Try the fastest and simplest way to install ONLYOFFICE

cummunity server on ubunut 16.04

Issues during installation and related to database

cummunity server on ubunut 16.04

Postby haglo » Thu Feb 08, 2018 3:46 pm

I have installed the Community Server on Ubunut 16.04 with the following howto's:
https://helpcenter.onlyoffice.com/de/se ... ation.aspx
https://helpcenter.onlyoffice.com/de/se ... https.aspx

I am using in the actual version:
MySQL
nginx
Mono
Node.js
OnlyOffice

I have Problems to switch to https.
I have Certificate in pem-Format:
Private Key in pem Format (privkey.pem)
Certificate in pem-Format (certificate.pem)
Certificate-Chain in pem-Format (cahin.pem)
Cerificate-with-Chain in pem-Format (cert-cahin.pem)

How can i use this certificates?

I have copied the the certificate.pem to the folder /etc/ningx/ssl/certs
I have copied the the privkey.pem to the folder /etc/ningx/ssl/private

Now i wanted to edit /etc/nginx/sites-enabled/onlyoffice
Code: Select all
## HTTPS host
server {
        listen 0.0.0.0:443 ssl http2;
        listen [::]:443 ssl http2 default_server;
        server_tokens off;
        root /usr/share/nginx/html;

        ## Increase this if you want to upload large attachments
        client_max_body_size 100m;

        ## Strong SSL Security
        ## https://cipherli.st/
        ssl on;
        ssl_certificate /etc/nginx/ssl/certs/certificate.pem;
        ssl_certificate_key /etc/nginx/ssl/private/privkey.pem;
        ssl_verify_client off;
        ssl_client_certificate /etc/nginx/ssl;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off; # Requires nginx >= 1.5.9

        add_header Strict-Transport-Security "max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}; includeSubDomains; preload" always;
#       add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;
        add_header Access-Control-Allow-Origin *;

        ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
        ## Replace with your ssl_trusted_certificate. For more info see:
        ## - https://medium.com/devops-programming/4445f4862461
        ## - https://www.ruby-forum.com/topic/4419319
        ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
        ssl_stapling off;
        ssl_stapling_verify off;
        ssl_trusted_certificate /etc/ssl/certs;
        resolver 8.8.8.8 8.8.4.4 127.0.0.11 valid=300s; # Can change to your DNS resolver if desired
        resolver_timeout 10s;

        ## [Optional] Generate a stronger DHE parameter:
        ## cd /etc/ssl/certs
        ## sudo openssl dhparam -out dhparam.pem 4096
        ##
        ssl_dhparam /var/www/onlyoffice/Data/certs/dhparam.pem;

        large_client_header_buffers 4 16k;

        include /etc/nginx/includes/onlyoffice-communityserver-*.conf;
}

haglo
 
Posts: 1
Joined: Thu Feb 08, 2018 3:21 pm

Re: cummunity server on ubunut 16.04

Postby Maxim » Mon Feb 12, 2018 8:39 am

Hello haglo!
Try to convert *.pem to *.crt. And name them to onlyoffice.crt and onlyoffice.pem
Maxim
 
Posts: 1370
Joined: Tue Oct 11, 2016 2:34 pm


Return to Installation / Database

Who is online

Users browsing this forum: No registered users and 1 guest