Swag does not forward to nextcloud

I am sure I have something misconfigured but have not been able to diagnose. If I disable swags forwarding of requests to nextcloud then I can access nextcloud by ip just fine. When I add the config lines for nextcloud via a subdomain I can no longer access nextcloud by IP and the subdomain always times out. my main domain pointing to swag usually is fine and shows the swag index page. For some reason right now swag isn’t coming up either and is timing out the sane way but only when accessed by domain name. If I put my ip in directly it loads the index page with no issues. I have cloudflare set to proxy and hide my ip, my domain and dns is hosted through them. I deleted all the logs to test if my attempts to access the server caused anything to be logged into a new file with no luck. The entries are from earlier when I was turning docker containers on and off probably. Below is my configuration settings and the nginx accesslog, any direction is super appreciated!!

I can post any other log or link a zip file if needed

root@jpurdy647Server:/mnt/user/appdata/swag/log/nginx# date
Fri May 27 19:29:42 PDT 2022

root@jpurdy647Server:/mnt/user/appdata/swag/log/nginx# cat access.log.bkp 
...
128.14.133.58 - - [27/May/2022:17:00:59 -0700] "GET / HTTP/1.1" 200 595 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
154.22.135.98 - - [27/May/2022:17:10:27 -0700] "GET / HTTP/1.1" 200 595 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
193.106.191.48 - - [27/May/2022:17:40:30 -0700] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 200 595 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
192.168.50.1 - - [27/May/2022:18:40:47 -0700] "GET / HTTP/2.0" 200 583 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0"
192.241.195.156 - - [27/May/2022:18:42:44 -0700] "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 200 595 "-" "Mozilla/5.0 zgrab/0.x"
193.106.191.48 - - [27/May/2022:18:51:58 -0700] "POST /mifs/.;/services/LogService HTTP/1.1" 405 552 "https://173.44.95.207:443" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
170.130.187.10 - - [27/May/2022:18:57:18 -0700] "GET / HTTP/1.1" 200 1345 "-" "https://gdnplus.com:Gather Analyze Provide."
192.168.50.1 - - [27/May/2022:19:22:27 -0700] "GET / HTTP/2.0" 200 583 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0"

root@jpurdy647Server:/mnt/user/appdata/swag/nginx/proxy-confs# cat nextcloud.subdomain.conf
## Version 2021/05/18
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['swag'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app nextcloud;
        set $upstream_port 443;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}

root@jpurdy647Server:/mnt/user/appdata/swag/log/nginx# cat error.log.bkp 
2022/05/26 19:31:14 [crit] 529#529: *21 SSL_read_early_data() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 23.224.186.228, server: 0.0.0.0:443
2022/05/26 21:13:26 [crit] 529#529: *37 SSL_read_early_data() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 184.105.247.196, server: 0.0.0.0:443
2022/05/26 23:22:13 [crit] 529#529: *52 SSL_read_early_data() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 154.89.5.73, server: 0.0.0.0:443
2022/05/27 11:30:32 [crit] 529#529: *1948 SSL_read_early_data() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 23.250.19.242, server: 0.0.0.0:443
2022/05/27 14:10:51 [crit] 529#529: *1989 SSL_read_early_data() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 106.75.103.88, server: 0.0.0.0:443
2022/05/27 15:30:02 [error] 529#529: *1997 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET /apps/richdocumentscode/proxy.php?req=/hosting/capabilities HTTP/1.1", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:30:02 [error] 529#529: *1997 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET /apps/richdocumentscode/proxy.php?req=/hosting/capabilities HTTP/1.1", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:30:31 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET /Main HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:30:31 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET /Main HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:30:35 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:30:35 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:30:40 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:30:40 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:09 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:09 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:10 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:10 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:16 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:16 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:21 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:21 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:27 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:27 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:38 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:38 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:38 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:31:38 [error] 529#529: *2000 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:32:37 [error] 531#531: *1 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:32:37 [error] 531#531: *1 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:32:42 [error] 531#531: *5 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET /apps/richdocumentscode/proxy.php?req=/hosting/capabilities HTTP/1.1", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:32:42 [error] 531#531: *5 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET /apps/richdocumentscode/proxy.php?req=/hosting/capabilities HTTP/1.1", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:32:42 [error] 531#531: *1 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET /login HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:32:42 [error] 531#531: *1 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET /login HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:33:01 [error] 531#531: *1 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:33:01 [error] 531#531: *1 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:33:01 [error] 531#531: *1 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:33:01 [error] 531#531: *1 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET / HTTP/2.0", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:33:07 [error] 531#531: *6 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET /apps/richdocumentscode/proxy.php?req=/hosting/capabilities HTTP/1.1", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:33:07 [error] 531#531: *6 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET /apps/richdocumentscode/proxy.php?req=/hosting/capabilities HTTP/1.1", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:35:01 [error] 531#531: *7 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET /apps/richdocumentscode/proxy.php?req=/hosting/capabilities HTTP/1.1", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:35:01 [error] 531#531: *7 nextcloud could not be resolved (3: Host not found), client: 192.168.50.1, server: nextcloud.*, request: "GET /apps/richdocumentscode/proxy.php?req=/hosting/capabilities HTTP/1.1", host: "nextcloud.jpurdy647.uk"
2022/05/27 15:39:44 [error] 531#531: *8 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 193.106.191.48, server: _, request: "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "173.44.95.207:443"
2022/05/27 16:27:46 [error] 531#531: *14 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 193.106.191.48, server: _, request: "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "173.44.95.207:443"
2022/05/27 16:57:32 [error] 531#531: *16 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 193.106.191.48, server: _, request: "GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "173.44.95.207:443"
2022/05/27 18:05:14 [crit] 531#531: *34 SSL_read_early_data() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.209.93, server: 0.0.0.0:443

