Upgrade to Nextcloud 14 and add OnlyOffice editor

The upgrade to Nextcloud 14 from 13 was really easy. Just delete the container, recreate the instance with the same command as before and go through the migration of the database.

In my case I ran the following statement:

docker run -d -p 8102:80 --name=nextcloud \
-v /etc/localtime:/etc/localtime:ro \
-v /volume1/docker/nextcloud/apps/:/var/www/html/custom_apps/ \
-v /volume1/docker/nextcloud/config/:/var/www/html/config/ \
-v /volume1/docker/nextcloud/data/:/var/www/html/data/ \
--link nextcloud-mysql:mysql nextcloud:latest

Post upgrading of the container I check for error messages and I received one saying that I needed to apply new indexes on two tables. I ran the occ command as suggested.

docker exec -it --user www-data nextcloud bash
php /var/www/html/occ db:add-missing-indices

Adding OnlyOffice as an in-browser editor to Nextcloud is really easy as it is well documented. I needed to do just one minor modification to the config file that OnlyOffice is providing to terminate SSL for the Document Server of OnlyOffice.

First, lets install the Document Server in a seperate Docker container.

docker run -i -t -d --name onlyoffice -p 8103:80 --restart=always \
-v /volume1/docker/onlyoffice/logs:/var/log/onlyoffice  \
-v /volume1/docker/onlyoffice/data:/var/www/onlyoffice/Data  \
-v /volume1/docker/onlyoffice/lib:/var/lib/onlyoffice \
-v /volume1/docker/onlyoffice/db:/var/lib/postgresql  onlyoffice/documentserver

Next, configure HAProxy for SSL termination and for using a virtual path (e.g. https://myserver.com/onlyoffice/). I have Nextcloud and the Document Server running on the same server.

If you are not running HAProxy as a reverse proxy, OnlyOffice have a number of pre-defined configurations for other proxies here: https://github.com/ONLYOFFICE/document-server-proxy

I have in the frontend defined to redirect /onlyoffice/ paths to the backend definition as follows:

acl is_onlyoffice path_beg /onlyoffice
use_backend onlyoffice if is_onlyoffice

backend onlyoffice
acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found
acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found
http-request add-header X-Forwarded-Host %[req.hdr(Host)]/onlyoffice unless existing-x-forwarded-host
http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto
reqrep ^([^\ :]*)\ /onlyoffice/(.*)     \1\ /\2
server onlyoffice-documentserver 192.168.2.244:8103

The above code will fix the SSL termination and make sure that Document Server internal references are using HTTPS and it will change the internal routing based on the virtual path.

Lastly, install the OnlyOffice app in Nextcloud and configure it in the administration panel to use the route as you have defined.

Screen Shot 2018-09-20 at 14.59.07

Advertisements

Run Nextcloud through a reverse proxy – HAProxy – with a different webroot

I wanted to setup HAProxy as an reverse proxy towards my nextCloud 12 server and I really struggled to find proper information on how to do that. As I have a number of backend services I needed a different webroot to define the request and I finally succeeded and I want to share my configuration settings.

Nextcloud is now accessable from https://myserver.se/nc/

/etc/haproxy/haproxy.cfg

global
        maxconn 4096
        user haproxy
        group haproxy
        daemon
        log 127.0.0.1 local0 debug

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        option  redispatch
        option  http-server-close
        option  forwardfor
        timeout connect 5000
        timeout client  50000
        timeout server  50000

frontend www-http
        bind *:80
        mode http
        reqadd X-Forwarded-Proto:\ http

        default_backend www-backend

backend www-backend
        #All requests should be in SSL-mode. SSL is terminated in HAProxy
        #and uses HTTP in backend requests
        redirect scheme https code 301 if !{ ssl_fc }

frontend www-https
        #My server certificate
        #Here's a great instruction on how to setup
        # LetsEncrypt with HAProxy https://skarlso.github.io/2017/02/15/how-to-https-with-hugo-letsencrypt-haproxy/
        bind *:443 ssl crt /etc/haproxy/certs/myserver.pem
        mode http
        option forwardfor
        option http-server-close
        option http-pretend-keepalive

        #Only allow some services to be available internally
        acl network_allowed src 192.168.2.0/24
        acl restricted_page path_beg /internal
        block if restricted_page !network_allowed

        # App definitions
        acl is_nc path_beg /nc
        use_backend nextcloud if is_nc

backend nextcloud
        reqrep ^([^\ :]*)\ /nc/(.*)  \1\ /\2
        reqadd X-Script-Name:\ /nc
        option httpclose
        option forwardfor
        server node1 192.168.2.212:80

And for nextCloud I updated the PHP configuration settings with my domain name “myserver.se” and the HA Proxy IP address “192.168.2.196” as explained here https://docs.nextcloud.com/server/12/admin_manual/configuration_server/reverse_proxy_configuration.html

 

/var/www/nextcloud/config/config.php:

  ...
  'trusted_domains' =>
  array (
    0 => 'localhost',
    1 => '192.168.2.212',
    2 => '192.168.2.196',
    3 => 'myserver.se',
  ),
  'trusted_proxies' => ['192.168.2.196'],
  'overwritehost' => 'myserver.se',
  'overwritewebroot' => '/nc',
  'overwritecondaddr' => '^192\.168\.2\.196$',