Docker - compose seafile + onlyoffice - onlyoffice - must be only in the seafile-net network - without outputting ports - tell me how to do it?

Seafile Server
#1

here is an instruction on how to link only office - without taking it to the local network - but only in docker sits on the same network as seafile - and everything goes through nginx

my example is docker compose

version: '2.0'
services:
  db:
    image: mariadb:10.11
    container_name: seafile-mysql
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=db_dev  # Requested, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - /home/paha/seadoc/opt/seafile-mysql/db:/var/lib/mysql  # Requested, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net

  memcached:
    image: memcached:1.6.18
    restart: unless-stopped
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net
          
  seafile:
    image: seafileltd/seafile-mc:latest
    restart: unless-stopped
    container_name: seafile
    ports:
      - "80:80"
#     - "443:443"  # If https is enabled, cancel the comment.
    volumes:
      - /home/paha/seadoc/opt/seafile-data:/shared   # Requested, specifies the path to Seafile data persistent store.
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=db_dev  # Requested, the value should be root's password of MySQL service.
      - TIME_ZONE=Asia/Yekaterinburg  # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - SEAFILE_ADMIN_EMAIL=123@123.ru # Specifies Seafile admin user, default is 'me@example.com'.
      - SEAFILE_ADMIN_PASSWORD=123     # Specifies Seafile admin password, default is 'asecret'.
      - SEAFILE_SERVER_LETSENCRYPT=false   # Whether to use https or not.
      - SEAFILE_SERVER_HOSTNAME=docker.loc # Specifies your host name if https is enabled.
    depends_on:
      - db
      - memcached
    networks:
      - seafile-net
  oods:
    image: onlyoffice/documentserver:latest
    restart: unless-stopped
    container_name: seafile-oods
   # ports:
    #  - "88:80"
    volumes:
      - /home/paha/seadoc/opt/seafile-oods/DocumentServer/logs:/var/log/onlyoffice
      - /home/paha/seadoc/opt/seafile-oods/DocumentServer/data:/var/www/onlyoffice/Data
      - /home/paha/seadoc/opt/seafile-oods/DocumentServer/lib:/var/lib/onlyoffice
      - /home/paha/seadoc/opt/seafile-oods/DocumentServer/local-production-linux.json:/etc/onlyoffice/documentserver/local-production-linux.json
    networks:
      - seafile-net
    environment:
      - JWT_ENABLED=true
      - JWT_SECRET=your-secret-string

networks:
  seafile-net:

Add this to seafile.nginx.conf

    server {
    listen 80;
    server_name docker.loc;
#    server_tokens off;


#server {
#    listen 443 ssl;
#    server_name docker.loc;

    location /onlyofficeds/ {
        proxy_pass http://oods/;
        proxy_http_version 1.1;
        client_max_body_size 100M;
        proxy_read_timeout 3600s;
        proxy_connect_timeout 3600s;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $proxy_connection;
        proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;
        proxy_set_header X-Forwarded-Proto $the_scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

but the files for office in seafile do not open in only office - an empty page

yes, if I output the port, it will work
, but I don’t want to output onlyoffice to the local network

only seafile goes to the real network
and communicates with the oods(onlyoffice) service inside the seafile-net docker network:

#2

I think it would help if you shared your whole seafile.nginx.conf (are the maps $the_host defined?)

I remember however, that I had change the suggested header like this
proxy_set_header X-Forwarded-Proto https; (instead of $the_scheme).

This is because I’m using traefik as a reverse proxy to handle https, and not nginx built in to the container.

#3

manual. seafile. com / docker/pro-edition/deploy_onlyoffice_with_docker/#add-onlyoffice-to-docker-composeyml

link - you need to add https

here is the instruction - I used it

but traeffic - it is needed to proxy traffic from the docker to the Internet or the local network - outside

#4 
# -*- mode: nginx -*-
# Auto generated at 09/19/2023 14:21:47
server {
listen 80;
server_name docker.loc;

    client_max_body_size 10m;

    location / {
        proxy_pass http://127.0.0.1:8000/;
        proxy_read_timeout 310s;
        proxy_set_header Host $host;
        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection "";
        proxy_http_version 1.1;

        client_max_body_size 0;
        access_log      /var/log/nginx/seahub.access.log seafileformat;
        error_log       /var/log/nginx/seahub.error.log;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_request_buffering off;
        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }

    location /notification/ping {
        proxy_pass http://127.0.0.1:8083/ping;
        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    }

    location /notification {
        proxy_pass http://127.0.0.1:8083/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    }

    location /seafdav {
        proxy_pass         http://127.0.0.1:8080;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_read_timeout  1200s;
        client_max_body_size 0;

        access_log      /var/log/nginx/seafdav.access.log seafileformat;
        error_log       /var/log/nginx/seafdav.error.log;
    }

    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }

}

# Required for only office document server
map $http_x_forwarded_proto $the_scheme {
    default $http_x_forwarded_proto;
    "" $scheme;
}
map $http_x_forwarded_host $the_host {
    default $http_x_forwarded_host;
    "" $host;
}
map $http_upgrade $proxy_connection {
    default upgrade;
    "" close;
}
server {
    listen 80;

    location /onlyofficeds/ {
        proxy_pass http://oods/;
        proxy_http_version 1.1;
        client_max_body_size 100M;
        proxy_read_timeout 3600s;
        proxy_connect_timeout 3600s;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $proxy_connection;
        proxy_set_header X-Forwarded-Host docker.loc/onlyofficeds;
        proxy_set_header X-Forwarded-Proto $the_scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

seafile.nginx.conf

#5

Not sure what you are trying to say with this post… Can you make complete sentences, and formulate questions?

