Well, I have some restrictions to observe but still need to provide the onlyoffice document service to our nextcloud users.
At the moment I only have one machine and it is a Strato V-Server which is not docker ready.
I followed this guide to install the onlyoffice document server onto the machine that already has a running nextcloud installation:
https://helpcenter.onlyoffice.com/de/server/linux/document/linux-installation.aspx
I was a bit discouraged to find that onlyoffice uses nginx as a proxy while I already had all the other services proxied through apache + I had no previous experience with nginx whatsoever. However I quickly found that this is not too difficult to manage since I was able to have the two http servers listen to different ports.
I have now managed to get onlyoffice open my office documents from within the nextcloud web interface. Here is the nginx configuration file that I have come up with so far:
# Use this example for proxy HTTPS traffic to the document server running on localhost.
# Replace {{SSL_CERTIFICATE_PATH}} with the path to the ssl certificate file
# Replace {{SSL_KEY_PATH}} with the path to the ssl private key file
#
# Note that this configuration is still experimental and incomplete.
# Do NOT use this version on your production server!
include /etc/nginx/includes/onlyoffice-http.conf;
server {
listen 0.0.0.0:8143 ssl;
listen [::]:8143 ssl default_server;
server_tokens off;
root /usr/share/nginx/html;
server_name office.mysite.com
ssl on;
ssl_certificate {{SSL_CERTIFICATE_PATH}};
ssl_certificate_key {{SSL_KEY_PATH}};
ssl_verify_client off;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RS (...)"
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://docservice;
proxy_http_version 1.1;
}
}
Disclaimer: I am still new to nginx, onlyoffice and nextcloud. So if you happen to find any errors or security flaws in the above configuration, please let me know.
For the sake of completeness here is the /etc/nginx/includes/onlyoffice-http.conf that is incuded within the above configuration:
upstream docservice {
server localhost:8000;
}
upstream spellchecker {
server localhost:8080;
}
upstream example {
server localhost:3000;
}
map $http_host $this_host {
"" $host;
default $http_host;
}
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $this_host;
}
map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $the_host;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
While this implementatiion looks like it is working I have to admit that it is still incomplete.
I created this file by merging the original /etc/nginx/conf.d/onlyoffice-documentserver-ssl.conf with the ssl example configuration from here: https://github.com/ONLYOFFICE/document-server-proxy/blob/master/nginx/proxy-https-to-http.conf
I was able to put things nicely together except for this one bit from the http configuration file:
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
I feel that I should have to add another server{} directive but since I am proxying to docservice which is localhost:8000 I have no good idea how to do it.
Thanks for any comments and Ideas!