再遇onlyoffice

lucas

难受香菇,再次出现问题。各种测试无果

先结论，配置和图片放最后

环境

2服务在同一个服务器docker 192.168.1.18
先本地测试，hosts 设置 xxoo.xyz 192.168.1.18
kodbox基本参考官方部署,小改端口和挂卷
onlyoffice基本参考官方部署,小改端口和挂卷
kodbox版本 V1.59.03
onlyoffice 2.24

方案1：直接暴露端口方案

kodbox - 设置证书 - 9443
onlyoffice- 设置证书 - 8001
结果：检查通过也不行(参考图片方案1)

方案2： onlyoffice代理

kodbox - 设置证书 - 9443
onlyoffice docker注释8001/volumes避免nginx监听冲突,nginx打开 8001监听

结果：检查通过，无法打开,提示五(参考图片方案2)

方案3：不使用ssl

kodbox - 10000
onlyoffice - 8001

结果：一切正常

配置

kodbox docker配置

version: "3.5"

services:
  db:
    image: mariadb
    container_name: kod_mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    ports:
      - 3306:3306
    volumes:
      - "/app/kodbox_docker/db:/var/lib/mysql"
    environment:
      - "TZ=Asia/Shanghai"
      - "MYSQL_ROOT_PASSWORD=密码"
      - "MYSQL_DATABASE=kodbox"
    restart: unless-stopped

  redis:
    image: redis:alpine
    container_name: kod_redis
    environment:
      - "TZ=Asia/Shanghai"
    restart: unless-stopped

  app:
    image: kodcloud/kodbox:latest
    container_name: kod_kodbox
    ports:
      - 10000:80
      - 9443:443
    links:
      - db
      - redis
    volumes:
      - "/app/kodbox_docker/data:/var/www/html"
      - "/app/my_ssl:/etc/nginx/ssl"
    environment:
      - "MYSQL_SERVER=db"
      - "SESSION_HOST=redis"
    restart: unless-stopped

kodbox 配置

version: "3.5"

services:
  office:
    image: kodcloud/kodoffice:7.4.1.1
    container_name: kod_office
    restart: unless-stopped
    privileged: true
    ports:
      - "8000:80"
      - "8001:443"
    dns:
      - 192.168.1.1
      - 223.6.6.6
    environment:
      JWT_ENABLED: "false"
      JWT_SECRET: ""
    volumes:
      - "./data/certs:/var/www/onlyoffice/Data/certs"

nginx 域名代理配置

server
  {

  listen 8001 ssl;
  listen [::]:8001 ssl;
  http2 on;
  server_name kbox.xxoo.xyz;
  
  
  ssl_certificate /xxoo/fullchain.pem;
  ssl_certificate_key /xxoo/privkey.pem;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;
      ssl_ciphers HIGH:!aNULL:!MD5:!3DES;
      ssl_prefer_server_ciphers on;
      ssl_session_cache shared:SSL:10m;
      ssl_session_timeout 10m;

      location / {
          proxy_pass  http://172.17.0.1:8000;
          proxy_set_header Host $host:$server_port;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;

          #websocket wss代理
          proxy_http_version 1.1;  
          proxy_set_header Upgrade $http_upgrade;  
          proxy_set_header Connection "Upgrade";

          proxy_cache_key $time_local$host$request_uri$is_args$args;
          proxy_cache_valid 200 304 301 302 1h;
          add_header X-Cache $upstream_cache_status;
          expires 3600s;
      }
  }

图片

方案1

方案2

思考与问题

其实可以不需要测试方案二，直接端口不行，代理也是一个问题
请指导解决，请尽情吐槽

dragonfly

lucas 其中1 解析地址填写应该以 / 结尾，补充后试下.