I’m encountering an issue when trying to access and edit documents via OnlyOffice behind a Traefik reverse proxy. When attempting to edit a document, the page remains blank, and I observe the following error in the browser console:
Mixed Content: The page at 'https://bureautique-dsfm.onecert.fr/Products/Files/DocEditor.aspx?fileid=2' was loaded over HTTPS, but requested an insecure frame 'http://_/ds-vpath/8.1.0-169/web-apps/apps/documenteditor/main/index.html?_dc=8.1.0-169&lang=fr-FR&customer=ONLYOFFICE&headerlogo=http%3A%2F%2F_%2Fskins%2Fdefault%2Fimages%2Flogo%2Feditor_logo_general.png&headerlogodark=http%3A%2F%2F_%2Fskins%2Fdefault%2Fimages%2Flogo%2Feditor_logo_general.png&type=desktop&frameEditorId=iframeEditor&isForm=false&parentOrigin=https://bureautique-xxx.fr&uitheme=default-light&fileType=docx'. This request has been blocked; the content must be served over HTTPS.
Additionally, I’m seeing errors in Doc space Page on the browser console:
https://bureautique-xxx.fr/socketio/socket.io/?EIO=3&transport=polling&t=P22zFm_&sid=v3CZ
WebSocket connection to 'wss://bureautique-xxx.fr/socketio/socket.io/?EIO=3&transport=websocket&sid=v3CZQgQ8Jdsn6shMAAAA' failed: WebSocket is closed before the connection is established.
Steps to reproduce:
- Access OnlyOffice via the secure URL (
https://bureautique-xxx.fr
).
- Attempt to edit an existing document.
- Observe the blank page and errors mentioned in the browser console.
DocSpace version: Used Docker Compose Enterprise (GitHub - ONLYOFFICE/Docker-CommunityServer: Collaborative system for managing documents, projects, customer relations and emails in one place) with latest images
Additional information:
- Traefik reverse proxy configuration for OnlyOffice:
labels:
- traefik.enable=true
- traefik.http.routers.onlyoffice-community-server-http.rule=Host(`bureautique-xxx.fr`)
- traefik.http.routers.onlyoffice-community-server-http.entrypoints=web
- traefik.http.routers.onlyoffice-community-server-http.middlewares=onlyoffice-redirectregex
- traefik.http.routers.onlyoffice-community-server-https.rule=Host(`bureautique-xxx.fr`)
- traefik.http.routers.onlyoffice-community-server-https.entrypoints=websecure
- traefik.http.routers.onlyoffice-community-server-https.tls=true
- traefik.http.routers.onlyoffice-community-server-https.middlewares=onlyoffice-redirectregex
- traefik.http.services.onlyoffice-community-server-service.loadbalancer.server.scheme=https
- "traefik.http.middlewares.onlyoffice-redirectregex.redirectregex.regex=^http://(.*)"
- "traefik.http.middlewares.onlyoffice-redirectregex.redirectregex.replacement=https://$1"
- "traefik.http.middlewares.onlyoffice-redirectregex.redirectregex.permanent=true"
Attachments:
- No attachments at the moment, but I can provide screenshots or additional logs if needed.
Hello @gschneller
As I can see you’ve installed Workspace, please note that DocSpace is different product. If I misunderstand, please correct me.
In general, Workspace is already relies on proxy to pass requests between containers. That said, we do not have any examples on how to configure reverse proxy, so I’m afraid we cannot guarantee stable work of the portal in such environment.
By the way, I was informed that you’ve also contacted us via Zendesk. Please stick to the discussion there to get prompt replies.
Yes, I installed Workspace Enterprise, For my problem, I found this issue: OnlyOffice uses HTTP instead of HTTPS in browser requests (reverse proxy) · Issue #2186 · ONLYOFFICE/DocumentServer · GitHub.
Is there any architecture documentation that describes the role and exchanges of onlyoffice-community-server, onlyoffice-elasticsearch, onlyoffice-document-server, onlyoffice-mail-server and onlyoffice-control-panel
Thank
Please do not confuse Workspace and Document Server, these are different products. Mentioned GitHub issue is related to Document Server in particular.
Unfortunately, there is no such documentation.
Here’s my solution
-
with two domain names,
- one for the community server and
-
the other for the document server:
-
Patch for onlyoffice-community-server Nginx Configuration
To prevent the set_header X-Forwarded-For $proxy_add_x_forwarded_for;
from positioning an underscore in the requests and to force the server_name
to the target domain name, patch the Nginx configuration of onlyoffice-community-server see the docker-compose modifications:
-
Excerpt from docker-compose.yml
onlyoffice-community-server:
entrypoint:
- "bash"
- "-c"
- |
echo "SET bureautique-dsfm.onecert.fr as s/server_name"
sed -i 's/server_name _;/server_name bureautique-dsfm.onecert.fr;/g' /etc/nginx/sites-available/default
sed -i 's/server_name _;/server_name bureautique-dsfm.onecert.fr;/g' /etc/nginx/includes/onlyoffice-communityserver-common-ssl.conf.template
/app/run-community-server.sh
command: []
labels:
- traefik.enable=true
- traefik.http.routers.onlyoffice-community-server-http.rule=Host(`bureautique.xxx.fr`)
- traefik.http.routers.onlyoffice-community-server-http.entrypoints=web
- traefik.http.routers.onlyoffice-community-server-https.rule=Host(`bureautique.xxx.fr`)
- traefik.http.routers.onlyoffice-community-server-https.entrypoints=websecure
- traefik.http.routers.onlyoffice-community-server-https.tls=true
- traefik.http.services.onlyoffice-community-server-service.loadbalancer.passhostheader=true
- "traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.onlyoffice-community-server-http.middlewares=onlyoffice-headers"
onlyoffice-document-server:
labels:
- traefik.enable=true
- traefik.http.routers.onlyoffice-document-server-http.rule=Host(`document.xxx.fr`)
- traefik.http.routers.onlyoffice-document-server-http.entrypoints=web
- traefik.http.routers.onlyoffice-document-server-https.rule=Host(`document.xxx.fr`)
- traefik.http.routers.onlyoffice-document-server-https.entrypoints=websecure
- traefik.http.routers.onlyoffice-document-server-https.tls=true
- traefik.http.middlewares.force_https.headers.customRequestHeaders.X-Forwarded-Proto=https
- traefik.http.routers.onlyoffice-document-server-https.middlewares=force_https
That’s awesome. Thank you for sharing your solution with the community!