Hey guysā¦first off, please forgive the spaces in the URLās as since Iām new I can only post 2 links
Anyways, I know Iām SO close to figuring this out I can almost taste it, but I just canāt quite get it. Iāve been researching and Googling for hours and I canāt figure out why this wonāt work.
What Iāve got is a Nextcloud server with Apache - and this Apache instance also has several virtualhosts set up to proxy requests to other local servers running other local services. Every service/server is set up to use a single HTTPS (letās encrypt) cert and all requests to anything HTTP are redirected to HTTPS in my setup as well. Iāve set up a 2nd virtual machine and corresponding apache virtualhost for OnlyOffice, and itās accessible via āoffice .example.comā both internally (on my LAN) and externally (outside of it). In both cases I can successfully reach the āDocument Server is Runningā successful page.
Iāve updated the Nextcloud admin settings pages with this URL (https ://office.example.com) and saved. Additionally, I set the onlyoffice VM configuration to use a self signed cert because otherwise I was getting issues with Nextcloud (https) tried to load http resources from the onlyoffice serverā¦hoping that makes sense.
The issue Iām getting now is when I try to open a .docx document I created in Nextcloud, I get the following errors in the Google Chrome console:
Refused to display āhttps ://office.example.com/2017-07-21-15-20/web-apps/apps/documenteditor/main/index.html?_dc=2017-07-21-15-20&lang=en&customer=ONLYOFFICE&frameEditorId=iframeEditorā in a frame because it set āX-Frame-Optionsā to āsameoriginā.
office .example.com/2017-07-21-15-20/web-apps/apps/documenteditor/main/index.html?_dc=2017-07-21-15-20&lang=en&customer=ONLYOFFICE&frameEditorId=iframeEditor Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE
Here is my Apache virtualhost config for forwarding requests to āoffice .example.comā:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName office.example.com
ServerAdmin webmaster@localhost
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/chat.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/chat.example.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
RequestHeader unset Accept-Encoding
ProxyPass / https://192.168.1.44/
ProxyPassReverse / https://192.168.1.44/
ProxyPass "/websocket" "wss://192.168.1.44/websocket"
ProxyPassReverse "/websocket" "wss://192.168.1.44/websocket"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerName off
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLInsecureRenegotiation on
SSLVerifyClient none
<proxy *>
AddDefaultCharset off
Order Allow,Deny
Allow from all
</proxy>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
Iām not sure if all that is needed or not as so far itās a hodge podge of stuff Iāve found and tried online. Finally, here is my onlyoffice config from /etc/nginx/conf.d/onlyoffice-documentserver.conf on that server:
include /etc/nginx/includes/onlyoffice-http.conf;
## Normal HTTP host
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name office.example.com;
server_tokens off;
## Redirects all traffic to the HTTPS host
## root /nowhere; ## root doesn't have to be a valid path since we are redirecting
## rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
listen 127.0.0.1:80;
listen [::1]:80;
server_name office.example.com;
server_tokens off;
include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}
## HTTPS host
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl default_server;
server_name office.example.com;
server_tokens off;
root /usr/share/nginx/html;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_verify_client off;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
## add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
## Replace with your ssl_trusted_certificate. For more info see:
## - https://medium.com/devops-programming/4445f4862461
## - https://www.ruby-forum.com/topic/4419319
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 10s;
## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs
## sudo openssl dhparam -out dhparam.pem 4096
##
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}
Any help or pointers someone MUCH smarter than I am could provide would be HUGELY appreciated! Thank you!!