ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Onlyoffice vs Collabora in Nextcloud

    Scheduled Pinned Locked Moved IT Discussion
    nextcloud 16onlyofficecollabora
    70 Posts 8 Posters 12.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • brandon220B
      brandon220
      last edited by

      server {
          client_max_body_size 40M;
          server_name office.domain.org;
          proxy_set_header X-Forwarded-Host $http_host/editors;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header X-NginX-Proxy true;
          proxy_redirect off;
          location / {
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header Host $http_host;
              proxy_set_header X-NginX-Proxy true;
              proxy_pass http://192.168.1.106;
              add_header X-Frame-Options "ALLOW-FROM https://nc.domain.org/" always;
              proxy_redirect off;
              # Socket.IO Support
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection "upgrade";
          }
          ssl_stapling on;
          ssl_stapling_verify on;
          ssl_session_cache shared:SSL:10m;
          add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
      #    listen 80;
      
          listen 443 ssl; # managed by Certbot
          ssl_certificate /etc/letsencrypt/live/office.domain.org/fullchain.pem; # managed by Certbot
          ssl_certificate_key /etc/letsencrypt/live/office.domain.org/privkey.pem; # managed by Certbot
          include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
          ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
      
      }
      server { listen 80; location / { proxy_pass_header Server; proxy_pass http://nc/; } }
      server {
          client_max_body_size 40M;
          listen 80;
          server_name office.domain.org;
          return 301 https://$host$request_uri;
      
      
      JaredBuschJ 1 Reply Last reply Reply Quote 0
      • stacksofplatesS
        stacksofplates
        last edited by

        So even without HTTPS and pointing Nextcloud to NGINX for accessing Onlyoffice it doesn't work. I would run Onlyoffice with both https and http ports open and see if it works directly accessing Onlyoffice like you did above.

        podman run -it -d -p 443:443 -p 80:80 --restart=always onlyoffice/documentserver
        
        brandon220B 1 Reply Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch @brandon220
          last edited by

          @brandon220 said in Onlyoffice vs Collabora in Nextcloud:

          proxy_pass http://192.168.1.106;
          

          Your backend box has no SSL. Likely something is getting confused. Wordpress has problems like this when behind a proxy.

          Make a snapshot, add a self signed cert on your backend system and change the proxy to point to that.

          What does that do to your functoinality?

          brandon220B 1 Reply Last reply Reply Quote 3
          • brandon220B
            brandon220 @JaredBusch
            last edited by

            @JaredBusch I’m sure you are right. I can access the document server via https through the proxy with the current config. Nextcloud can connect to it https. There is an error however in the browser (when you open the developer tools and view the console) and the document content never loads. I am trying so hard to avoid installing Docker, podman, etc on the NC server.

            JaredBuschJ 1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @brandon220
              last edited by

              @brandon220 said in Onlyoffice vs Collabora in Nextcloud:

              @JaredBusch I’m sure you are right. I can access the document server via https through the proxy with the current config. Nextcloud can connect to it https. There is an error however in the browser (when you open the developer tools and view the console) and the document content never loads. I am trying so hard to avoid installing Docker, podman, etc on the NC server.

              I honestly have no clue. It is simply speculation based on prior experience with shit behind a proxy.

              brandon220B 1 Reply Last reply Reply Quote 0
              • brandon220B
                brandon220 @JaredBusch
                last edited by

                @JaredBusch Understood. Just frustrating when all the other hosts I have behind a proxy work perfect. 8F45ADF7-482C-4F55-8DD5-13D1FEFEFD06.jpeg

                I’m just afraid it would work ok with the document server running on the NC server (as a container) but not be able to keep up with heavy use. I have learned to keep workloads separate.

                brandon220B 1 Reply Last reply Reply Quote 0
                • brandon220B
                  brandon220 @brandon220
                  last edited by

                  I’ll have to take my test vm and put the cert directly on it and test the functionality.

                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @brandon220
                    last edited by

                    @brandon220 said in Onlyoffice vs Collabora in Nextcloud:

                    I’ll have to take my test vm and put the cert directly on it and test the functionality.

                    You don't need a valid cert from a CA behind the proxy.

                    You just need a cert. That is why I said self signed. It is still encrypted. There is nothing wrong with the encryption of self signed certs.

                    For your Proxy to talk to the backend piece, you control it all so there is no trust issue with the public. The self signed cert will never be seen.

                    brandon220B 1 Reply Last reply Reply Quote 0
                    • brandon220B
                      brandon220 @JaredBusch
                      last edited by

                      @JaredBusch makes sense. I’ll give it a try tomorrow.

                      1 Reply Last reply Reply Quote 0
                      • brandon220B
                        brandon220 @stacksofplates
                        last edited by brandon220

                        This post is deleted!
                        1 Reply Last reply Reply Quote 0
                        • brandon220B
                          brandon220
                          last edited by

                          Update:
                          I was able to get it working with a self-signed certificate and the functionality is great. I had NC connected to the OO server with https://localip That worked fine but once left my LAN, from the web it tried to resolve the local ip. That of course will not work and it does zero good to only work while you are on the LAN. I was unsuccessful at getting the self-signed cert to work behind nginx reverse proxy.
                          Is it possible to just have nginx forward http to the OO server and:

                          1. Allow Letsencrypt to verify and issue the certs
                          2. Actually function behind the proxy if the actual cert is on the OO server directly. I cannot find any good documentation of OO working properly behind the reverse proxy in the normal sense.
                          1 Reply Last reply Reply Quote 1
                          • 1
                          • 2
                          • 3
                          • 4
                          • 4 / 4
                          • First post
                            Last post