I failed to mention this is on an unRAID server, I am not sure how to share the template settings

Hi

• Are both running in docker?
• Are they on the same docker network? can you ping nextcloud container from inside the swag container?
• did you enter (like in the swag config written) the trusted domains to the config.php in your nextcloud? (and restarted nextcloud?)
  example:
  ‘trusted_domains’ =>
  array (
  0 => ‘nextcloud.jpurdy647.uk’,
  1 => ‘nextcloud-server-ip’,
  2 => ‘proxy-server-ip’,
  ),

see Reverse proxy — Nextcloud latest Administration Manual latest documentation

try to use port 80 and http in your swag config as well for the upstream port and proto.

Thanks for the reply! I switched the reference from on container to another to use an ip instead of a docker container name and it started working ok. I am able to ping the next cloud container via container name though and vice versa from next cloud to swag so I’m not sure why it was failing to connect, if that is what was happening. The other two servers I am trying to set up in this docker setup are OnlyOfice and BitWarden.

The current issue with having a seperate onlyoffice doument server is I gt a 502 error in the connection between dockers I think.

Nextcloud proxy conf:

## Version 2021/05/18
# make sure that your dns has a cname set for nextcloud
# assuming this container is called "swag", edit your nextcloud container's config
# located at /config/www/nextcloud/config/config.php and add the following lines before the ");":
#  'trusted_proxies' => ['swag'],
#  'overwrite.cli.url' => 'https://nextcloud.your-domain.com/',
#  'overwritehost' => 'nextcloud.your-domain.com',
#  'overwriteprotocol' => 'https',
#
# Also don't forget to add your domain name to the trusted domains array. It should look somewhat like this:
#  array (
#    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
#    1 => 'nextcloud.your-domain.com',
#  ),

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name nextcloud.*;

    include /config/nginx/ssl.conf;

    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app 192.168.50.199;
        set $upstream_port 444;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_max_temp_file_size 2048m;
    }
}

Documentserver proxy conf:

## Version 2021/05/18
# Make sure that your dns has a cname set for onlyoffice named "documentserver"
# Make sure that the onlyoffice documentserver container is named "documentserver"

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name documentserver.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    #enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;

    # enable for Authelia
    #include /config/nginx/authelia-server.conf;

    location / {
        #enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        #enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /ldaplogin;

        # enable for Authelia
        #include /config/nginx/authelia-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app documentserver;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

Only Office connector document server url:

https://documentserver.jpurdy647.uk/

Swag Docker Log:

[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing... 
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 02-tamper-check: executing... 
[cont-init.d] 02-tamper-check: exited 0.
[cont-init.d] 10-adduser: executing... 
usermod: no changes

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    99
User gid:    100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing... 
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing... 
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing... 
Variables set:
PUID=99
PGID=100
TZ=America/Los_Angeles
URL=jpurdy647.uk
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=dns
CERTPROVIDER=
DNSPLUGIN=cloudflare
EMAIL=jpurdy647@fastmail.fm
STAGING=false

Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
Wildcard cert for only the subdomains of jpurdy647.uk will be requested
E-mail address entered: jpurdy647@fastmail.fm
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; starting nginx
[cont-init.d] 50-config: exited 0.
[cont-init.d] 60-renew: executing... 
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[cont-init.d] 60-renew: exited 0.
[cont-init.d] 70-templates: executing... 
[cont-init.d] 70-templates: exited 0.
[cont-init.d] 90-custom-folders: executing... 
[cont-init.d] 90-custom-folders: exited 0.
[cont-init.d] 99-custom-files: executing... 
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready

Onlyoffice official docker server container log (Some errors):

{
  counters: {
    'statsd.bad_lines_seen': 0,
    'statsd.packets_received': 0,
    'statsd.metrics_received': 0
  },
  timers: {},
  gauges: { 'statsd.timestamp_lag': 0 },
  timer_data: {},
  counter_rates: {
    'statsd.bad_lines_seen': 0,
    'statsd.packets_received': 0,
    'statsd.metrics_received': 0
  },
  sets: {},
  pctThreshold: [ 90 ]
}
Preparing for shutdown, it can take a lot of time, please wait... * Starting PostgreSQL 12 database server
   ...done.
 * Starting RabbitMQ Messaging Server rabbitmq-server
   ...done.
Starting supervisor: supervisord.
 * Starting periodic command scheduler cron
   ...done.
 * Starting nginx nginx
   ...done.
Generating AllFonts.js, please wait...Done
Generating presentation themes, please wait...Done
ds:docservice: stopped
ds:docservice: started
ds:converter: stopped
ds:converter: started
 * Reloading nginx configuration nginx
   ...done.
==> /var/log/onlyoffice/documentserver/converter/err.log <==

==> /var/log/onlyoffice/documentserver/converter/out.log <==
[2022-05-29T20:01:01.308] [WARN] nodeJS - update cluster with 1 workers
[2022-05-29T20:01:42.477] [WARN] nodeJS - update cluster with 1 workers
[2022-05-29T20:01:42.482] [WARN] nodeJS - worker 1206 started.
[2022-05-29T20:01:42.484] [WARN] nodeJS - update cluster with 1 workers
[2022-05-30T12:21:26.920] [WARN] nodeJS - update cluster with 1 workers
[2022-05-30T12:21:26.928] [WARN] nodeJS - worker 1060 started.
[2022-05-30T12:21:26.930] [WARN] nodeJS - update cluster with 1 workers
[2022-05-30T12:22:07.983] [WARN] nodeJS - update cluster with 1 workers
[2022-05-30T12:22:07.988] [WARN] nodeJS - worker 1185 started.
[2022-05-30T12:22:07.990] [WARN] nodeJS - update cluster with 1 workers

==> /var/log/onlyoffice/documentserver/docservice/err.log <==

==> /var/log/onlyoffice/documentserver/docservice/out.log <==
[2022-05-29T20:01:41.164] [WARN] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2022-05-29T20:01:41.189] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 7.1.0. Build: 215
[2022-05-30T12:21:27.434] [WARN] nodeJS - Express server starting...
[2022-05-30T12:21:27.436] [WARN] nodeJS - Set services.CoAuthoring.token.enable.browser, services.CoAuthoring.token.enable.request.inbox, services.CoAuthoring.token.enable.request.outbox in the Document Server config to prevent an unauthorized access to your documents and the substitution of important parameters in ONLYOFFICE Document Server requests.
[2022-05-30T12:21:27.437] [WARN] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2022-05-30T12:21:27.473] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 7.1.0. Build: 215
[2022-05-30T12:22:06.648] [WARN] nodeJS - Express server starting...
[2022-05-30T12:22:06.649] [WARN] nodeJS - Set services.CoAuthoring.token.enable.browser, services.CoAuthoring.token.enable.request.inbox, services.CoAuthoring.token.enable.request.outbox in the Document Server config to prevent an unauthorized access to your documents and the substitution of important parameters in ONLYOFFICE Document Server requests.
[2022-05-30T12:22:06.650] [WARN] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2022-05-30T12:22:06.693] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 7.1.0. Build: 215

