I have OwnCloud running in a container behind haproxy. haproxy terminates ssl. OwnCloud itself seems to work just fine without any addition configuration (at least with the limited testing I’ve performed.)
Now I want to set up OnlyOffice. So I put it in it’s own container, on the same network as OwnCloud. Once I got everything started I tried to configure OwnCloud via the “ONLYOFFICE Document Service Location…” form. I set the OnlyOffice hostname to the name of the container.
When I try that, a yellow error message pops up and disappears before I can read it, and in my docker logs I see this:
cloud_mysite_onlyoffice | ==> /var/log/onlyoffice/documentserver/converter/out.log <==
cloud_mysite_onlyoffice | [2021-04-04T17:47:48.695] [ERROR] nodeJS - error downloadFile:url=http://test.cloud.mysite.blah/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.8mnIWnQj8xOcCUQBISpXUN5iL2eOEsZr4y6VsZjWsJw;attempt=1;code:UNABLE_TO_GET_ISSUER_CERT_LOCALLY;connect:null;(id=conv_check_1921902834_docx)
cloud_mysite_onlyoffice | Error: unable to get local issuer certificate
cloud_mysite_onlyoffice | at TLSSocket.onConnectSecure (_tls_wrap.js:1058:34)
cloud_mysite_onlyoffice | at TLSSocket.emit (events.js:198:13)
cloud_mysite_onlyoffice | at TLSSocket._finishInit (_tls_wrap.js:636:8)
It looks like the OnlyOffice container is trying to connect to my OwnCloud public url on http. Is that what is happening?
If so, then haproxy is redirecting the request to https. And OnlyOffice either can’t handle the redirect, or is hitting my custom CA cert and can’t verify it. (It’s a test environment, so I have a step-ca instance to make https testing easier.)
Which brings me to the subject of this topic. Is there a way to tell the OnlyOffice container to use the docker hostname instead of the public url?
Specifically with the onlyoffice/documentserver:latest
image.
I’d prefer that, to rebuilding the image with my custom ca enabled. Running things as out of the box as possible is usually a good idea.
For the record, here is my docker-compose file. I use environment variables and Ansible to keep track of my containers. (The jury is still out on if it’s really better that way than using Kube or something else…)
version: "3.7"
networks:
customnetwork:
external: True
volumes:
cloud_mysite_db_data:
external: true
cloud_mysite_files_data:
external: true
cloud_mysite_backup_data:
external: true
cloud_mysite_redis_data:
external: true
cloud_mysite_onlyoffice_data:
external: true
cloud_mysite_onlyoffice_logs:
external: true
secrets:
dbhost:
file: ./secrets/dbhost
dbname:
file: ./secrets/dbname
dbpass:
file: ./secrets/dbpass
dbport:
file: ./secrets/dbport
dbuser:
file: ./secrets/dbuser
dbrootpass:
file: ./secrets/dbrootpass
services:
cloud_mysite_owncloud:
image: owncloud/server:10.7
container_name: cloud_mysite_owncloud
restart: always
env_file:
- ./secrets/oc_dbhost
- ./secrets/oc_dbname
- ./secrets/oc_dbpass
- ./secrets/oc_dbuser
- ./secrets/ownadmin
- ./secrets/ownpass
- ./secrets/redishost
environment:
- OWNCLOUD_DOMAIN=test.cloud.ramblingreagans.com
- OWNCLOUD_DB_TYPE=mysql
- OWNCLOUD_MYSQL_UTF8MB4=true
- OWNCLOUD_REDIS_ENABLED=true
healthcheck:
test: ["CMD", "/usr/bin/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- type: volume
source: cloud_mysite_files_data
target: /mnt/data
networks:
customnetwork:
ipv4_address: "${CLOUD_MYSITE_HOST_CONT_IP}"
ports:
- "${CLOUD_MYSITE_HOST_LOCAL_BIND_IP}:${CLOUD_MYSITE_HOST_PORT}:${CLOUD_MYSITE_CONT_PORT}"
depends_on:
- cloud_mysite_db
- cloud_mysite_redis
cloud_mysite_db:
image: library/mariadb:10
container_name: cloud_mysite_db
restart: always
volumes:
- type: volume
source: cloud_mysite_db_data
target: /var/lib/mysql
- type: volume
source: cloud_mysite_backup_data
target: /var/lib/backup
secrets:
- dbname
- dbpass
- dbuser
- dbrootpass
environment:
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/dbrootpass
- MYSQL_USER_FILE=/run/secrets/dbuser
- MYSQL_PASSWORD_FILE=/run/secrets/dbpass
- MYSQL_DATABASE_FILE=/run/secrets/dbname
healthcheck:
test: ["CMD", "/usr/bin/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
networks:
customnetwork:
ipv4_address: "${CLOUD_MYSITE_DB_HOST_CONT_IP}"
ports:
- "${CLOUD_MYSITE_DB_HOST_LOCAL_BIND_IP}:${CLOUD_MYSITE_DB_HOST_PORT}:${CLOUD_MYSITE_DB_CONT_PORT}"
cloud_mysite_redis:
image: library/redis:latest
container_name: cloud_mysite_redis
restart: always
environment:
- REDIS_DATABASES=1
healthcheck:
test: ["CMD", "/usr/bin/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- type: volume
source: cloud_mysite_redis_data
target: /var/lib/redis
networks:
customnetwork:
ipv4_address: "${CLOUD_MYSITE_REDIS_HOST_CONT_IP}"
ports:
- "${CLOUD_MYSITE_REDIS_HOST_LOCAL_BIND_IP}:${CLOUD_MYSITE_REDIS_HOST_PORT}:${CLOUD_MYSITE_REDIS_CONT_PORT}"
cloud_mysite_onlyoffice:
image: onlyoffice/documentserver:latest
container_name: cloud_mysite_onlyoffice
restart: always
stdin_open: true
tty: true
volumes:
- type: volume
source: cloud_mysite_redis_data
target: /var/lib/redis
- type: volume
source: cloud_mysite_onlyoffice_data
target: /var/www/onlyoffice/Data
- type: volume
source: cloud_mysite_onlyoffice_logs
target: /var/log/onlyoffice
networks:
customnetwork:
ipv4_address: "${CLOUD_MYSITE_ONLYOFFICE_HOST_CONT_IP}"
ports:
- "${CLOUD_MYSITE_ONLYOFFICE_HOST_LOCAL_BIND_IP}:${CLOUD_MYSITE_ONLYOFFICE_HOST_PORT}:${CLOUD_MYSITE_ONLYOFFICE_CONT_PORT}"