From 18751d35fa5bed0b14eef9f13ed1de8bf4f9e45c Mon Sep 17 00:00:00 2001 From: Andras Timar Date: Thu, 20 Sep 2018 10:18:57 +0200 Subject: nginx and apache2 config templates Change-Id: I1e2572617909d7aefb951d3299810f521f56062c --- etc/apache2/loolwsd-nossl.conf.template | 34 ++++++++++++++++++++++++++++ etc/apache2/loolwsd-ssl.conf.template | 40 +++++++++++++++++++++++++++++++++ etc/nginx/loolwsd-nossl.conf.template | 35 +++++++++++++++++++++++++++++ etc/nginx/loolwsd-ssl.conf.template | 36 +++++++++++++++++++++++++++++ 4 files changed, 145 insertions(+) create mode 100644 etc/apache2/loolwsd-nossl.conf.template create mode 100644 etc/apache2/loolwsd-ssl.conf.template create mode 100644 etc/nginx/loolwsd-nossl.conf.template create mode 100644 etc/nginx/loolwsd-ssl.conf.template (limited to 'etc') diff --git a/etc/apache2/loolwsd-nossl.conf.template b/etc/apache2/loolwsd-nossl.conf.template new file mode 100644 index 0000000000..289b79d3e6 --- /dev/null +++ b/etc/apache2/loolwsd-nossl.conf.template @@ -0,0 +1,34 @@ +# Apache2 reverse proxy configuration for Collabora Online / LibreOffice Online +# Internet <-- SSL --> Reverse Proxy <-- No SSL --> loolwsd +# Make sure that you enable the following Apache2 modules: proxy, proxy_wstunnel, and proxy_http. +# Create a virtual host for Collabora Online / LibreOffice Online and include this configuration file. + +# loolwsd_service_root (introduced in Collabora Online 3.4 and LibreOffce Online 6.2) +# Prefix all the pages, websockets, etc. with this path. + + Options -Indexes + + # Encoded slashes need to be allowed + AllowEncodedSlashes NoDecode + + # keep the host + ProxyPreserveHost On + + # static html, js, images, etc. served from loolwsd + # loleaflet is the client part of LibreOffice Online + ProxyPass ${loolwsd_service_root}/loleaflet http://127.0.0.1:9980${loolwsd_service_root}/loleaflet retry=0 + ProxyPassReverse ${loolwsd_service_root}/loleaflet http://127.0.0.1:9980${loolwsd_service_root}/loleaflet + + # WOPI discovery URL + ProxyPass ${loolwsd_service_root}/hosting/discovery http://127.0.0.1:9980${loolwsd_service_root}/hosting/discovery retry=0 + ProxyPassReverse ${loolwsd_service_root}/hosting/discovery http://127.0.0.1:9980${loolwsd_service_root}/hosting/discovery + + # Main websocket + ProxyPassMatch "${loolwsd_service_root}/lool/(.*)/ws$" ws://127.0.0.1:9980${loolwsd_service_root}/lool/$1/ws nocanon + + # Admin Console websocket + ProxyPass ${loolwsd_service_root}/lool/adminws ws://127.0.0.1:9980${loolwsd_service_root}/lool/adminws + + # Download as, Fullscreen presentation and Image upload operations + ProxyPass ${loolwsd_service_root}/lool http://127.0.0.1:9980${loolwsd_service_root}/lool + ProxyPassReverse ${loolwsd_service_root}/lool http://127.0.0.1:9980${loolwsd_service_root}/lool diff --git a/etc/apache2/loolwsd-ssl.conf.template b/etc/apache2/loolwsd-ssl.conf.template new file mode 100644 index 0000000000..63e1280283 --- /dev/null +++ b/etc/apache2/loolwsd-ssl.conf.template @@ -0,0 +1,40 @@ +# Apache2 reverse proxy configuration for Collabora Online / LibreOffice Online +# Internet <-- SSL --> Reverse Proxy <-- SSL --> loolwsd +# Make sure that you enable the following Apache2 modules: proxy, proxy_wstunnel, proxy_http, and ssl. +# Create a virtual host for Collabora Online / LibreOffice Online and include this configuration file. + +# loolwsd_service_root (introduced in Collabora Online 3.4 and LibreOffce Online 6.2) +# Prefix all the pages, websockets, etc. with