As the title suggests, I am trying to run nextcloud with OnlyOffice in Docker Desktop for Windows, and I am trying to congfigure nginx to accept connections through LAN, such that I can connect to my server from other computers on the network, all of which are running Windows 10.
Though I have read through many posts around the internet with similar issues, none of them seem to have my particular setup, and I am unable to figure out what to do from here.
What I have managed to do so far:
1- Installed docker engine for windows community edition in addition to Kitematic GUI. I am using Docker's default containers, so I have not installed VirtualBox. Configured docker to have its "DockerDesktop.vhdx" on my "D:/" drive.
2- Installed docker-onlyoffice-nextcloud using the instructions on the github page here: https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud. I ran into the issue of the nextcloud server not being able to access the OnlyOffice server and managed to "fix" that by opening the localhost:100 port on the OnlyOffice server using Kitematic and configuring the OnlyOffice app in the nextcloud server to connect to it (did that using the nextcloud web interface).
3- I can now access nextcloud on http://localhost/ on the host computer but I have had no luck connecting to it from any other computer on the network.
Problem:
I am unable to figure out what is preventing me from connecting to the server locally, but I am guessing that it has something to do with the nginx server configuration.
Tried:
Some people suggested checking the nginx.conf to make sure that listen 80; is enabled, and it seems to me like it is. Others suggested using server_name localhost; after the listen 80; and that did not seem to do anything either.
I have checked Windows sharing options to turn on Network Discovery, thinking it might have something to do with it, to no avail.
For reference, below are the configuration files and scripts used for this setup:
docker-compose.yml
version: '3'
services:
app:
container_name: app-server
image: nextcloud:fpm
stdin_open: true
tty: true
restart: always
expose:
- '80'
- '9000'
volumes:
- app_data:/var/www/html
onlyoffice-document-server:
container_name: onlyoffice-document-server
image: onlyoffice/documentserver:latest
stdin_open: true
tty: true
restart: always
expose:
- '80'
- '443'
volumes:
- document_data:/var/www/onlyoffice/Data
- document_log:/var/log/onlyoffice
nginx:
container_name: nginx-server
image: nginx
stdin_open: true
tty: true
restart: always
ports:
- 80:80
- 443:443
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- app_data:/var/www/html
volumes:
document_data:
document_log:
app_data:
mysql_data:
nginx.conf
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
upstream backend {
server app-server:9000;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
map $http_host $this_host {
"" $host;
default $http_host;
}
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $this_host;
}
server {
listen 80;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
client_max_body_size 10G; # 0=unlimited - set max upload size
fastcgi_buffers 64 4K;
gzip off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
location ~* ^/ds-vpath/ {
rewrite /ds-vpath/(.*) /$1 break;
proxy_pass http://onlyoffice-document-server;
proxy_redirect off;
client_max_body_size 100m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
proxy_set_header X-Forwarded-Proto $the_scheme;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS off;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass backend;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}
}
set_configuration.sh
set -x
docker exec -u www-data app-server php occ --no-warnings config:system:get trusted_domains >> trusted_domain.tmp
if ! grep -q "nginx-server" trusted_domain.tmp; then
TRUSTED_INDEX=$(cat trusted_domain.tmp | wc -l);
docker exec -u www-data app-server php occ --no-warnings config:system:set trusted_domains $TRUSTED_INDEX --value="nginx-server"
fi
rm trusted_domain.tmp
docker exec -u www-data app-server php occ --no-warnings app:install onlyoffice
docker exec -u www-data app-server php occ --no-warnings config:system:set onlyoffice DocumentServerUrl --value="/ds-vpath/"
docker exec -u www-data app-server php occ --no-warnings config:system:set onlyoffice DocumentServerInternalUrl --value="http://onlyoffice-document-server/"
docker exec -u www-data app-server php occ --no-warnings config:system:set onlyoffice StorageUrl --value="http://nginx-server/"```
[1]: https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud
If the issue is in windows firewall, then try disabling it and testing the connection to see if it works. If it does work, reactivate windows firewall, and then you can proceed to follow the instructions below:
1- Click Start and Type Windows Firewall on your host PC.
2- Click on Windows Firewall with Advanced Security.
3- Find Inbound Rules on the left side of the window, and right click it.
4- Click New Rule.. and a new window will come up.
5- Choose Port on the Rule Type tab, then click Next.
6- Under the Protocol and Ports tab, choose TCP in the first choice, and Specific Local Ports: in the second choice, and type in 80 in the text box. Click Next.
7- Under the Action tab, choose Allow the Connection.
8- Under the Profile tab, select Check all boxes and click Next.
9- Under the Name tab, give your rule a name, and type in a small description of what it is so you can remember why you created it. Click Finish.
This rule should now be active, and you should be able to connect to your server by typing in its IP Address on another machine on the same network.
Note that I am by no means informed enough on the subject matter and that I am learning as I go. I am using this package of software for personal tasks and to learn, so security is not a big issue for me, and I have no idea how bad this "solution" of mine is from an expert's point of view.
So Please Proceed With Caution.