search

ONLYOFFICE / DocumentServer

ONLYOFFICE Docs is a free collaborative online office suite comprising viewers and editors for texts, spreadsheets and presentations, forms and PDF, fully compatible with Office Open XML formats: .docx, .xlsx, .pptx and enabling collaborative editing in real time.
https://www.onlyoffice.com
GNU Affero General Public License v3.0
4.91k stars 1.1k forks source link

connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: mydomain.de, request: "GET /welcome/ HTTP/2> <.1", upstream: "http://[::1]:8000/robots.txt", host: "mydomain.de" #751

Closed mib-2020 closed 4 years ago

mib-2020 commented 4 years ago

Do you want to request a feature or report a bug? bug What is the current behavior? Trying to connect to https://127.0.0.1/welcome/ I get the error message "502 Bad Gateway - nginx" If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem. I installed the Document Server as described in https://helpcenter.onlyoffice.com/server/linux/document/linux-installation.aspx What is the expected behavior? Have a look at the file /var/www/onlyoffice/documentserver/server/welcome/index.html Did this work in previous versions of DocumentServer? I never tried before DocumentServer version: 5.4.2-46 Operating System: lubuntu 19.10 Browser version: Firefox 72.0.1

THIS IS IN MY /etc/onlyoffice/documentserver/nginx/ds.conf

include /etc/nginx/includes/http-common.conf;

## Normal HTTP host
server {
  server_name mydomain.de;
  listen 80;
  listen [::]:80;
  server_tokens off;

  ## Redirects all traffic to the HTTPS host
  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
  rewrite ^ https://$host$request_uri? permanent;
}

#HTTP host for internal services
server {
  listen 127.0.0.1:8080;
  listen [::1]:8080;
  server_name localhost;
  server_tokens off;

  include /etc/nginx/includes/ds-common.conf;
  include /etc/nginx/includes/ds-docservice.conf;
}

## HTTPS host
server {
  server_name mydomain.de;
  listen 443 ssl;
  listen [::]:443 ssl;
  server_tokens off;
  root /var/www/onlyoffice/documentserver/server/welcome;

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  ## ssl on;
  ssl_certificate /etc/letsencrypt/rsa-certs/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/rsa-certs/privkey.pem;
  ssl_certificate /etc/letsencrypt/ecc-certs/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/ecc-certs/privkey.pem;
  ssl_verify_client off;

  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  # ssl_session_cache  builtin:1000  shared:SSL:10m;

  ssl_prefer_server_ciphers   on;

  add_header Strict-Transport-Security max-age=31536000;
  # add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
  ## Replace with your ssl_trusted_certificate. For more info see:
  ## - https://medium.com/devops-programming/4445f4862461
  ## - https://www.ruby-forum.com/topic/4419319
  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  # resolver_timeout 10s;

  ## [Optional] Generate a stronger DHE parameter:
  ##   cd /etc/ssl/certs
  ##   sudo openssl dhparam -out dhparam.pem 4096
  ##
  # ssl_dhparam /etc/ssl/certs/dhparam.pem;

  include /etc/nginx/includes/ds-*.conf;

}
ShockwaveNN commented 4 years ago

Did you use this instruction https://helpcenter.onlyoffice.com/server/linux/document/switch-to-https.aspx to setup https?

mib-2020 commented 4 years ago

Thank you for your suggestion. More or less "yes". Now I double-checked the instruction and changed some values, for not have special values I need for other parts of my project.

This is how it looks like now: ds.conf.txt

Unfortunately I got after restarting nginx still the 502 Bad Gateway Error. Maybe you have another advice for me? Kind regards, Michael

ShockwaveNN commented 4 years ago

@mib-2020 Sorry, I'm not very good at nginx configuration. I think you should restore our default config and modify it step by step until it meet your need or failed and you'll known there is error

Akrobs commented 4 years ago

HTTPS host

server { listen 192.168.178.110:443 ssl; listen [::]:443 ssl default_server; server_tokens off; root /var/www; - must be root/var/www/onlyoffice

mib-2020 commented 4 years ago

Thanks for the answer, I guess that's it. But I have uninstalled Onlyoffice now, because I will be able to activate it as an app in Nextcloud Hub soon, that will be easier. Kind regards, Michael