==> /var/log/onlyoffice/documentserver/metrics/err.log <==

==> /var/log/onlyoffice/documentserver/metrics/out.log <==
  counter_rates: {
    'statsd.bad_lines_seen': 0,
    'statsd.packets_received': 0,
    'statsd.metrics_received': 0
  },
  sets: {},
  pctThreshold: [ 90 ]
}
30 May 12:21:26 - [1021] reading config file: ./config/config.js
30 May 12:21:26 - server is up INFO

==> /var/log/onlyoffice/documentserver/nginx.error.log <==
2022/05/29 18:09:28 [error] 6543#6543: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: , request: "GET /example/ HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "172.18.0.4", referrer: "http://172.18.0.4/welcome/"
2022/05/29 18:09:28 [error] 6543#6543: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: , request: "GET /example/ HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "172.18.0.4", referrer: "http://172.18.0.4/welcome/"

Swag Nginx Error log (Some Errors):

2022/05/29 12:06:03 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET /502.html HTTP/2.0", upstream: "https://192.168.50.199:4430/502.html", host: "documentserver.jpurdy647.uk"
2022/05/29 12:06:08 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/", host: "documentserver.jpurdy647.uk"
2022/05/29 12:06:08 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/502.html", host: "documentserver.jpurdy647.uk"
2022/05/29 12:06:11 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/", host: "documentserver.jpurdy647.uk"
2022/05/29 12:06:12 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/502.html", host: "documentserver.jpurdy647.uk"
2022/05/29 12:06:29 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/", host: "documentserver.jpurdy647.uk"
2022/05/29 12:06:29 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/502.html", host: "documentserver.jpurdy647.uk"
2022/05/29 12:40:35 [error] 531#531: *267 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 193.106.191.48, server: _, request: "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "173.44.95.207:443"
2022/05/29 12:51:05 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/", host: "documentserver.jpurdy647.uk"
2022/05/29 12:51:05 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/502.html", host: "documentserver.jpurdy647.uk"
2022/05/29 12:51:10 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET /welcome HTTP/2.0", upstream: "https://192.168.50.199:4430/welcome", host: "documentserver.jpurdy647.uk"
2022/05/29 12:51:10 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET /welcome HTTP/2.0", upstream: "https://192.168.50.199:4430/502.html", host: "documentserver.jpurdy647.uk"
2022/05/29 12:51:14 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/", host: "documentserver.jpurdy647.uk"
2022/05/29 12:51:14 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/502.html", host: "documentserver.jpurdy647.uk"
2022/05/29 12:53:22 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/", host: "documentserver.jpurdy647.uk"
2022/05/29 12:53:22 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/502.html", host: "documentserver.jpurdy647.uk"
2022/05/29 12:53:23 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/", host: "documentserver.jpurdy647.uk"
2022/05/29 12:53:23 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/502.html", host: "documentserver.jpurdy647.uk"
2022/05/29 12:53:23 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/", host: "documentserver.jpurdy647.uk"
2022/05/29 12:53:23 [error] 531#531: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", upstream: "https://192.168.50.199:4430/502.html", host: "documentserver.jpurdy647.uk"
2022/05/29 12:59:49 [error] 531#531: *1 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", host: "documentserver.jpurdy647.uk"
2022/05/29 12:59:49 [error] 531#531: *1 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", host: "documentserver.jpurdy647.uk"
2022/05/29 12:59:50 [error] 531#531: *1 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", host: "documentserver.jpurdy647.uk"
2022/05/29 12:59:50 [error] 531#531: *1 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", host: "documentserver.jpurdy647.uk"
2022/05/29 12:59:51 [error] 531#531: *1 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", host: "documentserver.jpurdy647.uk"
2022/05/29 12:59:51 [error] 531#531: *1 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", host: "documentserver.jpurdy647.uk"
2022/05/29 13:55:00 [error] 531#531: *944 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 193.106.191.48, server: _, request: "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "173.44.95.207:443"
2022/05/29 14:59:41 [error] 531#531: *1860 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 193.106.191.48, server: _, request: "GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "173.44.95.207:443"
2022/05/29 15:47:28 [crit] 531#531: *2118 SSL_read_early_data() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 185.142.236.43, server: 0.0.0.0:443
2022/05/29 19:42:07 [crit] 531#531: connect() to [2600:1401:6000::17c7:4109]:80 failed (99: Address not available) while requesting certificate status, responder: r3.o.lencr.org, peer: [2600:1401:6000::17c7:4109]:80, certificate: "/config/keys/letsencrypt/fullchain.pem"
2022/05/29 19:42:07 [crit] 531#531: connect() to [2600:1401:6000::17c7:4118]:80 failed (99: Address not available) while requesting certificate status, responder: r3.o.lencr.org, peer: [2600:1401:6000::17c7:4118]:80, certificate: "/config/keys/letsencrypt/fullchain.pem"
2022/05/30 01:24:22 [crit] 531#531: *7836 SSL_read_early_data() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 154.89.5.70, server: 0.0.0.0:443
2022/05/30 05:26:22 [error] 533#533: *8 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET /healthcheck HTTP/1.1", host: "documentserver.jpurdy647.uk"
2022/05/30 05:26:22 [error] 533#533: *8 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET /healthcheck HTTP/1.1", host: "documentserver.jpurdy647.uk"
2022/05/30 05:26:52 [error] 533#533: *1 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", host: "documentserver.jpurdy647.uk"
2022/05/30 05:26:52 [error] 533#533: *1 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", host: "documentserver.jpurdy647.uk"
2022/05/30 05:26:58 [error] 533#533: *1 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", host: "documentserver.jpurdy647.uk"
2022/05/30 05:26:58 [error] 533#533: *1 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", host: "documentserver.jpurdy647.uk"
2022/05/30 05:27:04 [error] 533#533: *1 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", host: "documentserver.jpurdy647.uk"
2022/05/30 05:27:04 [error] 533#533: *1 documentserver could not be resolved (3: Host not found), client: 192.168.50.1, server: documentserver.*, request: "GET / HTTP/2.0", host: "documentserver.jpurdy647.uk"

