From f2db40968beb19c06771b8f26d5403e29f7cbef4 Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 29 Nov 2021 19:38:02 +0100 Subject: [PATCH] 'loolwsd' service was (changed and) renamed to 'coolwsd'. so we add example vhos configuration (Proxy settings) for Apache2 and also Ngins webserver. --- .../colaboraonline-site-name.conf.static | 52 ++++++++---- ...raonline-site-name.conf.static.ALT-loolwsd | 58 ++++++++++++++ .../colaboraonline-site-name.conf.static | 26 +++--- ...raonline-site-name.conf.static.ALT-loolwsd | 80 +++++++++++++++++++ 4 files changed, 191 insertions(+), 25 deletions(-) create mode 100644 FILES/Apache2/colaboraonline-site-name.conf.static.ALT-loolwsd create mode 100644 FILES/Nginx/colaboraonline-site-name.conf.static.ALT-loolwsd diff --git a/FILES/Apache2/colaboraonline-site-name.conf.static b/FILES/Apache2/colaboraonline-site-name.conf.static index 6712cac..86d8224 100644 --- a/FILES/Apache2/colaboraonline-site-name.conf.static +++ b/FILES/Apache2/colaboraonline-site-name.conf.static @@ -1,3 +1,20 @@ + +# Required Apache2 modules +# ======================== +# +# Apache2 web server is modular. We need to enable the required modules for this reverse +# proxy setup. We can use the a2enmod command to enable modules. If a module has been +# enabled already, nothing happens. +# +# Enable proxy in general: a2enmod proxy +# +# Enable proxy for HTTP protocol: a2enmod proxy_http +# +# Enable SSL support: a2enmod proxy_connect +# +# Enable proxy of websockets: a2enmod proxy_wstunnel + + :443 [IPV6-ADDRESS]:443> ServerName @@ -16,33 +33,38 @@ # keep the host ProxyPreserveHost On - # static html, js, images, etc. served from loolwsd - # loleaflet is the client part of Collabora Online - ProxyPass /loleaflet https://localhost:9980/loleaflet retry=0 - ProxyPassReverse /loleaflet https://localhost:9980/loleaflet + + # static html, js, images, etc. served from coolwsd + # browser is the client part of Collabora Online + ProxyPass /browser https://127.0.0.1:9980/browser retry=0 + ProxyPassReverse /browser https://127.0.0.1:9980/browser + # WOPI discovery URL - ProxyPass /hosting/discovery https://localhost:9980/hosting/discovery retry=0 - ProxyPassReverse /hosting/discovery https://localhost:9980/hosting/discovery + ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0 + ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery + # Capabilities - ProxyPass /hosting/capabilities https://localhost:9980/hosting/capabilities retry=0 - ProxyPassReverse /hosting/capabilities https://localhost:9980/hosting/capabilities + ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0 + ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities # Main websocket - ProxyPassMatch "/lool/(.*)/ws$" wss://localhost:9980/lool/$1/ws nocanon + ProxyPassMatch "/cool/(.*)/ws$" wss://127.0.0.1:9980/cool/$1/ws nocanon + # Admin Console websocket - ProxyPass /lool/adminws wss://localhost:9980/lool/adminws + ProxyPass /cool/adminws wss://127.0.0.1:9980/cool/adminws + # Download as, Fullscreen presentation and Image upload operations - ProxyPass /lool https://localhost:9980/lool - ProxyPassReverse /lool https://localhost:9980/lool + ProxyPass /cool https://127.0.0.1:9980/cool + ProxyPassReverse /cool https://127.0.0.1:9980/cool - # Endpoint with information about availability of various features - ProxyPass /hosting/capabilities https://localhost:9980/hosting/capabilities retry=0 - ProxyPassReverse /hosting/capabilities https://localhost:9980/hosting/capabilities + # Compatibility with integrations that use the /lool/convert-to endpoint + ProxyPass /lool https://127.0.0.1:9980/cool + ProxyPassReverse /lool https://127.0.0.1:9980/cool SSLEngine on diff --git a/FILES/Apache2/colaboraonline-site-name.conf.static.ALT-loolwsd b/FILES/Apache2/colaboraonline-site-name.conf.static.ALT-loolwsd new file mode 100644 index 0000000..6712cac --- /dev/null +++ b/FILES/Apache2/colaboraonline-site-name.conf.static.ALT-loolwsd @@ -0,0 +1,58 @@ +:443 [IPV6-ADDRESS]:443> + + ServerName + + Options -Indexes + + # Encoded slashes need to be allowed + AllowEncodedSlashes NoDecode + + # Container uses a unique non-signed certificate + SSLProxyEngine On + SSLProxyVerify None + SSLProxyCheckPeerCN Off + SSLProxyCheckPeerName Off + + # keep the host + ProxyPreserveHost On + + # static html, js, images, etc. served from loolwsd + # loleaflet is the client part of Collabora Online + ProxyPass /loleaflet https://localhost:9980/loleaflet retry=0 + ProxyPassReverse /loleaflet https://localhost:9980/loleaflet + + # WOPI discovery URL + ProxyPass /hosting/discovery https://localhost:9980/hosting/discovery retry=0 + ProxyPassReverse /hosting/discovery https://localhost:9980/hosting/discovery + + # Capabilities + ProxyPass /hosting/capabilities https://localhost:9980/hosting/capabilities retry=0 + ProxyPassReverse /hosting/capabilities https://localhost:9980/hosting/capabilities + + # Main websocket + ProxyPassMatch "/lool/(.