Сервер документов для работы с NEXTCLOUD

 

apt install postgresql

 

sudo -i -u postgres psql -c "CREATE DATABASE onlyoffice;"

sudo -i -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"

sudo -i -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"

 

curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
apt install nodejs -y

 

apt install redis-server rabbitmq-server

systemctl status redis-server

systemctl status rabbitmq-server

 

echo "deb http://download.onlyoffice.com/repo/debian squeeze main" | sudo tee /etc/apt/sources.list.d/onlyoffice.list

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5

 

apt update

apt install onlyoffice-documentserver

 

Затем заходим на ваш сервер через браузер и видим:

 

 

Затем сгенерируем самоподписанный сертификат Самоподписанный Сертификат - Debian

 

Отключаем верификацию сертификатов документа сервера.

Для этого открываем

nano /etc/onlyoffice/documentserver/default.json 

и меняем параметр 

rejectUnauthorized с true на false

 

заходим в 

nano /etc/nginx/sites-available/default-ssl 

И пишем такую конфигарацию

server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;

root /var/www/html;
index index.html index.htm index.nginx-debian.html;

server_name _;

ssl_certificate /etc/nginx/ssl/1.crt;
ssl_certificate_key /etc/nginx/ssl/1.key;

# include snippets/self-signed.conf;
include snippets/ssl-params.conf;

include includes/ds-*.conf;


}

 

 

На вротэнде пишем такую конфигурацию NGINX:

server {
if ($host = YOUR_DOMEN) {
return 301 https://$host$request_uri;
} # managed by Certbot


listen 80;
server_name YOUR_DOMEN;
return 301 https://$host$request_uri;
error_page 497 https://$host:$server_port$request_uri;


}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name YOUR_DOMEN;
access_log /var/log/nginx/access.Doc.log;
error_log /var/log/nginx/error.Doc.log;
root /usr/share/nginx/sd;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.1 TLSv1.2;

add_header Strict-Transport-Security max-age=15768000;
location / {
proxy_pass YOUR_VPS;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}