Https in docker. How to..?

Questions/problems on Docker
minhuy
Posts: 9
Joined: Tue Sep 20, 2016 6:35 am

Re: Https in docker. How to..?

Post by minhuy » Tue Sep 20, 2016 6:47 am

Hello,

Can I know how to use comodo positive ssl with docker document server?

I try to follow the instruction on github page but after about 50 attempts with digital ocean, I still failed. please help...

on github
sudo docker run -i -t -d -p 443:443 \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver

some of the instruction from stackoverflow and in this forum
sudo docker run -i -t -d --name onlyoffice-document-server -p 443:443 -v /opt/onlyoffice/Data:/var/www/onlyoffice/Data --env-file /home/env.list onlyoffice/documentserver

why the path is different -v /app/onlyoffice/DocumentServer/data -v /opt/onlyoffice/Data , which one is correct path to use with docker image?

My comodo positive SSL have three files: domain.crt, private.key and bundle.crt, which file use for these parameters

SSL_CERTIFICATE_PATH: The path to the SSL certificate to use. Defaults to /var/www/onlyoffice/Data/certs/onlyoffice.crt. ---> my domain.crt?
SSL_KEY_PATH: The path to the SSL certificate's private key. Defaults to /var/www/onlyoffice/Data/certs/onlyoffice.key. ---> my private.key?
SSL_DHPARAM_PATH: The path to the Diffie-Hellman parameter. Defaults to /var/www/onlyoffice/Data/certs/dhparam.pem. ---> I don't have this file from my comodo positive cert pack
SSL_VERIFY_CLIENT: Enable verification of client certificates using the CA_CERTIFICATES_PATH file. Defaults to fals ----> my bundle.crt?

last question: my env.list file is correct or not with this content

SSL_CERTIFICATE_PATH=/var/www/onlyoffice/Data/certs/domain.crt
SSL_KEY_PATH=/var/www/onlyoffice/Data/certs/private.key
SSL_DHPARAM_PATH= (I leave it blank)
SSL_VERIFY_CLIENT=/var/www/onlyoffice/Data/certs/bundle.crt


Please, please help me... Thank you so much

minhuy
Posts: 9
Joined: Tue Sep 20, 2016 6:35 am

Question about https and ssl

Post by minhuy » Tue Sep 20, 2016 2:44 pm

Hello

I am very confused about setting up ssl (or https) for onlyoffice. I purchased ssl cert from comodo, positive SSL. And followed the instruction on github. However, after about 20 times trying with my digitalocean droplet, I could not setup ssl for my document server. My cert package have 2 files: domain.crt and bundle.crt. I have my private.key on my computer. I don't know where to put in my bundle.crt from this instruction

SSL_CERTIFICATE_PATH: The path to the SSL certificate to use. Defaults to /var/www/onlyoffice/Data/certs/onlyoffice.crt. --> my domain.crt file path, right?
SSL_KEY_PATH: The path to the SSL certificate's private key. Defaults to /var/www/onlyoffice/Data/certs/onlyoffice.key. --> my private.key file path, right?
SSL_DHPARAM_PATH: The path to the Diffie-Hellman parameter. Defaults to /var/www/onlyoffice/Data/certs/dhparam.pem. ---> I don't have this file from comodo ssl pack, should I create it, or leave it blank?
SSL_VERIFY_CLIENT: Enable verification of client certificates using the CA_CERTIFICATES_PATH file. Defaults to false --> will it be my bundle.crt file path?

Thank you so much

Eugenie
Posts: 134
Joined: Mon Aug 25, 2014 10:11 am

Re: Https in docker. How to..?

Post by Eugenie » Thu Sep 22, 2016 2:05 pm

Hello,

Please follow the detailed instructions for runing ONLYOFFICE on https.

minhuy
Posts: 9
Joined: Tue Sep 20, 2016 6:35 am

Re: Https in docker. How to..?

