[Libreoffice-commits] online.git: etc/apache2 etc/nginx

Thu Sep 20 08:20:11 UTC 2018

etc/apache2/loolwsd-nossl.conf.template |   34 +++++++++++++++++++++++++++
 etc/apache2/loolwsd-ssl.conf.template   |   40 ++++++++++++++++++++++++++++++++
 etc/nginx/loolwsd-nossl.conf.template   |   35 ++++++++++++++++++++++++++++
 etc/nginx/loolwsd-ssl.conf.template     |   36 ++++++++++++++++++++++++++++
 4 files changed, 145 insertions(+)

New commits:
commit 18751d35fa5bed0b14eef9f13ed1de8bf4f9e45c
Author:     Andras Timar <andras.timar at collabora.com>
AuthorDate: Thu Sep 20 10:18:57 2018 +0200
Commit:     Andras Timar <andras.timar at collabora.com>
CommitDate: Thu Sep 20 10:18:57 2018 +0200

    nginx and apache2 config templates
    
    Change-Id: I1e2572617909d7aefb951d3299810f521f56062c

diff --git a/etc/apache2/loolwsd-nossl.conf.template b/etc/apache2/loolwsd-nossl.conf.template
new file mode 100644
index 000000000..289b79d3e
--- /dev/null
+++ b/etc/apache2/loolwsd-nossl.conf.template
@@ -0,0 +1,34 @@
+# Apache2 reverse proxy configuration for Collabora Online / LibreOffice Online
+# Internet <-- SSL --> Reverse Proxy <-- No SSL --> loolwsd
+# Make sure that you enable the following Apache2 modules: proxy, proxy_wstunnel, and proxy_http.
+# Create a virtual host for Collabora Online / LibreOffice Online and include this configuration file.
+
+# loolwsd_service_root (introduced in Collabora Online 3.4 and LibreOffce Online 6.2)
+# Prefix all the pages, websockets, etc. with this path.
+
+  Options -Indexes
+
+  # Encoded slashes need to be allowed
+  AllowEncodedSlashes NoDecode
+
+  # keep the host
+  ProxyPreserveHost On
+
+  # static html, js, images, etc. served from loolwsd
+  # loleaflet is the client part of LibreOffice Online
+  ProxyPass           ${loolwsd_service_root}/loleaflet http://127.0.0.1:9980${loolwsd_service_root}/loleaflet retry=0
+  ProxyPassReverse    ${loolwsd_service_root}/loleaflet http://127.0.0.1:9980${loolwsd_service_root}/loleaflet
+
+  # WOPI discovery URL
+  ProxyPass           ${loolwsd_service_root}/hosting/discovery http://127.0.0.1:9980${loolwsd_service_root}/hosting/discovery retry=0
+  ProxyPassReverse    ${loolwsd_service_root}/hosting/discovery http://127.0.0.1:9980${loolwsd_service_root}/hosting/discovery
+
+  # Main websocket
+  ProxyPassMatch "${loolwsd_service_root}/lool/(.*)/ws$" ws://127.0.0.1:9980${loolwsd_service_root}/lool/$1/ws nocanon
+
+  # Admin Console websocket
+  ProxyPass   ${loolwsd_service_root}/lool/adminws ws://127.0.0.1:9980${loolwsd_service_root}/lool/adminws
+
+  # Download as, Fullscreen presentation and Image upload operations
+  ProxyPass           ${loolwsd_service_root}/lool http://127.0.0.1:9980${loolwsd_service_root}/lool
+  ProxyPassReverse    ${loolwsd_service_root}/lool http://127.0.0.1:9980${loolwsd_service_root}/lool
diff --git a/etc/apache2/loolwsd-ssl.conf.template b/etc/apache2/loolwsd-ssl.conf.template
new file mode 100644
index 000000000..63e128028
--- /dev/null
+++ b/etc/apache2/loolwsd-ssl.conf.template
@@ -0,0 +1,40 @@
+# Apache2 reverse proxy configuration for Collabora Online / LibreOffice Online
+# Internet <-- SSL --> Reverse Proxy <-- SSL --> loolwsd
+# Make sure that you enable the following Apache2 modules: proxy, proxy_wstunnel, proxy_http, and ssl.
+# Create a virtual host for Collabora Online / LibreOffice Online and include this configuration file.
+
+# loolwsd_service_root (introduced in Collabora Online 3.4 and LibreOffce Online 6.2)
+# Prefix all the pages, websockets, etc. with this path.
+
+  Options -Indexes
+
+  # Encoded slashes need to be allowed
+  AllowEncodedSlashes NoDecode
+
+  # in most configurations loolwsd uses a unique non-signed certificate
+  SSLProxyEngine On
+  SSLProxyVerify None