Are you using https at all? Currently your docker-compose.yml has https enabled. Are you using another reverse proxy to handle https?

If you are using another reverse proxy, you need to change proxy_set_header X-Forwarded-Proto $the_scheme; to proxy_set_header X-Forwarded-Proto https;, since nginx does not know about the fact that you are using https.

#6

1 - this is a test deployment, I only use http
2 - in the future I’m going to use an external proxy server
3 - https : / / manual . seafile . com / docker/pro-edition/deploy_onlyoffice_with_docker/#add-onlyoffice-to-docker-composeyml - the point is not to take the docker seafile-oods out of the network
4 - I achieved the desired result - if I use the ip address - onlyoffice began to open the file

but I don 't understand why he can 't by domain
and I don 't understand what is hidden in the instructions in …

and I wanted to clarify if I wrote seafile.nginx.conf correctly and seahub_settings.py

docker-compose

version: '2.0'
services:
  seafile-mysql:
    image: mariadb:10.11
    container_name: seafile-mysql
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=db_dev  # Requested, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - /home/paha/seadoc/opt/seafile-mysql/db:/var/lib/mysql  # Requested, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net

  seafile-memcached:
    image: memcached:1.6.18
    restart: unless-stopped
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net
          
  seafile:
    image: seafileltd/seafile-mc:latest
    restart: unless-stopped
    container_name: seafile
    ports:
      - "80:80"
#     - "443:443"  # If https is enabled, cancel the comment.
    volumes:
      - /home/paha/seadoc/opt/seafile-data:/shared   # Requested, specifies the path to Seafile data persistent store.
    environment:
      - DB_HOST=seafile-mysql
      - DB_ROOT_PASSWD=db_dev  # Requested, the value should be root's password of MySQL service.
      - TIME_ZONE=Asia/Yekaterinburg  # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - SEAFILE_ADMIN_EMAIL=123@123.ru # Specifies Seafile admin user, default is 'me@example.com'.
      - SEAFILE_ADMIN_PASSWORD=123     # Specifies Seafile admin password, default is 'asecret'.
      - SEAFILE_SERVER_LETSENCRYPT=false   # Whether to use https or not.
      - SEAFILE_SERVER_HOSTNAME=docker.loc # Specifies your host name if https is enabled.
    depends_on:
      - seafile-mysql
      - seafile-memcached
    networks:
      - seafile-net
  seafile-oods:
    image: onlyoffice/documentserver:latest
    restart: unless-stopped
    container_name: seafile-oods
    volumes:
      - /home/paha/seadoc/opt/seafile-oods/DocumentServer/logs:/var/log/onlyoffice
      - /home/paha/seadoc/opt/seafile-oods/DocumentServer/data:/var/www/onlyoffice/Data
      - /home/paha/seadoc/opt/seafile-oods/DocumentServer/lib:/var/lib/onlyoffice
      - /home/paha/seadoc/opt/seafile-oods/DocumentServer/local-production-linux.json:/etc/onlyoffice/documentserver/local-production-linux.json
    networks:
      - seafile-net
    environment:
      - JWT_ENABLED=true
      - JWT_SECRET=your-secret-string

networks:
  seafile-net:

seafile.nginx.conf

# Required for only office document server
map $http_x_forwarded_proto $the_scheme {
    default $http_x_forwarded_proto;
    "" $scheme;
}
map $http_x_forwarded_host $the_host {
    default $http_x_forwarded_host;
    "" $host;
}
map $http_upgrade $proxy_connection {
    default upgrade;
    "" close;
}
server {
    listen 80;
    server_name 192.168.88.8;

    location /onlyofficeds/ {
        proxy_pass http://seafile-oods/;
        proxy_http_version 1.1;
        client_max_body_size 100M;
        proxy_read_timeout 3600s;
        proxy_connect_timeout 3600s;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $proxy_connection;
        proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;
        proxy_set_header X-Forwarded-Proto $the_scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

seahub_settings.py

# OnlyOffice
ENABLE_ONLYOFFICE = True
VERIFY_ONLYOFFICE_CERTIFICATE = True
ONLYOFFICE_APIJS_URL = 'http://192.168.88.8/onlyofficeds/web-apps/apps/api/documents/api.js'
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt',
'fodt', 'odp', 'fodp', 'ods', 'fods')
ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx')
ONLYOFFICE_JWT_SECRET = 'your-secret-string'

I previously used a domain name - and onlyoffice didn’t open

now I use the ip address and opens onlyoffice files from seafile

image
image684×510 33.8 KB

it is unclear why the domain name does not work ?

is the config correct now at least with the ip address seafile.nginx.conf seahub_settings.py ?

what is in the instructions - … ?