onlyoffice |
|||
| 29 | - /var/cache/onlyoffice:/var/lib/onlyoffice/documentserver/App_Data/cache |
|||
| 30 | networks: |
|||
| 31 | - office |
|||
| 32 | labels: |
|||
| 33 | - "traefik.enable=true" |
|||
| 34 | - "traefik.docker.network=office" |
|||
| 35 | - "traefik.http.routers.office.entrypoints=web" |
|||
| 36 | - "traefik.http.routers.office.rule=Host(`${ONLYOFFICE_DOMAIN}`)" |
|||
| 37 | # Workaround a bug in OnlyOffice, see the issue tracker: https://github.com/ONLYOFFICE/DocumentServer/issues/2186 |
|||
| 38 | - "traefik.http.middlewares.onlyoffice_redirect_http2https_header.headers.contentSecurityPolicy=upgrade-insecure-requests" |
|||
| 39 | - "traefik.http.routers.office.middlewares=onlyoffice_redirect_http2https_header,redirect-to-https@docker" |
|||
| 40 | - "traefik.http.routers.office-secure.entrypoints=web-secure" |
|||
| 41 | - "traefik.http.routers.office-secure.rule=Host(`${ONLYOFFICE_DOMAIN}`)" |
|||
| 42 | - "traefik.http.routers.office-secure.middlewares=onlyoffice_redirect_http2https_header" |
|||
| 43 | - "traefik.http.routers.office-secure.service=office-secure" |
|||
| 44 | - "traefik.http.services.office-secure.loadbalancer.server.port=80" |
|||
| 45 | ||||
| 46 | networks: |
|||
| 47 | office: |
|||
| 48 | name: office |
|||
| 49 | driver: bridge |
|||
| 50 | ||||
| 51 | ``` |
|||
| 52 | ||||
| 53 | The secret is set in the corresponding .env (value is in Bitwarden) |
|||
| 54 | alongsite the site URL A Json token is used to allow Nextcloud to use |
|||
| 55 | the Onlyoffice service. For the volume part, the cache is set to the SSD |
|||
| 56 | disk to improve performance while the log is sent to regular `/var/log`, |
|||
| 57 | into a directory `documentserver` |
|||
| 58 | ||||
| 59 | > [!WARNING] |
|||
| 60 | > Beware, a specific Traefik set up needs to be done to avoid the browser |
|||
| 61 | > triggering a mixed content error (Http in Https page) |
|||
| 62 | ||||
| 63 | As |
|||
| 64 | usual, the port 80 is redirected to 443, but also, the header field |
|||
| 65 | contentSecurityPolicy is set to upgrade-insecure-requests in both |
|||
| 66 | routers to force to https protocol! |