我在使用godaddy的Centos 7 VPS服务器上成功安装了Nextcloud 11。我还在同一台服务器上成功安装了Onlyoffice文档服务器。我测试了每个单独的nginx配置文件,以确保每个工作。每个都适用于HTTPS。
欲望 我的目标是让它们在同一台服务器上运行,使用NGINX ......但只能通过我在根目录中的HTML主页访问。 我的根目录是/ var / www /,我的所有网站文件都位于此目录中,因此当您转到我的域时,它会加载我的index.html。 我想要的是用户点击登录选项卡(href =“nextcloud登录路径”),重定向到nextcloud的登录页面,他们将在他们的nextcloud帐户中具有Onlyoffice功能。 (我没有域名,所以即时通讯使用来自no-ip的ddns,这意味着我不会为同一个ip获取子域名)
目前 我想测试Nextcloud在同一台服务器上使用Onlyoffice,但我遇到了问题。我假设Onlyoffice需要在不同的端口上进行通话,因为Nextcloud正在侦听端口443.所以我改变了nginx conf for onlyoffice来侦听端口9443并在我的iptables中打开该端口。
我的nextcloud位于/ var / www / nextcloud,而onlyoffice位于/ var / www / onlyoffice
我的nextcloud nginx conf文件如下所示:
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/var/run/php-fpm/php-fpm.sock;
}
server {
listen 80;
server_name example.net;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name example.net;
ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/nextcloud/;
index index.html index.htm;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
#deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
我的onlyoffice nginx conf文件如下所示:
include /etc/nginx/includes/onlyoffice-http.conf;
server {
listen 0.0.0.0:80;
#listen [::]:80 server_name example.net;
server_tokens off;
## Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
listen 127.0.0.1:80;
#listen [::1]:80;
server_name localhost;
server_tokens off;
include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}
server {
listen 0.0.0.0:443 ssl;
#listen [::]:443 ssl;
server_name example.net
ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;
# Redirect the browser to our port 9443 config
return 301 $scheme://example.net:9443$request_uri;
}
## HTTPS host
server {
listen 0.0.0.0:9443;
#listen [::]:443 ssl default_server;
server_name example.net;
server_tokens off;
root /var/www/onlyoffice/;
index index.html index.html
ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
ssl_session_cache builtin:1000 shared:SSL:10m;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 10s;
## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs
## sudo openssl dhparam -out dhparam.pem 4096
##
#ssl_dhparam {{SSL_DHPARAM_PATH}};
location ~ /.well-known/acme-challenge {
root /var/www/onlyoffice/;
allow all;
}
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}
Nginx doesnt give me any errors in my log nor does the onlyoffice nginx.error.log. The only errors im getting are within the nextcloud log.
在onlyoffice文档服务器的域中输入时,以下是nextcloud日志中的相应错误。
When i try https://example.net:9443
Error onlyoffice CommandRequest on check error: Bad Request or timeout error 2017-10-07T16:12:22-0400
Error PHP file_get_contents(https://example.net:9443/coauthoring/CommandService.ashx): failed to open stream: operation failed at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351 2017-10-07T16:12:22-0400
Error PHP file_get_contents(): Failed to enable crypto at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351 2017-10-07T16:12:22-0400
When i try https://example.net or https://example.net/onlyoffice
Error onlyoffice CommandRequest on check error: Error occurred in the document service 2017-10-07T16:12:30-0400
Error PHP Trying to get property of non-object at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#293 2017-10-07T16:12:30-0400
Error PHP Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. at Unknown#0 2017-10-07T16:12:30-0400
很抱歉很长的帖子,但我已经坚持这个问题一段时间了,我会喜欢一些帮助,所以我可以继续我的发展。
答案 0 :(得分:0)
时错误onlyoffice CommandRequest on check error:Bad Request或 超时错误2017-10-07T16:12:22-0400错误PHP 的file_get_contents(https://example.net:9443/coauthoring/CommandService.ashx): 无法打开流:操作失败 /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351 2017-10-07T16:12:22-0400错误PHP file_get_contents():失败 启用加密 /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351 2017-10-07T16:12:22-0400
请打开NextCloud配置文件/nextcloud/config/config.php 添加一个新的部分: 'onlyoffice'=> array('verify_peer_off'=> TRUE)
答案 1 :(得分:0)
尝试在虚拟路径中运行Onlyoffice DocumentServer。在非标准HTTP(S)端口上运行Onlyoffice DocumentServer,并将来自虚拟路径的流量代理到Onlyoffice DocumentServer。在这种情况下,您不能两次添加SSL证书。 首先,将下一个语句添加到nextcloud nginx conf file:
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $host;
}
map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}
location /documentserver/ {
proxy_pass http://localhost:8888/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $the_host/documentserver;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
接下来,像这样更改Onlyoffice nginx conf文件:
include /etc/nginx/includes/onlyoffice-http.conf;
server {
listen 0.0.0.0:8888;
listen [::]:8888 default_server;
server_tokens off;
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}
最终重启nginx服务:
$service nginx restart
您可以找到有关代理Onlyoffice DocumentServer here的更多信息。