As iâm currently working on the configuration youâre proposing @aalaesar, i will go on for the moment. (But the other solution may not be impossible)
I also put the reverse proxy on the raspberry (host1) by creating the libreoffice.conf file as mentioned previously. I tried to create a new certificate for both dom2 but i had a message error in the process, due to incorrect ssl config in the reverse proxy, as far as i understand this message :
sudo ./letsencrypt-auto --apache -d mlydesk.hopto.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isnât close to expiry.
(ref: /etc/letsencrypt/renewal/mlydesk.hopto.org.conf)
What would you like to do?
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press âcâ to cancel): 2
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for mlydesk.hopto.org
Waiting for verificationâŚ
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0002_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0002_csr-certbot.pem
Deploying Certificate to VirtualHost /etc/apache2/sites-available/libreoffice.conf
Enabling available site: /etc/apache2/sites-available/libreoffice.conf
Error while running apache2ctl configtest.
Action âconfigtestâ failed.
The Apache error log may have more information.
AH00526: Syntax error on line 22 of /etc/apache2/sites-enabled/libreoffice.conf:
Invalid command âProxyPreserveHostâ, perhaps misspelled or defined by a module not included in the server configuration
Rolling back to previous server configurationâŚ
Error while running apache2ctl configtest.
Action âconfigtestâ failed.
The Apache error log may have more information.
AH00526: Syntax error on line 22 of /etc/apache2/sites-enabled/libreoffice.conf:
Invalid command âProxyPreserveHostâ, perhaps misspelled or defined by a module not included in the server configuration
IMPORTANT NOTES:
- We were unable to install your certificate, however, we
successfully restored your server to its prior configuration.
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/mlydesk.hopto.org/fullchain.pem. Your cert
will expire on 2017-06-15. To obtain a new or tweaked version of
this certificate in the future, simply run letsencrypt-auto again
with the âcertonlyâ option. To non-interactively renew all of
your certificates, run âletsencrypt-auto renewâ
I also put the config of the reverse proxy :
<VirtualHost *:443>
ServerName mlydesk.hopto.org
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mlydesk.hopto.org/
SSLCertificateChainFile /etc/letsencrypt/live/mlydesk.hopto.org/
SSLCertificateKeyFile /etc/letsencrypt/live/mlydesk.hopto.org/
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-S$
SSLHonorCipherOrder on
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://192.168.1.45:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://192.168.1.45:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://192.168.1.45:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://192.168.1.45:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://192.168.1.45:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://mlydesk.hopto.org:9980/lool/adminws
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://192.168.1.45:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://192.168.1.45:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://192.168.1.45:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://192.168.1.45:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://192.168.1.45:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://mlydesk.hopto.org:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://192.168.1.45:9980/lool
ProxyPassReverse /lool https://192.168.1.45:9980/lool
</VirtualHost>
Humm, besides, the proxy seems to have bad influence on nextcloudâŚwhich was temporarily inacessible. A apache restart succeeded once, but after a new problem (white page), it failed to restart (timeout for response) and i had to reboot the pi. I removed temporarily libreoffice.conf.