Convert working command-line docker to compose.yml

I have no doubt I’m missing something obvious but after hours it eludes me. I have official nextcloud:fpm running in docker and wanted to add office. After much research it all works when I start my collabora container with this:
docker run --name collabora -t -d -p 9980:9980 -e “” -e “” --restart no --cap-add MKNOD collabora/code
I have configured NC to point at and disabled cert verification as that’s all managed in haproxy elsewhere. All works great.

I have tried to convert that one line to a compose file but although it starts (what appears to be) identically, when I try to open an office file it just spins then times out.
version: ‘2’
image: collabora/code
container_name: collabora
restart: “no”
- 9980:9980
tty: true

I have tried every combination of no "", only on the domain statement and with and without quotes.

As I said - I don’t doubt it’s me but this has beaten me to date :slight_smile:

Sigh… In a moment of brilliance I have somehow broken what was working :frowning: I will need to recreate my setup once again and retrace the steps

ok - after much time I am back where I was hours ago - situation the same - run works compose doesn’t. I’ve captured logs from both attempts and although there are a large number of lines even when it works (which seem strange) - the key seems to be multiple blocks like this in the compose logs:
collabora | wsd-00001-00046 2023-03-13 15:15:36.232193 +0000 [ docbroker_003 ] ERR Failed to add session to [hxxx://] with URI [hxxx://]: No acceptable WOPI hosts found matching the target host [] in config.| wsd/DocumentBroker.cpp:2377

editing the same file in the run initiated session gives me this (with other repeated read failed lines) but it retrieves and edits perfectly.
wsd-00001-00039 2023-03-13 15:19:10.769783 +0000 [ docbroker_001 ] ERR Failed to lock docKey [hxxx://] with session [00b] after downloading: | wsd/DocumentBroker.cpp:1009
wsd-00001-00036 2023-03-13 15:19:12.908633 +0000 [ websrv_poll ] ERR #33: Read failed, have 0 buffered bytes (ECONNRESET: Connection reset by peer)| net/Socket.hpp:1136

Found a(nother) random thread elsewhere which had a snippet using - when I tried that with it all burst into life. Still doesn’t look right with error messages in the log and it only works with one instance but it means I can put it in a single compose with the NC itself so “good enough”…

I’m running CODE behind traefik reverse proxy… like this

here is excerpt of working compose file

    image: collabora/code:
    container_name: collabora
    restart: unless-stopped
      - traefik_proxy
      - "9980"
      - aliasgroup1=${NEXTCLOUD1}
      - aliasgroup2=${NEXTCLOUD2}
      - aliasgroup3=${NEXTCLOUD3}
      - dictionaries=de_DE en_US es_ES ru
      - VIRTUAL_PROTO=http
      - VIRTUAL_PORT=9980
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:user_interface.mode=compact --o:net.proto=IPv4 --o:hexify_embedded_urls=true --o:logging.level=warning
      - username=<code admin>
      - password=<code admin pwd>
      - MKNOD
    tty: true
      - "traefik.enable=true"
      - ""
      - traefik.http.routers.collabora.entrypoints=web-secure
      - traefik.http.routers.collabora.rule=Host(`${COLLABORA_FQDN}`)
      - traefik.http.routers.collabora.tls=true
      - traefik.http.routers.collabora.tls.certresolver=letsencryptresolver
      - traefik.passHostHeader=true
      - traefik.http.routers.collabora.middlewares=secHeaders3@file
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
  • variables with ${..} are coming from .env file in the same directory. I use them often and in my eyes it’s good idea to put every moving part like version or passwords into this file ( :slight_smile: I see the example doesn’t strictly follow this advice :frowning: )
  • labels: are used for traefik revese proxy - in case you use another one you can omit them…

more details you can find here: Docker Compose for Nextcloud + Collabora + Traefik? - #2 by wwe - office - Nextcloud community

Thanks. That architecture is pretty much how I’m set up except I have haproxy where you have traefik.

Question - what is your aliasgroup pointing at? As I mentioned - when I tried with just the it did not connect but when I specify it works which seems to conflict with the docs.

Also trying to share one Collabora container with multiple NC:FPM instances would not work - bizarrely it seems like the first one to connect takes ownership and subsequent ones hang. I am “assuming” that sharing is the reason for having multiple alias groups to define permitted hosts, but it’s not clear to me.

Anyway - right or wrong, my current config works (for now) so I will tip-toe quietly away :slight_smile: