I wanted to share my own feedback of onlyoffice with dockers. I went through many many issues that I solved one by one by debugging things myself. The most important ones are the ones that have been reported by many people, which underlines that the product is very complex. I just feel that I need to contribute to thank the developers for making such a great and complex product. Despite the effort of the team to answer as best as possible, it is not easy to tackle problems as they may have plenty of causes.
There is one remaining issue for me (see part 1) that I am still investigating to improve speed.
I would also encourage the developpers to:
- enrich their FAQ / Issue page, or to detail how it works, it will help users to debug issues and to understand that setting up SSL on the Document Server while serving all dockers on the same machine is not very useful...
- Same thing: put a network flow diagram somewhere, this can be useful.
- post a full config with community + mail (optional) + document (optional) + SSL, as all normal and aware people will immediately try to implement SSL, which is the source of many issues.
- post a full directory structure as below (part 6). I was not able to find clear instructions without reading 20x the manual.
Thanks to all for their post which helped me, and for the team for making such a great product! Let's start with my experience.
1) Reverse DNS requests are slowing CommunityServer (to be investigated)
I found out that the docker is making DNS requests to solve the reverse of the client's IP. This is weird and not very useful... I tried to filter them with iptables (as below, with a REJECT), but the results is the same: we loose a few seconds, especially when changing between modules in onlyoffice (Settings from Main page for instance).
Edit: It is probably that issue, i need to check.viewtopic.php?f=5&t=8884
3 22:29:47.927372 IP 172.18.0.3.36004 > nscache-1.online.net.domain: 8832+ PTR? 188.8.131.52.in-addr.arpa. (42)
4 22:29:47.927427 IP 172.18.0.1 > 172.18.0.3: ICMP nscache-1.online.net udp port domain unreachable, length 78
5 22:29:47.927559 IP 172.18.0.3.56123 > nscache-2.online.net.domain: 8832+ PTR? 184.108.40.206.in-addr.arpa. (42)
6 22:29:47.927587 IP 172.18.0.1 > 172.18.0.3: ICMP nscache-2.online.net udp port domain unreachable, length 78
7 22:29:49.452194 IP computer.40706 > 172.18.0.3.https: Flags [.], ack 2055895631, win 289, options [nop,nop,TS val 55852736 ecr 435920041], length 0
8 22:29:49.452229 IP 172.18.0.3.https > computer.40706: Flags [.], ack 1, win 288, options [nop,nop,TS val 435922563 ecr 55850229], length 0
9 22:29:52.932420 IP 172.18.0.3.50456 > nscache-1.online.net.domain: 8832+ PTR? 220.127.116.11.in-addr.arpa. (42)
10 22:29:52.932477 IP 172.18.0.1 > 172.18.0.3: ICMP nscache-1.online.net udp port domain unreachable, length 78
11 22:29:52.932602 IP 172.18.0.3.51882 > nscache-2.online.net.domain: 8832+ PTR? 18.104.22.168.in-addr.arpa. (42)
12 22:29:52.932626 IP 172.18.0.1 > 172.18.0.3: ICMP nscache-2.online.net udp port domain unreachable, length 78
13 22:29:58.167071 IP computer.37990 > 172.18.0.3.https: Flags [.], ack 1, win 2548, options [nop,nop,TS val 55854912 ecr 435922176], length 0
14 22:29:58.167101 IP 172.18.0.3.https > computer.37990: Flags [.], ack 821, win 694, options [nop,nop,TS val 435924741 ecr 55852353], length 0
2) Ports on DocumentServer
Never put a -p XX:YY where XX != YY in DocumentServer. It is useless if both dockers are on the same machine and is the source of a lot of issues. This is not the browser who is speaking to DocumentServer, but the CommunityServer, so talking to CommunityServer in HTTPS is enough if both dockers are on the same server.
DO NOT PLAY TOO MUCH WITH PORTS. Only put a -p 443:443 on the CommunityServer and the certificates at the right place and with the right name, that's all. This is my personal advice if your time is precious.
3) --link as parameter of docker for communityServer
Some internet websites say to put --link to do the link between communityServer and DocumentServer. I don't know why, I don't know docker very well, but I just removed it and put -e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server to link both, it works, provided that you created the bridge network I guess (not sure of that).
4) The famous error message "ONLYOFFICE™ is not available. Please contact us at firstname.lastname@example.org
I hated several hours this error message. It turned out that it was a problem with ports. Follow 2 and/or the docker command line below and you should avoid it. Easy to say, but you can lose many many hours on that, or even subscribe to Office 365 (yes... i was really close to do it after a few hours...).
5) The "File editing cannot start" error
Another hated error. The cause was very interesting and I think it should help many as I didn't read it yet anywhere.
In "community server address" in the settings, always put an IP address. It seems that for one of the script, it just takes the host that you use in your browser to get the address of the community server (!!). If this host cannot be solved by the docker, it will produce this error. Therefore, in this settings page, for "community server address", the IP of the docker (community server) should be set up, not a hostname.
6) My full *working* config (docker)
System: Ubuntu 16.04 LTS
No Email system (i dont need it personnally)
# docker network create --driver bridge onlyoffice # DO IT BEFORE MANUALLY, only once
# Note for beginners like me: -v <path of your non-virtual host>:<path in the docker system>. I have all files in /opt/onlyoffice, including scripts.
# Docker document server
docker run -i --net onlyoffice -t -d --name onlyoffice-document-server \
-v /opt/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
-v /opt/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
# Docker community server
docker run -i --net onlyoffice -t -d -p 80:80 -p 443:443 --name onlyoffice-community-server \
-v /opt/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \
-v /opt/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \
-v /opt/onlyoffice/CommunityServer/mysql:/var/lib/mysql \
-v /opt/onlyoffice/DocumentServer/data:/var/www/onlyoffice/DocumentServerData \
-e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \
/opt/onlyoffice/CommunityServer/data/certs/ => dhparam.pem onlyoffice.crt onlyoffice.key
/opt/onlyoffice/DocumentServer/data <= do not put certs here
Other scripts useful to test (in /opt/onlyoffice). Do a ./rmall.sh && ./install.sh to relaunch everything with new parameters.
** rmall.sh **
docker rm -v onlyoffice-document-server
docker rm -v onlyoffice-community-server
** stopall.sh **
docker stop onlyoffice-community-server
docker stop onlyoffice-document-server
** startall.sh **
docker start onlyoffice-community-server
docker start onlyoffice-document-server