Nextcloud – OnlyOffice Install – With A Reverse Proxy

In the previous post, I discussed how to do a straight forward OnlyOffice install on a server or VM with docker-compose and then connect it to a Nextcloud installation running on another server. It turned out that this was phenomenally simple. Now that everything is up and running and working like a charm, I wanted to see if I could consolidate the setup somewhat. To reduce the number of virtual machines, I run many of my services with Docker and docker-compose on a single virtual machine and behind a simple dockerized reverse proxy that also takes care of getting TLS certificates via Letsencrypt. So the big question: Can I run an OnlyOffice inside Docker containers behind that reverse proxy to save me a public IP address and a separate virtual machine?

The quick answer is ‘yes’ and again, the process is quite simple once one knows how to do it. So here’s my setup, my modifications, and the additions in the OnlyOffice docker-compose.yml file:

Before getting started, it has to be checked that the server or VM on which OnlyOffice is to executed on, has enough resources. Have at least 15 GB of free storage, as OnlyOffice is not demure when it comes to installation size! Also, make sure to have 2-3 GB of free RAM available on the server or VM.

Free resources ensured, one can then go ahead and clone the configuration files for the docker-compose setup as described in the previous post. Before doing a docker-compose up -d for the first time, the following environment variables have to be added to the docker-compose.yml file in the ‘environment’ section of the ‘onlyoffice-documentserver’ container description instead of the variables given in the previous post for a standalone OnlyOffice install. By changing the parameters, the task of managing the TLS certificates for HTTPS moves from OnlyOffice to the reverse proxy:

  - JWT_ENABLED=true
  - JWT_SECRET=PUT-A-SUPER-GOOD-PASSWORD-HERE
  - JWT_HEADER=Authorization
  - JWT_IN_BODY=true
  - VIRTUAL_HOST=YOUR-DOMAIN-NAME-HERE
  - LETSENCRYPT_HOST=YOUR-DOMAIN-NAME-HERE
  - LETSENCRYPT_EMAIL=YOUR-EMAIL-ADDRESS

In addition to these variables, the network configuration in the yml file needs to be changed. As all connectivity will go through the reverse proxy, the first change is to comment out the port forwarding configuration with ‘#’ characters:

#ports:
#  - '80:80'
#  - '443:443'

And second, the following configuration needs to be added to the very end of the docker-compose.yml file to connect the OnlyOffice containers to the internal network created by the reverse proxy:

networks:
    default:
     external:
       name: proxy

That done, a docker-compose up -d will download the software, start OnlyOffice in three containers, and expose port 80 (and 443) to the reverse proxy rather than directly to the outside world.

At this point, one can then continue to check that the OnlyOffice server can be reached from the outside (via the reverse proxy) and connect it to the Nextcloud instance as described in the previous post.

Done!