0
Under review

Local network ONLYOFFICE implementation

Matt V 7 months ago in Feature requests • updated 4 months ago 4

Hi Vlad,


I would like to be able to connect my ONLYOFFICE document server implementation locally, rather than through an external A-record DNS call. Is this possible?


Usage case: I have my ONLYOFFICE document server installed on a local LXC with hostname ONLYOFFICE. It has a self-signed certificate. I add the URL https://OnlyOffice to the plugin settings.


Problem: Only computers on the local network can connect to it. Furthermore, because it has a self-signed certificate, only computers with that certificate added as an exception can connect. Else, you get a blank page.


Potential alternative solution: Set up a DNS server, and purchase/configure a FQDN for the ONLYOFFICE server. Also must configure a valid SSL certificate. This requires a lot more work and resources than necessary, plus, it opens up some potential security issues since the ONLYOFFICE server is now open to the WWW.


Thanks,

-Mattv8

Under review

Hi Matt!


You can use ONLYOFFICE via the server's IP address as well, not only via hostname or domain name.

When we'll add support for Document Server 4.2+, which supports protection via authentication tokens, then having the server exposed to the Internet won't be a problem.

I must note that you cannot use the server's IP address over HTTPS. There is no way to load the certificate, so a blank screen is shown. You can connect over HTTP however using the server's IP address.

Thanks for your hard work, looking forward to seeing the auth token update!

Hi Matt,


We do this using nginx's reverse proxy, this allows us to host the onlyoffice document server 5.1.4-22 (in the below example on 192.0.2.1) internal on https (self signed certificate). The nginx instance (which also hosts our FileRun) proxys these locations:

location ^~ /exampleproxy
location ^~ /2018-05-22-13-26
location ^~ /cache

using these options (for each location):

proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Port $server_port;
proxy_http_version 1.1;

respectively pointing them to:

proxy_pass https://192.0.2.1/
proxy_pass https://192.0.2.1/2018-05-22-13-26/
proxy_pass https://192.0.2.1/cache/

Then in FileRun set the "ONLYOFFICE server URL" to https://example.com/exampleproxy


Best wishes, Jan.

Thanks for the advice Jan, I ended up using something very similar to your suggestion. However, the only way I could figure out how to achieve it was to use FQDN's, so currently you can access my ONLYOFFICE server via "https://editor.docs.example.com". I will play around with this a bit and see if I can get it to work so it is not exposed to the web, but still accessible through Filerun.