Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Proxy & SSL with Nextcloud
See original GitHub issueHello,
I have not been able to solve this problem for a few months.
Structure:
Method 1 Without SSL
CWP vHost File (for words.XXXX.com)
<VirtualHost 10.0.0.60:80>
ServerName words.XXXX.com
ServerAlias www.words.XXXX.com
ServerAdmin hello@XXXX.com
DocumentRoot "/home/XXXX/public_html/Words"
ScriptAlias /cgi-bin/ /home/XXXX/public_html/Words/cgi-bin/
# Include "/usr/local/apache/conf/userdata/XXXX/words.XXXX.com/*.conf
<IfModule mod_suexec.c>
SuexecUserGroup XXXX XXXX
</IfModule>
<IfModule mod_suphp.c>
suPHP_UserGroup XXXX XXXX
</IfModule>
ProxyPass / http://10.0.0.61/
ProxyPassReverse / http://10.0.0.61/
</VirtualHost>
OnlyOffice vHost File:
include /etc/nginx/includes/onlyoffice-http.conf;
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name words.XXXX.com;
server_tokens off;
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
location ~ /.well-known/acme-challenge {
root /var/www/onlyoffice/;
allow all;
}
}
Resut: Screen:
302 Error - nginx
Consol:
Mixed Content: The page at ‘https://XXXX.com/apps/onlyoffice/258994’ was loaded over HTTPS, but requested an insecure resource ‘http://words.XXXX.com/2017-04-26-13-21/web-apps/apps/documenteditor/mai…dc=2017-04-26-13-21&lang=en&customer=ONLYOFFICE&frameEditorId=iframeEditor’. This request has been blocked; the content must be served over HTTPS.
Method 2 With SSL
CWP vHost File (for words.XXXX.com) - No any change
<VirtualHost 10.0.0.60:80>
ServerName words.XXXX.com
ServerAlias www.words.XXXX.com
ServerAdmin hello@XXXX.com
DocumentRoot "/home/XXXX/public_html/Words"
ScriptAlias /cgi-bin/ /home/XXXX/public_html/Words/cgi-bin/
# Include "/usr/local/apache/conf/userdata/datarals/words.XXXX.com/*.conf
<IfModule mod_suexec.c>
SuexecUserGroup XXXX XXXX
</IfModule>
<IfModule mod_suphp.c>
suPHP_UserGroup XXXX XXXX
</IfModule>
ProxyPass / http://10.0.0.61/
ProxyPassReverse / http://10.0.0.61/
</VirtualHost>
OnlyOffice vHost File: (with Let’s Encrty/SSL successful)
include /etc/nginx/includes/onlyoffice-http.conf;
## Normal HTTP host
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name words.XXXX.com;
server_tokens off;
## Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
listen 127.0.0.1:80;
listen [::1]:80;
server_name localhost;
server_tokens off;
include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}
## HTTPS host
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl default_server;
server_name words.XXXX.com;
server_tokens off;
root /usr/share/nginx/html;
ssl_certificate /etc/letsencrypt/live/words.XXXX.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/words.XXXX.com/privkey.pem;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 10s;
## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs
## sudo openssl dhparam -out dhparam.pem 4096
##
#ssl_dhparam {{SSL_DHPARAM_PATH}};
location ~ /.well-known/acme-challenge {
root /var/www/onlyoffice/;
allow all;
}
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}
Resut: Screen:
ONLYOFFICE not reached. Please contact admin
Consol:
Refused to load the script ‘https://10.0.0.61/web-apps/apps/api/documents/api.js’ because it violates the following Content Security Policy directive: “script-src ‘self’ https://words.XXXX.com/ ‘unsafe-inline’ ‘unsafe-eval’”.
How can I solve this? Thank you
cc @JohnPerkin and @LinneyS
Issue Analytics
- State:
- Created 6 years ago
- Comments:12
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I deleted the OnlyOffice settings in Nextcloud and I only wrote the OnlyOffice server address. I’ve had no problems when I reset the server. Thank you for again!
@agolybev !!
I say this with all my heart; I had no hope and I think I can not do that… This code with worked!
I’ve done it on your help Alexey & I saw the OnlyOffice panel! Thank you most sincerely