Onlyoffice - reverse proxy / cloudflare tunnel

Hi all,

I’ve been trying to set up my onlyoffice / nextcloud integration to be accessible anywhere I go. I’ve figured I’d do this via cloudflare zero trust.

Nextcloud and onlyoffice both run in podman (docker), with internal DNS and subdomains. There was a wildcard SSL applied by the NPM and everything internally worked great!

Tried to expose the onlyoffice document server through zero trust and was stuck with a lot of http/https errors. So I decided to change the onlyoffice document server to https and assign it the wildcard SSL certificates.

Everything appears to be working apart from being able to open a document in the test example screen - I get the error “Download failed. Press “OK” to return…” and when I look at the developer console I get an error that the site is trying to load mixed content, even though I’ve converted everything to https.

Here is the output of the logs;

[2025-04-22T14:39:45.771] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 8; availableParallelism: undefined

[2025-04-22T14:39:45.772] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers


==> /var/log/onlyoffice/documentserver/docservice/err.log <==


==> /var/log/onlyoffice/documentserver/docservice/out.log <==

[2025-04-22T14:38:57.642] [WARN] [localhost] [docId] [userId] nodeJS - notifyLicenseExpiration(): expiration date is not defined

[2025-04-22T14:38:57.789] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.3.3. Build: 18

[2025-04-22T14:39:10.877] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...

[2025-04-22T14:39:10.882] [WARN] [localhost] [docId] [userId] nodeJS - notifyLicenseExpiration(): expiration date is not defined

[2025-04-22T14:39:10.882] [WARN] [localhost] [docId] [userId] nodeJS - notifyLicenseExpiration(): expiration date is not defined

[2025-04-22T14:39:11.004] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.3.3. Build: 18

[2025-04-22T14:39:46.077] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...

[2025-04-22T14:39:46.083] [WARN] [localhost] [docId] [userId] nodeJS - notifyLicenseExpiration(): expiration date is not defined

[2025-04-22T14:39:46.083] [WARN] [localhost] [docId] [userId] nodeJS - notifyLicenseExpiration(): expiration date is not defined

[2025-04-22T14:39:46.215] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.3.3. Build: 18


==> /var/log/onlyoffice/documentserver-example/out.log <==


==> /var/log/onlyoffice/documentserver/metrics/err.log <==


==> /var/log/onlyoffice/documentserver/metrics/out.log <==

22 Apr 14:39:45 - [10965] reading config file: ./config/config.js

22 Apr 14:39:45 - server is up INFO


==> /var/log/onlyoffice/documentserver/nginx.error.log <==

Here is my podman run command;

sudo podman run -i -t -d -p 8007:80 -p 4430:443 --name onlyoffice --dns=10.0.0.254 --add-host=onlyoffice.xyz.co.uk:10.0.0.253 --restart=always -e USE_UNAUTHORIZED_STORAGE=true -e JWT_SECRET=secret -e ONLYOFFICE_HTTPS_HSTS_ENABLED=true -e ONLYOFFICE_HTTPS_HSTS_MAXAGE=31536000 -e SSL_CERTIFICATE_PATH=/var/www/onlyoffice/Data/certs/certificate.crt -e SSL_KEY_PATH=/var/www/onlyoffice/Data/certs/privkey2.pem -e DS_EXTERNAL_URL=https://onlyoffice.xyz.co.uk -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data:Z -u root onlyoffice/documentserver:latest

and here is the error in the developer console;

Blocked loading mixed active content "http://onlyoffice.xyz.co.uk/cache/files/data/2a00_23c6_9d2b_6500__6d1__10.0.0.253__10.88.0.1new.docx1745334495148/Editor.bin/Editor.bin?md5=q_KubxqnDwweJOwyrKp4dA&expires=1747929089&shardkey=2a00_23c6_9d2b_6500__6d1__10.0.0.253__10.88.0.1new.docx1745334495148&filename=Editor.bin"

Just at a bit of a loss now, would love to be able to make this work so I could use nextcloud with onlyoffice self-hosted and just login from work or something.

Any suggestions are really welcome!

Hello @alexjonfinch
Please reproduce the issue and provide us with entire document server logs folder (docservice and converter folders).

Everything appears to be working apart from being able to open a document in the test example screen

Do you mean the integrated example (https://domain_name/example/)? What about the Nextcloud integration? Is the issue reproducible there too?

and here is the error in the developer console;

Blocked loading mixed active content "http://onlyoffice.xyz.co.uk/cache/files/data/2

It seems some content is still served over the http protocol. If so, the mixed content error is expected behavior. Please take a look at proxy sample configs and compare them with your one:

Hi Alexandre,

Thanks for your response, I think the issue is the podman command as I’m forcing the container to use internal DNS rather than external DNS and the traffic is being routed over http internally.

However, I’ve decided to go a different route (which I’m still working on as I can’t quite get it work) is using tailscale to access my network from outside my network and using MagicDNS/Split DNS so I can still access everything internally.

This topic can be closed, thank you