Post by minhuy » Thu Sep 22, 2016 8:44 pm

I created a brand new server one more time. Sorry, but I don't get it. This time is my 35th times for trying implement a cert to commnuity server with document server integrated. I followed the instruction, I just dont know why it did not work.

Here is step by step how I create the server
1/ create an A record for mydomain.com, point to server ip: 138.68.29.xxx (server hosted on digitalocean)

2/ login to my fresh, brand new ubuntu server, installed docker.

run command: "openssl genrsa -out onlyoffice.key 2048"
run command: "openssl req -new -key onlyoffice.key -out onlyoffice.csr" --> fill in information, I only fill the Common Name field: mydomain.com, all other fields left blank
run command: "sudo nano onlyoffice.csr" copy the csr content

3/ I went to Comodo SSL configure page to generate cert at: "https://www.configuressl.com/?pin=291811fa-1a49-4f69-b5ec-xxxxxxxxxx", pasted the CSR content to generate the cert.

4/ Verify mydomain.com as Comodo requested.

5/ After mydomain.com verified, I download the cert package to server, the cert package include 2 files: COMODO_CA_bundle.crt and mydomaincom.crt

6/ create cert file in my server
run command: "sudo nano onlyoffice.crt" copy and paste all content from the file "mydomaincom.crt" to onlyoffice.crt file, save it
run command: "sudo nano CA_bundle.crt" copy and paste all content from the file "COMODO_CA_bundle.crt" to CA_bundle.crt file, save it

7/ Strengthening the server security
run command: "openssl dhparam -out dhparam.pem 2048"

8/ Installation of the SSL Certs

run commands:
"mkdir -p /app/onlyoffice/CommunityServer/data/certs"
"cp onlyoffice.key /app/onlyoffice/CommunityServer/data/certs/"
"cp onlyoffice.crt /app/onlyoffice/CommunityServer/data/certs/"
"cp CA_bundle.crt /app/onlyoffice/CommunityServer/data/certs/"
"cp dhparam.pem /app/onlyoffice/CommunityServer/data/certs/"
"chmod 400 /app/onlyoffice/CommunityServer/data/certs/onlyoffice.key"

9/ I created a file name env.list then put into the file like this:
ONLYOFFICE_HTTPS_HSTS_ENABLED=true
ONLYOFFICE_HTTPS_HSTS_MAXAGE=31536000
SSL_CERTIFICATE_PATH=/var/www/onlyoffice/Data/certs/onlyoffice.crt
SSL_KEY_PATH=/var/www/onlyoffice/Data/certs/onlyoffice.key
SSL_DHPARAM_PATH=/var/www/onlyoffice/Data/certs/dhparam.pem
SSL_VERIFY_CLIENT=/var/www/onlyoffice/Data/certs/CA_bundle.crt

10/ finally I run docker command,

sudo docker run -i -t -d -p 80:80 -p 443:443 --restart=always \
-v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \
--env-file /home/env.list onlyoffice/communityserver

docker run successfully.

11/ Open Chrome & Firefox: https://mydomain.com
"This site can’t be reached" error message show on Chrome
"Unable to connect" error message show on Firefox

12/ Try to open web by: http://mydomain.com
Onlyoffice portal running first time setup
....but it keeps running as a loop forever, the bar run from 76% to 100%, then the bar run again from 79% -100%, then again 83% to 100%, and again 73% to 100%... keep looping like that

have no idea what did I do wrong, where did I do wrong. I just simple want to apply a real CA signed certification for my web portal. That's it.

This attempt failed again.

Please help.

Alex
Posts: 52
Joined: Sat Nov 07, 2015 3:19 pm

Re: Https in docker. How to..?

Post by Alex » Tue Sep 27, 2016 3:18 pm

SSL_VERIFY_CLIENT=/var/www/onlyoffice/Data/certs/CA_bundle.crt should be removed from the env.list - it will resolve the issue

Post Reply