Hello,
i use the daily Version of ocis with onlyoffice (docker).
But i can’t use onlyoffice to open a word document.
in the logfile is following line:
{"level":"warn","service":"gateway","pkg":"rgrpc","traceid":"00000000000000000000000000000000","error":"error parsing token: token contains an invalid number of segments","time":"2023-03-15T15:07:05.125331188+01:00","message":"access token is invalid"}
{"level":"error","service":"gateway","pkg":"rgrpc","traceid":"00000000000000000000000000000000","user-agent":"grpc-go/1.53.0","from":"tcp://127.0.0.1:36440","uri":"/cs3.storage.registry.v1beta1.RegistryAPI/ListStorageProviders","start":"15/Mar/2023:15:07:05 +0100","end":"15/Mar/2023:15:07:05 +0100","time_ns":178704,"code":"PermissionDenied","time":"2023-03-15T15:07:05.125486858+01:00","message":"unary"}
which token is the problem?
docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------------------------------------------------------------------------------------
ocis_ocis-appprovider-onlyoffice_1 /bin/sh /entrypoint-overri ... Up 9200/tcp
ocis_ocis_1 /bin/sh -c ocis init || tr ... Up 9200/tcp
ocis_onlyoffice_1 /app/ds/run-document-server.sh Up 443/tcp, 80/tcp
ocis_tika_1 /bin/sh -c exec java -cp " ... Up 9998/tcp
ocis_wopiserver_1 /bin/sh /entrypoint-overri ... Up
traefik_web /entrypoint.sh traefik Up 192.168.x.x:443->443/tcp, 192.168.x.x:80->80/tcp, 192.168.x.x:8080->8080/tcp
docker-compose.yml
---
version: "3.9"
services:
ocis:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
user: root
networks:
- "traefik-nw"
logging:
driver: json-file
options:
max-file: '10' # good
max-size: 50m
environment:
TZ: Europe/Berlin
entrypoint:
- /bin/sh
command: ["-c", "ocis init || true; ocis server"]
environment:
OCIS_EVENTS_ENABLE_TLS: "false"
OCIS_URL: "https://${OCIS_DOMAIN:-ocis.owncloud.test}"
OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" # make oCIS less verbose
OCIS_LOG_FILE: "/etc/ocis/ocis.log"
OCIS_JWT_SECRET: "${WOPI_JWT_SECRET:-LoremIpsum567fhrthzghdf}"
OCIS_MACHINE_AUTH_API_KEY: "API_KEY"
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers
OCIS_INSECURE: "${INSECURE:-false}"
# basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
# admin user password
IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
# demo users
IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
NOTIFICATIONS_SMTP_HOST: "192.168.x.x"
NOTIFICATIONS_SMTP_PORT: "25"
NOTIFICATIONS_SMTP_SENDER: "oCIS <noreply@DOMAIN>"
NOTIFICATIONS_SMTP_ENCRYPTION: "tls"
NOTIFICATIONS_SMTP_INSECURE: "false" # the mail catcher uses self signed certificates
# fulltext search
SEARCH_EXTRACTOR_TYPE: tika
SEARCH_EXTRACTOR_TIKA_TIKA_URL: http://tika:9998
volumes:
- "./ocis-config:/etc/ocis"
- "./ocis-data:/var/lib/ocis"
- "/etc/ssl/certs:/etc/ssl/certs:ro"
- "/usr/share/ca-certificates:/usr/share/ca-certificates:ro"
- "/usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=http"
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`,`DOMAIN1`)"
- "traefik.http.routers.ocis.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200" # Traefik dem Proxy-Netzwerk hinzufügen.
