From 1047e5189a66e524efa66bbe494d9e1c0f23c49e Mon Sep 17 00:00:00 2001 From: "Alexey.Golubev" Date: Tue, 24 Jan 2017 19:34:20 +0300 Subject: [PATCH] Use nginx config from the package --- .../nginx/onlyoffice-documentserver-ssl.conf | 71 ------------------- config/nginx/onlyoffice-documentserver.conf | 8 --- run-document-server.sh | 7 +- 3 files changed, 4 insertions(+), 82 deletions(-) delete mode 100644 config/nginx/onlyoffice-documentserver-ssl.conf delete mode 100644 config/nginx/onlyoffice-documentserver.conf diff --git a/config/nginx/onlyoffice-documentserver-ssl.conf b/config/nginx/onlyoffice-documentserver-ssl.conf deleted file mode 100644 index 26501a9..0000000 --- a/config/nginx/onlyoffice-documentserver-ssl.conf +++ /dev/null @@ -1,71 +0,0 @@ -include /etc/nginx/includes/onlyoffice-http.conf; - -## Normal HTTP host -server { - listen 0.0.0.0:80; - listen [::]:80 default_server; - server_name _; - server_tokens off; - - ## Redirects all traffic to the HTTPS host - root /nowhere; ## root doesn't have to be a valid path since we are redirecting - rewrite ^ https://$host$request_uri? permanent; -} - -#HTTP host for internal services -server { - listen 127.0.0.1:80; - listen [::1]:80; - server_name localhost; - server_tokens off; - - include /etc/nginx/includes/onlyoffice-documentserver-common.conf; - include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf; -} - -## HTTPS host -server { - listen 0.0.0.0:443 ssl; - listen [::]:443 ssl default_server; - server_tokens off; - root /usr/share/nginx/html; - - ## Strong SSL Security - ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - ssl on; - ssl_certificate {{SSL_CERTIFICATE_PATH}}; - ssl_certificate_key {{SSL_KEY_PATH}}; - ssl_verify_client {{SSL_VERIFY_CLIENT}}; - ssl_client_certificate {{CA_CERTIFICATES_PATH}}; - - ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_session_cache builtin:1000 shared:SSL:10m; - - ssl_prefer_server_ciphers on; - - add_header Strict-Transport-Security max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}; - # add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; - - ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. - ## Replace with your ssl_trusted_certificate. For more info see: - ## - https://medium.com/devops-programming/4445f4862461 - ## - https://www.ruby-forum.com/topic/4419319 - ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx - # ssl_stapling on; - # ssl_stapling_verify on; - # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; - # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired - # resolver_timeout 10s; - - ## [Optional] Generate a stronger DHE parameter: - ## cd /etc/ssl/certs - ## sudo openssl dhparam -out dhparam.pem 4096 - ## - ssl_dhparam {{SSL_DHPARAM_PATH}}; - - include /etc/nginx/includes/onlyoffice-documentserver-*.conf; - -} diff --git a/config/nginx/onlyoffice-documentserver.conf b/config/nginx/onlyoffice-documentserver.conf deleted file mode 100644 index 0572fa8..0000000 --- a/config/nginx/onlyoffice-documentserver.conf +++ /dev/null @@ -1,8 +0,0 @@ -include /etc/nginx/includes/onlyoffice-http.conf; -server { - listen 0.0.0.0:80; - listen [::]:80 default_server; - server_tokens off; - - include /etc/nginx/includes/onlyoffice-documentserver-*.conf; -} \ No newline at end of file diff --git a/run-document-server.sh b/run-document-server.sh index c151be3..c19afa0 100644 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -18,7 +18,8 @@ ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true} ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000} SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config" -NGINX_ONLYOFFICE_PATH="/etc/nginx/conf.d/onlyoffice-documentserver.conf"; +NGINX_CONFD_PATH="/etc/nginx/conf.d"; +NGINX_ONLYOFFICE_PATH="${NGINX_CONFD_PATH}/onlyoffice-documentserver.conf"; NGINX_ONLYOFFICE_INCLUDES_PATH="/etc/nginx/includes"; NGINX_ONLYOFFICE_EXAMPLE_PATH=${NGINX_ONLYOFFICE_INCLUDES_PATH}/onlyoffice-documentserver-example.conf @@ -151,7 +152,7 @@ update_nginx_settings(){ # setup HTTPS if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then - cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver-ssl.conf ${NGINX_ONLYOFFICE_PATH} + cp ${NGINX_CONFD_PATH}/onlyoffice-documentserver-ssl.conf.template ${NGINX_ONLYOFFICE_PATH} # configure nginx sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH} @@ -178,7 +179,7 @@ update_nginx_settings(){ sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH} fi else - cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver.conf ${NGINX_ONLYOFFICE_PATH} + cp ${NGINX_CONFD_PATH}/onlyoffice-documentserver.conf.template ${NGINX_ONLYOFFICE_PATH} fi if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_PATH}" ]; then