ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Onlyoffice vs Collabora in Nextcloud

    IT Discussion
    nextcloud 16 onlyoffice collabora
    8
    70
    11.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • brandon220B
      brandon220 @stacksofplates
      last edited by

      @stacksofplates True.... I was overthinking it.
      OOsnip1.PNG
      If I try to use the local ip, it throws a mixed content error regarding https.

      Error when trying to connect (Mixed Active Content is not allowed. HTTPS address for Document Server is required.)

      stacksofplatesS 1 Reply Last reply Reply Quote 0
      • stacksofplatesS
        stacksofplates @brandon220
        last edited by stacksofplates

        @brandon220 said in Onlyoffice vs Collabora in Nextcloud:

        @stacksofplates True.... I was overthinking it.
        OOsnip1.PNG
        If I try to use the local ip, it throws a mixed content error regarding https.

        Error when trying to connect (Mixed Active Content is not allowed. HTTPS address for Document Server is required.)

        ok kind of cheating but what if you do -p 443:80 to the container instead of -p 80:80? Does it let you fake https then? I mean this would happen regardless of if it's a container or not. I guess I can see the point of Nextcloud wanting to not have mixed protocols but what about running things on localhost beside it? That seems like a strange decision.

        1 Reply Last reply Reply Quote 1
        • brandon220B
          brandon220
          last edited by

          server {
              client_max_body_size 40M;
              server_name office.domain.org;
              proxy_set_header X-Forwarded-Host $http_host/editors;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header Host $host;
              proxy_set_header X-Forwarded-Proto $scheme;
              proxy_set_header X-NginX-Proxy true;
              proxy_redirect off;
              location / {
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header Host $http_host;
                  proxy_set_header X-NginX-Proxy true;
                  proxy_pass http://192.168.1.106;
                  add_header X-Frame-Options "ALLOW-FROM https://nc.domain.org/" always;
                  proxy_redirect off;
                  # Socket.IO Support
                  proxy_http_version 1.1;
                  proxy_set_header Upgrade $http_upgrade;
                  proxy_set_header Connection "upgrade";
              }
              ssl_stapling on;
              ssl_stapling_verify on;
              ssl_session_cache shared:SSL:10m;
              add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
          #    listen 80;
          
              listen 443 ssl; # managed by Certbot
              ssl_certificate /etc/letsencrypt/live/office.domain.org/fullchain.pem; # managed by Certbot
              ssl_certificate_key /etc/letsencrypt/live/office.domain.org/privkey.pem; # managed by Certbot
              include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
              ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
          
          }
          server { listen 80; location / { proxy_pass_header Server; proxy_pass http://nc/; } }
          server {
              client_max_body_size 40M;
              listen 80;
              server_name office.domain.org;
              return 301 https://$host$request_uri;
          
          
          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • stacksofplatesS
            stacksofplates
            last edited by

            So even without HTTPS and pointing Nextcloud to NGINX for accessing Onlyoffice it doesn't work. I would run Onlyoffice with both https and http ports open and see if it works directly accessing Onlyoffice like you did above.

            podman run -it -d -p 443:443 -p 80:80 --restart=always onlyoffice/documentserver
            
            brandon220B 1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @brandon220
              last edited by

              @brandon220 said in Onlyoffice vs Collabora in Nextcloud:

              proxy_pass http://192.168.1.106;
              

              Your backend box has no SSL. Likely something is getting confused. Wordpress has problems like this when behind a proxy.

              Make a snapshot, add a self signed cert on your backend system and change the proxy to point to that.

              What does that do to your functoinality?

              brandon220B 1 Reply Last reply Reply Quote 3
              • brandon220B
                brandon220 @JaredBusch
                last edited by

                @JaredBusch I’m sure you are right. I can access the document server via https through the proxy with the current config. Nextcloud can connect to it https. There is an error however in the browser (when you open the developer tools and view the console) and the document content never loads. I am trying so hard to avoid installing Docker, podman, etc on the NC server.

                JaredBuschJ 1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @brandon220
                  last edited by

                  @brandon220 said in Onlyoffice vs Collabora in Nextcloud:

                  @JaredBusch I’m sure you are right. I can access the document server via https through the proxy with the current config. Nextcloud can connect to it https. There is an error however in the browser (when you open the developer tools and view the console) and the document content never loads. I am trying so hard to avoid installing Docker, podman, etc on the NC server.

                  I honestly have no clue. It is simply speculation based on prior experience with shit behind a proxy.

                  brandon220B 1 Reply Last reply Reply Quote 0
                  • brandon220B
                    brandon220 @JaredBusch
                    last edited by

                    @JaredBusch Understood. Just frustrating when all the other hosts I have behind a proxy work perfect. 8F45ADF7-482C-4F55-8DD5-13D1FEFEFD06.jpeg

                    I’m just afraid it would work ok with the document server running on the NC server (as a container) but not be able to keep up with heavy use. I have learned to keep workloads separate.

                    brandon220B 1 Reply Last reply Reply Quote 0
                    • brandon220B
                      brandon220 @brandon220
                      last edited by

                      I’ll have to take my test vm and put the cert directly on it and test the functionality.

                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @brandon220
                        last edited by

                        @brandon220 said in Onlyoffice vs Collabora in Nextcloud:

                        I’ll have to take my test vm and put the cert directly on it and test the functionality.

                        You don't need a valid cert from a CA behind the proxy.

                        You just need a cert. That is why I said self signed. It is still encrypted. There is nothing wrong with the encryption of self signed certs.

                        For your Proxy to talk to the backend piece, you control it all so there is no trust issue with the public. The self signed cert will never be seen.

                        brandon220B 1 Reply Last reply Reply Quote 0
                        • brandon220B
                          brandon220 @JaredBusch
                          last edited by

                          @JaredBusch makes sense. I’ll give it a try tomorrow.

                          1 Reply Last reply Reply Quote 0
                          • brandon220B
                            brandon220 @stacksofplates
                            last edited by brandon220

                            This post is deleted!
                            1 Reply Last reply Reply Quote 0
                            • brandon220B
                              brandon220
                              last edited by

                              Update:
                              I was able to get it working with a self-signed certificate and the functionality is great. I had NC connected to the OO server with https://localip That worked fine but once left my LAN, from the web it tried to resolve the local ip. That of course will not work and it does zero good to only work while you are on the LAN. I was unsuccessful at getting the self-signed cert to work behind nginx reverse proxy.
                              Is it possible to just have nginx forward http to the OO server and:

                              1. Allow Letsencrypt to verify and issue the certs
                              2. Actually function behind the proxy if the actual cert is on the OO server directly. I cannot find any good documentation of OO working properly behind the reverse proxy in the normal sense.
                              1 Reply Last reply Reply Quote 1
                              • 1
                              • 2
                              • 3
                              • 4
                              • 4 / 4
                              • First post
                                Last post