Seafile with Onlyoffice (updated with curl)

Rudiger_Schernthaner · March 25, 2024, 7:14am

1. The problem I’m having:

I’m trying to move from nginx installed directly on the server to caddy within docker. I have succeeded with most of my reverse proxies, but I fail to redirect my documents from seafile to onlyoffice so that I can edit them within the browser.
THANKS FOR YOUR HELP!

2. Error messages and/or full log output:

I noticed that on schernthaner.local:88/welcome onlyoffice replies, but not using the reverse proxy as shown below. How can I fix the 308 error?

curl -v schernthaner.local/onlyofficeds/welcome
*   Trying 127.0.1.1:80...
* Connected to schernthaner.local (127.0.1.1) port 80 (#0)
> GET /onlyofficeds/welcome HTTP/1.1
> Host: schernthaner.local
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://schernthaner.local/onlyofficeds/welcome
< Server: Caddy
< Date: Mon, 25 Mar 2024 20:06:34 GMT
< Content-Length: 0
<
* Closing connection 0

3. Caddy version:

2.7.6

4. How I installed and ran Caddy:

with docker-compose (see below)

a. System environment:

Docker on Ubuntu Server 22.04

c. Service/unit/compose file:

version: "3.7"

services:
  caddy:
    image: caddy:alpine
    network_mode: host
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    environment:
      - EMAIL=admin@schernthaner.eu 
    volumes:
      - /Speicher/Docker/Caddy/Caddyfile:/etc/caddy/Caddyfile
      - /Speicher/Docker/Caddy/data:/data
      - /Speicher/Docker/Caddy/config:/config

d. My complete Caddy config:

cloud.schernthaner.eu {
    reverse_proxy localhost:8001
    handle_path /seafhttp* {
    reverse_proxy localhost:8082
    }
    handle_path /seafmedia* {
    rewrite * /media{uri}
    root * /Speicher/Cloud/seafile-server-latest/seahub
    file_server
    }
    handle /seafdav* {
    reverse_proxy 127.0.0.1:8081
    }
    route /onlyofficeds/* {
    uri strip_prefix /onlyofficeds
    reverse_proxy 127.0.0.1:88/
  }
}

5. My old nginx file

map $http_destination $nossl_destination {
"~^https:(.+)$" $1;
"~^http:(.+)$" $1;
}

# Required for only office document server
map $http_x_forwarded_proto $the_scheme {
        default $http_x_forwarded_proto;
        "" $scheme;
    }

map $http_x_forwarded_host $the_host {
        default $http_x_forwarded_host;
        "" $host;
    }

map $http_upgrade $proxy_connection {
        default upgrade;
        "" close;
    }

#/etc/nginx/sites-available/

}
server {
    server_name cloud.schernthaner.eu;
    listen 443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/cloud.schernthaner.eu/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cloud.schernthaner.eu/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
server_tokens off;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
     proxy_set_header X-Forwarded-For $remote_addr;
    location / {
         proxy_pass         http://127.0.0.1:8001;
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
         proxy_read_timeout  1200s;

         # used for view/edit office file via Office Online Server
         client_max_body_size 0;

         access_log      /var/log/nginx/seahub.access.log;
         error_log       /var/log/nginx/seahub.error.log;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;

        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
	proxy_request_buffering off;
        send_timeout  36000s;
    }
location /seafdav {
   proxy_pass         http://127.0.0.1:8081;
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
        client_max_body_size 0;
	proxy_set_header Destination "http:$nossl_destination";
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
       send_timeout  36000s;

        # This option is only available for Nginx >= 1.8.0. See more details below.
        proxy_request_buffering off;

        access_log      /var/log/nginx/seafdav.access.log;
        error_log       /var/log/nginx/seafdav.error.log;
    }
    location /media {
        root /Speicher/Cloud/seafile-server-latest/seahub;
    }
    location /onlyofficeds/ {

        # THIS ONE IS IMPORTANT ! - Trailing slash !
        proxy_pass http://127.0.0.1:88/;

        proxy_http_version 1.1;
        client_max_body_size 100M; # Limit Document size to 100MB
        proxy_read_timeout 3600s;
        proxy_connect_timeout 3600s;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $proxy_connection;

