Hello,
I’m having trouble integrating onlyoffice document server running on ubuntu 16 to the nextcloud server also running on a separate ubuntu 16.
I have self-assigned certificates on both, nextcloud and onlyoffice document server.
I’ve had trouble with docker and with the install without a docker.
Currently, I’ve set up my document server using the following: http://helpcenter.onlyoffice.com/server/linux/document/linux-installation.aspx
I’ve setup SSL certificate using the following guide: http://helpcenter.onlyoffice.com/server/linux/document/switch-to-https.aspx
When I go to onlyoffice.mydomain.com my server is running “Document Server is running”
However when I apply the Document Server FQDN I get “Error when trying to connect”.
Both, nextcloud and document server use FQDN and are running over HTTPS. It works fine when I have Nextcloud over HTTP and document server without using SSL, but when I do this switch it doesn’t seem to be working.
I’m looking forward to hearing solutions.
Thank you!
Here is the config file for onlyoffice: /etc/nginx/conf.d/onlyoffice-documentserver.conf
[code]include /etc/nginx/includes/onlyoffice-http.conf;
Normal HTTP host
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name onlyoffice.mydomain.com;
server_tokens off;
Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn’t have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
listen 127.0.0.1:80;
listen [::1]:80;
server_name localhost;
server_tokens off;
include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}
HTTPS host
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl default_server;
server_name onlyoffice.mydomain.com;
server_tokens off;
root /usr/share/nginx/html;
Strong SSL Security
https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate /app/onlyoffice/CommunityServer/data/certs/onlyoffice.crt;
ssl_certificate_key /app/onlyoffice/CommunityServer/data/certs/onlyoffice.key;
ssl_verify_client {{SSL_VERIFY_CLIENT}};
ssl_client_certificate {{CA_CERTIFICATES_PATH}};
ssl_ciphers “ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4”;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
[Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
Replace with your ssl_trusted_certificate. For more info see:
- https://medium.com/devops-programming/4445f4862461
- https://www.ruby-forum.com/topic/4419319
- https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
resolver_timeout 10s;
[Optional] Generate a stronger DHE parameter:
cd /etc/ssl/certs
sudo openssl dhparam -out dhparam.pem 4096
ssl_dhparam /app/onlyoffice/CommunityServer/data/certs/dhparam.pem;
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}
[/code]
NextCloud Version 12.0
Latest version of Document Server and OnlyOffice app as of 5/31/2017