Nextcloud 和 Onlyoffice 与 NGINX 在同一台服务器上

Question

我已经用 godaddy 在我的 Centos 7 VPS 服务器上成功安装了 Nextcloud 11。我还在同一台服务器上成功安装了 Onlyoffice 文档服务器。我用单独的 nginx 配置文件测试了每个文件，以确保每个文件都能正常工作。每个都可以在 HTTPS 上运行。

渴望 我的目标是让它们都在同一台服务器上运行，使用 NGINX ......但只能通过我在根目录中的 HTML 主页访问。 我的根目录是/var/www/，我所有的网站文件都在这个目录下，所以当你访问我的域时，它会加载我的index.html。 我想要的是用户单击登录选项卡（a href="path to nextcloud login"），重定向到 nextcloud 的登录页面，他们将在其 nextcloud 帐户中拥有 Onlyoffice 功能。 （我没有域名，所以我使用来自 no-ip 的 ddns，这意味着我没有获得相同 ip 的子域）

目前 我想测试 Nextcloud 在同一台服务器上与 Onlyoffice 一起工作，但我遇到了问题。我假设 Onlyoffice 需要在不同的端口上通话，因为 Nextcloud 正在侦听端口 443。所以我将 onlyoffice 的 nginx conf 更改为侦听端口 9443 并在我的 iptables 中打开该端口。

nextcloud 位于 /var/www/nextcloud，onlyoffice 位于 /var/www/onlyoffice

我的 nextcloud nginx conf 文件如下所示：

upstream php-handler {
    #server 127.0.0.1:9000;
    server unix:/var/run/php-fpm/php-fpm.sock;
}

server {
    listen 80;
    server_name example.net;
    # enforce https
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name example.net;

    ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;

   # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this
    # topic first.
    add_header Strict-Transport-Security "max-age=15768000;
    includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    # Path to the root of your installation
    root /var/www/nextcloud/;
    index index.html index.htm;
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
    # last;

    location = /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }
 location = /.well-known/caldav {
  return 301 $scheme://$host/remote.php/dav;
}

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location / {
    rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
    #deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    #Avoid sending the security headers twice
    fastcgi_param modHeadersAvailable true;
    fastcgi_param front_controller_active true;
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
    fastcgi_request_buffering off;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
    try_files $uri/ =404;
    index index.php;
}


# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
    try_files $uri /index.php$uri$is_args$args;
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers (It is intended to
    # have those duplicated to the ones above)
    # Before enabling Strict-Transport-Security headers please read into
    # this topic first.
    add_header Strict-Transport-Security "max-age=15768000;
    includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;
}

location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
    try_files $uri /index.php$uri$is_args$args;
    # Optional: Don't log access to other assets
    access_log off;
}
}

我的 onlyoffice nginx conf 文件如下所示：

include /etc/nginx/includes/onlyoffice-http.conf;

server {
  listen 0.0.0.0:80;
  #listen [::]:80 server_name example.net;
  server_tokens off;
  ## Redirects all traffic to the HTTPS host
  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
  rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
  listen 127.0.0.1:80;
  #listen [::1]:80;
  server_name localhost;
  server_tokens off;
  include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
  include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}
server {
  listen 0.0.0.0:443 ssl;
  #listen [::]:443 ssl;

  server_name example.net
  ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;

  # Redirect the browser to our port 9443 config
  return 301 $scheme://example.net:9443$request_uri;

}


## HTTPS host
server {

  listen 0.0.0.0:9443;
  #listen [::]:443 ssl default_server;
  server_name example.net;
  server_tokens off;
  root /var/www/onlyoffice/;
  index index.html index.html


  ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;

  # modern configuration. tweak to your needs.
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;

  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  add_header Strict-Transport-Security max-age=15768000;

  ssl_session_cache builtin:1000 shared:SSL:10m;
  # add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  # resolver_timeout 10s;
  ## [Optional] Generate a stronger DHE parameter:
  ##   cd /etc/ssl/certs
  ##   sudo openssl dhparam -out dhparam.pem 4096
  ##
  #ssl_dhparam {{SSL_DHPARAM_PATH}};

  location ~ /.well-known/acme-challenge {
     root /var/www/onlyoffice/;
     allow all;
  }

  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}



Nginx doesnt give me any errors in my log nor does the onlyoffice nginx.error.log. The only errors im getting are within the nextcloud log. 

在onlyoffice文档服务器的域中输入时，nextcloud日志中出现了对应的错误。

When i try https://example.net:9443

Error   onlyoffice  CommandRequest on check error: Bad Request or timeout error 2017-10-07T16:12:22-0400
Error   PHP file_get_contents(https://example.net:9443/coauthoring/CommandService.ashx): failed to open stream: operation failed at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351  2017-10-07T16:12:22-0400
Error   PHP file_get_contents(): Failed to enable crypto at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351  2017-10-07T16:12:22-0400

When i try https://example.net or https://example.net/onlyoffice

Error   onlyoffice  CommandRequest on check error: Error occurred in the document service   2017-10-07T16:12:30-0400
Error   PHP Trying to get property of non-object at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#293  2017-10-07T16:12:30-0400
Error   PHP Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. at Unknown#0   2017-10-07T16:12:30-0400

很抱歉，这篇文章很长，但我在这个问题上停留了一段时间，希望得到一些帮助，以便我可以继续我的开发。

Answer 1

当我尝试https://example.net:9443

Error onlyoffice CommandRequest on check error: Bad Request or 超时错误 2017-10-07T16:12:22-0400 错误 PHP 文件获取内容（https://example.net:9443/coauthoring/CommandService.ashx）： 无法打开流：操作失败于 /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351 2017-10-07T16:12:22-0400 错误 PHP file_get_contents(): 失败 启用加密 /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#351 2017-10-07T16:12:22-0400

请打开 NextCloud 配置文件 /nextcloud/config/config.php 向其中添加一个新部分： 'onlyoffice' => 数组（'verify_peer_off' => TRUE）

Answer 2

尝试在虚拟路径中运行 Onlyoffice DocumentServer。在非标准 HTTP(S) 端口上运行 Onlyoffice DocumentServer，并将来自虚拟路径的流量代理到 Onlyoffice DocumentServer。在这种情况下，您不必添加 SSL 证书两次。 首先，将下一条语句添加到您的 nextcloud nginx conf 文件中：

map $http_x_forwarded_proto $the_scheme {
     default $http_x_forwarded_proto;
     "" $scheme;
}

map $http_x_forwarded_host $the_host {
    default $http_x_forwarded_host;
    "" $host;
}

map $http_upgrade $proxy_connection {
  default upgrade;
  "" close;
}

location /documentserver/ {
    proxy_pass http://localhost:8888/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $proxy_connection;
    proxy_set_header X-Forwarded-Host $the_host/documentserver;
    proxy_set_header X-Forwarded-Proto $the_scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

接下来，像这样更改 Onlyoffice nginx conf 文件：

include /etc/nginx/includes/onlyoffice-http.conf;
server {
  listen 0.0.0.0:8888;
  listen [::]:8888 default_server;
  server_tokens off;

  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}

最后重启nginx服务：

   $service nginx restart

您可以找到有关代理到 Onlyoffice DocumentServer here 的更多信息。