如何配置 Nginx 代理管理器来代理 OnlyOffice Document Server Docker 容器?
How do I configure Nginx Proxy Manager to proxy an OnlyOffice Document Server Docker container?
我花了很多时间来解决这个问题。我是 运行 Nginx 代理管理员,直到 10 月初左右才遇到任何问题。在那之前,我一直使用代理到 OnlyOffice 的 Nginx 代理管理器中的默认设置。我正在使用来自 Let's Encrypt 的通配符 SSL 证书,通过 DigitalOcean 进行 DNS 挑战。
这是我的 docker-compose.yml 的 OnlyOffice 文档服务器:
# ------------------------------------------------------------------------------
# OnlyOffice
#
# use port 80 with Nginx Proxy Manager
# ------------------------------------------------------------------------------
version: "3"
services:
onlyoffice:
container_name: onlyoffice
domainname: mydomain.tdl
environment:
- JWT_ENABLED=true
- JWT_SECRET=anAmazingSecretThatWillBlowYourMind
- WOPI_ENABLED=true
hostname: onlyoffice
image: onlyoffice/documentserver
networks:
proxy_network:
aliases:
- onlyoffice
restart: unless-stopped
volumes:
- ./config/onlyoffice/app:/var/lib/onlyoffice
- ./config/onlyoffice/data:/var/www/onlyoffice/Data
- ./config/onlyoffice/fonts:/usr/share/fonts/truetype/custom
- ./config/onlyoffice/log:/var/log/onlyoffice
- ./config/onlyoffice/postgresql:/var/lib/postgresql
- ./config/onlyoffice/rabbitmq:/var/lib/rabbitmq
- ./config/onlyoffice/redis:/var/lib/redis
networks:
proxy_network:
external: true
这是我的 Nginx 代理管理器 docker-compose.yml 文件:
# ------------------------------------------------------------------------------
# Nginx Proxy Manager
#
# use port 81 with Nginx Proxy Manager
# ------------------------------------------------------------------------------
version: "3"
services:
nginxproxymanager:
container_name: nginxproxymanager_app
depends_on:
- mariadb-aria
domainname: mydomain.tdl
environment:
- DB_MYSQL_HOST=nginxproxymanager_db
- DB_MYSQL_PORT=3306
- DB_MYSQL_USER=nginxproxymanager_user
- DB_MYSQL_PASSWORD=TheMostSecurePas5w0rd
- DB_MYSQL_NAME=nginxproxymanager_db
- DISABLE_IPV6=true
hostname: nginxproxymanager_app
image: jc21/nginx-proxy-manager
networks:
default:
aliases:
- nginxproxymanager_app
macvlan_network:
aliases:
- nginxproxymanager
ipv4_address: www.xxx.yyy.zzz
proxy_network:
aliases:
- nginxproxymanager
restart: unless-stopped
volumes:
- ./config/data:/data
- ./config/letsencrypt:/etc/letsencrypt
mariadb-aria:
container_name: nginxproxymanager_db
domainname: mydomain.tdl
environment:
- MYSQL_ROOT_PASSWORD=EvenM0reSecurePas5w0rd
- MYSQL_DATABASE=nginxproxymanager_db
- MYSQL_USER=nginxproxymanager_user
- MYSQL_PASSWORD=TheMostSecurePas5w0rd
hostname: nginxproxymanager_db
image: jc21/mariadb-aria
networks:
default:
aliases:
- nginxproxymanager_db
restart: unless-stopped
volumes:
- /cache/nginxproxymanager/mariadb-aria:/var/lib/mysql
networks:
default:
macvlan_network:
external: true
proxy_network:
external: true
这是使用我一直使用的设置生成的默认 Nginx 代理管理器 CONF 文件:
# ------------------------------------------------------------
# onlyoffice.mydomain.tdl
# ------------------------------------------------------------
server
{
set $forward_scheme http;
set $server "onlyoffice";
set $port 80;
listen 80;
#listen [::]:80;
listen 443 ssl http2;
#listen [::]:443;
server_name onlyoffice.mydomain.tdl;
# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-4/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-4/privkey.pem;
# Asset Caching
include conf.d/include/assets.conf;
# Block Exploits
include conf.d/include/block-exploits.conf;
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security "max-age=63072000;includeSubDomains; preload" always;
# Force SSL
include conf.d/include/force-ssl.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
access_log /data/logs/proxy-host-44_access.log proxy;
error_log /data/logs/proxy-host-44_error.log warn;
location /
{
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security "max-age=63072000;includeSubDomains; preload" always;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
