Hi,

thank you for your help.

##Required for OnlyOffice Document Server and Seafile

map $http_x_forwarded_proto $the_scheme {
        default $http_x_forwarded_proto;
        "" $scheme;
    }

map $http_x_forwarded_host $the_host {
        default $http_x_forwarded_host;
        "" $host;
    }

map $http_upgrade $proxy_connection {
        default upgrade;
        "" close;
    }

server {
..... SSL Part

server_tokens off;

proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

## OnlyOffice Subfolder
	location /onlyofficeds/ {

	# THIS ONE IS IMPORTANT ! - Trailing slash !
	proxy_pass http://lan_ip_address/;

	proxy_http_version 1.1;
	client_max_body_size 100; # Limit Document size to 100MB
	proxy_read_timeout 3600s;
	proxy_connect_timeout 3600s;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $proxy_connection;

	# THIS ONE IS IMPORTANT ! - Subfolder and NO trailing slash !
	proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;

	proxy_set_header X-Forwarded-Proto $the_scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
}

As per the Manual do you need

IMPORTANT ! - Trailing slash !

      proxy_pass http://127.0.0.1:88/;

rather than just

proxy_pass http://lan_ip_address/;

in the OnlyOffice Subfolder block?

It depends where the docker container is running. What port is the docker container running on? Why does the reverse proxy have to be on another host?

Hi,

thank you for your answers.

The docker container for the Only Office Document Server is running on port 80. I have an nginx server as a central reverse proxy server running for several services.

The manual recommends port 88 just for the reason that the nginx reverse proxy is running in the same container/vm as the Seafile Server.

Seafile Server, Only Office and nginx are running in its own docker container. All are in the same LAN and “lan_ip_address” stands for the IP address of the OnlyOffice LAN IP address.

Does anybody see a general error in the configuration? It is only altered regarding the port of the Only Office Dcument Server. I tried with port 88. But I got the same result.

Thank you for your help.

Hi,

I tried port 88 and port 80 and both times I could see the Only Office Document server running.

Please try all connection scenarios with nmap and check routes to see if routing works properly.
I guess you are running your containers in a dedicated network, otherwise it’s a serious security flaw.

Hi,

the routing works. Thank you for the hint.

I got curious what exactly you mean by security flaw? Thank you for your help.

Typo here?

client_max_body_size 100; # Limit Document size to 100MB

Should be:

client_max_body_size 100M; # Limit Document size to 100MB

Sorry, I don’t follow. Can you clarify this for me?

Are you saying that Nginx, Seafile and OnlyOffice are running in their own container? I was imagining a plain vanilla setup where Nginx/Seafile were collocated with a Docker container running OnlyOffice DS. Is that what you’re running?

On the other hand, are you running the OODS Docker container on another host on the network?

This was still not corrected on the manual? \o/

Hi,

nginx, seafile and only office are running in their own containers. nginx is not included in the plain vanilla docker seafile.
All docker containers are in the same network on the same host.

Thank you for your help.

thank you for pointing that out. I corrected this in the config.

Would you mind, for completeness, putting up the Onlyoffice-related parts of seahub_settings.py that you are using? -Thanks

Have you tried using the Developer Tools (Web Console; Javascript Console) in your web browser(s) to detect the error in the link? In diagnosing blank pages from the Seafile-OODS integration I found many instances of https CallBack errors and other resultant 404 pages. It might be useful in your case to pin point where the error is originating.

Here is a little background on the Callback and the transactions between OODS and server from the OwnCloud/NextCloud perspective. It seems the OwnCloud folks have the same problems integrating OODS as the Seafile folks.

# Enable Only Office
ENABLE_ONLYOFFICE = True
VERIFY_ONLYOFFICE_CERTIFICATE = True
ONLYOFFICE_APIJS_URL = 'https://seafile.domain.com/onlyofficeds/web-apps/apps/api/documents/api.js'
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'rtf')
ONLYOFFICE_EDIT_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt')

“seafile.domain.com” is substituted with my domain.

Thank you for your help.

I will have a look into it and report.

Thank you for your help.

Seahub_settings.py looks fine to me.

This might be pretty far out but OnlyOffice Tech Support suggested I try:

/ds-vpath/web-apps/apps/api/documents/api.js

instead of

/web-apps/apps/api/documents/api.js

No explanation was given but maybe you can give it a try.

Another thing, if DNS is an issue with your setup, like maybe you’re running a test server on a captive network or perhaps there’s a firewall issue, you can spin-up the oods container with a specified DNS server.

Default (uses Google 8.8.8.8):

docker run -dit -p 88:80 --restart always --name oods onlyoffice/documentserver

Specifying DNS (e.g. 80.80.80.80):

docker run -dit -p 88:80 --dns=80.80.80.80 --restart always --name oods onlyoffice/documentserver

More on configuring Docker containers can be found here.

Hi,

thank you for your help.

It works. Finally.

I changed following “client_max_body_size 100M; # Limit Document size to 100MB” in the nginx configuration file. The missing M . and the specified DNS Server got it working.

The M is also very important for getting the Print Function working correctly.

Thank you all for your hints and help.

But I would still like to know from @DerDanilo where he sees a security flaw.

As I understood your setup initially, you run all services on their instances in plain http. The reverse proxy then provides SSL hence encrypts the traffic.
Since you don’t run a special DMZ or SERVICE LAN all clients that have access to your LAN can read unencrypted traffic. That’s the security flaw I ment.
Either encrypt traffic already on the LAN layer or have a special network only for those services.

Could you place the settings to make it work please. I ran docker to seafile, mysql, memcached each in a different container and it works. But when trying with an onlyoffice container, it reads me well when I put domain: 88 but then when I configure nginx to read as a subfolder it doesn’t listen anymore. Another problem is that when I restart the seafile container or it simply dies, I lose the nginx configuration.