Collabora CODE / Nextcloud / Traefik 反向代理通过 docker-compose 出现混合内容错误
Mixed content error with Collabora CODE / Nextcloud / Traefik reverse proxy via docker-compose
我正在尝试通过 docker-compose 安装 Collabora CODE 和 Nextcloud。此部署似乎一切正常 运行,但每当我尝试访问 Collabora CODE 编辑器时,我都会收到以下“混合内容”错误:
Blocked loading mixed active content “http://docs.example.com/loleaflet/44a46d7/loleaflet.html?WOPISrc=https%3A%2F%2Fnc.example.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F13_oceqjdia3g5g&title=Welcome%20to%20Nextcloud%20Hub.docx&lang=en&closebutton=1&revisionhistory=1”
我认为问题出在我传递给 Collabora 图像的 "extra_params=--o:ssl.enable=false" 环境变量上,但我无法让 Collabora 在启用 SSL 的情况下工作。
有谁知道是否有办法强制 Collabora 始终使用 HTTPS 响应?
如有任何帮助,我们将不胜感激。明确地说,我只想在以下解决方案的框架内通过 docs.example.org 的 HTTPS 访问 Collabora CODE:
version: '3.3'
services:
traefik:
image: traefik:latest
restart: always
container_name: "traefik"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=bandi@qodex.cc"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
networks:
- web
- internal
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- "./letsencrypt:/letsencrypt"
- /var/run/docker.sock:/var/run/docker.sock
nc_db:
image: mariadb
restart: always
container_name: "nextcloud-db"
volumes:
- nc_db:/var/lib/mysql
env_file:
- nc_secrets.env
labels:
- "traefik.enable=false"
networks:
- internal
collabora:
image: collabora/code
restart: unless-stopped
container_name: "collabora-app"
expose:
- "9980"
environment:
- domain=docs.example.com
- username=admin
- password=admin
- "SLEEPFORDEBUGGER=0"
- "extra_params=--o:ssl.enable=false"
cap_add:
- MKNOD
labels:
- "traefik.enable=true"
- "traefik.http.routers.collabora.tls=true"
- "traefik.http.routers.collabora.rule=Host(`docs.example.com`)"
- "traefik.http.services.collabora.loadbalancer.server.port=9980"
- "traefik.http.routers.collabora.tls.certresolver=myresolver"
networks:
- web
nextcloud:
image: nextcloud
restart: always
container_name: "nextcloud-app"
labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.tls=true"
- "traefik.http.routers.nextcloud.rule=Host(`nc.example.com`)"
- "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
links:
- nc_db
volumes:
- nextcloud:/var/www/html
env_file:
- nc_secrets.env
networks:
- web
- internal
wordpress:
image: wordpress
restart: always
container_name: "wordpress-app"
links:
- wp_db
labels:
- "traefik.enable=true"
- "traefik.http.routers.wordpress.tls=true"
- "traefik.http.routers.wordpress.rule=Host(`example.com`)"
- "traefik.http.routers.wordpress.tls.certresolver=myresolver"
env_file:
- wp_secrets.env
volumes:
- wordpress:/var/www/html
networks:
- web
- internal
wp_db:
image: mysql:5.7
restart: always
container_name: "wordpress-db"
env_file:
- wp_secrets.env
volumes:
- wp_db:/var/lib/mysql
labels:
- "traefik.enable=false"
networks:
- internal
volumes:
wp_db:
wordpress:
nextcloud:
nc_db:
networks:
internal:
external: false
web:
external: true
在此先感谢您的帮助/想法。
设法解决了我自己的问题。 Collabora 的配置文件中有一个未记录的选项:
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>
我还必须从主机上的文件中读取 loolwsl.xml 参数,因为结果证明我作为环境变量传递的参数没有在容器中处理。 Collabora 的最终 docker-compose 条目:
collabora:
image: collabora/code
restart: unless-stopped
container_name: "collabora-app"
expose:
- "9980"
environment:
- domain=nc.example.com
- server_name=docs.example.com
cap_add:
- MKNOD
labels:
- "traefik.enable=true"
- "traefik.http.routers.collabora.tls=true"
- "traefik.http.routers.collabora.rule=Host(`docs.example.com`)"
- "traefik.http.services.collabora.loadbalancer.server.port=9980"
- "traefik.http.routers.collabora.tls.certresolver=myresolver"
volumes:
- ./loolwsd.xml:/etc/loolwsd/loolwsd.xml
networks:
- web
主机上的loolwsd.xml文件中需要设置以下两个参数:
<ssl desc="SSL settings">
<enable type="bool" desc="Controls whether SSL encryption between browser and loolwsd is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>
这将允许您通过反向代理(在本例中为 Traefik)提供的 SSL 使用 Collabora。
我正在尝试通过 docker-compose 安装 Collabora CODE 和 Nextcloud。此部署似乎一切正常 运行,但每当我尝试访问 Collabora CODE 编辑器时,我都会收到以下“混合内容”错误:
Blocked loading mixed active content “http://docs.example.com/loleaflet/44a46d7/loleaflet.html?WOPISrc=https%3A%2F%2Fnc.example.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F13_oceqjdia3g5g&title=Welcome%20to%20Nextcloud%20Hub.docx&lang=en&closebutton=1&revisionhistory=1”
我认为问题出在我传递给 Collabora 图像的 "extra_params=--o:ssl.enable=false" 环境变量上,但我无法让 Collabora 在启用 SSL 的情况下工作。
有谁知道是否有办法强制 Collabora 始终使用 HTTPS 响应?
