Use nginx config from the package
This commit is contained in:
parent
b60bd1cebb
commit
1047e5189a
|
@ -1,71 +0,0 @@
|
||||||
include /etc/nginx/includes/onlyoffice-http.conf;
|
|
||||||
|
|
||||||
## Normal HTTP host
|
|
||||||
server {
|
|
||||||
listen 0.0.0.0:80;
|
|
||||||
listen [::]:80 default_server;
|
|
||||||
server_name _;
|
|
||||||
server_tokens off;
|
|
||||||
|
|
||||||
## Redirects all traffic to the HTTPS host
|
|
||||||
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
|
|
||||||
rewrite ^ https://$host$request_uri? permanent;
|
|
||||||
}
|
|
||||||
|
|
||||||
#HTTP host for internal services
|
|
||||||
server {
|
|
||||||
listen 127.0.0.1:80;
|
|
||||||
listen [::1]:80;
|
|
||||||
server_name localhost;
|
|
||||||
server_tokens off;
|
|
||||||
|
|
||||||
include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
|
|
||||||
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
|
|
||||||
}
|
|
||||||
|
|
||||||
## HTTPS host
|
|
||||||
server {
|
|
||||||
listen 0.0.0.0:443 ssl;
|
|
||||||
listen [::]:443 ssl default_server;
|
|
||||||
server_tokens off;
|
|
||||||
root /usr/share/nginx/html;
|
|
||||||
|
|
||||||
## Strong SSL Security
|
|
||||||
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate {{SSL_CERTIFICATE_PATH}};
|
|
||||||
ssl_certificate_key {{SSL_KEY_PATH}};
|
|
||||||
ssl_verify_client {{SSL_VERIFY_CLIENT}};
|
|
||||||
ssl_client_certificate {{CA_CERTIFICATES_PATH}};
|
|
||||||
|
|
||||||
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
|
||||||
|
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
||||||
ssl_session_cache builtin:1000 shared:SSL:10m;
|
|
||||||
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}};
|
|
||||||
# add_header X-Frame-Options SAMEORIGIN;
|
|
||||||
add_header X-Content-Type-Options nosniff;
|
|
||||||
|
|
||||||
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
|
|
||||||
## Replace with your ssl_trusted_certificate. For more info see:
|
|
||||||
## - https://medium.com/devops-programming/4445f4862461
|
|
||||||
## - https://www.ruby-forum.com/topic/4419319
|
|
||||||
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
|
|
||||||
# ssl_stapling on;
|
|
||||||
# ssl_stapling_verify on;
|
|
||||||
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
|
|
||||||
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
|
|
||||||
# resolver_timeout 10s;
|
|
||||||
|
|
||||||
## [Optional] Generate a stronger DHE parameter:
|
|
||||||
## cd /etc/ssl/certs
|
|
||||||
## sudo openssl dhparam -out dhparam.pem 4096
|
|
||||||
##
|
|
||||||
ssl_dhparam {{SSL_DHPARAM_PATH}};
|
|
||||||
|
|
||||||
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
include /etc/nginx/includes/onlyoffice-http.conf;
|
|
||||||
server {
|
|
||||||
listen 0.0.0.0:80;
|
|
||||||
listen [::]:80 default_server;
|
|
||||||
server_tokens off;
|
|
||||||
|
|
||||||
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
|
|
||||||
}
|
|
|
@ -18,7 +18,8 @@ ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
|
||||||
ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000}
|
ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000}
|
||||||
SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
|
SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
|
||||||
|
|
||||||
NGINX_ONLYOFFICE_PATH="/etc/nginx/conf.d/onlyoffice-documentserver.conf";
|
NGINX_CONFD_PATH="/etc/nginx/conf.d";
|
||||||
|
NGINX_ONLYOFFICE_PATH="${NGINX_CONFD_PATH}/onlyoffice-documentserver.conf";
|
||||||
NGINX_ONLYOFFICE_INCLUDES_PATH="/etc/nginx/includes";
|
NGINX_ONLYOFFICE_INCLUDES_PATH="/etc/nginx/includes";
|
||||||
NGINX_ONLYOFFICE_EXAMPLE_PATH=${NGINX_ONLYOFFICE_INCLUDES_PATH}/onlyoffice-documentserver-example.conf
|
NGINX_ONLYOFFICE_EXAMPLE_PATH=${NGINX_ONLYOFFICE_INCLUDES_PATH}/onlyoffice-documentserver-example.conf
|
||||||
|
|
||||||
|
@ -151,7 +152,7 @@ update_nginx_settings(){
|
||||||
|
|
||||||
# setup HTTPS
|
# setup HTTPS
|
||||||
if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
|
if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
|
||||||
cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver-ssl.conf ${NGINX_ONLYOFFICE_PATH}
|
cp ${NGINX_CONFD_PATH}/onlyoffice-documentserver-ssl.conf.template ${NGINX_ONLYOFFICE_PATH}
|
||||||
|
|
||||||
# configure nginx
|
# configure nginx
|
||||||
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
|
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
|
||||||
|
@ -178,7 +179,7 @@ update_nginx_settings(){
|
||||||
sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
|
sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver.conf ${NGINX_ONLYOFFICE_PATH}
|
cp ${NGINX_CONFD_PATH}/onlyoffice-documentserver.conf.template ${NGINX_ONLYOFFICE_PATH}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_PATH}" ]; then
|
if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_PATH}" ]; then
|
||||||
|
|
Loading…
Reference in a new issue