Having trouble setting up SSL

[ReSummit]

I'm having some trouble setting up the Certbot with the docker. I'm not quite sure how to get the certificates for the Nextcloud and the OnlyOffice servers or integrate the certificates such that a client can connect with https. How can the SSL certificates be implemented?

[Mart1250]

I have the same issue, I am going to try it with the following solution, it works with letsencrypt and a proxy: https://github.com/nextcloud/docker/tree/master/.examples

Offcourse I need to modify it so it includes onlyoffice. I will let you know if I figured it out.

EDIT: It would be nice if the creators created an example that makes use of letsencrypt. SSL is mandatory nowadays.

[aguestuser]

strong agree!!!!

i have been working for a couple days now to try to reconcile the setup in this repo with a setup that works with letsencrypt (provided here: https://blog.ssdnodes.com/blog/installing-nextcloud-docker/)

BUT: it is difficult, because:

1. the letsencrypt-compliant solution relies on a different version of the nextcloud docker image (specifically, this repo uses nextcloud:fpm whereas the LE-compliant setup uses nextcloud:latest -- ie: the one that starts up with apache2 as the startup command, not php-fpm).
2. the LE-compliant solution also relies on a different version of nginx (specifically: nginx-proxy) which it needs in order to use docker-letsencrypt-nginx-proxy-companion to write to the nginx conf file
3. likely as a result of the fpm incompatibility, the format of the nginx files expected by the nginx-proxy-companion (no main context, server directives wrapped inside of an http directive) differ drastically from those used in this repo, such that my attempts to insert directives from your nginx.conf file into the nginx.tmpl file used to generate the nginx configurations expected by LE fail (both when trying to run against nextcloud:latest and nextcloud:fpm
4. in all cases when trying to run any instance of this stack with nextcloud:fpm against nginx-proxy, i get an nginx 500 error when trying to connect to /

[aguestuser]

a clue! i think this setup with fpm and letsencrypt looks promising for resolving the issues above:

https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml

thanks to @Mart1250 for pointing to the examples section of the repo! will try it out and post back if i can get it working!

[Mart1250]

I have been able to get a working setup, but... Not really... Nextcloud works with https and onlyoffice is running in a container. I installed the onlyoffice app and have been able to connect to it with: http://onlyoffice-document-server/ Then you get the "
Settings have been successfully updated" notice. But when i create a file and open it then i am getting the notice: "ONLYOFFICE cannot be reached. Please contact admin". That is very sad unfortunately. I think it's a port issue, but have not been able to get it work right now. I will post a link with my config soon.

[Mart1250]

Here is the config: https://github.com/Mart1250/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml

Be aware, that I have changed the nextcloud storage location. I have removed the nextcloud volume in the nextcloud volume-section (at the end of the file) and used my own path. Offcourse you can change this back. Just set a SQL rootpassword and enter your host and email in the web section to satisfy letsencrypt.

Make sure to edit the db.env file too.

NOTE: Onlyoffice still doesnt work as it should.

EDIT: The ports 8000 and 8080 listed are not required. I am testing what is the cause.

EDIT: Don't know what i have done wrong, but i am now having the 500 error. Even after pruning everything from docker...

[aguestuser]

@Mart1250 ... working on a setup that almost works...

i can spin up nextcloud and onlyoffice just fine, and i can do the first step of creating a document, but then i get an odd error message that looks like this:

[aguestuser]

here is my docker-compose:
https://0xacab.org/team-friendo/nextcloud/blob/only-office/playbooks/files/docker-compose.yml

[aguestuser]

i am guessing that the trick seems to be getting the .nginx.conf file that is mounted into the web container correct...

i am working on mashing up this conf from the official docker example repo:
https://0xacab.org/team-friendo/nextcloud/blob/only-office/playbooks/files/nginx.conf.UPSTREAM

with this file from the onlyoffice repo we are posting in:
https://0xacab.org/team-friendo/nextcloud/blob/only-office/playbooks/files/nginx.conf.ME

currently i have this, which yields the above results:
https://0xacab.org/team-friendo/nextcloud/blob/only-office/playbooks/files/nginx.conf

[aguestuser]

curious, do any of the maintainers have an idea as to the error that might be causing the above state?

here is a message from the logs produced when the above modals appear:

[2019-02-07T16:47:33.564] [ERROR] nodeJS - postData error: docId = 697948913;url = http://nextcloud-proxy/apps/onlyoffice/track?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmaWxlSWQiOjIwMywib3duZXJJZCI6InN1YmNvbWFuZGFudGUiLCJ0b2tlbiI6bnVsbCwiYWN0aW9uIjoidHJhY2sifQ.0Y6_igpE0OyhAx97bciyTM0cZ_CZjAVOsFlfC1PqtT4;data = {"key":"697948913","status":1,"users":["<REDACTED>"],"actions":[{"type":1,"userid":"<REDACTED>"}]}
Error: Error response: statusCode:503 ;body:
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body bgcolor="white">
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/1.14.1</center>
</body>
</html>

    at Request._callback (/var/www/onlyoffice/documentserver/server/Common/sources/utils.js:283:18)
    at Request.self.callback (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:185:22)
    at emitTwo (events.js:126:13)
    at Request.emit (events.js:214:7)
    at Request.<anonymous> (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:1161:10)
    at emitOne (events.js:116:13)
    at Request.emit (events.js:211:7)
    at IncomingMessage.<anonymous> (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:1083:12)
    at Object.onceWrapper (events.js:313:30)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:139:11)
    at process._tickCallback (internal/process/next_tick.js:181:9)

``

[aguestuser]

perhaps @alexeybannov ? or @LinneyS

[Mart1250]

Nice work! I was thinking too about those 2 files. Especially with that piece that talks about "/ds-vpath/ ". I didn't touch it because I thought I could just use the containername 'onlyoffice-document-server' to connect. The set_configuration.sh is useless then indeed. But good work, I have to admit that i don't really understand those 2 configs.

[Mart1250]

The errors in the screenshot seems from the same nature. I am wondering if the port 8000 should be exposed, because the documentserver is listening on that port. Haven't got succes with it anyway.

I will try your compose file tomorrow.

[aguestuser]

@Mart1250 : good news! i figured out the problem. the working solution has 2 nginx proxies (one for the entire stack and handle ssl termination, nextcloud-proxy, and one to proxy pass between nextcloud and onlyoffice, nextcloud-web).

the configure.sh script in this repo only had to reason about 1 proxy, but the updated version needs to pick correctly between the two proxies when specifiying (a) what the storageUrl will be and (b) what hostname will be added to trusted domains.

in the failed solution linked above, i mistakenly provided the top-level proxy (nextcloud-proxy) for both (which did not work), instead of providing the mid-level proxy (nextcloud-web). having fixed that... it's up and running!

[aguestuser]

here are links to working config files:

• docker-compose: https://0xacab.org/team-friendo/nextcloud/blob/master/files/docker-compose.yml
• nginx.conf: https://0xacab.org/team-friendo/nextcloud/blob/master/files/nginx.conf
• configure.sh: https://0xacab.org/team-friendo/nextcloud/blob/master/files/configure.sh

[aguestuser]

would maintainers be willing to offer some variation on this as a PR?

[Mart1250]

@aquestuser Nice job! Ok, didn't know about 2 proxies. Just thought there is one, the one called proxy in the compose file. I'm going to try it, but I have one question. I see you changed the files
so it is using environment variables. What is your 'docker-compose up - d' start command? Also I see in the configure.sh a $idx, $1 and $host should I worry about those? Are those given with the start command?

[aguestuser]

@Mart1250 sorry to take so long in responding!

i refactored to use an env file for environment variables. (just one for the whole setup). here is an example version of that file:

https://0xacab.org/team-friendo/nextcloud/blob/master/files/.env.example

as for the other variables, they are all local variables and the configure.sh script knows how to assign them based on env var values.

(in particular, $host is assigned $1, which is just the first argument to the append_trusted_host function. we call that function twice... once with $NEXTCLOUD_HOSTNAME and once with nextcloud-web -- where the latter is given by our docker-compose file. $idx is just a temporary placeholder for the value in the php array that stores our trusted domains that we want to overwrite in each call to append_trusted_host)

[Mart1250]

No problem. Thanks for your clarification @aguestuser! :)

[jorge-aparicio]

@aguestuser Hi I know its been quite a while since you worked on these files but I'm getting this error when running configure.sh after running docker compose.

Error while trying to create admin user: Failed to connect to the database: An exception occurred in driver: SQLSTATE[HY000] [1045] Access denied for user 'nextcloud'@'172.19.0.4' (using password: YES)
Could I have entered a value in the .env file wrong or something. Based on some research it seems nextcloud should be connecting at localhost not the ip listed above. Any idea whether this is the problem and how I could fix it?
I would really appreciate it you or anyone else in the thread whos tried your solution could help me out.

[LinneyS]

As indicated in the instructions, the set_configuration.sh must be run after passing the wizard.

[jorge-aparicio]

Hi thanks for the response. How do I get to the wizard using @aguestuser 's compose file? I went to the ip address of the server and could not find the nextcloud instance?

[CarlOnlyoffice]

Hello @jorge-aparicio,
We haven't tested this compose file so I'd recommend contacting @aguestuser

[aguestuser]

@jorge-aparicio hi! happy to try to help troubleshoot! but likely not until this weekend. admttedly i am a bit rusty on the ins and outs of these config scripts! :)

[fabremartin]

Did any of you managed to do it properly ? Thanks
The 3 files didn't seems to work for me...