Ok, so i’m pretty new to this stuff, especially nginx which i have never really used before. I have successfully installe Nextcloud on my ubuntu machin on an apache2 server. I have enabled https and the nextcloud service is running fine. Also i have installed onlyoffice the manual way with [this]tutorial , and added the ssl certificate they way described in the tutorial. The problem is that i can only run either apache or nginx, not at the same time as they both use port 443. I have no idea how to get around this, and would really appreciate your help. Here is my onlyoffice nginx config.
`include /etc/nginx/includes/http-common.conf;
Normal HTTP host
server {
listen 0.0.0.0:90;
listen [::]:90 default_server;
server_name _;
server_tokens off;
Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn’t have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
listen 127.0.0.1:90;
listen [::1]:90;
server_name localhost;
server_tokens off;
include /etc/nginx/includes/ds-common.conf;
include /etc/nginx/includes/ds-docservice.conf;
}
HTTPS host
server {
listen 0.0.0.0:442 ssl;
listen [::]:442 ssl default_server;
server_tokens off;
root /usr/share/nginx/html;
Strong SSL Security
https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_certificate /etc/letsencrypt/live/askekoed.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/askekoed.com/privkey.pem;
Uncomment string below and specify the path to the file with the password if you use encrypted certificate key
ssl_password_file {{SSL_PASSWORD_PATH}};
ssl_verify_client off;
ssl_ciphers “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
[Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
Replace with your ssl_trusted_certificate. For more info see:
- https://medium.com/devops-programming/4445f4862461
- https://www.ruby-forum.com/topic/4419319
- https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
resolver_timeout 10s;
[Optional] Generate a stronger DHE parameter:
cd /etc/ssl/certs
sudo openssl dhparam -out dhparam.pem 4096
ssl_dhparam /etc/ssl/certs/dhparam.pem;
include /etc/nginx/includes/ds-*.conf;
}
`