        # THIS ONE IS IMPORTANT ! - Subfolder and NO trailing slash !
        proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;

        proxy_set_header X-Forwarded-Proto $the_scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /notification/ping {
        proxy_pass http://127.0.0.1:8083/ping;
#        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    }
    location /notification {
        proxy_pass http://127.0.0.1:8083/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
#        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    }


	}




}

francislavoie · March 26, 2024, 9:13am

Your Caddyfile’s syntax is messy, so it’s hard to follow. Please run caddy fmt -w to clean up the indentation.

You didn’t mount these files in your Caddy container, so Caddy can’t see them. That path doesn’t exist inside the container, it only exists on the host machine.

You can replace route + uri strip_prefix with simply handle_path.

This is invalid syntax, you have a / at the end there. Remove that.

That’s not an error, that’s an HTTP to HTTPS redirect. Make sure to include https:// in your curl command to make a request without the redirect.

Your curl command doesn’t use the same domain as your Caddyfile. Are you sure that’s right?

Show your Caddy logs. You skipped that part of the help topic template.

Rudiger_Schernthaner · March 26, 2024, 9:51am

Thanks for your prompt reply.
I’ve cleared my Caddyfile and I’ve added handle_path and removed the trailing slash.
However, it is still not working.
According to the seafile manual, the trailing slash is important to make onlyoffice work in seafile.

https://manual.seafile.com/deploy/only_office/

Any idea how to fix this? I saw some onlyoffice tutorials here, but none helped me unfortuantely.

Here is my error log when I click on a file in seafile to open it in onlyoffice.

{"level":"error","ts":1711446208.35779,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"80.89.96.14","remote_port":"53258","client_ip":"80.89.96.14","proto":"HTTP/3.0","method":"GET","host":"cloud.schernthaner.eu","uri":"/8.0.1-31/web-apps/apps/spreadsheeteditor/main/index.html?_dc=8.0.1-31&lang=de&customer=ONLYOFFICE&frameEditorId=placeholder&isForm=false&parentOrigin=https://cloud.schernthaner.eu&fileType=xlsx","headers":{"Referer":["https://cloud.schernthaner.eu/lib/4ec3b0b8-ea96-44c9-a75e-271ad81498d5/file/car%20comparison.xlsx"],"Cookie":[],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept-Language":["de-DE,de;q=0.5"],"Sec-Fetch-Dest":["iframe"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Mode":["navigate"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Gpc":["1"],"Sec-Ch-Ua":["\"Brave\";v=\"123\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"123\""]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"cloud.schernthaner.eu"}},"bytes_read":0,"user_id":"","duration":0.073377614,"size":3820,"status":404,"resp_headers":{"Server":["Caddy","gunicorn"],"Date":["Tue, 26 Mar 2024 09:43:28 GMT"],"Content-Type":["text/html; charset=utf-8"],"Content-Length":["3820"],"Vary":["Accept-Language, Cookie"],"Content-Language":["de"]}}

Thanks again for your advice!
Kind regards,
Ruediger

francislavoie · March 26, 2024, 10:08am

I know nothing of those pieces of software. I can only help with Caddy. I don’t see any evidence of a problem with Caddy from that. A single access log doesn’t tell us enough information.

Rudiger_Schernthaner · March 26, 2024, 10:24am

Thanks for your quick reply again!
Should I change my logging settings?
Or look into the general log of caddy instead of the server specific one?
It was working before with nginx, but I would really like to continue with caddy.
As I havent changed anything in the other two apps, I thought that the redirection of caddy is somehow wrong?

francislavoie · March 26, 2024, 10:47am

Show your latest Caddyfile. Show a proper curl -v command (with https://). Explain the problem, explain what behaviour is expected instead (what should the response look like, what headers should be there, etc). Enable the debug global option in your Caddyfile then make another request you expect to work and show those logs.

system · April 25, 2024, 10:48am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.