search

ONLYOFFICE / DocumentServer

ONLYOFFICE Docs is a free collaborative online office suite comprising viewers and editors for texts, spreadsheets and presentations, forms and PDF, fully compatible with Office Open XML formats: .docx, .xlsx, .pptx and enabling collaborative editing in real time.
https://www.onlyoffice.com
GNU Affero General Public License v3.0
4.62k stars 1.05k forks source link

Behind Traefik v2 #1748

Open fred-gb opened 2 years ago

fred-gb commented 2 years ago

Do you want to request a feature or report a bug? Bug

What is the current behavior? Unable to configure traefik v2 with onlyoffice I can reach the welcome page, but when I try example, I get:

502 Bad Gateway
nginx

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem. My traefik tags:

        "traefik.enable=true",
        "traefik.http.routers.onlyoffice.tls=true",
        "traefik.http.routers.onlyoffice.tls.certresolver=myresolver",
        "traefik.http.routers.onlyoffice.tls.options=mintls12@file",
        "traefik.http.routers.onlyoffice.entrypoints=https",
        "traefik.http.routers.onlyoffice.rule=Host(`office.nextcloud.domain.com`)",

        "traefik.http.middlewares.onlyoffice.redirectscheme.scheme=https",
        "traefik.http.middlewares.onlyoffice.redirectscheme.permanent=true",
        "traefik.http.middlewares.onlyoffice-headers.headers.customResponseHeaders.X-Robots-Tag=none",
        "traefik.http.middlewares.onlyoffice-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000",
        "traefik.http.middlewares.onlyoffice-headers.headers.frameDeny=true",
        "traefik.http.middlewares.onlyoffice-headers.headers.browserXssFilter=true",
        "traefik.http.middlewares.onlyoffice-headers.headers.contentTypeNosniff=true",
        "traefik.http.middlewares.onlyoffice-headers.headers.stsIncludeSubdomains=true",
        "traefik.http.middlewares.onlyoffice-headers.headers.stsPreload=true",
        "traefik.http.middlewares.onlyoffice-headers.headers.stsSeconds=31536000",
        "traefik.http.middlewares.onlyoffice-headers.headers.forceSTSHeader=true",
        "traefik.http.middlewares.onlyoffice-headers.headers.accessControlMaxAge=15552000",
        "traefik.http.middlewares.onlyoffice-headers.headers.customFrameOptionsValue=SAMEORIGIN",
        "traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https",
        "traefik.http.middlewares.onlyoffice-headers.headers.accesscontrolalloworiginlist=*",
        "traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers@consulcatalog",

What is the expected behavior? Passed example and integrate to nextcloud.

Did this work in previous versions of DocumentServer? First install in standalone docker Works with onlyoffice from apps store nextcloud, but I prefer to outsource onlyoffice

DocumentServer version: 7.0.1.37

Operating System: Ubuntu 22.04 Docker version 20.10.15 Nomad 1.2.6 Traefik v2.6.1

Browser version: Firefox 100

🤔

fred-gb commented 2 years ago

Hi,

After many attemps, this is works:

        "traefik.enable=true",
        "traefik.http.routers.onlyoffice.tls=true",
        "traefik.http.routers.onlyoffice.tls.certresolver=myresolver",
        "traefik.http.routers.onlyoffice.tls.options=mintls12@file",
        "traefik.http.routers.onlyoffice.entrypoints=https",
        "traefik.http.routers.onlyoffice.rule=Host(`office.{{ fqdn }}`)",

        "traefik.http.middlewares.onlyoffice-headers.headers.customResponseHeaders.X-Robots-Tag=none",
        "traefik.http.middlewares.onlyoffice-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000",
        "traefik.http.middlewares.onlyoffice-headers.headers.browserXssFilter=true",
        "traefik.http.middlewares.onlyoffice-headers.headers.contentTypeNosniff=true",
        "traefik.http.middlewares.onlyoffice-headers.headers.stsIncludeSubdomains=true",
        "traefik.http.middlewares.onlyoffice-headers.headers.stsPreload=true",
        "traefik.http.middlewares.onlyoffice-headers.headers.stsSeconds=31536000",
        "traefik.http.middlewares.onlyoffice-headers.headers.forceSTSHeader=true",
        "traefik.http.middlewares.onlyoffice-headers.headers.accessControlMaxAge=15552000",

        "traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https",
        "traefik.http.middlewares.onlyoffice-headers.headers.accesscontrolalloworiginlist=*",
        "traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers@consulcatalog",

And find little mistake in volume data path (maybe the root cause)

Hope that can help someone

schklom commented 2 years ago

FYI, it seems that

"traefik.http.middlewares.onlyoffice-headers.headers.accesscontrolalloworiginlist=*",

is not needed, only setting X-Forwarded-Proto is required :P

laxmanpradhan commented 2 months ago

for anyone else that comes looking, the above headers are needed for seafile to be able to use onlyoffice behind traefik. Note the "accesscontrolalloworiginlist=*" line is not needed. the following config worked for me to allow seafile (https://seafile.domain.com) to connect to onlyoffice correctly (https://docs.domain.com).

docker-compose:

  onlyoffice:
    image: onlyoffice/documentserver
    container_name: onlyoffice
    restart: unless-stopped
    networks:
      traefik_proxy:

    #this env_file is only needed if you use portainer to pass environmental vairables
    env_file:
      - ../stack.env
    environment:
      - JWT_ENABLED=true #this is the default and probably not needed, but just in case
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.onlyoffice.entrypoints=websecure"
      - "traefik.http.routers.onlyoffice.rule=Host(`docs.domain.com`)"
      - "traefik.http.routers.onlyoffice.tls=true"
      - "traefik.http.routers.onlyoffice.tls.certresolver=myresolver"
      - "traefik.http.services.onlyoffice.loadbalancer.server.port=80"
      - "traefik.docker.network=traefik_proxy"

      - "traefik.http.middlewares.onlyoffice-headers.headers.customResponseHeaders.X-Robots-Tag=none"
      - "traefik.http.middlewares.onlyoffice-headers.headers.customResponseHeaders.Strict-Transport-Security=max-age=63072000"
      - "traefik.http.middlewares.onlyoffice-headers.headers.browserXssFilter=true"
      - "traefik.http.middlewares.onlyoffice-headers.headers.contentTypeNosniff=true"
      - "traefik.http.middlewares.onlyoffice-headers.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.onlyoffice-headers.headers.stsPreload=true"
      - "traefik.http.middlewares.onlyoffice-headers.headers.stsSeconds=31536000"
      - "traefik.http.middlewares.onlyoffice-headers.headers.forceSTSHeader=true"
      - "traefik.http.middlewares.onlyoffice-headers.headers.accessControlMaxAge=15552000"

      - "traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers"