Access denied for user mail_admin, unknown database onlyoffice_mailserver

[KaKi87]

Hello,

When trying to install OnlyOffice Workspace using docker-compose.workspace.yml, I'm encountering the following error : ERROR 1045 (28000): Access denied for user 'mail_admin'@'172.18.0.6' (using password: YES).

So I manually accessed the database and noticed that user doesn't exist at all, therefore I changed MAIL_SERVER_DB_USER=mail_admin to MAIL_SERVER_DB_USER=root and MYSQL_ROOT_USER=mail_admin to use MYSQL_ROOT_USER=root, and now I'm encountering another error : ERROR 1049 (42000): Unknown database 'onlyoffice_mailserver'.

It seems no migration occurs despite starting the server for the first time.

What to do ?

Thanks

[Carazyda]

Hello @KaKi87 Please describe in more detail, is this your first new installation? Have you installed Mail Server? Are there any other changes to the yml file?

[KaKi87]

Please describe in more detail

I downloaded the Docker Compose file, adjusted it and ran up.

Have you installed Mail Server?

I didn't remove it from the Docker Compose file if that's what you meant.

Are there any other changes to the yml file?

Service names, host ports and passwords.

Thanks

[Carazyda]

It seems that the user of the mail server database did not have access when it was first launched. Therefore, the database "onlyoffice_mailserver" was not created. Check again that the user is correct to access the database - login and password. And restart the installation. We also recommend installing the latest version of Onlyoffice 12.5.2. And use docker compose older than 2.16.0.

[KaKi87]

Check again that the user is correct to access the database - login and password.

Yes, the environment values are identical.
Actually, I later tried without changing anything at all and still experienced this issue.

We also recommend installing the latest version of Onlyoffice 12.5.2

The Docker Compose file contains the following : image: onlyoffice/communityserver:12.0.1.1748

So that's wrong ?

use docker compose older than 2.16.0

Oh, but as I installed Docker using the official instructions for Debian 12, the output of docker --version is Docker version 24.0.7, build afdd53b and the output of docker compose version is Docker Compose version v2.21.0.

How do I change version ?

Thanks

[chriscroome]

Based on this comment it appears that the Docker Compose files in this repo are not kept up to date with the latest versions of containers, therefore I think that this is something that users must manually check themselves?

Is there a specific reason why Docker Compose older that 2.16.0 required?

[KaKi87]

Well, there's still the :latest docker compose feature (e.g. image: onlyoffice/communityserver:latest).

However, it doesn't solve anything as I'm still experiencing database errors : ERROR 1146 (42S02) at line 1: Table 'onlyoffice_mailserver.api_keys' doesn't exist.

Also, there's this : "org.elasticsearch.bootstrap.StartupException: ElasticsearchException[failed to bind service]; nested: IndexFormatTooNewException[Format version is not supported (resource SimpleFSIndexInput(path=\"/usr/share/elasticsearch/data/nodes/0/_state/_25.cfs\") [slice=_25.fdt]): 4 (needs to be between 1 and 3)

[chriscroome]

Thanks, I've also got a empty onlyoffice_mailserver database...

[chriscroome]

Perhaps this pull request might help?

[KaKi87]

No, because that's actually wrongly called a bugfix as it's rather a refactor.

[KaKi87]

Well, I tried every revision of docker-compose.workspace.yml since its creation and it seems none works... 😭

@evgeniy-antonyuk Would you please provide us with your insight on this ?

Thanks

[chriscroome]

It's good to hear that I'm not the only person who can't get it working...

[Carazyda]

Please check the status of your mail server container. If it is on restart, you need to enable vsyscall in your OS, read our guide. After the reboot, all containers should start. If not, try re-creating it.

[KaKi87]

Here's the output of cat /proc/self/maps | egrep 'vdso|vsyscall' on my machine :

7fff5d5c9000-7fff5d5cb000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0                  [vsyscall]

[Carazyda]

What about the status of the mail server container? Please try to enable vsyscall from our guide anyway.

[KaKi87]

What about the status of the mail server container?

It's not restarting, but the elasticsearch one is :

CONTAINER ID   IMAGE                               COMMAND                  CREATED         STATUS                          PORTS                                                                                                                                                                                  NAMES
5a514623b661   onlyoffice/controlpanel:latest      "/var/www/onlyoffice…"   7 minutes ago   Up 7 minutes                    80/tcp, 443/tcp                                                                                                                                                                        onlyoffice-control-panel
585398ac0f63   onlyoffice/communityserver:latest   "/app/run-community-…"   7 minutes ago   Up 3 minutes                    0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 3306/tcp, 5280/tcp, 9865-9866/tcp, 9871/tcp, 9882/tcp, 0.0.0.0:5222->5222/tcp, :::5222->5222/tcp, 9888/tcp   onlyoffice-community-server
5586ee89907f   onlyoffice/mailserver:latest        "/bin/sh -c 'export …"   7 minutes ago   Up 7 minutes                    0.0.0.0:25->25/tcp, :::25->25/tcp, 0.0.0.0:143->143/tcp, :::143->143/tcp, 465/tcp, 993/tcp, 995/tcp, 3306/tcp, 4190/tcp, 0.0.0.0:587->587/tcp, :::587->587/tcp, 8081/tcp               onlyoffice-mail-server
2bae1503574a   mysql:8.0.29                        "docker-entrypoint.s…"   7 minutes ago   Up 7 minutes                    3306/tcp, 33060/tcp                                                                                                                                                                    onlyoffice-mysql-server
62b282885975   onlyoffice/documentserver:latest    "/app/ds/run-documen…"   7 minutes ago   Up 7 minutes                    80/tcp, 443/tcp                                                                                                                                                                        onlyoffice-document-server
7b1836c39744   onlyoffice/elasticsearch:latest     "/bin/tini -- /usr/l…"   7 minutes ago   Restarting (1) 14 seconds ago                                                                                                                                                                                          onlyoffice-elasticsearch

Please try to enable vsyscall from our guide anyway.

Well, turns out I don't have a /etc/default/grub file 😅

[Carazyda]

You should use 7.16.3 tag verson for elasticsearch.

And you still have this error?

ERROR 1146 (42S02) at line 1: Table 'onlyoffice_mailserver.api_keys' doesn't exist.ERROR 1146 (42S02) at line 1: Table 'onlyoffice_mailserver.api_keys' doesn't exist.

[KaKi87]

You should use 7.16.3 tag verson for elasticsearch.

Alright.

And you still have this error?

ERROR 1146 (42S02) at line 1: Table 'onlyoffice_mailserver.api_keys' doesn't exist.ERROR 1146 (42S02) at line 1: Table 'onlyoffice_mailserver.api_keys' doesn't exist.

Not exactly, but a similar one : ERROR 1146 (42S02) at line 1: Table 'onlyoffice_mailserver.greylisting_whitelist' doesn't exist.

EDIT : yes, actually, after a minute, I get ERROR 1146 (42S02) at line 1: Table 'onlyoffice_mailserver.api_keys' doesn't exist as well.

---

Could we, by any chance, do a TeamViewer or something, so that we could investigate and solve this more fluently ?

Thanks

[Carazyda]

Can you provide the output of docker logs onlyoffice-mail-server?

[KaKi87]

Can you provide the output of docker logs onlyoffice-mail-server?

Well, I spotted this at the first line of that output : << ERROR >> Please configure a fully qualified domain name (FQDN) in /etc/hosts before we go further.

What I forgot, I'm sorry, is, while resetting the Docker Compose file multiple times, to change hostname: ${MAIL_SERVER_HOSTNAME} to hostname: example.com.

Here's the output after fixing it and restarting : https://github.com/ONLYOFFICE/Docker-CommunityServer/files/14029242/docker_logs_onlyoffice-mail-server.txt

However, now I have onlyoffice/communityserver restarting every 5-10 seconds, here are the logs for the initial start and one restart : https://github.com/ONLYOFFICE/Docker-CommunityServer/files/14029241/docker_logs_onlyoffice-community-server.txt

Although all restarts are identical, their last lines differ from the initial start regarding the output of service elasticsearch stop.

During initial start :

+ service elasticsearch stop
 * Stopping Elasticsearch Server       �[80G 
�[74G[ OK ]
+ systemctl disable elasticsearch.service
Synchronizing state of elasticsearch.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable elasticsearch

During every restart :

+ service elasticsearch stop
elasticsearch: unrecognized service
+ systemctl disable elasticsearch.service
Failed to disable unit, unit elasticsearch.service does not exist.

Thanks

[Carazyda]

Have you uncommented this line in your yml file https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace.yml#L57 ?

[KaKi87]

Well, that was it, lol, I wonder why was that commented. I'm gonna make a PR with all the changes.

[KaKi87]

Actually, that's not all, and now I'm back to the initial issue : I can't seem to be able to change the MySQL mail_admin's password (Isadmin123) to anything else by editing MAIL_SERVER_DB_PASS=Isadmin123 at line 44 and MYSQL_ROOT_PASSWD=Isadmin123 at line 120.

[chriscroome]

Does the suggestion from Carl here help with this?

[KaKi87]

you also need to change them accordingly in the database initialization script

What's the point of having environment variables if the script doesn't use these ?!

[KaKi87]

So, without changing any password, the wizard now loads fine on my computer, yay.

However, when loading the exact same configuration on my VPS, it seems to crash it (SSH connection lost and unable to reconnect until reboot via provider's dashboard) 😭

[KaKi87]

So I let it run for 4 hours, resulting in 467 kilobytes of log : https://github.com/ONLYOFFICE/Docker-CommunityServer/files/14043346/log.txt

Is any of it helping ?

Also, looks like onlyoffice/elasticsearch have been restarting often (yet it's still the right version) :

NAME                          IMAGE                               COMMAND                                                                                                                             SERVICE                       CREATED       STATUS                           PORTS
onlyoffice-community-server   onlyoffice/communityserver:latest   "/app/run-community-server.sh"                                                                                                      onlyoffice-community-server   4 hours ago   Up 4 hours                       443/tcp, 3306/tcp, 5280/tcp, 9865-9866/tcp, 9871/tcp, 9882/tcp, 9888/tcp, 0.0.0.0:5222->5222/tcp, :::5222->5222/tcp, 0.0.0.0:3000->80/tcp, :::3000->80/tcp
onlyoffice-control-panel      onlyoffice/controlpanel:latest      "/var/www/onlyoffice/controlpanel/run-controlpanel.sh"                                                                              onlyoffice-control-panel      4 hours ago   Up 4 hours                       80/tcp, 443/tcp
onlyoffice-document-server    onlyoffice/documentserver:latest    "/app/ds/run-document-server.sh"                                                                                                    onlyoffice-document-server    4 hours ago   Up 4 hours                       80/tcp, 443/tcp
onlyoffice-elasticsearch      onlyoffice/elasticsearch:7.16.3     "/bin/tini -- /usr/local/bin/docker-entrypoint.sh eswrapper"                                                                        onlyoffice-elasticsearch      4 hours ago   Restarting (137) 9 seconds ago   
onlyoffice-mail-server        onlyoffice/mailserver:latest        "/bin/sh -c 'export CONFIGURATION_ONLY='YES' &&     export USE_DOCKER='YES' &&     bash -C '/usr/src/iRedMail/install_mail.sh';'"   onlyoffice-mail-server        4 hours ago   Up 4 hours                       0.0.0.0:25->25/tcp, :::25->25/tcp, 0.0.0.0:110->110/tcp, :::110->110/tcp, 0.0.0.0:143->143/tcp, :::143->143/tcp, 0.0.0.0:465->465/tcp, :::465->465/tcp, 0.0.0.0:587->587/tcp, :::587->587/tcp, 0.0.0.0:993->993/tcp, :::993->993/tcp, 3306/tcp, 4190/tcp, 0.0.0.0:995->995/tcp, :::995->995/tcp, 8081/tcp
onlyoffice-mysql-server       mysql:8.0.29                        "docker-entrypoint.sh mysqld"                                                                                                       onlyoffice-mysql-server       4 hours ago   Up 4 hours                       3306/tcp, 33060/tcp

Thanks

[chriscroome]

I've done some more work on this also, I have written Ansible to automate everything, however the result is the same 🙄

[KaKi87]

I'm retrying on my server using resources limitations on every service (cpus: "2" + mem_limit: "2048M"), and am now encountering the ERROR 1045 (28000): Access denied for user 'mail_admin'@'172.19.0.6' (using password: YES) error again.

Here's the output of docker logs onlyoffice-mail-server :

[ INFO ] Checking configuration file: /usr/src/iRedMail/config ... [FOUND]
[ INFO ] Import installation process status from file: /usr/src/iRedMail/runtime/install.status.
Waiting for external MySql response




********************************************************************
* Start iRedMail Configurations
********************************************************************
[ INFO ] Create required system accounts: vmail, iredapd.
[ INFO ] Configure Apache web server and PHP.
[ INFO ] Configure PHP.
[ INFO ] Configure MySQL database server.
ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client
[ INFO ] Configure Postfix (Message Transfer Agent).
[ INFO ] Configure Cluebringer (postfix policy server).
ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client
[ INFO ] Configure Dovecot (pop3/imap/managesieve server).
[ INFO ] Configure ClamAV (anti-virus toolkit).
[ INFO ] Configure Amavisd-new (interface between MTA and content checkers).
ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client
ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client
[ INFO ] Configure SpamAssassin (content-based spam filter).
ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client
ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client
ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client
[ INFO ] Configure OpenDkim.
ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client
[ INFO ] Configure Fail2ban (authentication failure monitor).
[ INFO ] Configure Server API.
ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client
rake aborted!
Mysql2::Error: Client does not support authentication protocol requested by server; consider upgrading MySQL client
/usr/local/rvm/gems/ruby-2.3.3/gems/mysql2-0.3.21/lib/mysql2/client.rb:70:in `connect'
/usr/local/rvm/gems/ruby-2.3.3/gems/mysql2-0.3.21/lib/mysql2/client.rb:70:in `initialize'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/mysql2_adapter.rb:16:in `new'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/mysql2_adapter.rb:16:in `mysql2_connection'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/connection_pool.rb:315:in `new_connection'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/connection_pool.rb:325:in `checkout_new_connection'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/connection_pool.rb:247:in `block (2 levels) in checkout'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/connection_pool.rb:242:in `loop'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/connection_pool.rb:242:in `block in checkout'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/connection_pool.rb:239:in `checkout'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/connection_pool.rb:102:in `block in connection'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/connection_pool.rb:101:in `connection'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/connection_pool.rb:410:in `retrieve_connection'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/connection_specification.rb:171:in `retrieve_connection'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/connection_specification.rb:145:in `connection'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/model_schema.rb:229:in `columns'
/usr/local/rvm/gems/ruby-2.3.3/gems/schema_plus-1.5.3/lib/schema_plus/active_record/base.rb:23:in `columns_with_schema_plus'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/model_schema.rb:244:in `column_defaults'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/base.rb:482:in `initialize'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/persistence.rb:44:in `new'
/usr/local/rvm/gems/ruby-2.3.3/gems/activerecord-3.2.22.5/lib/active_record/persistence.rb:44:in `create'
/var/www/html/mailserver_api-2.0.1/Rakefile:8:in `block (2 levels) in <top (required)>'
Tasks: TOP => api_key:generate
(See full trace by running task with --trace)
[ INFO ] Configure SpamTrainer.
[ INFO ] Configure Awstats (logfile analyzer for mail and web server).

*************************************************************************
* iRedMail-0.9.2 installation and configuration complete.
*************************************************************************

[ INFO ] Disable SELinux in /etc/selinux/config.
[ INFO ] Removing package(s): sendmail
Loaded plugins: fastestmirror, ovl
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package sendmail.x86_64 0:8.14.4-9.el6_8.1 will be erased
--> Processing Dependency: sendmail = 8.14.4-9.el6_8.1 for package: sendmail-devel-8.14.4-9.el6_8.1.x86_64
--> Running transaction check
---> Package sendmail-devel.x86_64 0:8.14.4-9.el6_8.1 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package               Arch          Version                 Repository    Size
================================================================================
Removing:
 sendmail              x86_64        8.14.4-9.el6_8.1        @base        1.5 M
Removing for dependencies:
 sendmail-devel        x86_64        8.14.4-9.el6_8.1        @base        254 k

Transaction Summary
================================================================================
Remove        2 Package(s)

Installed size: 1.8 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Erasing    : sendmail-devel-8.14.4-9.el6_8.1.x86_64                       1/2 
  Erasing    : sendmail-8.14.4-9.el6_8.1.x86_64                             2/2 
warning:    erase unlink of /var/log/mail/statistics failed: No such file or directory
warning:    erase unlink of /var/log/mail failed: No such file or directory
  Verifying  : sendmail-devel-8.14.4-9.el6_8.1.x86_64                       1/2 
  Verifying  : sendmail-8.14.4-9.el6_8.1.x86_64                             2/2 

Removed:
  sendmail.x86_64 0:8.14.4-9.el6_8.1                                            

Dependency Removed:
  sendmail-devel.x86_64 0:8.14.4-9.el6_8.1                                      

Complete!
[ INFO ] Copy firewall sample rules: /etc/sysconfig/iptables.
[ INFO ] Restarting firewall ...
[ INFO ] Copy MySQL sample file: /etc/my.cnf.
[ INFO ] Enable SSL support for MySQL server.
********************************************************************
* First mail account credential:
*
*   o Username: [email protected]
*   o Password: YzY0NTI2MjU1
*
*
********************************************************************
* Congratulations, mail server setup completed successfully. Please
* read below file for more information:
*
*   - /usr/src/iRedMail/iRedMail.tips
*
* And it's sent to your mail account [email protected].
*
********************* WARNING **************************************
Waiting for external MySql response
[ INFO ] Configure MySQL database server.
ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client
Starting crond:                                            [  OK  ]
Starting Dovecot Imap:                                     [  OK  ]
Starting system logger:                                    [  OK  ]
Starting amavisd:                                          [  OK  ]

Starting postfix:                                          [  OK  ]
Starting cbpolicyd:                                        [  OK  ]
Starting Clam AntiVirus Daemon: LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
/bin/bash: line 1:  1351 Killed                  clamd
                                                           [FAILED]
Starting clamd.amavisd: LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
/etc/init.d/functions: line 362:  1376 Killed                  $cgroup $nice /bin/bash -c "$corelimit >/dev/null 2>&1 ; $*"
                                                           [FAILED]
Starting httpd:                                            [  OK  ]
Starting OpenDKIM Milter: opendkim: /etc/opendkim.conf: dsn:mysql://mail_admin:Isadmin123@onlyoffice-mysql-server/onlyoffice_mailserver/table=dkim?keycol=domain_name?datacol=id: dkimf_db_open(): Client does not support authentication protocol requested by server; consider upgrading MySQL client
                                                           [FAILED]
Starting spamd:                                            [  OK  ]
Starting fail2ban:                                         [  OK  ]
Starting server

[chriscroome]

This error jumps out:

ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client

Does the onlyoffice-mail-server OS need updating to ensure there is a newer MySQL client package on it?

Or perhaps you need to use the July 2022 image for MySQL, specifically mysql:8.0.29, see this comment.

[KaKi87]

This error jumps out:

ERROR 1251 (08004): Client does not support authentication protocol requested by server; consider upgrading MySQL client

Does the onlyoffice-mail-server OS need updating to ensure there is a newer MySQL client package on it?

If that was the issue, how could the identical configuration work on my local computer ?

Or perhaps you need to use the July 2022 image for MySQL, specifically mysql:8.0.29, see this comment.

That's precisely the one I'm using, if you read carefully.

[chriscroome]

That's precisely the one I'm using, if you read carefully.

Sorry, of course your are right, I assumed you has set everything to :latest, sorry.

[Carazyda]

Well, that was it, lol, I wonder why was that commented

This is commented out for installing on an older OS than Debian 12 or Ubuntu 22.04, and docker compose < 2.0.

I'm retrying on my server using resources limitations on every service (cpus: "2" + mem_limit: "2048M")

We do not recommend this limitation because elasticsearch requires more memory and therefore its container is restarted:
-XX:+ExitOnOutOfMemoryError

We also have a problem with changing the mysql password in yml files - it does not apply to docker containers and configuration.

What error are you currently stuck on? or did you manage to install it?

[KaKi87]

What error are you currently stuck on?

If I don't put RAM limitation I'm stuck with a server crash, if I put it I'm stuck with ERROR 1045 (28000): Access denied for user 'mail_admin'@'172.19.0.6' (using password: YES) and onlyoffice/elasticsearch restarting every 5 seconds.

Thanks

[KaKi87]

Well, I was able to run OnlyOffice. 🎉

Resolution steps :

• The Client does not support authentication protocol requested by server was simply due to not removing volumes between trials ;
• I figured there was no way onlyoffice/elasticsearch would work on my server no matter what, but I noticed only onlyoffice/controlpanel actually needs it so I removed both (without removing the related env vars from onlyoffice/communityserver otherwise it won't boot) ;
• onlyoffice/communityserver was still overloading the server on its own so I set RAM limit to 2 GB and enabled maximum swappiness (do not try a lower RAM limit, I already did without success) ;
• I also set RAM limit to 512 MB for onlyoffice/documentserver & onlyoffice/mailserver and enabled maximum swappiness for these as well, even if it's a minimal difference for those.

Here's the resulting docker-compose.workspace.yml file :

version: '3'
services:
  onlyoffice-mysql-server:
    container_name: onlyoffice-mysql-server
    image: mysql:8.0.29
    environment:
     - MYSQL_ROOT_PASSWORD=my-secret-pw
    networks:
     - onlyoffice
    stdin_open: true
    tty: true
    restart: always
    volumes:
     - ./config/mysql/conf.d:/etc/mysql/conf.d
     - ./config/mysql/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
     - mysql_data:/var/lib/mysql
  onlyoffice-community-server:
    mem_limit: 2G
    memswap_limit: ${SWAP_SIZE}
    mem_swappiness: 100
    container_name: onlyoffice-community-server
    image: onlyoffice/communityserver:latest
    depends_on:
     - onlyoffice-mysql-server
     - onlyoffice-document-server
     - onlyoffice-mail-server
    environment:
     - ONLYOFFICE_CORE_MACHINEKEY=core_secret
     - DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server
     - DOCUMENT_SERVER_JWT_ENABLED=true
     - DOCUMENT_SERVER_JWT_SECRET=jwt_secret
     - DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt
     - MYSQL_SERVER_ROOT_PASSWORD=my-secret-pw
     - MYSQL_SERVER_DB_NAME=onlyoffice
     - MYSQL_SERVER_HOST=onlyoffice-mysql-server
     - MYSQL_SERVER_USER=onlyoffice_user
     - MYSQL_SERVER_PASS=onlyoffice_pass
     - MAIL_SERVER_API_PORT=8081
     - MAIL_SERVER_API_HOST=onlyoffice-mail-server
     - MAIL_SERVER_DB_HOST=onlyoffice-mysql-server
     - MAIL_SERVER_DB_PORT=3306
     - MAIL_SERVER_DB_NAME=onlyoffice_mailserver
     - MAIL_SERVER_DB_USER=mail_admin
     - MAIL_SERVER_DB_PASS=Isadmin123
     - ELASTICSEARCH_SERVER_HOST=onlyoffice-elasticsearch
     - ELASTICSEARCH_SERVER_HTTPPORT=9200
    networks:
     - onlyoffice
    ports:
     - '3000:80'
     - '5222:5222'
    stdin_open: true
    tty: true
    restart: always
    privileged: true
    cgroup: host
    volumes:
     - community_data:/var/www/onlyoffice/Data
     - community_log:/var/log/onlyoffice
     - community_letsencrypt:/etc/letsencrypt
     - document_data:/var/www/onlyoffice/DocumentServerData
     - /sys/fs/cgroup:/sys/fs/cgroup:rw
     - ./certs:/var/www/onlyoffice/Data/certs
  onlyoffice-document-server:
    mem_limit: 512M
    memswap_limit: ${SWAP_SIZE}
    mem_swappiness: 100
    container_name: onlyoffice-document-server
    image: onlyoffice/documentserver:latest
    stdin_open: true
    tty: true
    restart: always
    environment:
     - JWT_ENABLED=true
     - JWT_SECRET=jwt_secret
     - JWT_HEADER=AuthorizationJwt
    networks:
      - onlyoffice
    expose:
      - '80'
      - '443'
    volumes:
       - document_data:/var/www/onlyoffice/Data
       - document_log:/var/log/onlyoffice
       - ./document_fonts:/usr/share/fonts/truetype/custom
       - document_forgotten:/var/lib/onlyoffice/documentserver/App_Data/cache/files/forgotten
  onlyoffice-mail-server:
    mem_limit: 512M
    memswap_limit: ${SWAP_SIZE}
    mem_swappiness: 100
    cgroup: host
    container_name: onlyoffice-mail-server
    image: onlyoffice/mailserver:latest
    depends_on:
      - onlyoffice-mysql-server
    hostname: ${MAIL_SERVER_HOSTNAME}
    environment:
       - MYSQL_SERVER=onlyoffice-mysql-server
       - MYSQL_SERVER_PORT=3306
       - MYSQL_ROOT_USER=mail_admin
       - MYSQL_ROOT_PASSWD=Isadmin123
       - MYSQL_SERVER_DB_NAME=onlyoffice_mailserver
    networks:
      - onlyoffice
    restart: always
    privileged: true
    ports: ['25:25', '110:110','143:143', '465:465','587:587', '993:993', '995:995']
    stdin_open: true
    tty: true
    expose:
      - '8081'
      - '3306'
    volumes:
      - mail_data:/var/vmail
      - mail_certs:/etc/pki/tls/mailserver
      - mail_log:/var/log
networks:
  onlyoffice:
    driver: 'bridge'
volumes:
  mail_data:
  mail_certs:
  mail_log:
  mail_mysql:
  document_data:
  document_log:
  document_forgotten:
  community_mysql:
  community_data:
  community_log:
  community_letsencrypt:
  mysql_data:

When using this, a SWAP_SIZE variable must be set in .env (additionally to MAIL_SERVER_HOSTNAME).

At rest, OnlyOffice uses 6 GB of swap, so I recommend allocating at least 12 GB for the whole server, and surprisingly onlyoffice/communityserver doesn't max out its 2 GB of RAM but only uses 1.2 GB (60%), so the overload is really a startup problem. By the way, startup takes 7-10 minutes.

Now I'll just have to figure out why the Mail app sees my 2 TXT records without seeing my MX record despite whatsmydns.net seeing it. 🤔

[chriscroome]

@Carazyda I'd be interested in more details about the following issue if you have any further information on it:

We also have a problem with changing the mysql password in yml files - it does not apply to docker containers and configuration.

I'm trying to get it all working with passwords which are different from the default and the database are not being created.