Seafile with Onlyoffice (updated with curl)

1. The problem I’m having:

I’m trying to move from nginx installed directly on the server to caddy within docker. I have succeeded with most of my reverse proxies, but I fail to redirect my documents from seafile to onlyoffice so that I can edit them within the browser.

2. Error messages and/or full log output:

I noticed that on schernthaner.local:88/welcome onlyoffice replies, but not using the reverse proxy as shown below. How can I fix the 308 error?

curl -v schernthaner.local/onlyofficeds/welcome
*   Trying
* Connected to schernthaner.local ( port 80 (#0)
> GET /onlyofficeds/welcome HTTP/1.1
> Host: schernthaner.local
> User-Agent: curl/7.81.0
> Accept: */*
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://schernthaner.local/onlyofficeds/welcome
< Server: Caddy
< Date: Mon, 25 Mar 2024 20:06:34 GMT
< Content-Length: 0
* Closing connection 0

3. Caddy version:


4. How I installed and ran Caddy:

with docker-compose (see below)

a. System environment:

Docker on Ubuntu Server 22.04

c. Service/unit/compose file:

version: "3.7"

    image: caddy:alpine
    network_mode: host
    restart: unless-stopped
      - NET_ADMIN
      - /Speicher/Docker/Caddy/Caddyfile:/etc/caddy/Caddyfile
      - /Speicher/Docker/Caddy/data:/data
      - /Speicher/Docker/Caddy/config:/config

d. My complete Caddy config: {
    reverse_proxy localhost:8001
    handle_path /seafhttp* {
    reverse_proxy localhost:8082
    handle_path /seafmedia* {
    rewrite * /media{uri}
    root * /Speicher/Cloud/seafile-server-latest/seahub
    handle /seafdav* {
    route /onlyofficeds/* {
    uri strip_prefix /onlyofficeds

5. My old nginx file

map $http_destination $nossl_destination {
"~^https:(.+)$" $1;
"~^http:(.+)$" $1;

# Required for only office document server
map $http_x_forwarded_proto $the_scheme {
        default $http_x_forwarded_proto;
        "" $scheme;

map $http_x_forwarded_host $the_host {
        default $http_x_forwarded_host;
        "" $host;

map $http_upgrade $proxy_connection {
        default upgrade;
        "" close;


server {
    listen 443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
server_tokens off;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
     proxy_set_header X-Forwarded-For $remote_addr;
    location / {
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
         proxy_read_timeout  1200s;

         # used for view/edit office file via Office Online Server
         client_max_body_size 0;

         access_log      /var/log/nginx/seahub.access.log;
         error_log       /var/log/nginx/seahub.error.log;

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        client_max_body_size 0;

        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
	proxy_request_buffering off;
        send_timeout  36000s;
location /seafdav {
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
        client_max_body_size 0;
	proxy_set_header Destination "http:$nossl_destination";
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
       send_timeout  36000s;

        # This option is only available for Nginx >= 1.8.0. See more details below.
        proxy_request_buffering off;

        access_log      /var/log/nginx/seafdav.access.log;
        error_log       /var/log/nginx/seafdav.error.log;
    location /media {
        root /Speicher/Cloud/seafile-server-latest/seahub;
    location /onlyofficeds/ {

        # THIS ONE IS IMPORTANT ! - Trailing slash !

        proxy_http_version 1.1;
        client_max_body_size 100M; # Limit Document size to 100MB
        proxy_read_timeout 3600s;
        proxy_connect_timeout 3600s;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $proxy_connection;

        # THIS ONE IS IMPORTANT ! - Subfolder and NO trailing slash !
        proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;

        proxy_set_header X-Forwarded-Proto $the_scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location /notification/ping {
#        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    location /notification {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
#        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;



Your Caddyfile’s syntax is messy, so it’s hard to follow. Please run caddy fmt -w to clean up the indentation.

You didn’t mount these files in your Caddy container, so Caddy can’t see them. That path doesn’t exist inside the container, it only exists on the host machine.

You can replace route + uri strip_prefix with simply handle_path.

This is invalid syntax, you have a / at the end there. Remove that.

That’s not an error, that’s an HTTP to HTTPS redirect. Make sure to include https:// in your curl command to make a request without the redirect.

Your curl command doesn’t use the same domain as your Caddyfile. Are you sure that’s right?

Show your Caddy logs. You skipped that part of the help topic template.

Thanks for your prompt reply.
I’ve cleared my Caddyfile and I’ve added handle_path and removed the trailing slash.
However, it is still not working.
According to the seafile manual, the trailing slash is important to make onlyoffice work in seafile.

Any idea how to fix this? I saw some onlyoffice tutorials here, but none helped me unfortuantely.

Here is my error log when I click on a file in seafile to open it in onlyoffice.

{"level":"error","ts":1711446208.35779,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"","remote_port":"53258","client_ip":"","proto":"HTTP/3.0","method":"GET","host":"","uri":"/8.0.1-31/web-apps/apps/spreadsheeteditor/main/index.html?_dc=8.0.1-31&lang=de&customer=ONLYOFFICE&frameEditorId=placeholder&isForm=false&parentOrigin=","headers":{"Referer":[""],"Cookie":[],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept-Language":["de-DE,de;q=0.5"],"Sec-Fetch-Dest":["iframe"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Mode":["navigate"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Gpc":["1"],"Sec-Ch-Ua":["\"Brave\";v=\"123\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"123\""]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":""}},"bytes_read":0,"user_id":"","duration":0.073377614,"size":3820,"status":404,"resp_headers":{"Server":["Caddy","gunicorn"],"Date":["Tue, 26 Mar 2024 09:43:28 GMT"],"Content-Type":["text/html; charset=utf-8"],"Content-Length":["3820"],"Vary":["Accept-Language, Cookie"],"Content-Language":["de"]}}

Thanks again for your advice!
Kind regards,

I know nothing of those pieces of software. I can only help with Caddy. I don’t see any evidence of a problem with Caddy from that. A single access log doesn’t tell us enough information.

Thanks for your quick reply again!
Should I change my logging settings?
Or look into the general log of caddy instead of the server specific one?
It was working before with nginx, but I would really like to continue with caddy.
As I havent changed anything in the other two apps, I thought that the redirection of caddy is somehow wrong?

Show your latest Caddyfile. Show a proper curl -v command (with https://). Explain the problem, explain what behaviour is expected instead (what should the response look like, what headers should be there, etc). Enable the debug global option in your Caddyfile then make another request you expect to work and show those logs.