cummunity server on ubunut 16.04

Issues during installation and related to database
Post Reply
Posts: 1
Joined: Thu Feb 08, 2018 3:21 pm

cummunity server on ubunut 16.04

Post by haglo » Thu Feb 08, 2018 3:46 pm

I have installed the Community Server on Ubunut 16.04 with the following howto's: ... ation.aspx ... https.aspx

I am using in the actual version:

I have Problems to switch to https.
I have Certificate in pem-Format:
Private Key in pem Format (privkey.pem)
Certificate in pem-Format (certificate.pem)
Certificate-Chain in pem-Format (cahin.pem)
Cerificate-with-Chain in pem-Format (cert-cahin.pem)

How can i use this certificates?

I have copied the the certificate.pem to the folder /etc/ningx/ssl/certs
I have copied the the privkey.pem to the folder /etc/ningx/ssl/private

Now i wanted to edit /etc/nginx/sites-enabled/onlyoffice

Code: Select all

## HTTPS host
server {
        listen ssl http2;
        listen [::]:443 ssl http2 default_server;
        server_tokens off;
        root /usr/share/nginx/html;

        ## Increase this if you want to upload large attachments
        client_max_body_size 100m;

        ## Strong SSL Security
        ssl on;
        ssl_certificate /etc/nginx/ssl/certs/certificate.pem;
        ssl_certificate_key /etc/nginx/ssl/private/privkey.pem;
        ssl_verify_client off;
        ssl_client_certificate /etc/nginx/ssl;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off; # Requires nginx >= 1.5.9

        add_header Strict-Transport-Security "max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}; includeSubDomains; preload" always;
#       add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;
        add_header Access-Control-Allow-Origin *;

        ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
        ## Replace with your ssl_trusted_certificate. For more info see:
        ## -
        ## -
        ## -
        ssl_stapling off;
        ssl_stapling_verify off;
        ssl_trusted_certificate /etc/ssl/certs;
        resolver valid=300s; # Can change to your DNS resolver if desired
        resolver_timeout 10s;

        ## [Optional] Generate a stronger DHE parameter:
        ## cd /etc/ssl/certs
        ## sudo openssl dhparam -out dhparam.pem 4096
        ssl_dhparam /var/www/onlyoffice/Data/certs/dhparam.pem;

        large_client_header_buffers 4 16k;

        include /etc/nginx/includes/onlyoffice-communityserver-*.conf;

Posts: 1949
Joined: Tue Oct 11, 2016 2:34 pm

Re: cummunity server on ubunut 16.04

Post by Maxim » Mon Feb 12, 2018 8:39 am

Hello haglo!
Try to convert *.pem to *.crt. And name them to onlyoffice.crt and onlyoffice.pem

Post Reply