'loolwsd' service was (changed and) renamed to 'coolwsd'. so we add example vhos configuration (Proxy settings) for Apache2 and also Ngins webserver.

2021-11-29 19:38:02 +01:00 · 2021-11-29 19:38:02 +01:00 · f2db40968b
commit f2db40968b
parent 39f31af175
4 changed files with 191 additions and 25 deletions
--- a/FILES/Apache2/colaboraonline-site-name.conf.static
+++ b/FILES/Apache2/colaboraonline-site-name.conf.static
@ -1,3 +1,20 @@
+
+# Required Apache2 modules
+# ========================
+#
+#  Apache2 web server is modular. We need to enable the required modules for this reverse 
+#  proxy setup. We can use the a2enmod command to enable modules. If a module has been 
+#  enabled already, nothing happens.
+#
+#  Enable proxy in general: a2enmod proxy
+#
+#  Enable proxy for HTTP protocol: a2enmod proxy_http
+#
+#  Enable SSL support: a2enmod proxy_connect
+#
+#  Enable proxy of websockets: a2enmod proxy_wstunnel
+
+
 <VirtualHost <IPV4-ADDRESS>:443 [IPV6-ADDRESS]:443>

   ServerName <FULL-QUALIFIED-SITE-NAME>
@ -16,33 +33,38 @@
   # keep the host
   ProxyPreserveHost On

-   # static html, js, images, etc. served from loolwsd
-   # loleaflet is the client part of Collabora Online
-   ProxyPass           /loleaflet https://localhost:9980/loleaflet retry=0
-   ProxyPassReverse    /loleaflet https://localhost:9980/loleaflet
+
+   # static html, js, images, etc. served from coolwsd
+   # browser is the client part of Collabora Online
+   ProxyPass           /browser https://127.0.0.1:9980/browser retry=0
+   ProxyPassReverse    /browser https://127.0.0.1:9980/browser
+

   # WOPI discovery URL
-   ProxyPass           /hosting/discovery https://localhost:9980/hosting/discovery retry=0
-   ProxyPassReverse    /hosting/discovery https://localhost:9980/hosting/discovery
+   ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
+   ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery
+

   # Capabilities
-   ProxyPass           /hosting/capabilities https://localhost:9980/hosting/capabilities retry=0
-   ProxyPassReverse    /hosting/capabilities https://localhost:9980/hosting/capabilities
+   ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
+   ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

   # Main websocket
-   ProxyPassMatch "/lool/(.*)/ws$" wss://localhost:9980/lool/$1/ws nocanon
+   ProxyPassMatch      "/cool/(.*)/ws$"      wss://127.0.0.1:9980/cool/$1/ws nocanon
+

   # Admin Console websocket
-   ProxyPass   /lool/adminws wss://localhost:9980/lool/adminws
+   ProxyPass           /cool/adminws wss://127.0.0.1:9980/cool/adminws
+

   # Download as, Fullscreen presentation and Image upload operations
-   ProxyPass           /lool https://localhost:9980/lool
-   ProxyPassReverse    /lool https://localhost:9980/lool
+   ProxyPass           /cool https://127.0.0.1:9980/cool
+   ProxyPassReverse    /cool https://127.0.0.1:9980/cool


-   # Endpoint with information about availability of various features
-   ProxyPass           /hosting/capabilities https://localhost:9980/hosting/capabilities retry=0
-   ProxyPassReverse    /hosting/capabilities https://localhost:9980/hosting/capabilities
+   # Compatibility with integrations that use the /lool/convert-to endpoint
+   ProxyPass           /lool https://127.0.0.1:9980/cool
+   ProxyPassReverse    /lool https://127.0.0.1:9980/cool


   SSLEngine on
--- a/FILES/Apache2/colaboraonline-site-name.conf.static.ALT-loolwsd
+++ b/FILES/Apache2/colaboraonline-site-name.conf.static.ALT-loolwsd
@ -0,0 +1,58 @@
+<VirtualHost <IPV4-ADDRESS>:443 [IPV6-ADDRESS]:443>
+
+   ServerName <FULL-QUALIFIED-SITE-NAME>
+
+   Options -Indexes
+
+   # Encoded slashes need to be allowed
+   AllowEncodedSlashes NoDecode
+
+   # Container uses a unique non-signed certificate
+   SSLProxyEngine On
+   SSLProxyVerify None
+   SSLProxyCheckPeerCN Off
+   SSLProxyCheckPeerName Off
+
+   # keep the host
+   ProxyPreserveHost On
+
+   # static html, js, images, etc. served from loolwsd
+   # loleaflet is the client part of Collabora Online
+   ProxyPass           /loleaflet https://localhost:9980/loleaflet retry=0
+   ProxyPassReverse    /loleaflet https://localhost:9980/loleaflet
+
+   # WOPI discovery URL
+   ProxyPass           /hosting/discovery https://localhost:9980/hosting/discovery retry=0
+   ProxyPassReverse    /hosting/discovery https://localhost:9980/hosting/discovery
+
+   # Capabilities
+   ProxyPass           /hosting/capabilities https://localhost:9980/hosting/capabilities retry=0
+   ProxyPassReverse    /hosting/capabilities https://localhost:9980/hosting/capabilities
+
+   # Main websocket
+   ProxyPassMatch "/lool/(.*)/ws$" wss://localhost:9980/lool/$1/ws nocanon
+
+   # Admin Console websocket
+   ProxyPass   /lool/adminws wss://localhost:9980/lool/adminws
+
+   # Download as, Fullscreen presentation and Image upload operations
+   ProxyPass           /lool https://localhost:9980/lool
+   ProxyPassReverse    /lool https://localhost:9980/lool
+
+
+   # Endpoint with information about availability of various features
+   ProxyPass           /hosting/capabilities https://localhost:9980/hosting/capabilities retry=0
+   ProxyPassReverse    /hosting/capabilities https://localhost:9980/hosting/capabilities
+
+
+   SSLEngine on
+
+   SSLCertificateFile /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/fullchain.pem
+   SSLCertificateKeyFile /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/privkey.pem
+
+   CustomLog /var/log/apache2/ip_requests.log base_requests
+
+   CustomLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>.log combined
+   ErrorLog /var/log/apache2/<FULL-QUALIFIED-SITE-NAME>-error.log
+
+</VirtualHost>
--- a/FILES/Nginx/colaboraonline-site-name.conf.static
+++ b/FILES/Nginx/colaboraonline-site-name.conf.static
@ -36,42 +36,48 @@ server {
   client_max_body_size 512M;
   fastcgi_buffers 64 4K;

