OnlyOffice and NextCloud running on one host

[kaondr]

Hello,

I'd like to ask for help configuring to run OnlyOffice Document server as docker image and NextCloud (not Docker) using one physical server.
Currently I'm running NextCloud deployed directly on my server and CollaboraOnline Development Edition (CODE) as docker image. Anyway, I'm not happy with current setup and I'd like to replace CODE with OnlyOffice Document server.
Web server is run by Ubuntu 18.04, nginx 1.14.0.

My current nginx config file:

Code: Select all

server {
    listen 80;
    server_name cloud.myweb.com;
    return 301 https://cloud.myweb.com$request_uri;
}

server {
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/cloud.myweb.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/cloud.myweb.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=31536000" always;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
    root /usr/share/nginx/nextcloud/;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
       return 301 $scheme://$host/remote.php/dav;
    }

    location ~ /.well-known/acme-challenge {
      allow all;
    }

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

	### Start Collabora Online ###
	location ^~ /loleaflet {
	  proxy_pass https://localhost:9980;
	  proxy_set_header Host $http_host;
	}

	location ^~ /hosting/discovery {
	  proxy_pass https://localhost:9980;
	  proxy_set_header Host $http_host;
	}

	location ^~ /lool {
	  proxy_pass https://localhost:9980;
	  proxy_set_header Host $http_host;
	  proxy_set_header Upgrade $http_upgrade;
	  proxy_set_header Connection "upgrade";
	}
	### End Collabora Online ###

    # Disable gzip to avoid the removal of the ETag header
    gzip off;

    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location / {
       rewrite ^ /index.php$uri;
    }

    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
       deny all;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
       deny all;
     }

    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
       include fastcgi_params;
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       #Avoid sending the security headers twice
       fastcgi_param modHeadersAvailable true;
       fastcgi_param front_controller_active true;
       fastcgi_pass unix:/run/php/php7.2-fpm.sock;
       fastcgi_intercept_errors on;
       fastcgi_request_buffering off;
    }

    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
       try_files $uri/ =404;
       index index.php;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to
        # have those duplicated to the ones above)
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
   }

   location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
   }
}

I know I need to change this part, but I don't know how exactly.

Code: Select all

### Start Collabora Online ###
location ^~ /loleaflet {
  proxy_pass https://localhost:9980;
  proxy_set_header Host $http_host;
}

location ^~ /hosting/discovery {
  proxy_pass https://localhost:9980;
  proxy_set_header Host $http_host;
}

location ^~ /lool {
  proxy_pass https://localhost:9980;
  proxy_set_header Host $http_host;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";
}
### End Collabora Online ###

I haven't created any docker network, currently I'm executing CODE docker image like this:

Code: Select all

docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=cloud\\.myweb\\.com" -e "username=someusername" -e "password=justsomething" --restart always --cap-add MKNOD collabora/code

Having open ports 80 and 443 on my router.

So I guess that command for OnlyOffice Document server will be:

Code: Select all

docker run -t -d -p 127.0.0.1:49443:443 -e "domain=cloud\\.myweb\\.com" -e JWT_ENABLED='true' -e JWT_SECRET='justsomething' --restart=always onlyoffice/documentserver

I am beginner to nginx and docker, so if you see some horrible flaw in my config I welcome any feedback.
Thanks for any help and suggestions.

Regards,
Ondra

[Carl]

Hello Ondra,

The easier way to have ONLYOFFICE Document Server and Nextcloud on one machine would be using the Docker Compose. You can find the instruction here.