*)/ws$" wss://localhost:9980/lool/$1/ws nocanon + + # Admin Console websocket + ProxyPass /lool/adminws wss://localhost:9980/lool/adminws + + # Download as, Fullscreen presentation and Image upload operations + ProxyPass /lool https://localhost:9980/lool + ProxyPassReverse /lool https://localhost:9980/lool + + + # Endpoint with information about availability of various features + ProxyPass /hosting/capabilities https://localhost:9980/hosting/capabilities retry=0 + ProxyPassReverse /hosting/capabilities https://localhost:9980/hosting/capabilities + + + SSLEngine on + + SSLCertificateFile /var/lib/dehydrated/certs//fullchain.pem + SSLCertificateKeyFile /var/lib/dehydrated/certs//privkey.pem + + CustomLog /var/log/apache2/ip_requests.log base_requests + + CustomLog /var/log/apache2/.log combined + ErrorLog /var/log/apache2/-error.log + + diff --git a/FILES/Nginx/colaboraonline-site-name.conf.static b/FILES/Nginx/colaboraonline-site-name.conf.static index 2bb2646..4eae0ad 100644 --- a/FILES/Nginx/colaboraonline-site-name.conf.static +++ b/FILES/Nginx/colaboraonline-site-name.conf.static @@ -36,42 +36,48 @@ server { client_max_body_size 512M; fastcgi_buffers 64 4K; + # static files - location ^~ /loleaflet { - proxy_pass https://localhost:9980; + location ^~ /browser { + proxy_pass https://127.0.0.1:9980; proxy_set_header Host $http_host; } + # WOPI discovery URL location ^~ /hosting/discovery { - proxy_pass https://localhost:9980; + proxy_pass https://127.0.0.1:9980; proxy_set_header Host $http_host; } + # Capabilities location ^~ /hosting/capabilities { - proxy_pass https://localhost:9980; + proxy_pass https://127.0.0.1:9980; proxy_set_header Host $http_host; } + # main websocket - location ~ ^/lool/(.*)/ws$ { - proxy_pass https://localhost:9980; + location ~ ^/cool/(.*)/ws$ { + proxy_pass https://127.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } + # download, presentation and image upload - location ~ ^/lool { - proxy_pass https://localhost:9980; + location ~ ^/(c|l)ool { + proxy_pass https://127.0.0.1:9980; proxy_set_header Host $http_host; } + # Admin Console websocket - location ^~ /lool/adminws { - proxy_pass https://localhost:9980; + location ^~ /cool/adminws { + proxy_pass https://127.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; diff --git a/FILES/Nginx/colaboraonline-site-name.conf.static.ALT-loolwsd b/FILES/Nginx/colaboraonline-site-name.conf.static.ALT-loolwsd new file mode 100644 index 0000000..2bb2646 --- /dev/null +++ b/FILES/Nginx/colaboraonline-site-name.conf.static.ALT-loolwsd @@ -0,0 +1,80 @@ +# --- + +# --- +# see: https://www.collaboraoffice.com/code/nginx-reverse-proxy/ +# --- + +server { + listen 80; + listen [::]:80; + server_name ; + + # Enforce HTTPS + return 301 https://$server_name$request_uri; +} + + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name ; + + root /var/www/; + + ssl_certificate /var/lib/dehydrated/certs//fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs//privkey.pem; + + + # Include location directive for Let's Encrypt ACME Challenge + # + # Needed for (automated) updating certificate + # + include snippets/letsencrypt-acme-challenge.conf; + + # set max upload size + client_max_body_size 512M; + fastcgi_buffers 64 4K; + + # static files + location ^~ /loleaflet { + proxy_pass https://localhost:9980; + proxy_set_header Host $http_host; + } + + # WOPI discovery URL + location ^~ /hosting/discovery { + proxy_pass https://localhost:9980; + proxy_set_header Host $http_host; + } + + # Capabilities + location ^~ /hosting/capabilities { + proxy_pass https://localhost:9980; + proxy_set_header Host $http_host; + } + + # main websocket + location ~ ^/lool/(.*)/ws$ { + proxy_pass https://localhost:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } + + # download, presentation and image upload + location ~ ^/lool { + proxy_pass https://localhost:9980; + proxy_set_header Host $http_host; + } + + # Admin Console websocket + location ^~ /lool/adminws { + proxy_pass https://localhost:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } +}