Docker: Nextcloud yes || onlyoffice yes, but both together doesn't work

Traefik Traefik v2
1

Hey friends.

So each service works with Traefik and i got my desired SSL. BUT both togehter doesn't work!!!

Facts:

  • Only Nextcloud works with SSL
  • Only Onlyoffice works with SSL
  • Both together only one Service will work because both are using port 80
  • without SSL i can access both Services according to the internal ports
  • myip:8083 for nextcloud
  • myip:8087 for onlyoffice
  • https://nextcloud.myurl.com -> nextcloud works
  • https://onlyoffice.myurl.com doesnt work

I tried to change the port of onlyoffice or nextcloud - doesn't work.
Any ideas?

Nextcloud docker-compose

version: '3'

services:
  nextcloud:
    image: nextcloud
    ports:
      - 8083:80
    container_name: nextcloud
    volumes:
      - ./data:/var/www/html
    restart: always
    networks:
      - web
      - localnet
    environment:
      - MYSQL_HOST=db:3306
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=user
      - MYSQL_PASSWORD=pass
    labels:
       - traefik.enable=true
       - traefik.http.routers.nextcloud.rule=Host(`fancy.url`)
       - traefik.http.routers.nextcloud.tls=true
       - traefik.http.routers.nextcloud.tls.certresolver=lets-encrypt
       - traefik.http.services.nextcloud.loadbalancer.server.port=80
volumes:
  data:

networks:
  web:
    external: true
  localnet:
    external:
      name: localnet

onlyoffice

version: '2'
services:
  onlyoffice:
    build:
      context: .
    container_name: onlyoffice
    networks:
      - default
      - web
    depends_on:
      - onlyoffice-postgresql
      - onlyoffice-rabbitmq
    labels:
      - traefik.enable=true
      - traefik.http.routers.onlyoffice.rule=Host(`fanfcy2.url`)
      - traefik.http.routers.onlyoffice.tls=true
      - traefik.http.routers.onlyoffice.tls.certresolver=lets-encrypt
      - traefik.http.services.onlyoffice.loadbalancer.server.port=80
    environment:
      - DB_TYPE=postgres
      - DB_HOST=onlyoffice-postgresql
      - DB_PORT=5432
      - DB_NAME=onlyoffice
      - DB_USER=onlyoffice
      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
      # Uncomment strings below to enable the JSON Web Token validation.
      #- JWT_ENABLED=true
      #- JWT_SECRET=secret
      #- JWT_HEADER=Authorization
      #- JWT_IN_BODY=true
    ports:
      - '8087:80'
    stdin_open: true
    restart: always
    stop_grace_period: 60s
    volumes:
       - /var/www/onlyoffice/Data
       - /var/log/onlyoffice
       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
       - /var/www/onlyoffice/documentserver-example/public/files
       - /usr/share/fonts
       
  onlyoffice-rabbitmq:
    container_name: onlyoffice-rabbitmq
    image: rabbitmq
    restart: always
    expose:
      - '5672'

  onlyoffice-postgresql:
    container_name: onlyoffice-postgresql
    image: postgres:9.5
    environment:
      - POSTGRES_DB=onlyoffice
      - POSTGRES_USER=onlyoffice
      - POSTGRES_HOST_AUTH_METHOD=trust
    restart: always
    expose:
      - '5432'
    volumes:
      - postgresql_data:/var/lib/postgresql

volumes:
  postgresql_data:
networks:
  default:
  web:
    external: true

traefik.yml

entryPoints:
  web:
    address: ':80'
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ':443'
api:
  dashboard: true
certificatesResolvers:
  lets-encrypt:
    acme:
      email: myname@fancyurl.com
      storage: acme.json
      tlsChallenge: {}
providers:
  docker:
    watch: true
    network: web
  file:
    filename: traefik_api.yml
2

You should not expose ports on the host, traffic should only go through Traefik, otherwise it's not encrypted. Traefik will use an internal Docker network, no need to externally expose ports.

One compose has version 2 the other 3, maybe that makes a difference.

You should attach your other onlyoffice services to the same network.

1 Like
3

Thanks for your reply.

Same problem "Bad Gateway" with Version 3 of docker-compose and the same networks.

How can Traefik distinguish between the two services when each of them needs port 80?

ps. I switched to nginxproxy - works on the first try
thx to all

4

Traefik receives requests and reads the http headers, which includes host and path. Each router has a rule which is checked for match, if yes it forwards the request to according middleware, then to service.

That’s the main job of reverse proxys.

5

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.