我已经使用 godaddy 在我的 Centos 7 VPS 服务器上成功安装了 Nextcloud 11。我还在同一台服务器上成功安装了 Onlyoffice 文档服务器。我用单独的 nginx 配置文件测试了每个文件,以确保每个文件都能正常工作。每个都可以在 HTTPS 上运行。
愿望 我的目标是让它们都在同一台服务器上运行,使用 NGINX……但只能通过我在根目录中的 HTML 主页访问。我的根目录是/var/www/,我所有的网站文件都在这个目录下,所以当你访问我的域时,它会加载我的index.html。我想要的是用户单击登录选项卡(a href="path to nextcloud login"),重定向到 nextcloud 的登录页面,他们将在其 nextcloud 帐户中拥有 Onlyoffice 功能。(我没有域名,所以我使用来自 no-ip 的 ddns,这意味着我没有获得相同 ip 的子域)
目前 我想在同一台服务器上测试 Nextcloud 与 Onlyoffice 一起工作,但我遇到了问题。我假设 Onlyoffice 需要在不同的端口上通话,因为 Nextcloud 正在侦听端口 443。所以我将 onlyoffice 的 nginx conf 更改为侦听端口 9443 并在我的 iptables 中打开该端口。
我有 nextcloud 位于 /var/www/nextcloud 和 onlyoffice 位于 /var/www/onlyoffice
我的 nextcloud nginx conf 文件如下所示:
upstream php-handler {
#server 127.0.0.1:9000;
server unix:/var/run/php-fpm/php-fpm.sock;
}
server {
listen 80;
server_name example.net;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name example.net;
ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/nextcloud/;
index index.html index.htm;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
#deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
add_header Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
我的 onlyoffice nginx conf 文件如下所示:
include /etc/nginx/includes/onlyoffice-http.conf;
server {
listen 0.0.0.0:80;
#listen [::]:80 server_name example.net;
server_tokens off;
## Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
listen 127.0.0.1:80;
#listen [::1]:80;
server_name localhost;
server_tokens off;
include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}
server {
listen 0.0.0.0:443 ssl;
#listen [::]:443 ssl;
server_name example.net
ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;
# Redirect the browser to our port 9443 config
return 301 $scheme://example.net:9443$request_uri;
}
## HTTPS host
server {
listen 0.0.0.0:9443;
#listen [::]:443 ssl default_server;
server_name example.net;
server_tokens off;
root /var/www/onlyoffice/;
index index.html index.html
ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
ssl_session_cache builtin:1000 shared:SSL:10m;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 10s;
## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs
## sudo openssl dhparam -out dhparam.pem 4096
##
#ssl_dhparam {{SSL_DHPARAM_PATH}};
location ~ /.well-known/acme-challenge {
root /var/www/onlyoffice/;
allow all;
}
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}
Nginx doesnt give me any errors in my log nor does the onlyoffice nginx.error.log. The only errors im getting are within the nextcloud log.
输入 onlyoffice 文档服务器的域时,nextcloud 日志中对应的错误如下。
When i try https://example.net:9443
Error onlyoffice CommandRequest on check error: Bad Request or timeout error 2017-10-07T16:12:22-0400
Error PHP file_get_contents(https://example.net:9443/coauthoring/CommandService.ashx): failed to open stream: operation failed at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351 2017-10-07T16:12:22-0400
Error PHP file_get_contents(): Failed to enable crypto at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351 2017-10-07T16:12:22-0400
When i try https://example.net or https://example.net/onlyoffice
Error onlyoffice CommandRequest on check error: Error occurred in the document service 2017-10-07T16:12:30-0400
Error PHP Trying to get property of non-object at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#293 2017-10-07T16:12:30-0400
Error PHP Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. at Unknown#0 2017-10-07T16:12:30-0400
很抱歉发了这么长的帖子,但我在这个问题上停留了一段时间,希望能得到一些帮助,这样我就可以继续我的发展了。