[Libreoffice-commits] online.git: etc/apache2 etc/nginx
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Thu Sep 20 08:20:11 UTC 2018
etc/apache2/loolwsd-nossl.conf.template | 34 +++++++++++++++++++++++++++
etc/apache2/loolwsd-ssl.conf.template | 40 ++++++++++++++++++++++++++++++++
etc/nginx/loolwsd-nossl.conf.template | 35 ++++++++++++++++++++++++++++
etc/nginx/loolwsd-ssl.conf.template | 36 ++++++++++++++++++++++++++++
4 files changed, 145 insertions(+)
New commits:
commit 18751d35fa5bed0b14eef9f13ed1de8bf4f9e45c
Author: Andras Timar <andras.timar at collabora.com>
AuthorDate: Thu Sep 20 10:18:57 2018 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Thu Sep 20 10:18:57 2018 +0200
nginx and apache2 config templates
Change-Id: I1e2572617909d7aefb951d3299810f521f56062c
diff --git a/etc/apache2/loolwsd-nossl.conf.template b/etc/apache2/loolwsd-nossl.conf.template
new file mode 100644
index 000000000..289b79d3e
--- /dev/null
+++ b/etc/apache2/loolwsd-nossl.conf.template
@@ -0,0 +1,34 @@
+# Apache2 reverse proxy configuration for Collabora Online / LibreOffice Online
+# Internet <-- SSL --> Reverse Proxy <-- No SSL --> loolwsd
+# Make sure that you enable the following Apache2 modules: proxy, proxy_wstunnel, and proxy_http.
+# Create a virtual host for Collabora Online / LibreOffice Online and include this configuration file.
+
+# loolwsd_service_root (introduced in Collabora Online 3.4 and LibreOffce Online 6.2)
+# Prefix all the pages, websockets, etc. with this path.
+
+ Options -Indexes
+
+ # Encoded slashes need to be allowed
+ AllowEncodedSlashes NoDecode
+
+ # keep the host
+ ProxyPreserveHost On
+
+ # static html, js, images, etc. served from loolwsd
+ # loleaflet is the client part of LibreOffice Online
+ ProxyPass ${loolwsd_service_root}/loleaflet http://127.0.0.1:9980${loolwsd_service_root}/loleaflet retry=0
+ ProxyPassReverse ${loolwsd_service_root}/loleaflet http://127.0.0.1:9980${loolwsd_service_root}/loleaflet
+
+ # WOPI discovery URL
+ ProxyPass ${loolwsd_service_root}/hosting/discovery http://127.0.0.1:9980${loolwsd_service_root}/hosting/discovery retry=0
+ ProxyPassReverse ${loolwsd_service_root}/hosting/discovery http://127.0.0.1:9980${loolwsd_service_root}/hosting/discovery
+
+ # Main websocket
+ ProxyPassMatch "${loolwsd_service_root}/lool/(.*)/ws$" ws://127.0.0.1:9980${loolwsd_service_root}/lool/$1/ws nocanon
+
+ # Admin Console websocket
+ ProxyPass ${loolwsd_service_root}/lool/adminws ws://127.0.0.1:9980${loolwsd_service_root}/lool/adminws
+
+ # Download as, Fullscreen presentation and Image upload operations
+ ProxyPass ${loolwsd_service_root}/lool http://127.0.0.1:9980${loolwsd_service_root}/lool
+ ProxyPassReverse ${loolwsd_service_root}/lool http://127.0.0.1:9980${loolwsd_service_root}/lool
diff --git a/etc/apache2/loolwsd-ssl.conf.template b/etc/apache2/loolwsd-ssl.conf.template
new file mode 100644
index 000000000..63e128028
--- /dev/null
+++ b/etc/apache2/loolwsd-ssl.conf.template
@@ -0,0 +1,40 @@
+# Apache2 reverse proxy configuration for Collabora Online / LibreOffice Online
+# Internet <-- SSL --> Reverse Proxy <-- SSL --> loolwsd
+# Make sure that you enable the following Apache2 modules: proxy, proxy_wstunnel, proxy_http, and ssl.
+# Create a virtual host for Collabora Online / LibreOffice Online and include this configuration file.
+
+# loolwsd_service_root (introduced in Collabora Online 3.4 and LibreOffce Online 6.2)
+# Prefix all the pages, websockets, etc. with this path.
