I have spent an embarrassing amount of time trying to resolve this issue. I am running Nginx Proxy Manager and have not had any problems with it until around the start of October. Until then I was using the default settings in Nginx Proxy Manager proxied to OnlyOffice. I am using a wildcard SSL cert from Let's Encrypt with DNS challenge through DigitalOcean.
This is my docker-compose.yml for the OnlyOffice Document Server:
# ------------------------------------------------------------------------------
# OnlyOffice
#
# use port 80 with Nginx Proxy Manager
# ------------------------------------------------------------------------------
version: "3"
services:
onlyoffice:
container_name: onlyoffice
domainname: mydomain.tdl
environment:
- JWT_ENABLED=true
- JWT_SECRET=anAmazingSecretThatWillBlowYourMind
- WOPI_ENABLED=true
hostname: onlyoffice
image: onlyoffice/documentserver
networks:
proxy_network:
aliases:
- onlyoffice
restart: unless-stopped
volumes:
- ./config/onlyoffice/app:/var/lib/onlyoffice
- ./config/onlyoffice/data:/var/www/onlyoffice/Data
- ./config/onlyoffice/fonts:/usr/share/fonts/truetype/custom
- ./config/onlyoffice/log:/var/log/onlyoffice
- ./config/onlyoffice/postgresql:/var/lib/postgresql
- ./config/onlyoffice/rabbitmq:/var/lib/rabbitmq
- ./config/onlyoffice/redis:/var/lib/redis
networks:
proxy_network:
external: true
And this is my Nginx Proxy Manager docker-compose.yml file:
# ------------------------------------------------------------------------------
# Nginx Proxy Manager
#
# use port 81 with Nginx Proxy Manager
# ------------------------------------------------------------------------------
version: "3"
services:
nginxproxymanager:
container_name: nginxproxymanager_app
depends_on:
- mariadb-aria
domainname: mydomain.tdl
environment:
- DB_MYSQL_HOST=nginxproxymanager_db
- DB_MYSQL_PORT=3306
- DB_MYSQL_USER=nginxproxymanager_user
- DB_MYSQL_PASSWORD=TheMostSecurePas5w0rd
- DB_MYSQL_NAME=nginxproxymanager_db
- DISABLE_IPV6=true
hostname: nginxproxymanager_app
image: jc21/nginx-proxy-manager
networks:
default:
aliases:
- nginxproxymanager_app
macvlan_network:
aliases:
- nginxproxymanager
ipv4_address: www.xxx.yyy.zzz
proxy_network:
aliases:
- nginxproxymanager
restart: unless-stopped
volumes:
- ./config/data:/data
- ./config/letsencrypt:/etc/letsencrypt
mariadb-aria:
container_name: nginxproxymanager_db
domainname: mydomain.tdl
environment:
- MYSQL_ROOT_PASSWORD=EvenM0reSecurePas5w0rd
- MYSQL_DATABASE=nginxproxymanager_db
- MYSQL_USER=nginxproxymanager_user
- MYSQL_PASSWORD=TheMostSecurePas5w0rd
hostname: nginxproxymanager_db
image: jc21/mariadb-aria
networks:
default:
aliases:
- nginxproxymanager_db
restart: unless-stopped
volumes:
- /cache/nginxproxymanager/mariadb-aria:/var/lib/mysql
networks:
default:
macvlan_network:
external: true
proxy_network:
external: true
This is the default Nginx Proxy Manager CONF file that is generated with the settings I have been using:
# ------------------------------------------------------------
# onlyoffice.mydomain.tdl
# ------------------------------------------------------------
server
{
set $forward_scheme http;
set $server "onlyoffice";
set $port 80;
listen 80;
#listen [::]:80;
listen 443 ssl http2;
#listen [::]:443;
server_name onlyoffice.mydomain.tdl;
# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-4/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-4/privkey.pem;
# Asset Caching
include conf.d/include/assets.conf;
# Block Exploits
include conf.d/include/block-exploits.conf;
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security "max-age=63072000;includeSubDomains; preload" always;
# Force SSL
include conf.d/include/force-ssl.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
access_log /data/logs/proxy-host-44_access.log proxy;
error_log /data/logs/proxy-host-44_error.log warn;
location /
{
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security "max-age=63072000;includeSubDomains; preload" always;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
# Proxy!
include conf.d/include/proxy.conf;
}
# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
If I remove the SSL cert from the Proxy Host entry for OnlyOffice in Nginx Proxy Manager it works as expected. I have watched Spaceinvader One's YouTube video among others on the topic and have not been able to resolve this issue. I have added every additional parameter I have come across, including the ones Spaceinvader One has in his example Nginx config in all combinations that I can think of.
I am including this screenshot of the error I am currently receiving when attempting to access the example editor in Google Chrome. I get this error, or the editor just does not load at all. I also experience these errors in other browsers as well.
When attempting to use the OnlyOffice connector in NextCloud, it is unable to connect and displays this message:
I am hoping someone could point me in the right direction or offer assistance because I honestly have no idea where else to look and am on pages 4 and 5 of my Google searches looking for answers.
I switched from using the SWAG container by linuxserver.io to Nginx Proxy Manager in January because I am not always around and it is a lot easier for me to talk someone through how to do something on the server when I am not around if it has a GUI.
Thank you for your time.
After taking some time away from this problem I came back to it tonight. After updating all the containers involved I added the following lines to the Nginx Proxy Manager Custom locations field:
resolver 127.0.0.11 valid=30s;
proxy_redirect off;
proxy_set_header X-Forwarded-Host $server_name;
And everything seems to be working as expected now.