this path. + + Options -Indexes + + # Encoded slashes need to be allowed + AllowEncodedSlashes NoDecode + + # in most configurations loolwsd uses a unique non-signed certificate + SSLProxyEngine On + SSLProxyVerify None + SSLProxyCheckPeerCN Off + SSLProxyCheckPeerName Off + + # keep the host + ProxyPreserveHost On + + # static html, js, images, etc. served from loolwsd + # loleaflet is the client part of LibreOffice Online + ProxyPass ${loolwsd_service_root}/loleaflet https://127.0.0.1:9980${loolwsd_service_root}/loleaflet retry=0 + ProxyPassReverse ${loolwsd_service_root}/loleaflet https://127.0.0.1:9980${loolwsd_service_root}/loleaflet + + # WOPI discovery URL + ProxyPass ${loolwsd_service_root}/hosting/discovery https://127.0.0.1:9980${loolwsd_service_root}/hosting/discovery retry=0 + ProxyPassReverse ${loolwsd_service_root}/hosting/discovery https://127.0.0.1:9980${loolwsd_service_root}/hosting/discovery + + # Main websocket + ProxyPassMatch "${loolwsd_service_root}/lool/(.*)/ws$" wss://127.0.0.1:9980${loolwsd_service_root}/lool/$1/ws nocanon + + # Admin Console websocket + ProxyPass ${loolwsd_service_root}/lool/adminws wss://127.0.0.1:9980${loolwsd_service_root}/lool/adminws + + # Download as, Fullscreen presentation and Image upload operations + ProxyPass ${loolwsd_service_root}/lool https://127.0.0.1:9980${loolwsd_service_root}/lool + ProxyPassReverse ${loolwsd_service_root}/lool https://127.0.0.1:9980${loolwsd_service_root}/lool diff --git a/etc/nginx/loolwsd-nossl.conf.template b/etc/nginx/loolwsd-nossl.conf.template new file mode 100644 index 0000000000..bcadf278af --- /dev/null +++ b/etc/nginx/loolwsd-nossl.conf.template @@ -0,0 +1,35 @@ + # static files + location ^~ ${loolwsd_service_root}/loleaflet { + proxy_pass http://localhost:9980; + proxy_set_header Host $http_host; + } + + # WOPI discovery URL + location ^~ ${loolwsd_service_root}/hosting/discovery { + proxy_pass http://localhost:9980; + proxy_set_header Host $http_host; + } + + # main websocket + location ~ ^${loolwsd_service_root}/lool/(.*)/ws$ { + proxy_pass http://localhost:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } + + # download, presentation and image upload + location ~ ^${loolwsd_service_root}/lool { + proxy_pass http://localhost:9980; + proxy_set_header Host $http_host; + } + + # Admin Console websocket + location ^~ ${loolwsd_service_root}/lool/adminws { + proxy_pass http://localhost:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } diff --git a/etc/nginx/loolwsd-ssl.conf.template b/etc/nginx/loolwsd-ssl.conf.template new file mode 100644 index 0000000000..1190fb54c2 --- /dev/null +++ b/etc/nginx/loolwsd-ssl.conf.template @@ -0,0 +1,36 @@ + + # static files + location ^~ ${loolwsd_service_root}/loleaflet { + proxy_pass https://localhost:9980; + proxy_set_header Host $http_host; + } + + # WOPI discovery URL + location ^~ ${loolwsd_service_root}/hosting/discovery { + proxy_pass https://localhost:9980; + proxy_set_header Host $http_host; + } + + # main websocket + location ~ ^${loolwsd_service_root}/lool/(.*)/ws$ { + proxy_pass https://localhost:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } + + # download, presentation and image upload + location ~ ^${loolwsd_service_root}/lool { + proxy_pass https://localhost:9980; + proxy_set_header Host $http_host; + } + + # Admin Console websocket + location ^~ ${loolwsd_service_root}/lool/adminws { + proxy_pass https://localhost:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } -- cgit