+  SSLProxyCheckPeerCN Off
+  SSLProxyCheckPeerName Off
+
+  # keep the host
+  ProxyPreserveHost On
+
+  # static html, js, images, etc. served from loolwsd
+  # loleaflet is the client part of LibreOffice Online
+  ProxyPass           ${loolwsd_service_root}/loleaflet https://127.0.0.1:9980${loolwsd_service_root}/loleaflet retry=0
+  ProxyPassReverse    ${loolwsd_service_root}/loleaflet https://127.0.0.1:9980${loolwsd_service_root}/loleaflet
+
+  # WOPI discovery URL
+  ProxyPass           ${loolwsd_service_root}/hosting/discovery https://127.0.0.1:9980${loolwsd_service_root}/hosting/discovery retry=0
+  ProxyPassReverse    ${loolwsd_service_root}/hosting/discovery https://127.0.0.1:9980${loolwsd_service_root}/hosting/discovery
+
+  # Main websocket
+  ProxyPassMatch "${loolwsd_service_root}/lool/(.*)/ws$" wss://127.0.0.1:9980${loolwsd_service_root}/lool/$1/ws nocanon
+
+  # Admin Console websocket
+  ProxyPass   ${loolwsd_service_root}/lool/adminws wss://127.0.0.1:9980${loolwsd_service_root}/lool/adminws
+
+  # Download as, Fullscreen presentation and Image upload operations
+  ProxyPass           ${loolwsd_service_root}/lool https://127.0.0.1:9980${loolwsd_service_root}/lool
+  ProxyPassReverse    ${loolwsd_service_root}/lool https://127.0.0.1:9980${loolwsd_service_root}/lool
diff --git a/etc/nginx/loolwsd-nossl.conf.template b/etc/nginx/loolwsd-nossl.conf.template
new file mode 100644
index 000000000..bcadf278a
--- /dev/null
+++ b/etc/nginx/loolwsd-nossl.conf.template
@@ -0,0 +1,35 @@
+    # static files
+    location ^~ ${loolwsd_service_root}/loleaflet {
+        proxy_pass http://localhost:9980;
+        proxy_set_header Host $http_host;
+    }
+
+    # WOPI discovery URL
+    location ^~ ${loolwsd_service_root}/hosting/discovery {
+        proxy_pass http://localhost:9980;
+        proxy_set_header Host $http_host;
+    }
+
+    # main websocket
+    location ~ ^${loolwsd_service_root}/lool/(.*)/ws$ {
+        proxy_pass http://localhost:9980;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $http_host;
+        proxy_read_timeout 36000s;
+    }
+
+    # download, presentation and image upload
+    location ~ ^${loolwsd_service_root}/lool {
+        proxy_pass http://localhost:9980;
+        proxy_set_header Host $http_host;
+    }
+
+    # Admin Console websocket
+    location ^~ ${loolwsd_service_root}/lool/adminws {
+        proxy_pass http://localhost:9980;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $http_host;
+        proxy_read_timeout 36000s;
+    }
diff --git a/etc/nginx/loolwsd-ssl.conf.template b/etc/nginx/loolwsd-ssl.conf.template
new file mode 100644
index 000000000..1190fb54c
--- /dev/null
+++ b/etc/nginx/loolwsd-ssl.conf.template
@@ -0,0 +1,36 @@
+
+    # static files
+    location ^~ ${loolwsd_service_root}/loleaflet {
+        proxy_pass https://localhost:9980;
+        proxy_set_header Host $http_host;
+    }
+
+    # WOPI discovery URL
+    location ^~ ${loolwsd_service_root}/hosting/discovery {
+        proxy_pass https://localhost:9980;
+        proxy_set_header Host $http_host;
+    }
+
+    # main websocket
+    location ~ ^${loolwsd_service_root}/lool/(.*)/ws$ {
+        proxy_pass https://localhost:9980;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $http_host;
+        proxy_read_timeout 36000s;
+    }
+
+    # download, presentation and image upload
+    location ~ ^${loolwsd_service_root}/lool {
+        proxy_pass https://localhost:9980;
+        proxy_set_header Host $http_host;
+    }
+
+    # Admin Console websocket
+    location ^~ ${loolwsd_service_root}/lool/adminws {
+        proxy_pass https://localhost:9980;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $http_host;
+        proxy_read_timeout 36000s;
+    }