# Proxy!
include conf.d/include/proxy.conf;
}
# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
如果我从 Nginx 代理管理器中 OnlyOffice 的代理主机条目中删除 SSL 证书,它将按预期工作。我观看了 Spaceinvader One 的 YouTube 视频以及其他关于该主题的视频,但未能解决此问题。我已经添加了我遇到的所有其他参数,包括 Spaceinvader One 在他的示例 Nginx 配置中以我能想到的所有组合添加的参数。
我在尝试访问 Google Chrome 中的示例编辑器时包含当前收到的错误的屏幕截图。我收到此错误,或者编辑器根本不加载。我在其他浏览器中也遇到了这些错误。
尝试在 NextCloud 中使用 OnlyOffice 连接器时,无法连接并显示此消息:
我希望有人能为我指出正确的方向或提供帮助,因为老实说,我不知道还能去哪里寻找答案,我正在 Google 搜索的第 4 页和第 5 页寻找答案。
我在 1 月份从使用 SWAG container by linuxserver.io 切换到 Nginx 代理管理器,因为我并不总是在身边,当我不在的时候,我可以更容易地与别人讨论如何在服务器上做某事如果它有 GUI 的话。
感谢您的宝贵时间。
在花了一些时间解决这个问题后,我今晚又回到了这个问题上。更新所有涉及的容器后,我将以下行添加到 Nginx 代理管理器自定义位置字段:
resolver 127.0.0.11 valid=30s;
proxy_redirect off;
proxy_set_header X-Forwarded-Host $server_name;
现在一切似乎都在按预期进行。
我花了很多时间来解决这个问题。我是 运行 Nginx 代理管理员,直到 10 月初左右才遇到任何问题。在那之前,我一直使用代理到 OnlyOffice 的 Nginx 代理管理器中的默认设置。我正在使用来自 Let's Encrypt 的通配符 SSL 证书,通过 DigitalOcean 进行 DNS 挑战。
这是我的 docker-compose.yml 的 OnlyOffice 文档服务器:
# ------------------------------------------------------------------------------
# OnlyOffice
#
# use port 80 with Nginx Proxy Manager
# ------------------------------------------------------------------------------
version: "3"
services:
onlyoffice:
container_name: onlyoffice
domainname: mydomain.tdl
environment:
- JWT_ENABLED=true
- JWT_SECRET=anAmazingSecretThatWillBlowYourMind
- WOPI_ENABLED=true
hostname: onlyoffice
image: onlyoffice/documentserver
networks:
proxy_network:
aliases:
- onlyoffice
restart: unless-stopped
volumes:
- ./config/onlyoffice/app:/var/lib/onlyoffice
- ./config/onlyoffice/data:/var/www/onlyoffice/Data
- ./config/onlyoffice/fonts:/usr/share/fonts/truetype/custom
- ./config/onlyoffice/log:/var/log/onlyoffice
- ./config/onlyoffice/postgresql:/var/lib/postgresql
- ./config/onlyoffice/rabbitmq:/var/lib/rabbitmq
- ./config/onlyoffice/redis:/var/lib/redis
networks:
proxy_network:
external: true
这是我的 Nginx 代理管理器 docker-compose.yml 文件:
# ------------------------------------------------------------------------------
# Nginx Proxy Manager
#
# use port 81 with Nginx Proxy Manager
# ------------------------------------------------------------------------------
version: "3"
services:
nginxproxymanager:
container_name: nginxproxymanager_app
depends_on:
- mariadb-aria
domainname: mydomain.tdl
environment:
- DB_MYSQL_HOST=nginxproxymanager_db
- DB_MYSQL_PORT=3306
- DB_MYSQL_USER=nginxproxymanager_user
- DB_MYSQL_PASSWORD=TheMostSecurePas5w0rd
- DB_MYSQL_NAME=nginxproxymanager_db
- DISABLE_IPV6=true
hostname: nginxproxymanager_app
image: jc21/nginx-proxy-manager
networks:
default:
aliases:
- nginxproxymanager_app