+
   # static files
-   location ^~ /loleaflet {
-      proxy_pass https://localhost:9980;
+   location ^~ /browser {
+      proxy_pass https://127.0.0.1:9980;
      proxy_set_header Host $http_host;
   }

+
   # WOPI discovery URL
   location ^~ /hosting/discovery {
-      proxy_pass https://localhost:9980;
+      proxy_pass https://127.0.0.1:9980;
      proxy_set_header Host $http_host;
   }

+
   # Capabilities
   location ^~ /hosting/capabilities {
-      proxy_pass https://localhost:9980;
+      proxy_pass https://127.0.0.1:9980;
      proxy_set_header Host $http_host;
   }

+
   # main websocket
-   location ~ ^/lool/(.*)/ws$ {
-      proxy_pass https://localhost:9980;
+   location ~ ^/cool/(.*)/ws$ {
+      proxy_pass https://127.0.0.1:9980;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $http_host;
      proxy_read_timeout 36000s;
   }

+
   # download, presentation and image upload
-   location ~ ^/lool {
-      proxy_pass https://localhost:9980;
+   location ~ ^/(c|l)ool {
+      proxy_pass https://127.0.0.1:9980;
      proxy_set_header Host $http_host;
   }

+
   # Admin Console websocket
-   location ^~ /lool/adminws {
-      proxy_pass https://localhost:9980;
+   location ^~ /cool/adminws {
+      proxy_pass https://127.0.0.1:9980;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $http_host;
--- a/FILES/Nginx/colaboraonline-site-name.conf.static.ALT-loolwsd
+++ b/FILES/Nginx/colaboraonline-site-name.conf.static.ALT-loolwsd
@ -0,0 +1,80 @@
+# --- <FULL-QUALIFIED-SITE-NAME>
+  
+# ---
+# see: https://www.collaboraoffice.com/code/nginx-reverse-proxy/
+# ---
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name <FULL-QUALIFIED-SITE-NAME>;
+
+    # Enforce HTTPS
+    return 301 https://$server_name$request_uri;
+}
+
+
+server {
+   listen 443 ssl;
+   listen [::]:443 ssl;
+
+   server_name <FULL-QUALIFIED-SITE-NAME>;
+
+   root /var/www/<FULL-QUALIFIED-SITE-NAME>;
+
+   ssl_certificate /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/fullchain.pem;
+   ssl_certificate_key /var/lib/dehydrated/certs/<FULL-QUALIFIED-SITE-NAME>/privkey.pem;
+
+
+   # Include location directive for Let's Encrypt ACME Challenge
+   #
+   # Needed for (automated) updating certificate
+   #
+   include snippets/letsencrypt-acme-challenge.conf;
+
+   # set max upload size
+   client_max_body_size 512M;
+   fastcgi_buffers 64 4K;
+
+   # static files
+   location ^~ /loleaflet {
+      proxy_pass https://localhost:9980;
+      proxy_set_header Host $http_host;
+   }
+
+   # WOPI discovery URL
+   location ^~ /hosting/discovery {
+      proxy_pass https://localhost:9980;
+      proxy_set_header Host $http_host;
+   }
+
+   # Capabilities
+   location ^~ /hosting/capabilities {
+      proxy_pass https://localhost:9980;
+      proxy_set_header Host $http_host;
+   }
+
+   # main websocket
+   location ~ ^/lool/(.*)/ws$ {
+      proxy_pass https://localhost:9980;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "Upgrade";
+      proxy_set_header Host $http_host;
+      proxy_read_timeout 36000s;
+   }
+
+   # download, presentation and image upload
+   location ~ ^/lool {
+      proxy_pass https://localhost:9980;
+      proxy_set_header Host $http_host;
+   }
+
+   # Admin Console websocket
+   location ^~ /lool/adminws {
+      proxy_pass https://localhost:9980;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection "Upgrade";
+      proxy_set_header Host $http_host;
+      proxy_read_timeout 36000s;
+   }
+}