nginx reverse proxy

[lilonix]

Hello evereybody

First of all thank you for this great looking platform. i am looking forward to build my own cloud office with this great tool.

I have installed onlyoffice as mentioned in the guide with the opensource-install script. In my localnet i can call every function of onlyoffice without any problems. Perfect!

To acces my installtion from the outside i would like to use nginx proxy with lets encrypt. I copied my nginx configuration that i already use for wordpress and gitlab. With that i can connect to the onlyoffice applications with no problems. But when i want to open a document the browser stops loading and gives me the following feedback:

Code: Select all

doceditor.aspx:1 Mixed Content: The page at 'https://xyz.com/products/files/doceditor.aspx?fileid=1' was loaded over HTTPS, but requested an insecure script 'http://xyz.com/2017-03-07-13-37/web-apps/apps/api/documents/api.js'. This request has been blocked; the content must be served over HTTPS.

Loaded only with http i can open the document editor, but while loading the document the process aborts... i have an error like following:

Code: Select all

/2017-03-07-13-37/web-apps/apps/documenteditor/main/app.js:8 Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
(anonymous) @ /2017-03-07-13-37/web-apps/apps/documenteditor/main/app.js:8
(unknown) WebSocket connection to 'ws://xyz.com/2017-03-07-13-37/doc/E2O9l_q_Rq894jNLebY_/c/845/ocn44rnl/websocket' failed: Error during WebSocket handshake: Unexpected response code: 400
WrappedWebSocket
(unknown) WebSocket connection to 'ws://xyz.com/2017-03-07-13-37/spellchecker/doc/E2O9l_q_Rq894jNLebY_/c/995/qonpcehb/websocket' failed: Error during WebSocket handshake: Unexpected response code: 400
WrappedWebSocket

My proxy configuration actually looks like:

Code: Select all

        
server {
        listen 80;

        server_name xyz.com;
        #return 301 https://$server_name$request_uri;

        location / {
                proxy_pass http://192.168.20.12;
        }
}

server {
        listen 443 ssl;

        server_name xyz.com;

        ssl_certificate /etc/letsencrypt/live/xyz.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/xyz.com/privkey.pem;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;


    location /.well-known {
        root /var/www/html;
    }

    location / {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_pass http://192.168.20.12;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 900s;
    }
}

Does anybody have an idea what i can do?

[Maxim]

Hello lilonix!
I suppose there is one solution is to install Community Server and Document Server separately.
Now you got next scheme:

Code: Select all

[i]User's browser(1) -> Community Server(2)->Document Server(3)[/i] 

where you have no problems with proxy between 1 and 2, but there is no proxy headers between 1 and 3 through the 2.
So......the solution is to separate servers and configure them.