Do you want to: Ask a how-to question
Document Server version: 7.3
Type of installation of the Document Server (docker, deb/rpm, exe): docker
OS: Ubuntu 22.04
Browser version: Firefox latest and Chrome latest
Hi, i installed a nextcloud docker container behind NGINX Proxy Manager, with custom location “/” that points to nextcloud container.
On the same server, i have another container running onlyoffice-documentserver and i would like to be reached via https://nextclouddomain/onlyoffice/, but i cannot get this thing to work.
Have you got any advices regarding npm and onlyoffice?
Sorry, we have no experience with Nginx Proxy Manager. I’d recommend searching if it is possible to manually create configuration files there to use our examples.
Thought this would have fixed the problem. It did not yet completely solve the issues. In my configuration, it will connect once, then the next connection results again in a 502.
Please make sure the value for proxy_pass should have a trailing slash:
Thanks for mentioning @Alexandre - I’ve been working on the topic in this week with AI support from Claude to figure out what was going wrong. Unfortunately, no final solution yet, but the trailing slash and correct forwarding helped in narrowing down other wrong paths.
The current symptom is that when either service (onlyoffice or NPM) is restarted, exactly 1 connection is correct, then all others fail and result in the 502 error.
I’ve tried the following:
Rollback 5 versions of OnlyOffice to rule out that it was a setting related to ‘docker source’:latest issue, which has bitten me before with restarting the docker server.
Adjust settings, one by one, in NPM for the domain
Enabling/disabling HTTP
Reissuing certificates
Change domainnames
Further adjust the reverse proxy settings
Further change the Nextcloud bridge settings (i.e. local addresses)
Adjust network name and IP range for Docker
Adjust settings according to the suggestions by Claude.ai, which at one point worked as long as it was internal forwarding. Then, after one additional round of tinkering, the setting was bad again.
See the discussion and more detailed settings as mentioned attached.
To do:
Adjust the system to not use NPM (i.e. port forwarding on the firewall) which is something that I would like to avoid, hence the reverse proxy.
My guess is that it is something quite ‘simple’ such as the trailing slash, but then also somewhere else in the settings. I think it is like this, as when JWT is disabled, the page buildup is blazingly fast (0,2s), but with JWT it takes up to 5 seconds. This seems like something resolves badly, ends and then falls back to default. link to Claude.ai chat
(edit: relinked the image, as it seems to fall out of bounds)
Hello @artens
Could you please reproduce the situation and collect the Document Server logs folder? For Docker, it’s located here: /app/onlyoffice/DocumentServer/logs/documentserver/
Additionally, please describe your proxy setup as detailed as possible. So far, it is unclear what specific settings you have configured.
Unsure what happened - tried to start 8.3.0.1 today - that did not work. RabbitMQ and other services failing.
Reverting to 8.2 Docker image with plain vanilla settings in NPM and disabled JWT resulted in running flawlessly. Not touching the setup now for some time.
Understood, but I still do believe that we need to check the situation on the latest version of Document server. Once it’s possible, please prepare whole server backup\snapshot > update the installation to v.8.3 and double-check the situation.
Hello there,
this is how a valid reserve-proxy config should look like when using nginx and running onlyoffice as a subfolder-setup:
#
# location "onlyoffice" is the chosen subfolder name in this example
#
location /onlyoffice {
return 301 $scheme://$http_host/onlyoffice/;
}
location /onlyoffice/ {
#
# "onlyoffice" is also the name of the docker-container,
# it runs on port 443 and is not exposed to the outside world,
# it should be on the same network as the nginx-proxy-container,
# meaning a ping from proxy "ping onlyoffice" should reach and
# resolve to the internal IP of the docker network-stack
#
proxy_pass https://onlyoffice:443/;
proxy_set_header X-Forwarded-Server $host;
proxy_http_version 1.1;
client_max_body_size 10M;
proxy_read_timeout 3600s;
proxy_connect_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Host $http_host/onlyoffice;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
}
location /onlyoffice/ds-vpath/ {
rewrite /onlyoffice/ds-vpath/(.*) /$1 break;
#
# same as above, onloffice resolves to the container running OnlyOffice
#
proxy_pass https://onlyoffice:443/;
proxy_redirect off;
client_max_body_size 10M;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host/onlyoffice/ds-vpath;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
}
The name of the container is “onlyoffice” and also the subfolder is named “onlyoffice”. One can easily adjust that to their own naming scheme. Onlyoffice is then reachable on:
https://mydomain.xyz/onlyoffice
And yes, everything matters … a missing backslash can make the difference.
Well, it seems things have improved somehow.
Just to test and try, I’ve created another container, with it’s own port and address. Used another domain with plain vanilla settings. Adjusted settings in Nextcloud activating the JWT secret as well, et voilá, “Succcessfully updated (version 8.3.1.25)”.
The only remark is that the JWT key instructions have two separate approaches - the one in the welcome screen did not work for me, the one in the logs did:
" sudo docker exec /var/www/onlyoffice/documentserver/npm/json -f /etc/onlyoffice/documentserver/local.json ‘services.CoAuthoring.secret.session.string’ " resulted in an error - " json: error: undefined
The one which worked:
JWT is enabled by default. A random secret is generated automatically. Run the command “docker exec sudo documentserver-jwt-status.sh” to get information about JWT.
Thank you @bermuda for your contribution!
Also thank you @artens for checks!
It seems all things are OK at the moment. Please feel free to contact us if you face any issues.
… a missing backslash can make the difference.