HTTPS Access - DocumentServer about docker-documentserver HOT 8 CLOSED

Hello

But when I'm trying to access https://localhost there is an error "Secure
Connection Failed" in Firefox.

Do you have that issue when trying to access the server via public ip or from the local network? alternative browser?
Are you using a self signed certificate for localhost?
Could you please specify the task more detailed, why are you going to use localhost via SSL?

I started the docker container like this
sudo docker run -i -t -d --name onlyoffice-document-server -p 443:443 -v
/opt/onlyoffice/Data:/var/www/onlyoffice/Data --env-file
/home/jw/data/env.list onlyoffice/documentserver

Please note that the parameters --env-file and -p 443:443 should be applied to the Community Server container (not Document server)

from docker-documentserver.

Hey ibnpetr,

• I've everything on my localhost/local network and I'm working with self signed certificates located in the directory /opt/onlyoffice/Data/certs/.
• I want to test the DocumentServer API for the ONLYOFFICE3 OnlyEditor over https, like https://localhost/OfficeWeb/apps/api/documents/api.js.
• I've just tried to setup the containers like:

sudo docker run -i -t -d --name onlyoffice-community-server -p 80:80 -p 443:443 -v /opt/onlyoffice/Data:/var/www/onlyoffice/Data --env-file /home/jw/data/env.list onlyoffice/communityserver

and

sudo docker run -i -t -d --link onlyoffice-community-server:community_server onlyoffice/documentserver

With the same "Secure Connection Failed" Error in Firefox. I've also tried other browsers with the same Error Message. :/

EDIT: HTTP access works fine with this configuration.

from docker-documentserver.

Okay got it:

I've changed the environment variables in env.list to:

SSL_CERTIFICATE_PATH=/var/www/onlyoffice/Data/certs/onlyoffice.crt
SSL_KEY_PATH=/var/www/onlyoffice/Data/certs/onlyoffice.key
SSL_DHPARAM_PATH=/var/www/onlyoffice/Data/certs/dhparam.pem

After that used the following command to run ONLY the documentserver:

sudo docker run -i -t -d --name onlyoffice-document-server -p 443:443 -v /opt/onlyoffice/Data:/var/www/onlyoffice/Data --env-file /home/jw/data/env.list onlyoffice/documentserver

The ONLYOFFICE OnlineEditor API is now available over HTTPS:

https://localhost/OfficeWeb/apps/api/documents/api.js

Thank you anyway!

from docker-documentserver.

The fact is that now you can run the container without using the --env-file /home/jw/data/env.list at all.
The certificate files are in the default mapped folder /opt/onlyoffice/Data/certs, the folder has been mapped thats why the certs have been applied automatically.
BTW

I've just tried to setup the containers like:
sudo docker run -i -t -d --name onlyoffice-community-server -p 80:80 -p 443:443 -v /opt/onlyoffice/Data:/var/www/onlyoffice/Data --env-file /home/jw/data/env.list onlyoffice/communityserver
and
sudo docker run -i -t -d --link onlyoffice-community-server:community_server onlyoffice/documentserver

Please note that if you are going to use both Documents and Community you should create the Document Server container first
Do not use any additional parameters, just:
sudo docker run -i -t -d --name onlyoffice-document-server onlyoffice/documentserver
And then you chould create Community Container, mapping all ports and folders
Community Server should always be the last installed container, it also links all other containers
in your case:
sudo docker run -i -t -d -p 80:80 -p 443:443 -v /opt/onlyoffice/Data:/var/www/onlyoffice/Data --link onlyoffice-document-server:document_server onlyoffice/communityserver
Document Server will use the same mapping settings

from docker-documentserver.

Hello,
I have issues with HTTPS and comodo cert too, please help me. I followed instruction from: https://github.com/ONLYOFFICE/Docker-CommunityServer

below are my steps I did on digital ocean ubuntu server 16x with docker

I created a brand new server one more time. Sorry, but I don't get it. This time is my 35th times for trying implement a cert to commnuity server with document server integrated. I followed the instruction, I just dont know why it did not work.

Here is step by step how I create the server
1/ create an A record for mydomain.com, point to server ip: 138.68.29.xxx (server hosted on digitalocean)

2/ login to my fresh, brand new ubuntu server, installed docker.

run command: "openssl genrsa -out onlyoffice.key 2048"
run command: "openssl req -new -key onlyoffice.key -out onlyoffice.csr" --> fill in information, I only fill the Common Name field: mydomain.com, all other fields left blank
run command: "sudo nano onlyoffice.csr" copy the csr content

3/ I went to Comodo SSL configure page to generate cert at: "https://www.configuressl.com/?pin=291811fa-1a49-4f69-b5ec-xxxxxxxxxx", pasted the CSR content to generate the cert.

4/ Verify mydomain.com as Comodo requested.

