Hello to the community,
i have a problem to use 100% Nginx web server for Nextcloud and Onlyoffice on Docker all of this on the same host.
Nextcloud 13.0.4 works great,
Let say it’s cloud.mydomain.com
I have installed the docker container of OnlyOffice/DocumentServer and it works well (at least the welcome page)
Let say it’s office.mydomain.com
I installed the OnlyOffice App for Nextcloud, get to the Admin panel and configuration page.
I put in the server address : https://office.mydomain.com/
But when i click save ---- it goes nowhere, and after in the logs i have 504 Gateway Timeout
It look like the nextcloud instance can’t find office.mydomain.com.
I’m asking help for someone who have nextcloud/onlyofficedocker on the same host working for sharing the .conf files…
The docker use port 80 and Nginx 81-82-83…
Here is my Nextcloud.conf :
server {
server_name cloud.mydomain.com;
#Your DDNS adress, (e.g. from desec.io)
listen 83 default_server;IPv6:
listen [::]:83 default_server;
location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:81;
proxy_set_header Host $host;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name cloud.mydomain.com;
#Your DDNS adress, (e.g. from desec.io)
listen 443 ssl http2 default_server;IPv6
#listen [::]:443 ssl http2 default_server;
root /var/www/nextcloud/;
access_log /var/log/nginx/nextcloud.access.log main;
error_log /var/log/nginx/nextcloud.error.log warn;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 10240M;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ .(?:flv|mp4|mov|m4a)$ {
mp4;
mp4_buffer_size 100m;
mp4_max_buffer_size 1024m;
fastcgi_split_path_info ^(.+.php)(/.)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+).php(?:$|/) {
fastcgi_split_path_info ^(.+.php)(/.)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~ .(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
expires 360d;
}
}
And my office.conf
upstream docservice {
server office.mydomain.com;
}map $http_host $this_host {
“” $host;
default $http_host;
}map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
“” $scheme;
}map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
“” $this_host;
}map $http_upgrade $proxy_connection {
default upgrade;
“” close;
}proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $the_host;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;Normal HTTP host
server {
listen 0.0.0.0:84;
listen [::]:84 default_server;
server_name office.mydomain.com;
server_tokens off;Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn’t have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 443 ssl;
server_name office.mydomain.com;
server_tokens off;
root /usr/share/nginx/html;Strong SSL Security
https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate /etc/letsencrypt/live/office.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/office.mydomain.com/privkey.pem;
ssl_verify_client off;ssl_ciphers ‘ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384’;
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:50m;ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
[Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
Replace with your ssl_trusted_certificate. For more info see:
- https://medium.com/devops-programming/4445f4862461
- SSL OCSP stapling won't enable - NGINX - Ruby-Forum
- How To Configure OCSP Stapling on Apache and Nginx | DigitalOcean
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
resolver_timeout 10s;
[Optional] Generate a stronger DHE parameter:
cd /etc/ssl/certs
sudo openssl dhparam -out dhparam.pem 4096
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
proxy_pass http://docservice;
proxy_http_version 1.1;
}
}