Your Nginx configuration looks fairly standard but there are some things you’ve added that no doubt customize it for your application. I would go back to the basic plain vanilla configuration found in the Manual, add the OnlyOffice parts, and prove that it works. Once you get it working add your special bits, slowly, and verify after each addition.
The plain vanilla configuration for HTTPS can be found here.
@mercury Thank you very much! But, even when using the standard Nginx configuration, OnlyOffice returns an error … =(
# Required for OnlyOffice DocumentServer
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $host;
}
map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}
server {
listen 10.0.30.30:80;
server_name cloud.roffdaniel.com;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
server_tokens off;
}
server {
listen 10.0.30.30:443;
ssl_certificate /etc/letsencrypt/live/cloud.roffdaniel.com-0001/cert.pem; # path to your cacert.pem
ssl_certificate_key /etc/letsencrypt/live/cloud.roffdaniel.com-0001/privkey.pem; # path to your privkey.pem
server_name cloud.roffdaniel.com;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/letsencrypt/live/cloud.roffdaniel.com/dhparams.pem;
# secure settings (A+ at SSL Labs ssltest at time of writing)
# see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_prefer_server_ciphers on;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
location / {
proxy_pass http://10.0.30.30:8083;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
proxy_read_timeout 1200s;
client_max_body_size 0;
}
# If you are using [FastCGI](http://en.wikipedia.org/wiki/FastCGI),
# which is not recommended, you should use the following config for location `/`.
#
# location / {
# fastcgi_pass 10.0.30.30:8083;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_script_name;
#
# fastcgi_param SERVER_PROTOCOL $server_protocol;
# fastcgi_param QUERY_STRING $query_string;
# fastcgi_param REQUEST_METHOD $request_method;
# fastcgi_param CONTENT_TYPE $content_type;
# fastcgi_param CONTENT_LENGTH $content_length;
# fastcgi_param SERVER_ADDR $server_addr;
# fastcgi_param SERVER_PORT $server_port;
# fastcgi_param SERVER_NAME $server_name;
# fastcgi_param REMOTE_ADDR $remote_addr;
# fastcgi_read_timeout 36000;
#
# client_max_body_size 0;
#
# access_log /var/log/nginx/seahub.access.log;
# error_log /var/log/nginx/seahub.error.log;
# }
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://10.0.30.30:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
location /onlyofficeds/ {
# IMPORTANT ! - Trailing slash !
proxy_pass http://10.0.30.30:88/;
proxy_http_version 1.1;
client_max_body_size 100M; # Limit Document size to 100MB
proxy_read_timeout 3600s;
proxy_connect_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
# IMPORTANT ! - Subfolder and NO trailing slash !
proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /media {
root /usr/share/seafile/seafile-server-latest/seahub;
}
}
@mercury To the JWT, no, I don’t use it. I’m the only one using the cloud, nobody else. But thank you all the same! To the http{s}. Just tried it, well, and you can try it at the links above. There is an error in the form: https://cloud.roffdaniel.com/f/fd4e5b6eabe94abcbae7/http%7Bs%7D://cloud.roffdaniel.com/onlyofficeds/web-apps/apps/api/documents/api.js
Error 404, file api.js can’t find it. In the browser console, the Network tab shows an error
I tried to do this without specifying a local IP address. The fact is that the server uses several domains with this IP, but different domain names/subdomains(hosts). If I remove the IP, then for some reason the certificate of another domain is used, although I specified the path correctly. I don’t know why…
@mercury Hi. I reinstalled Seafile on a new server, now I use CentOS Instead of Ubuntu. The problem is still the same… The file doesn’t load. Please help me =(
I would start by getting a plain vanilla Seafile running in every respect before applying OnlyOffice. I found OnlyOffice difficult to get working with Seafile even though I had previously installed and managed a standalone OnlyOffice server for a customer. As an aside, I was never able to get OnlyOffice running on Seafile without an SSL certificate so maybe in your case “plain vanilla” means SSL too which is not a big deal these days.
As to the question of manuals, there are two that I know. The official Seafile Manual and the Community Manual. I think you will need to refer to both. As far as I know you will get a working server from either but I cannot attest to the completeness of either at this time so maybe I should qualify the statement and say “As far as I know you will get a working server from either if you persist long enough.”
I would like to say that there is a viable Docker option for Seafile but I don’t have any recent experience with the Docker image to say one way or the other whether if it will be fruitful. I did install a couple Docker servers a while back when it was still pretty green and although the servers did work OnlyOffice was not a feature (I’m not certain it was supported at the time). From what I’ve read here people are still wrestling with the Docker install so if you are interested in going that route read up on all the posts and try to get a fix on what works and where the issues are.
Another thing, if you are planning on using a Raspberry Pi that is also a specialty topic in my opinion.
For a safe easy low-risk install I would use Ubuntu 18.04 or 20.04 LTS with Nginx on an Intel box with its own internal storage.
I can look back over my notes and see if I can come up with something a little more procedural. My recent recollection is that since Seafile 7 debuted python3 packages and dependencies have been a big issue and stumbling block (but maybe that’s just for people who are upgrading). That should be retired right up front as part of the basic server installation.