OnlyOffice跨域问题
Docker安装OnlyOffice
拉取镜像
镜像地址:onlyoffice镜像
我用的onlyoffice版本是6.4版本
docker pull onlyoffice/documentserver:6.4
启动容器
如果不用https访问,运行以下命令启动onlyoffice容器
#创建挂载目录
#onlyoffice日志挂载目录
mkdir /opt/dockerfile/onlyoffice/log
#onlyoffice数据目录
mkdir /opt/dockerfile/onlyoffice/data
#onlyoffice配置文件目录
mkdir /opt/dockerfile/onlyoffice/lib
#onlyoffice数据库目录
mkdir /opt/dockerfile/onlyoffice/db
#onlyoffice nginx配置文件目录
mkdir /opt/dockerfile/onlyoffice/nginx
docker run -i -t -d -p 8013:80 --name onlyoffice --restart=always
-v /opt/dockerfile/onlyoffice/log:/var/log/onlyoffice
-v /opt/dockerfile/onlyoffice/data:/var/www/onlyoffice/Data
-v /opt/dockerfile/onlyoffice/lib:/var/lib/onlyoffice
-v /opt/dockerfile/onlyoffice/db:/var/lib/postgresql
-v /opt/dockerfile/onlyoffice/nginx:/etc/onlyoffice/documentserver/nginx
onlyoffice/documentserver:6.4
注:挂载nginx配置文件目录是为了方便后续更改nginx配置,不知道什么原因,用以上命令启动,容器内nginx配置文件会消失,或者说被宿主机空的nginx文件夹覆盖,我的做法是第一次启动容器先不挂载nginx目录,然后把容器内nginx配置文件复制到宿主机的挂载目录,然后删除容器后再次启动挂载nginx目录,具体如下
#第一次启动
docker run -i -t -d -p 8013:80 --name onlyoffice --restart=always
-v /opt/dockerfile/onlyoffice/log:/var/log/onlyoffice
-v /opt/dockerfile/onlyoffice/data:/var/www/onlyoffice/Data
-v /opt/dockerfile/onlyoffice/lib:/var/lib/onlyoffice
-v /opt/dockerfile/onlyoffice/db:/var/lib/postgresql
onlyoffice/documentserver:6.4
#复制nginx配置文件到宿主机
docker cp onlyoffice:/etc/onlyoffice/documentserver/nginx /opt/dockerfile/onlyoffice
#停止容器并删除
docker stop onlyoffice
docker rm onlyoffice
#重新启动容器(挂载nginx)
docker run -i -t -d -p 8013:80 --name onlyoffice --restart=always
-v /opt/dockerfile/onlyoffice/log:/var/log/onlyoffice
-v /opt/dockerfile/onlyoffice/data:/var/www/onlyoffice/Data
-v /opt/dockerfile/onlyoffice/lib:/var/lib/onlyoffice
-v /opt/dockerfile/onlyoffice/db:/var/lib/postgresql
-v /opt/dockerfile/onlyoffice/nginx:/etc/onlyoffice/documentserver/nginx
onlyoffice/documentserver:6.4
至此容器启动成功,浏览器输入地址localhost:8013
按照命令可以启动演示页面
sudo docker exec f8f17ec4aa3f sudo supervisorctl start ds:example
然后点击GO TO TEST EXAMPLE进入演示页面,可以上传文件演示在线预览和编辑的效果
Https访问OnlyOffice
因为公司生产环境必须https访问,否则出现跨域问题,刚开始我是直接在宿主机nginx配置8013端口号映射的,如下
location /onlyoffice/ {
proxy_pass http://192.168.0.183:8013/;
}
这种方式可以通过https://我的域名/onlyoffice访问到onlyoffice主页,但是当预览文件的时候会报unknown error,查看接口调用,发现Edit.bin接口报错,原因是该接口调用形式还是http
http://192.168.0.183:8013/cache/files/7f8268a6c914b496ea63/Editor.bin/Editor.bin?md5=zk5o68w3kpMTY_pVaEt0hQ&expires=1670380981&filename=Editor.bin
443端口映射
删除容器,映射443端口重新启动容器,命令如下
#重新启动容器(挂载nginx)
docker run -i -t -d -p 8013:80 -p 8443:443 --name onlyoffice --restart=always
-v /opt/dockerfile/onlyoffice/log:/var/log/onlyoffice
-v /opt/dockerfile/onlyoffice/data:/var/www/onlyoffice/Data
-v /opt/dockerfile/onlyoffice/lib:/var/lib/onlyoffice
-v /opt/dockerfile/onlyoffice/db:/var/lib/postgresql
-v /opt/dockerfile/onlyoffice/nginx:/etc/onlyoffice/documentserver/nginx
onlyoffice/documentserver:6.4
因为我宿主机的443端口被占用,所以用宿主机8443端口映射容器443端口,然后防火墙开放端口
#开放8443端口
firewall-cmd --zone=public --add-port=8443/tcp --permanent
#刷新
firewall-cmd --reload
配置SSL证书
首先进入数据挂载目录/opt/dockerfile/onlyoffice/data,创建certs目录mkdir certs,然后将我们的SSL文件pem和key文件放到该目录下,使用openssl命令把pem转为crt文件
openssl x509 -in onlyoffice.pem -out onlyoffice.crt
onlyoffice容器内已经把nginx配置文件挂载出来,所以进入nginx挂载目录,找到ds.conf文件,修改ssl配置
## HTTPS host
server {
listen 0.0.0.0:443 ssl http2;
listen [::]:443 ssl http2 default_server;
server_tokens off;
root /usr/share/nginx/html;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate /var/www/onlyoffice/Data/certs/onlyoffice.crt;
ssl_certificate_key /var/www/onlyoffice/Data/certs/onlyoffice.key;
# Uncomment string below and specify the path to the file with the password if you use encrypted certificate key
# ssl_password_file {{SSL_PASSWORD_PATH}};
ssl_verify_client off;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
## Replace with your ssl_trusted_certificate. For more info see:
## - https://medium.com/devops-programming/4445f4862461
## - https://www.ruby-forum.com/topic/4419319
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 10s;
## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs
## sudo openssl dhparam -out dhparam.pem 4096
##
include /etc/nginx/includes/ds-*.conf;
}
注:ssl_certificate证书配置的路径是/var/www/onlyoffice/Data/certs(挂载至宿主机了)
重启容器
重启容器访问https://我的域名:8443/可以访问到onlyoffice主页,进入演示页面上传文件进行预览会报Download failed Press “OK” return to document list,问题产生的原因是Document Server默认拒绝未认证的请求(签名认证的HTTPS请求)
解决方案:进入容器修改default.json配置
#进入容器
docker exec -it onlyoffice /bin/bash
#修改default.json配置
vim /etc/onlyoffice/documentserver/default.json
将rejectUnauthorized属性设置为false,如下
"requestDefaults": {
"headers": {
"User-Agent": "Node.js/6.13",
"Connection": "Keep-Alive"
},
"gzip": true,
"rejectUnauthorized": false
},
再次重启容器后正常预览文件,至此onlyoffice跨域问题解决
参考文章:
https://www.cnblogs.com/Magiclala/p/15497267.html
https://blog.csdn.net/weixin_44048054/article/details/126057999
9478
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
