Thanks Garfield and Wolle for your support. Still not working
My config (tried Wolle’s suggestion with one server for both)
server {
listen 80;
server_name seacloud.no-ip.info; #because of kseafile
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
server_tokens off;
}
server {
listen 443;
server_name seacloud.no-ip.info;
ssl on;
ssl_certificate /etc/letsencrypt/live/seacloud.no-ip.info/fullchain.pem; #with letsencrypt
ssl_certificate_key /etc/letsencrypt/live/seacloud.no-ip.info/privkey.pem; #with letsencrypt
ssl_session_timeout 120m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers “ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4”;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
###################
ssl_session_cache shared:SSL:128m;
add_header Strict-Transport-Security “max-age=31557600; includeSubDomains”;
ssl_stapling on;
ssl_stapling_verify on;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "allow-from https://seacloud.no-ip.info:443, ALLOW-FROM https://seacloud.no-ip.info" always;
add_header X-Xss-Protection "1";
add_header Referrer-Policy same-origin;
###################
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_read_timeout 300;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
location /media {
root /home/sfuser/seafile-server-latest/seahub;
}
static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
##############################################
Now the error changed to “Well, this is embarrassing, we cannot connect to your document. Please try again.”
In docker i have:
wsd-00025-00033 10:09:51.945684 [ websrv_poll ] WRN Waking up dead poll thread [docbroker_00d], started: false, finished: true| ./net/Socket.hpp:507
wsd-00025-00033 10:09:51.946203 [ websrv_poll ] WRN Waking up dead poll thread [docbroker_00d], started: false, finished: true| ./net/Socket.hpp:507
wsd-00025-00087 10:09:51.962084 [ docbroker_00e ] ERR Cannot get file info from WOPI storage uri [http://seacloud.no-ip.info/api2/wopi/files/a93dca03d626a26bd8487ce8d294f886d6dcbb56?access_token=a2409a9d49aa4a5c975d4a600abfcf15&access_token_ttl=1501151989000&permission=edit]. Error: SSL Exception: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol| wsd/Storage.cpp:476
wsd-00025-00087 10:09:51.962489 [ docbroker_00e ] ERR Failed to add session to [seacloud.no-ip.info:80/api2/wopi/files/a93dca03d626a26bd8487ce8d294f886d6dcbb56] with URI [http://seacloud.no-ip.info/api2/wopi/files/a93dca03d626a26bd8487ce8d294f886d6dcbb56?access_token=a2409a9d49aa4a5c975d4a600abfcf15&access_token_ttl=1501151989000&permission=edit]: SSL Exception| wsd/DocumentBroker.cpp:801
wsd-00025-00087 10:09:51.962664 [ docbroker_00e ] ERR Error while loading : SSL Exception| wsd/LOOLWSD.cpp:2106
wsd-00025-00087 10:09:51.963262 [ docbroker_00e ] WRN Child session [0013] not found to forward message: load url=http://seacloud.no-ip.info/api2/wopi/files/a93dca03d626a26bd8487ce8d294f886d6dcbb56?access_token=a2409a9d49aa4a5c975d4a600abfcf15&access_token_ttl=1501151989000&permission=edit readonly=0 lang=en-US| wsd/DocumentBroker.cpp:1278
wsd-00025-00087 10:09:51.963875 [ docbroker_00e ] WRN Child session [0013] not found to forward message: useractive| wsd/DocumentBroker.cpp:1278
wsd-00025-00087 10:09:52.970128 [ docbroker_00e ] ERR No socket associated with WebSocketHandler 0x0x7f9db8012bb0| ./net/WebSocketHandler.hpp:110
wsd-00025-00026 10:09:52.970631 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_00e], started: true, finished: true| ./net/Socket.hpp:507
wsd-00025-00026 10:09:52.970922 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_00e], started: true, finished: true| ./net/Socket.hpp:507
wsd-00025-00026 10:09:52.971142 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/LOOLWSD.cpp:1363
wsd-00025-00026 10:09:52.971330 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_00e], started: false, finished: true| ./net/Socket.hpp:507
wsd-00025-00026 10:09:52.971542 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_00e], started: false, finished: true| ./net/Socket.hpp:507
wsd-00025-00091 10:10:06.031223 [ docbroker_00f ] ERR Cannot get file info from WOPI storage uri [http://seacloud.no-ip.info/api2/wopi/files/a93dca03d626a26bd8487ce8d294f886d6dcbb56?access_token=a2409a9d49aa4a5c975d4a600abfcf15&access_token_ttl=1501151989000&permission=edit]. Error: SSL Exception: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol| wsd/Storage.cpp:476
wsd-00025-00091 10:10:06.031844 [ docbroker_00f ] ERR Failed to add session to [seacloud.no-ip.info:80/api2/wopi/files/a93dca03d626a26bd8487ce8d294f886d6dcbb56] with URI [http://seacloud.no-ip.info/api2/wopi/files/a93dca03d626a26bd8487ce8d294f886d6dcbb56?access_token=a2409a9d49aa4a5c975d4a600abfcf15&access_token_ttl=1501151989000&permission=edit]: SSL Exception| wsd/DocumentBroker.cpp:801
wsd-00025-00091 10:10:06.032086 [ docbroker_00f ] ERR Error while loading : SSL Exception| wsd/LOOLWSD.cpp:2106
wsd-00025-00091 10:10:06.032427 [ docbroker_00f ] WRN Child session [0014] not found to forward message: load url=http://seacloud.no-ip.info/api2/wopi/files/a93dca03d626a26bd8487ce8d294f886d6dcbb56?access_token=a2409a9d49aa4a5c975d4a600abfcf15&access_token_ttl=1501151989000&permission=edit readonly=0 lang=en-US| wsd/DocumentBroker.cpp:1278
wsd-00025-00091 10:10:06.032613 [ docbroker_00f ] WRN Child session [0014] not found to forward message: useractive| wsd/DocumentBroker.cpp:1278
wsd-00025-00091 10:10:07.038206 [ docbroker_00f ] ERR No socket associated with WebSocketHandler 0x0x7f9db80185d0| ./net/WebSocketHandler.hpp:110
wsd-00025-00026 10:10:08.708637 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_00f], started: true, finished: true| ./net/Socket.hpp:507
wsd-00025-00026 10:10:08.709374 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_00f], started: true, finished: true| ./net/Socket.hpp:507
wsd-00025-00026 10:10:08.709902 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/LOOLWSD.cpp:1363
wsd-00025-00026 10:10:08.710244 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_00f], started: false, finished: true| ./net/Socket.hpp:507
wsd-00025-00026 10:10:08.710617 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_00f], started: false, finished: true| ./net/Socket.hpp:507
and i start it with
sudo docker run -t -p 9980:9980 -e “domain=seacloud\.no-ip\.info” --restart always --cap-add MKNOD collabora/code
Seacloud is a test environment.
Does somebody have a clue what should be changed?
Kind regards
Korry