Onlyoffice documentserver with nginx and nextcloud with apache

🍱 Features & apps community document server
1

Ok, so i’m pretty new to this stuff, especially nginx which i have never really used before. I have successfully installe Nextcloud on my ubuntu machin on an apache2 server. I have enabled https and the nextcloud service is running fine. Also i have installed onlyoffice the manual way with [this]tutorial , and added the ssl certificate they way described in the tutorial. The problem is that i can only run either apache or nginx, not at the same time as they both use port 443. I have no idea how to get around this, and would really appreciate your help. Here is my onlyoffice nginx config.
`include /etc/nginx/includes/http-common.conf;

Normal HTTP host

server {
listen 0.0.0.0:90;
listen [::]:90 default_server;
server_name _;
server_tokens off;

Redirects all traffic to the HTTPS host

root /nowhere; ## root doesn’t have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}

#HTTP host for internal services
server {
listen 127.0.0.1:90;
listen [::1]:90;
server_name localhost;
server_tokens off;

include /etc/nginx/includes/ds-common.conf;
include /etc/nginx/includes/ds-docservice.conf;
}

HTTPS host

server {
listen 0.0.0.0:442 ssl;
listen [::]:442 ssl default_server;
server_tokens off;
root /usr/share/nginx/html;

Strong SSL Security

https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

ssl_certificate /etc/letsencrypt/live/askekoed.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/askekoed.com/privkey.pem;

Uncomment string below and specify the path to the file with the password if you use encrypted certificate key

ssl_password_file {{SSL_PASSWORD_PATH}};

ssl_verify_client off;

ssl_ciphers “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;

ssl_prefer_server_ciphers on;

add_header Strict-Transport-Security max-age=31536000;

add_header X-Frame-Options SAMEORIGIN;

add_header X-Content-Type-Options nosniff;

[Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.

Replace with your ssl_trusted_certificate. For more info see:

- https://medium.com/devops-programming/4445f4862461

- https://www.ruby-forum.com/topic/4419319

- https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx

ssl_stapling on;

ssl_stapling_verify on;

ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;

resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired

resolver_timeout 10s;

[Optional] Generate a stronger DHE parameter:

cd /etc/ssl/certs

sudo openssl dhparam -out dhparam.pem 4096

ssl_dhparam /etc/ssl/certs/dhparam.pem;

include /etc/nginx/includes/ds-*.conf;

}
`

2

I don’t think you can get around it because both try to listen to the same ports, so they are mutually exclusive.

Why don’t you just decide for one and port the virtual host from one to the other?

3

Thank you for the asnwer.
Do you know how one would do that?