Collabora CODE / Nextcloud / Traefik 反向代理通过 docker-compose 出现混合内容错误

Mixed content error with Collabora CODE / Nextcloud / Traefik reverse proxy via docker-compose

我正在尝试通过 docker-compose 安装 Collabora CODE 和 Nextcloud。此部署似乎一切正常 运行,但每当我尝试访问 Collabora CODE 编辑器时,我都会收到以下“混合内容”错误:

Blocked loading mixed active content “http://docs.example.com/loleaflet/44a46d7/loleaflet.html?WOPISrc=https%3A%2F%2Fnc.example.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F13_oceqjdia3g5g&title=Welcome%20to%20Nextcloud%20Hub.docx&lang=en&closebutton=1&revisionhistory=1”

我认为问题出在我传递给 Collabora 图像的 "extra_params=--o:ssl.enable=false" 环境变量上,但我无法让 Collabora 在启用 SSL 的情况下工作。

有谁知道是否有办法强制 Collabora 始终使用 HTTPS 响应?

如有任何帮助,我们将不胜感激。明确地说,我只想在以下解决方案的框架内通过 docs.example.org 的 HTTPS 访问 Collabora CODE:

version: '3.3'

services:

  traefik:
    image: traefik:latest
    restart: always
    container_name: "traefik"
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=bandi@qodex.cc"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"

    networks:
      - web
      - internal
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - "./letsencrypt:/letsencrypt"
      - /var/run/docker.sock:/var/run/docker.sock

  nc_db:
    image: mariadb
    restart: always
    container_name: "nextcloud-db"
    volumes:
      - nc_db:/var/lib/mysql
    env_file:
      - nc_secrets.env
    labels:
      - "traefik.enable=false"
    networks:
      - internal

  collabora:
    image: collabora/code
    restart: unless-stopped
    container_name: "collabora-app"
    expose:
      - "9980"
    environment:
      - domain=docs.example.com
      - username=admin
      - password=admin
      - "SLEEPFORDEBUGGER=0"
      - "extra_params=--o:ssl.enable=false"
    cap_add:
      - MKNOD
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.collabora.tls=true"
      - "traefik.http.routers.collabora.rule=Host(`docs.example.com`)"
      - "traefik.http.services.collabora.loadbalancer.server.port=9980"
      - "traefik.http.routers.collabora.tls.certresolver=myresolver"
    networks:
      - web

  nextcloud:
    image: nextcloud
    restart: always
    container_name: "nextcloud-app"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nextcloud.rule=Host(`nc.example.com`)"
      - "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
    links:
      - nc_db
    volumes:
      - nextcloud:/var/www/html
    env_file:
      - nc_secrets.env
    networks:
      - web
      - internal

  wordpress:
    image: wordpress
    restart: always
    container_name: "wordpress-app"
    links:
      - wp_db
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.wordpress.tls=true"
      - "traefik.http.routers.wordpress.rule=Host(`example.com`)"
      - "traefik.http.routers.wordpress.tls.certresolver=myresolver"
    env_file:
      - wp_secrets.env
    volumes:
      - wordpress:/var/www/html
    networks:
      - web
      - internal

  wp_db:
    image: mysql:5.7
    restart: always
    container_name: "wordpress-db"
    env_file:
      - wp_secrets.env
    volumes:
      - wp_db:/var/lib/mysql
    labels:
      - "traefik.enable=false"
    networks:
      - internal

volumes:
  wp_db:
  wordpress:
  nextcloud:
  nc_db:

networks:
  internal:
    external: false
  web:
    external: true

在此先感谢您的帮助/想法。

设法解决了我自己的问题。 Collabora 的配置文件中有一个未记录的选项:

<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>

我还必须从主机上的文件中读取 loolwsl.xml 参数,因为结果证明我作为环境变量传递的参数没有在容器中处理。 Collabora 的最终 docker-compose 条目:

  collabora:
    image: collabora/code
    restart: unless-stopped
    container_name: "collabora-app"
    expose:
      - "9980"
    environment:
      - domain=nc.example.com
      - server_name=docs.example.com
    cap_add:
      - MKNOD
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.collabora.tls=true"
      - "traefik.http.routers.collabora.rule=Host(`docs.example.com`)"
      - "traefik.http.services.collabora.loadbalancer.server.port=9980"
      - "traefik.http.routers.collabora.tls.certresolver=myresolver"
    volumes:
      - ./loolwsd.xml:/etc/loolwsd/loolwsd.xml
    networks:
      - web

主机上的loolwsd.xml文件中需要设置以下两个参数:

    <ssl desc="SSL settings">
        <enable type="bool" desc="Controls whether SSL encryption between browser and loolwsd is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>
        <termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>

这将允许您通过反向代理(在本例中为 Traefik)提供的 SSL 使用 Collabora。