Error 504 (Timeout) when accessing via https

Questions/problems on Docker
Post Reply
akrea
Posts: 2
Joined: Fri May 29, 2020 7:25 pm

Error 504 (Timeout) when accessing via https

Post by akrea » Fri May 29, 2020 8:57 pm

Hi

Houston I have a problem... When I try to access my document-server on https://onlyoffice.mydomain.com I always got Timeout Error 504.

When I try to access it on localIP:443 with self-signed certificates I can access it and it says "server running".

I have an all-docker setup with Traefik 2.0 being proxy reverse and let's encrypt providing certificates. All other services can be accessed under https://<service>.mydomain.com without any issue. Only onlyoffice has issues.

The code used is inserted below. As I said it works for all services but onlyoffice. Any ideas why this is not working for onlyoffice?

Thanks!


Docker-compose traefik Container:

Code: Select all

....
  command:
            - --global.checkNewVersion=true
            - --global.sendAnonymousUsage=true
            - --entryPoints.http.address=:80
            - --entryPoints.https.address=:443
            - --entrypoints.https.forwardedHeaders.trustedIPs=a long list of IPs
            - --entryPoints.traefik.address=:8080
            - --api=true
            - --log=true
            - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
            - --accessLog=true
            - --accessLog.filePath=/traefik2.log
            - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
            - --accessLog.filters.statusCodes=400-499
            - --providers.docker=true
            - --providers.docker.endpoint=unix:///var/run/docker.sock
            - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
            - --providers.docker.exposedByDefault=false
            - --providers.docker.network=t2_proxy
            - --providers.docker.swarmMode=false
            - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
            - --providers.file.watch=true # Only works on top level files in the rules folder
            - --certificatesResolvers.dns-cloudflare.acme.email=$MYEMAIL
            - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
            - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
            - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
....
       labels:
            - "traefik.enable=true"
            # HTTP-to-HTTPS Redirect
            - "traefik.http.routers.http-catchall.entrypoints=http"
            - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
            - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
            - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
            # HTTP Routers
            - "traefik.http.routers.traefik-rtr.entrypoints=https"
            - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
            - "traefik.http.routers.traefik-rtr.tls=true"
            - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME"
            - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME"
            ## Middlewares
            - "traefik.http.routers.portainer-rtr.middlewares=chain-no-auth@file" # No Authentication
            ## Services - API
            - "traefik.http.routers.traefik-rtr.service=api@internal"   
Middleware:

Code: Select all

  [http.middlewares]
    [http.middlewares.middlewares-rate-limit]
      [http.middlewares.middlewares-rate-limit.rateLimit]
        average = 100
        burst = 50
    
  [http.middlewares.middlewares-secure-headers]
    [http.middlewares.middlewares-secure-headers.headers]
      accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
      accessControlMaxAge = 100
      hostsProxyHeaders = ["X-Forwarded-Host"]
      sslRedirect = true
      stsSeconds = 63072000
      stsIncludeSubdomains = true
      stsPreload = true
      forceSTSHeader = true
      customFrameOptionsValue = "allow-from https:mydomain.com"
      contentTypeNosniff = true 
      browserXssFilter = true 
      referrerPolicy = "same-origin"
      featurePolicy = "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';" 
     [http.middlewares.middlewares-secure-headers.headers.customResponseHeaders]
        X-Robots-Tag = "none,noarchive,nosnippet,notranslate,noimageindex,"
        server = ""
Docker-compose onlyoffice

Code: Select all

onlyoffice-documentserver:
        container_name: onlyoffice-documentserver
        image: onlyoffice/documentserver
        environment:
          - TZ=${TZ}
        ports:
           - ${ONLYOFFICE_PORTS}:443
        stdin_open: true
        tty: true
        restart: always
        volumes:
           - $USERDIR/onlyoffice/data:/var/www/onlyoffice/Data/
           - $USERDIR/onlyoffice/data/certs:/var/www/onlyoffice/Data/onlyoffice/documentserver
           - $USERDIR/onlyoffice/log:/var/log/onlyoffice
           - $USERDIR/onlyoffice/cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files
           - $USERDIR/onlyoffice/example:/var/www/onlyoffice/documentserver-example/public/files
           - $USERDIR/onlyoffice/fonts:/usr/share/fonts
        labels:
            - "traefik.enable=true"
            ## HTTP Routers
            - "traefik.http.routers.onlyoffice-rtr.entrypoints=https"
            - "traefik.http.routers.onlyoffice-rtr.rule=Host(`onlyoffice.$DOMAINNAME`)"
            - "traefik.http.routers.onlyoffice-rtr.tls=true"
            ## Middlewares
            - "traefik.http.routers.onlyoffice-rtr.middlewares=chain-no-auth@file"
            ## HTTP Services
            - "traefik.http.routers.onlyoffice-rtr.service=onlyoffice-svc"
            - "traefik.http.services.onlyoffice-svc.loadbalancer.server.port=443"

akrea
Posts: 2
Joined: Fri May 29, 2020 7:25 pm

Re: Error 502 (bad gateway) when accessing via https

Post by akrea » Fri Jun 26, 2020 7:45 pm

OK I figured out one problem but encountered a new one: I did not specify the traefik network for the onlyoffice-documentserver... :oops: . Once I did that I run into a 502 bad gateway problem.
My internet research did not reveal any helpful solutions.
ANY help would be appreciated.

Post Reply