5/ After mydomain.com verified, I download the cert package to server, the cert package include 2 files: COMODO_CA_bundle.crt and mydomaincom.crt

6/ create cert file in my server
run command: "sudo nano onlyoffice.crt" copy and paste all content from the file "mydomaincom.crt" to onlyoffice.crt file, save it
run command: "sudo nano CA_bundle.crt" copy and paste all content from the file "COMODO_CA_bundle.crt" to CA_bundle.crt file, save it

7/ Strengthening the server security
run command: "openssl dhparam -out dhparam.pem 2048"

8/ Installation of the SSL Certs

run commands:
"mkdir -p /app/onlyoffice/CommunityServer/data/certs"
"cp onlyoffice.key /app/onlyoffice/CommunityServer/data/certs/"
"cp onlyoffice.crt /app/onlyoffice/CommunityServer/data/certs/"
"cp CA_bundle.crt /app/onlyoffice/CommunityServer/data/certs/"
"cp dhparam.pem /app/onlyoffice/CommunityServer/data/certs/"
"chmod 400 /app/onlyoffice/CommunityServer/data/certs/onlyoffice.key"

9/ I created a file name env.list then put into the file like this:
ONLYOFFICE_HTTPS_HSTS_ENABLED=true
ONLYOFFICE_HTTPS_HSTS_MAXAGE=31536000
SSL_CERTIFICATE_PATH=/var/www/onlyoffice/Data/certs/onlyoffice.crt
SSL_KEY_PATH=/var/www/onlyoffice/Data/certs/onlyoffice.key
SSL_DHPARAM_PATH=/var/www/onlyoffice/Data/certs/dhparam.pem
SSL_VERIFY_CLIENT=/var/www/onlyoffice/Data/certs/CA_bundle.crt

10/ finally I run docker command,

sudo docker run -i -t -d -p 80:80 -p 443:443 --restart=always
-v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data
--env-file /home/env.list onlyoffice/communityserver

docker run successfully.

11/ Open Chrome & Firefox: https://mydomain.com
"This site can’t be reached" error message show on Chrome
"Unable to connect" error message show on Firefox

12/ Try to open web by: http://mydomain.com
Onlyoffice portal running first time setup
....but it keeps running as a loop forever, the bar run from 76% to 100%, then the bar run again from 79% -100%, then again 83% to 100%, and again 73% to 100%... keep looping like that

have no idea what did I do wrong, where did I do wrong. I just simple want to apply a real CA signed certification for my web portal.

from docker-documentserver.

Hello
Please remove SSL_VERIFY_CLIENT=/var/www/onlyoffice/Data/certs/CA_bundle.crt from the env.list
We would recommend to run the container without using "--env-file" parameter if you are using standard settings for running Community Server.
btw Any questions concerning Docker-CommunityServer should be discussed here
Best regards

from docker-documentserver.

Hello,

Thank you so much for your answer. You helped me a lot. I am able to have https for my onlyoffice portal now (included document server in the same physical server). Awesome. I removed the line as you suggested, then run docker command with -e flag, not --env-file. It worked. Yes, it worked. You are awesome/

from docker-documentserver.

Hello everyone,

• I have a simalar problem, I'm trying to install ONLYOFFICE Document Server and running it using
  HTTPS as the following instructions .

• I need to know how to configure parameters as described bellow?
  Please refer the docker run command options for the --env-file flag where you can specify all
  required environment variables in a single file. This will save you from writing a potentially long
  docker run command.

• After searching, I found that the syntax is
  docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

• In my case:
  1- [OPTIONS] will be --env-file
  2- IMAGE will be onlyoffice/documentserver
  3- [COMMAND] will be "/bin/sh -c /app/ds/…" Is this syntax is correct?
  4- [ARG...] ??? I need to know what exactly mean?

  CONTAINER ID IMAGE COMMAND CREATED STATUS
  PORTS NAMES
  5877bdecae84 onlyoffice/documentserver "/bin/sh -c /app/ds/…" 8 hours ago Exited (
  255) 26 minutes ago 80/tcp, 0.0.0.0:443->443/tcp inspiring_villani
  9a5ddbdcf6d4 onlyoffice/documentserver "/bin/sh -c /app/ds/…" 8 hours ago Exited (
  255) 26 minutes ago 0.0.0.0:80->80/tcp, 443/tcp dreamy_turing
  b7a86f4d3d19 onlyoffice/documentserver "/bin/sh -c /app/ds/…" 8 hours ago Exited
  (255) 8 hours ago 80/tcp, 0.0.0.0:443->443/tcp dreamy_albattani
  cf46e4e99c05 onlyoffice/documentserver "/bin/sh -c /app/ds/…" 8 hours ago Exited
  (255) 8 hours ago 0.0.0.0:80->80/tcp, 443/tcp silly_bhaskara
  3c6b80efed5c hello-world "/hello" 8 hours ago Exited (0) 8 hours ago
  vigila

• I have SSL certification, SSL key and SSL dhparam paths.

• I need to know the file that should collect these parameters:

  ONLYOFFICE_HTTPS_HSTS_ENABLED: Advanced configuration option for turning off the HSTS
  configuration. Applicable only when SSL is in use. Defaults to true.
  ONLYOFFICE_HTTPS_HSTS_MAXAGE: Advanced configuration option for setting the HSTS max-age
  in the onlyoffice nginx vHost configuration. Applicable only when SSL is in use. Defaults to
  31536000.
  SSL_CERTIFICATE_PATH: The path to the SSL certificate to use. Defaults to
  /var/www/onlyoffice/Data/certs/onlyoffice.crt.
  SSL_KEY_PATH: The path to the SSL certificate's private key. Defaults to
  /var/www/onlyoffice/Data/certs/onlyoffice.key.
  SSL_DHPARAM_PATH: The path to the Diffie-Hellman parameter. Defaults to
  /var/www/onlyoffice/Data/certs/dhparam.pem.
  SSL_VERIFY_CLIENT: Enable verification of client certificates using the CA_CERTIFICATES_PATH file.
  Defaults to false

  ONLYOFFICE Document Server OS :- Ubuntu 18.4 LTS.

from docker-documentserver.