I have been trying to get my nextcloud AIO docker install to connect to my docker OnlyOffice server. This issue comes down to Nextcloud and OnlyOffice requiring the fullchain cert to speak back and forth.
This video describes what I’m talking about (not the whole video but it links right to the time). I asked:
“What do you mean when you say that Nextcloud will throw an error if it isnt using the full chain? I’m getting that error but have no idea how to diagnose it”
to which the author responded:
" Certificates rely on a chain of trust from a known root certificate down to yours. There may be one or more intermediate certificates in this chain e.g. Root > Inter1 > Inter2 > YourCert. If Nextcloud cannot trace your certificate back to a trusted root it will fail. To make sure it can work its way back through the chain to the root you can provide the list of chained certificates in a single certificate file. Id you open this “full chain” file in a text editor you will see multiple certificates in it. "
The Swag docs state:
(More secure) Mount the SWAG folder etc that resides under /config in other containers (ie. -v /path-to-swag-config/etc:/swag-ssl) and in the other containers, use the cert location /swag-ssl/letsencrypt/live/<your.domain.url>/ (This is more secure because the first method shares the entire SWAG config folder with other containers, including the www files, whereas the second method only shares the ssl certs)
So I understand how to link the swag info into the OO container, but I’m not sure how to get the OO container to use that data.
The OnlyOffice Docker docs state:
-ONLYOFFICE_HTTPS_HSTS_ENABLED: Advanced configuration option for turning off the HSTS configuration. Applicable only when SSL is in use. Defaults to true.
-ONLYOFFICE_HTTPS_HSTS_MAXAGE: Advanced configuration option for setting the HSTS max-age in the onlyoffice nginx vHost configuration. Applicable only when SSL is in use. Defaults to 31536000.
-SSL_CERTIFICATE_PATH: The path to the SSL certificate to use. Defaults to /var/www/onlyoffice/Data/certs/tls.crt.
-SSL_KEY_PATH: The path to the SSL certificate's private key. Defaults to /var/www/onlyoffice/Data/certs/tls.key.
-SSL_DHPARAM_PATH: The path to the Diffie-Hellman parameter. Defaults to /var/www/onlyoffice/Data/certs/dhparam.pem.
-SSL_VERIFY_CLIENT: Enable verification of client certificates using the CA_CERTIFICATES_PATH file. Defaults to false
How would I point OnlyOffice to my nextcloud using the mounting variables mentioned above?
Any help would be great, thank you!