DEVHIDE
Login Or Sign up

Nextcloud and Onlyoffice on same server w/ NGINX

4.6k Views Asked by At

I have Nextcloud 11 successfully installed on my Centos 7 VPS server with godaddy. I also have Onlyoffice document server successfully installed on the same server. I tested each with seperate nginx config files to make sure each work. And each does work on HTTPS.

Desire My goal is to have them both functioning on the same server, using NGINX...but can only be accessed through my HTML homepage in the root directory. My root directory is /var/www/ and all my website files are located in this directory, so when you go to my domain, it loads my index.html. What i want is for a user to click a login tab (a href="path to nextcloud login"), get redirected to nextcloud's login page, and they will have Onlyoffice functionality within their nextcloud account. (I dont own a domain name so im using a ddns from no-ip which means i dont get sub domains for the same ip)

Currently I want to test Nextcloud working with Onlyoffice on the same server but im running into issues. I assumed that Onlyoffice needs to talk on a different port because Nextcloud is listening on port 443. So i changed the nginx conf for onlyoffice to listen on port 9443 and opened that port in my iptables.

I have nextcloud located in /var/www/nextcloud and onlyoffice located in /var/www/onlyoffice

My nextcloud nginx conf file looks like so:

upstream php-handler {
    #server 127.0.0.1:9000;
    server unix:/var/run/php-fpm/php-fpm.sock;
}

server {
    listen 80;
    server_name example.net;
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name example.net;

    ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;

   # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    add_header Strict-Transport-Security "max-age=15768000;
    includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
    root /var/www/nextcloud/;
    index index.html index.htm;
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
 location = /.well-known/caldav {
  return 301 $scheme://$host/remote.php/dav;
}

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location / {
    rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
    #deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    #Avoid sending the security headers twice
    fastcgi_param modHeadersAvailable true;
    fastcgi_param front_controller_active true;
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
    fastcgi_request_buffering off;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
    try_files $uri/ =404;
    index index.php;
}


# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
    try_files $uri /index.php$uri$is_args$args;
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers (It is intended to
    # have those duplicated to the ones above)
    # Before enabling Strict-Transport-Security headers please read into
    # this topic first.
    add_header Strict-Transport-Security "max-age=15768000;
    includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;
}

location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
    try_files $uri /index.php$uri$is_args$args;
    # Optional: Don't log access to other assets
    access_log off;
}
}

My onlyoffice nginx conf file looks like so:

include /etc/nginx/includes/onlyoffice-http.conf;

server {
  listen 0.0.0.0:80;
  #listen [::]:80 server_name example.net;
  server_tokens off;
  ## Redirects all traffic to the HTTPS host
  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
  rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
  listen 127.0.0.1:80;
  #listen [::1]:80;
  server_name localhost;
  server_tokens off;
  include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
  include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}
server {
  listen 0.0.0.0:443 ssl;
  #listen [::]:443 ssl;

  server_name example.net
  ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;

  # Redirect the browser to our port 9443 config
  return 301 $scheme://example.net:9443$request_uri;

}


## HTTPS host
server {

  listen 0.0.0.0:9443;
  #listen [::]:443 ssl default_server;
  server_name example.net;
  server_tokens off;
  root /var/www/onlyoffice/;
  index index.html index.html


  ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;

  # modern configuration. tweak to your needs.
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;

  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  add_header Strict-Transport-Security max-age=15768000;

  ssl_session_cache builtin:1000 shared:SSL:10m;
  # add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  # resolver_timeout 10s;
  ## [Optional] Generate a stronger DHE parameter:
  ##   cd /etc/ssl/certs
  ##   sudo openssl dhparam -out dhparam.pem 4096
  ##
  #ssl_dhparam {{SSL_DHPARAM_PATH}};

  location ~ /.well-known/acme-challenge {
     root /var/www/onlyoffice/;
     allow all;
  }

  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}



Nginx doesnt give me any errors in my log nor does the onlyoffice nginx.error.log. The only errors im getting are within the nextcloud log.

When typing in the domain of the onlyoffice document server, here are the corresponding errors in the nextcloud log.

When i try https://example.net:9443

Error   onlyoffice  CommandRequest on check error: Bad Request or timeout error 2017-10-07T16:12:22-0400
Error   PHP file_get_contents(https://example.net:9443/coauthoring/CommandService.ashx): failed to open stream: operation failed at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351  2017-10-07T16:12:22-0400
Error   PHP file_get_contents(): Failed to enable crypto at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351  2017-10-07T16:12:22-0400

When i try https://example.net or https://example.net/onlyoffice

Error   onlyoffice  CommandRequest on check error: Error occurred in the document service   2017-10-07T16:12:30-0400
Error   PHP Trying to get property of non-object at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#293  2017-10-07T16:12:30-0400
Error   PHP Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. at Unknown#0   2017-10-07T16:12:30-0400

Sorry for the long post, but ive been stuck on this issue for some time and would love some assistance so i can continue my development.

nginx nextcloud onlyoffice
Original Q&A
2

There are 2 best solutions below

1
On

When i try https://example.net:9443

Error onlyoffice CommandRequest on check error: Bad Request or timeout error 2017-10-07T16:12:22-0400 Error PHP file_get_contents(https://example.net:9443/coauthoring/CommandService.ashx): failed to open stream: operation failed at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351 2017-10-07T16:12:22-0400 Error PHP file_get_contents(): Failed to enable crypto at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351 2017-10-07T16:12:22-0400

Please open the NextCloud config file /nextcloud/config/config.php add a new section to it: 'onlyoffice' => array ( 'verify_peer_off' => TRUE )

0
On

Try running Onlyoffice DocumentServer in a virtual path. Run Onlyoffice DocumentServer on non standart HTTP(S) port and proxy the traffic from the virtual path to Onlyoffice DocumentServer. In this case you havn't to add SSL certificate twice. First, add the next statement to you nextcloud nginx conf file:

map $http_x_forwarded_proto $the_scheme {
     default $http_x_forwarded_proto;
     "" $scheme;
}

map $http_x_forwarded_host $the_host {
    default $http_x_forwarded_host;
    "" $host;
}

map $http_upgrade $proxy_connection {
  default upgrade;
  "" close;
}

location /documentserver/ {
    proxy_pass http://localhost:8888/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $proxy_connection;
    proxy_set_header X-Forwarded-Host $the_host/documentserver;
    proxy_set_header X-Forwarded-Proto $the_scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Next, change Onlyoffice nginx conf file like this:

include /etc/nginx/includes/onlyoffice-http.conf;
server {
  listen 0.0.0.0:8888;
  listen [::]:8888 default_server;
  server_tokens off;

  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}

Finaly restart nginx service:

   $service nginx restart

You can find more about proxying to Onlyoffice DocumentServer here.

Related Questions in NGINX

Related Questions in NEXTCLOUD

Related Questions in ONLYOFFICE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.