Connction to Nextcloud, no SSL, no DNS

Hello again.
I have to correct one issue I misinterpreted. It’s about addressing of docker containers. I have stated they can be accessed via their container name. That was a misinterpretation on my behave, because I use the same name for the container as the service itself. The correct info on that is the service name.
In your case, this means for your Nextcloud container it is “app” and not “app-server” and “nginx” instead of “nignx-server”.
There is also an change regarding trusted_proxies in Nextcloud config. Now it it required to be defined with a IP address and optional with a range in CIDR notation. So you need to check your network stack while running the container and use that. Basically you connect to the container console and check the IP it uses (ifconfig). In my case that is for example 172.19.0.3, so I defined 172.19.0.1/32 as trusted_proxies.

If you change ports, you should check your nginx.conf again. I didn’t mention this before, but when you defined an upstream directive you should use it too. So far this was not really breaking anything, but when you changed ports, the correct use of that directive would be:

# Proxy ONLYOFFICE
location /ds-vpath/ {
    rewrite /ds-vpath/(.*) /$1 break;
    # Align protocol with your current configuration, from http to https
    # proxy_pass http://onlyoffice/;
    proxy_pass https://onlyoffice/;
    proxy_redirect off;

So far, you have accomplished nothing changing the port to 81 this way. You simply have made everything worse. You need to rewrite the port inside the documentserver’s configuration, which you probably didn’t. You simply have only exposed port 81 which has no service defined. Your documentserver is still running at port 80.

Your Nextcloud’s config has this defined:

'onlyoffice' => 
  array (
    'DocumentServerUrl' => 'https://192.168.1.228/ds-vpath/',
    'DocumentServerInternalUrl' => 'http://onlyoffice-document-server/',
    'StorageUrl' => 'https://192.168.1.228/',
    'jwt_secret' => 'secret',
  ),

This is an old definition, which is not used anymore. Today this is maintained by the connector app itself. I can’t tell if it is interfering (probably not) but it should not be there in the first place.

I hope you have a better understanding how NC, OO and your reverse proxy are interconnected. Correct usage of hostnames, ports does matter.

One thing I noticed is, that you have no mysql container defined in your compose file. As far as I remember, this is necessary when running nextcloud:fpm docker image. Just something I noticed. But maybe things have changed there.

as I said, it was just last config I’ve tried. With docker compose I can try 10 different versions in 1 hour. I tried port 81, since I found on some forum that is better to set different ports from nextcloud if containers are on the same host. I tried “app-server” instead of IP, same result. I’ve tried different nginx.conf options with https:onlyoffice-document-server and with http.
It has to be something related with ssl, because it works without ssl. I’ve trusted my self-signed certs on all containers, still no results.
It would be nice to know if someone has ever made it work with self-signed certificates for OO-NC connection.

Hello again.
As I told you before, going from a working non-SSL configuration to a SSL configuration is just a matter of minor alteration. Using your own signed certificates does not matter too.
Go back to your working non-SSL configuration, where you are able to connect to your OO-service and also open and edit documents within your NC user-interface.

Since you have everyting set up in docker, you simply set up SSL for your reverse-proxy only. Terminate SSL inside nginx and go from there with http as you have already set up this. It makes no sense to terminate at OO and NC, since everything is handled inside your docker stack and nothing has to be exposed to the host, but only your nginx container.

This is already a proposed strategy you find here in the help section, see for yourself:

proxy2809×155 22.8 KB

It is straight forward and easy to implement. You can also later easily switch to letsencrypt, if you wish to be accessible via your public domain address.
Work with host names already, if you have a local DNS. It’s easier to handle.

ok, finally I succeded connecting onlyoffice to nextcloud with self-signed certs. I changed my setup, I installed nextcloud with snap on one machine, and onlyoffice on docker on another. What was probably the most important, I had to add nextcloud.local,org and onlyoffice.local.org to the hosts file on onlyoffice container.
However there is still some unbelievable problem. I run whole local domain local.org on 192.168.1.0/24 subnet, with windows DC and DNS server. I can use nextcloud with onlyoffice from one windows 11 VM((ip 192.168.1.33) with no problem, but when I run nextcloud with the same user on identical VM (ip 192.168.1.32) from same domain and try to open document, there is error “ONLYOFFICE cannot be reached. Please contact admin”. What is even more strange I can open documents on nextcloud from another computer (ip 192.168.0.201) not connected to the domain and from different subnet which has route to my domain.
Am I missing something???

It was solved by connecting from browser to onlyoffice first. I guess after I accepted to trust certificate on browser, connection was established.

Hello @Ev4ld

I’m glad to know that the solution is found. Thanks to @bermuda for assistance!