- "traefik.http.routers.ocis-ssl.entrypoints=https"
- "traefik.http.routers.ocis-ssl.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`,`DOMAIN1`)"
- "traefik.http.routers.ocis-ssl.tls=true"
- "traefik.http.routers.ocis-ssl.service=ocis-ssl"
- "traefik.http.services.ocis-ssl.loadbalancer.server.port=9200"
- "traefik.docker.network=traefik-nw"
restart: always
traefik:
image: traefik:latest
container_name: traefik_web
restart: always
ports:
- "192.168.x.x:80:80"
- "192.168.x.x:443:443"
- "192.168.x.x:8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./data/conf/traefik.yml:/etc/traefik/traefik.yml:ro"
- "./data/conf/dynamic:/etc/traefik/dynamic:ro"
- "/etc/ssl/certs:/etc/ssl/certs:ro"
- "/usr/share/ca-certificates:/usr/share/ca-certificates:ro"
- "/usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro"
- "./certs:/etc/traefik/certs:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
logging:
driver: json-file
options:
max-file: '10' # good
max-size: 50m
environment:
- "TZ=Europe/Berlin"
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`traefik.DOMAIN1`)"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.services.traefik.loadbalancer.server.port=80"
- "traefik.http.services.traefik.loadbalancer.sticky.cookie.httpOnly=true"
- "traefik.http.services.traefik.loadbalancer.sticky.cookie.secure=true"
- "traefik.docker.network=traefik-nw"
networks:
- "traefik-nw"
security_opt:
- no-new-privileges:true
hostname: traefik
ocis-appprovider-onlyoffice:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
networks:
- "traefik-nw"
user: "0" # needed for apk add in entrypoint script
entrypoint:
- /bin/sh
- /entrypoint-override.sh
#command: app-provider server
environment:
REVA_GATEWAY: ${REVA_GATEWAY:-ocis:9142}
APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164
APP_PROVIDER_EXTERNAL_ADDR: ocis-appprovider-onlyoffice:9164
APP_PROVIDER_JWT_SECRET: "${WOPI_JWT_SECRET:-LoremIpsum567fhrthzghdf}"
APP_PROVIDER_DRIVER: wopi
APP_PROVIDER_WOPI_APP_NAME: OnlyOffice
APP_PROVIDER_WOPI_APP_ICON_URI: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico
APP_PROVIDER_WOPI_APP_URL: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}
APP_PROVIDER_WOPI_INSECURE: "${INSECURE:-false}"
APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}
APP_PROVIDER_WOPI_WOPI_SERVER_IOP_SECRET: "${WOPI_JWT_SECRET:-LoremIpsum567fhrthzghdf}"
APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
volumes:
- "./config/ocis-appprovider-onlyoffice/entrypoint-override.sh:/entrypoint-override.sh"
- "ocis-config:/etc/ocis"
logging:
driver: json-file
options:
max-file: '10' # good
max-size: 50m
restart: always
depends_on:
- onlyoffice
wopiserver:
image: cs3org/wopiserver:${WOPISERVER_DOCKER_TAG:-v9.4.0}
networks:
- "traefik-nw"
entrypoint:
- /bin/sh
- /entrypoint-override.sh
environment:
WOPISERVER_INSECURE: "${INSECURE:-false}"
WOPISECRET: "${WOPI_JWT_SECRET:-LoremIpsum567fhrthzghdf}"
WOPISERVER_DOMAIN: "${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}"
volumes:
- "./config/wopiserver/entrypoint-override.sh:/entrypoint-override.sh"
- "./config/wopiserver/wopiserver.conf.dist:/etc/wopi/wopiserver.conf.dist"
- "wopi-recovery:/var/spool/wopirecovery"
- "/etc/ssl/certs:/etc/ssl/certs:ro"
- "/usr/share/ca-certificates:/usr/share/ca-certificates:ro"
- "/usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.wopiserver.entrypoints=https"
- "traefik.http.routers.wopiserver.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}`)"
- "traefik.http.routers.wopiserver.tls.certresolver=http"
- "traefik.http.routers.wopiserver.service=wopiserver"
- "traefik.http.services.wopiserver.loadbalancer.server.port=8880"
# Traefik dem Proxy-Netzwerk hinzufügen.
- "traefik.docker.network=traefik-nw"
logging:
driver: json-file
options:
max-file: '10' # good
max-size: 50m
restart: always
onlyoffice:
image: onlyoffice/documentserver:7.3.0
networks:
- "traefik-nw"
environment:
WOPI_ENABLED: "true"
USE_UNAUTHORIZED_STORAGE: "${INSECURE:-false}" # self signed certificates
labels:
- "traefik.enable=true"
- "traefik.http.routers.onlyoffice.entrypoints=https"
- "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}`)"
- "traefik.http.routers.onlyoffice.tls.certresolver=http"
- "traefik.http.routers.onlyoffice.service=onlyoffice"
- "traefik.http.services.onlyoffice.loadbalancer.server.port=80"
- "traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.onlyoffice.middlewares=onlyoffice"
- "traefik.docker.network=traefik-nw"
logging:
driver: json-file
options:
max-file: '10' # good
max-size: 50m
restart: always
tika:
image: ${TIKA_IMAGE:-apache/tika:latest-full}
networks:
- "traefik-nw"
logging:
driver: json-file
options:
max-file: '10' # good
max-size: 50m
restart: always
volumes:
ocis-config:
ocis-data:
wopi-recovery:
networks:
traefik-nw:
name: traefik-nw
external: true