NON DOCKER - Document Server - CentOS- HTTPS Qestions

Issues during installation, usage and configuring
Post Reply
Posts: 1
Joined: Mon Oct 23, 2017 4:21 pm

NON DOCKER - Document Server - CentOS- HTTPS Qestions

Post by weathercloud » Mon Oct 23, 2017 4:30 pm

I am running an OwnCloud 10 Community server on CentOS7. I have Document server running on a private facing server and my OwnCloud server has 443 opened to the internet and is publicly reachable. Recently I used LetEncrypt and CertBot to create SSL cert for my OwnCloud instance. This ran successfully and changed my OwnCloud server to HTTPS only. However my OwnCloud server was talking to the private side document server over HTTP. Now I have a situation where I am running mixed links and will need to change my Document server to HTTPS (no longer reachable). My current configuration I am doing port-forwarding on the router, OwnCloud is already using default port 443 for public facing SSL, so I can not use CertBot to create certs and configure the document internal server.

Here is where I am stuck with documentation: I am a little confused as to how I can create these privately. I was looking at OpenSSL but did not see anything for SSL_DHPARAM. I am also a little confused as to how these changes should actually look in the config file.

Anyone know how I can generate these? Can I use my existing certbot certs that the public owncloud server is using? Any good links to more detailed instructions on how to specifically setup these certs for Documentserver?

Edit the /etc/nginx/conf.d/onlyoffice-documentserver.conf file changing all the parameters in double curly brackets {{...}} for the actually used:
{{SSL_CERTIFICATE_PATH}} - the path to the SSL certificate you have got;
{{SSL_KEY_PATH}} - the path to the SSL certificate private key;
{{SSL_VERIFY_CLIENT}} - whether or not the verification of client certificates is enabled (with available values of on, off, optional and optional_no_ca);
{{CA_CERTIFICATES_PATH}} - the path to the client certificate which will be verified if enabled with the previous parameter;
{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}} - advanced configuration option for setting the HSTS max-age in the Document Server NGINX vHost configuration, and applicable only when SSL is in use (usually defaults to 31536000 which is considered to be safe enough);
{{SSL_DHPARAM_PATH}} - the path to the Diffie-Hellman parameter;
Please see NGINX documentation for more information on SSL parameters used in the configuration file

Post Reply