It could be a related container reference issue. I tried using the ip as with nextcloud but never found any success and have reverted back to default currently. Some logged errors go back to my nextcloud attempts

Here is the 502 error:

502 Bad Gateway
nginx

The url I am using to access the document server via the proxy:

https://documentserver.jpurdy647.uk/

Here is my server date and tie for reference:

root@jpurdy647Server:~# date
Mon May 30 08:34:25 EDT 2022

My internal IP setup (Available for 2 weeks):
https://ibb.co/tZxx5nd

I was for a while able to access my document server directly by http insecure but never ssl. Do I need ssl even though I am behind a reverse proxy? Also the OnlyOffice connector seems to require it for some reason. I am on linux unraid so I don’t have any screenshots

I am too getting 502 errors using swag to point to another RPI4 running nextcloud. Restarting the machine where swag runs fixes it (in very rare cases the RPI4 needs rebooting).

I haven’t been able to figure out how to debug the issue and my setup is non-standard so I m living with the hotfix for now.

I found it was something related to cloudflare proxying. Switching cloudflare to dns only resolved the error, but I would prefer to use cloudflare’s proxy, has anyone had and resolved a similar issue?

I don’t think that would be possible. Swag is already acting as a reverse proxy so it needs to be on the same public IP as it’s services. Since cloudflare’s proxy option, as I recall… causes puts the website behind a proxy, swag wouldn’t be able to pull a cert (thus why when you switched it to DNS only, it worked)

i use cf proxy fine, i suggest you read through their documentation on how it works so you can adapt accordingly. We do not offer support for making it work with cf proxy enabled.