macvlan_network:
aliases:
- nginxproxymanager
ipv4_address: www.xxx.yyy.zzz
proxy_network:
aliases:
- nginxproxymanager
restart: unless-stopped
volumes:
- ./config/data:/data
- ./config/letsencrypt:/etc/letsencrypt
mariadb-aria:
container_name: nginxproxymanager_db
domainname: mydomain.tdl
environment:
- MYSQL_ROOT_PASSWORD=EvenM0reSecurePas5w0rd
- MYSQL_DATABASE=nginxproxymanager_db
- MYSQL_USER=nginxproxymanager_user
- MYSQL_PASSWORD=TheMostSecurePas5w0rd
hostname: nginxproxymanager_db
image: jc21/mariadb-aria
networks:
default:
aliases:
- nginxproxymanager_db
restart: unless-stopped
volumes:
- /cache/nginxproxymanager/mariadb-aria:/var/lib/mysql
networks:
default:
macvlan_network:
external: true
proxy_network:
external: true
这是使用我一直使用的设置生成的默认 Nginx 代理管理器 CONF 文件:
# ------------------------------------------------------------
# onlyoffice.mydomain.tdl
# ------------------------------------------------------------
server
{
set $forward_scheme http;
set $server "onlyoffice";
set $port 80;
listen 80;
#listen [::]:80;
listen 443 ssl http2;
#listen [::]:443;
server_name onlyoffice.mydomain.tdl;
# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-4/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-4/privkey.pem;
# Asset Caching
include conf.d/include/assets.conf;
# Block Exploits
include conf.d/include/block-exploits.conf;
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security "max-age=63072000;includeSubDomains; preload" always;
# Force SSL
include conf.d/include/force-ssl.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
access_log /data/logs/proxy-host-44_access.log proxy;
error_log /data/logs/proxy-host-44_error.log warn;
location /
{
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security "max-age=63072000;includeSubDomains; preload" always;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
# Proxy!
include conf.d/include/proxy.conf;
}
# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
如果我从 Nginx 代理管理器中 OnlyOffice 的代理主机条目中删除 SSL 证书,它将按预期工作。我观看了 Spaceinvader One 的 YouTube 视频以及其他关于该主题的视频,但未能解决此问题。我已经添加了我遇到的所有其他参数,包括 Spaceinvader One 在他的示例 Nginx 配置中以我能想到的所有组合添加的参数。
我在尝试访问 Google Chrome 中的示例编辑器时包含当前收到的错误的屏幕截图。我收到此错误,或者编辑器根本不加载。我在其他浏览器中也遇到了这些错误。
尝试在 NextCloud 中使用 OnlyOffice 连接器时,无法连接并显示此消息:
我希望有人能为我指出正确的方向或提供帮助,因为老实说,我不知道还能去哪里寻找答案,我正在 Google 搜索的第 4 页和第 5 页寻找答案。
我在 1 月份从使用 SWAG container by linuxserver.io 切换到 Nginx 代理管理器,因为我并不总是在身边,当我不在的时候,我可以更容易地与别人讨论如何在服务器上做某事如果它有 GUI 的话。
感谢您的宝贵时间。
在花了一些时间解决这个问题后,我今晚又回到了这个问题上。更新所有涉及的容器后,我将以下行添加到 Nginx 代理管理器自定义位置字段:
resolver 127.0.0.11 valid=30s;
proxy_redirect off;
proxy_set_header X-Forwarded-Host $server_name;
现在一切似乎都在按预期进行。