Firewall >> Portforwarding http/https to >> cloud.xxx.de
On cloud.xxx.de Nextcloud runs as virtual domain on Apache2 and is configured with A+ rating. On same host another virtual domain office.xxx.de is configured via reverse proxy to my internal OnlyOffice Document Server running on Nginx. Both domains are running on https in Apache2 using lets encrypt certs. The document server can be accessed from the outside:
I’ve installed the OnlyOffice Nextcloud App and entered my public URL office.xxx.de. The secret key is left blank:
When trying to open any document the iFrame content is blocked away in Safari:
Interestingly an unsecure http:// link is opend though I’ve never entered an http:// and in source code no http is visible. Even if http would be used, my Apache rewrites all http to https.
When trying to use Firefox no content is blocked but an nginx error page is shown:
But when trying to call the iframe link directly I recieve my nextoffice window:
What I am missing? After a weekend to get my Onlyoffice running in Nextcloud I got stuck somewhere… could anybody give me direction?
EDIT: Due several request. Yes ProxyPassReverse is set to internal address:
ProxyPass / http://192.168.0.103/
ProxyPassReverse / http://192.168.0.103/
thats bacause you are using mixed content, encrypted and unencrypted. You have to use ssl for onlyoffice too.
Negative, the reverse proxy is encrypted with valid cert as you can see in the first screenshot. This is exactly why a reverse proxy is used. The internal server (http://192.168.0.103) is not accessible from internet and do not have a public DNS by design. The reverse proxy converts all http internal URLs to public https://office.xxx.de this works well when called directly. This works with other websites and dynamic webapps aswell. But somehow it’s not working with OnlyOffice.
yes but probably that isn’t sufficient. It looks like that the document server itself redirects inside of it to http.
So you need to do the ssl part of: https://github.com/ONLYOFFICE/Docker-DocumentServer too, and redirect to 443 or something sslish inside to OO.
The cheap “the proxy does the dirty work” doesn’t always do the job.
Indeed you need to enable OO https directly, even if self-signed (because you can ignore SSL status of the remote in the proxy). I have the same setup and OO support stated this earlier today.
I appreciate your energy but in enabling https in OO this still doesn’t work.
In detail: I’ve installed private cert. No public one possible due the fact that this is a server in the internal segment. The server is accessible now via https. Of course Firefox warns because self-signed but basically the server is up and running.
So now the tricky part. I’ve modified my current apache config:
And boom nothing worked anmore. Service not available:
Alrighty, back to my config file. I’ve forgotten to add SSLProxyEngine Directive. After saving and restarting the next boom: The proxy server could not handle the request GET and showed errors during handshake. This is more worse than before without https.
Onlyoffice does not work behind a reverse proxy. IMHO this makes it unuseable for secure networks. Or I still missing something and we need an apache-woodoo master.
Call me Apache-Woodoo-Master… it works!
- Enable private cert on OO server
- Turn off everything in Apache in Virtual Host Config:
This is what I was referring to, sorry!
I just made a Testsetup and got it running too, even on the same host with port-redirection, thanks for the clarification of the specific parameters.
seems I’ve overseen your comment… marked it as solution now though I’ve found an solution by my own
Guys I am happy now to have a fully working Online Office and iCloud replacement…
Yours is definitely the solution, mine is a briefly-written line during a lunchbreak
I’m currently suffering in a similar situation, and would really appreciate some help!
I have Nextcloud running via Apache on a server visible to WAN (cloud.XXX.com). Let’s call this server MIDGAR
I have installed OnlyOffice with Nginx on a second server on the same LAN, but clearly not visible to WAN. Let’s call this server MIDEEL.
I have been successful in using ProxyPass on Apache on MIDGAR to send traffic from office.XXX.com to MIDEEL with SSL authentication on MIDGAR using Let’s Encrypt.
Under this situation requests to office.XXX.com successfully resolve to OnlyOffice on MIDEEL with accepted SSL. However when trying to integrate into Nextcloud I am faced with a 302 error.
Please create a new topic, and use the presented template to provide as much information about your environment as possible.
Any chance you might be willing and able to post your entire Apache virtualhost reverse proxy config and onlyoffice nginx config? I’m having the exact same issue you are here: Unable to get OnlyOffice behind Apache reverse proxy working with Nextcloud 12 -- please help!
Unfortunately, I must still be missing something as I’m still getting an error when I go to open any documents. Thank you!!