如有任何帮助,我们将不胜感激。明确地说,我只想在以下解决方案的框架内通过 docs.example.org 的 HTTPS 访问 Collabora CODE:
version: '3.3'
services:
traefik:
image: traefik:latest
restart: always
container_name: "traefik"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=bandi@qodex.cc"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
networks:
- web
- internal
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- "./letsencrypt:/letsencrypt"
- /var/run/docker.sock:/var/run/docker.sock
nc_db:
image: mariadb
restart: always
container_name: "nextcloud-db"
volumes:
- nc_db:/var/lib/mysql
env_file:
- nc_secrets.env
labels:
- "traefik.enable=false"
networks:
- internal
collabora:
image: collabora/code
restart: unless-stopped
container_name: "collabora-app"
expose:
- "9980"
environment:
- domain=docs.example.com
- username=admin
- password=admin
- "SLEEPFORDEBUGGER=0"
- "extra_params=--o:ssl.enable=false"
cap_add:
- MKNOD
labels:
- "traefik.enable=true"
- "traefik.http.routers.collabora.tls=true"
- "traefik.http.routers.collabora.rule=Host(`docs.example.com`)"
- "traefik.http.services.collabora.loadbalancer.server.port=9980"
- "traefik.http.routers.collabora.tls.certresolver=myresolver"
networks:
- web
nextcloud:
image: nextcloud
restart: always
container_name: "nextcloud-app"
labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.tls=true"
- "traefik.http.routers.nextcloud.rule=Host(`nc.example.com`)"
- "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
links:
- nc_db
volumes:
- nextcloud:/var/www/html
env_file:
- nc_secrets.env
networks:
- web
- internal
wordpress:
image: wordpress
restart: always
container_name: "wordpress-app"
links:
- wp_db
labels:
- "traefik.enable=true"
- "traefik.http.routers.wordpress.tls=true"
- "traefik.http.routers.wordpress.rule=Host(`example.com`)"
- "traefik.http.routers.wordpress.tls.certresolver=myresolver"
env_file:
- wp_secrets.env
volumes:
- wordpress:/var/www/html
networks:
- web
- internal
wp_db:
image: mysql:5.7
restart: always
container_name: "wordpress-db"
env_file:
- wp_secrets.env
volumes:
- wp_db:/var/lib/mysql
labels:
- "traefik.enable=false"
networks:
- internal
volumes:
wp_db:
wordpress:
nextcloud:
nc_db:
networks:
internal:
external: false
web:
external: true
在此先感谢您的帮助/想法。
设法解决了我自己的问题。 Collabora 的配置文件中有一个未记录的选项:
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>
我还必须从主机上的文件中读取 loolwsl.xml 参数,因为结果证明我作为环境变量传递的参数没有在容器中处理。 Collabora 的最终 docker-compose 条目:
collabora:
image: collabora/code
restart: unless-stopped
container_name: "collabora-app"
expose:
- "9980"
environment:
- domain=nc.example.com
- server_name=docs.example.com
cap_add:
- MKNOD
labels:
- "traefik.enable=true"
- "traefik.http.routers.collabora.tls=true"
- "traefik.http.routers.collabora.rule=Host(`docs.example.com`)"
- "traefik.http.services.collabora.loadbalancer.server.port=9980"
- "traefik.http.routers.collabora.tls.certresolver=myresolver"
volumes:
- ./loolwsd.xml:/etc/loolwsd/loolwsd.xml
networks:
- web
主机上的loolwsd.xml文件中需要设置以下两个参数:
<ssl desc="SSL settings">
<enable type="bool" desc="Controls whether SSL encryption between browser and loolwsd is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>
这将允许您通过反向代理(在本例中为 Traefik)提供的 SSL 使用 Collabora。