+
+ Options -Indexes
+
+ # Encoded slashes need to be allowed
+ AllowEncodedSlashes NoDecode
+
+ # in most configurations loolwsd uses a unique non-signed certificate
+ SSLProxyEngine On
+ SSLProxyVerify None
+ SSLProxyCheckPeerCN Off
+ SSLProxyCheckPeerName Off
+
+ # keep the host
+ ProxyPreserveHost On
+
+ # static html, js, images, etc. served from loolwsd
+ # loleaflet is the client part of LibreOffice Online
+ ProxyPass ${loolwsd_service_root}/loleaflet https://127.0.0.1:9980${loolwsd_service_root}/loleaflet retry=0
+ ProxyPassReverse ${loolwsd_service_root}/loleaflet https://127.0.0.1:9980${loolwsd_service_root}/loleaflet
+
+ # WOPI discovery URL
+ ProxyPass ${loolwsd_service_root}/hosting/discovery https://127.0.0.1:9980${loolwsd_service_root}/hosting/discovery retry=0
+ ProxyPassReverse ${loolwsd_service_root}/hosting/discovery https://127.0.0.1:9980${loolwsd_service_root}/hosting/discovery
+
+ # Main websocket
+ ProxyPassMatch "${loolwsd_service_root}/lool/(.*)/ws$" wss://127.0.0.1:9980${loolwsd_service_root}/lool/$1/ws nocanon
+
+ # Admin Console websocket
+ ProxyPass ${loolwsd_service_root}/lool/adminws wss://127.0.0.1:9980${loolwsd_service_root}/lool/adminws
+
+ # Download as, Fullscreen presentation and Image upload operations
+ ProxyPass ${loolwsd_service_root}/lool https://127.0.0.1:9980${loolwsd_service_root}/lool
+ ProxyPassReverse ${loolwsd_service_root}/lool https://127.0.0.1:9980${loolwsd_service_root}/lool
diff --git a/etc/nginx/loolwsd-nossl.conf.template b/etc/nginx/loolwsd-nossl.conf.template
new file mode 100644
index 000000000..bcadf278a
--- /dev/null
+++ b/etc/nginx/loolwsd-nossl.conf.template
@@ -0,0 +1,35 @@
+ # static files
+ location ^~ ${loolwsd_service_root}/loleaflet {
+ proxy_pass http://localhost:9980;
+ proxy_set_header Host $http_host;
+ }
+
+ # WOPI discovery URL
+ location ^~ ${loolwsd_service_root}/hosting/discovery {
+ proxy_pass http://localhost:9980;
+ proxy_set_header Host $http_host;
+ }
+
+ # main websocket
+ location ~ ^${loolwsd_service_root}/lool/(.*)/ws$ {
+ proxy_pass http://localhost:9980;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "Upgrade";
+ proxy_set_header Host $http_host;
+ proxy_read_timeout 36000s;
+ }
+
+ # download, presentation and image upload
+ location ~ ^${loolwsd_service_root}/lool {
+ proxy_pass http://localhost:9980;
+ proxy_set_header Host $http_host;
+ }
+
+ # Admin Console websocket
+ location ^~ ${loolwsd_service_root}/lool/adminws {
+ proxy_pass http://localhost:9980;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "Upgrade";
+ proxy_set_header Host $http_host;
+ proxy_read_timeout 36000s;
+ }
diff --git a/etc/nginx/loolwsd-ssl.conf.template b/etc/nginx/loolwsd-ssl.conf.template
new file mode 100644
index 000000000..1190fb54c
--- /dev/null
+++ b/etc/nginx/loolwsd-ssl.conf.template
@@ -0,0 +1,36 @@
+
+ # static files
+ location ^~ ${loolwsd_service_root}/loleaflet {
+ proxy_pass https://localhost:9980;
+ proxy_set_header Host $http_host;
+ }
+
+ # WOPI discovery URL
+ location ^~ ${loolwsd_service_root}/hosting/discovery {
+ proxy_pass https://localhost:9980;
+ proxy_set_header Host $http_host;
+ }
+
+ # main websocket
+ location ~ ^${loolwsd_service_root}/lool/(.*)/ws$ {
+ proxy_pass https://localhost:9980;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "Upgrade";
+ proxy_set_header Host $http_host;
+ proxy_read_timeout 36000s;
+ }
+
+ # download, presentation and image upload
+ location ~ ^${loolwsd_service_root}/lool {
+ proxy_pass https://localhost:9980;
+ proxy_set_header Host $http_host;
+ }
+
+ # Admin Console websocket
+ location ^~ ${loolwsd_service_root}/lool/adminws {
+ proxy_pass https://localhost:9980;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "Upgrade";
+ proxy_set_header Host $http_host;
+ proxy_read_timeout 36000s;
+ }
More information about the Libreoffice-commits
mailing list