Before you can start to switch your Document Server to HTTPS protocol, you will need to create a security certificate and the certificate private key. Put them into a folder on the computer where Document Server is installed.
Once you have the certificate, proceed with the steps below:
- Stop the NGINX service:
sudo service nginx stop
- Copy the
ds-ssl.conf.tmpl
file to the ds.conf
file using the following command:
sudo cp -f /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl /etc/onlyoffice/documentserver/nginx/ds.conf
- Edit the
/etc/onlyoffice/documentserver/nginx/ds.conf
file changing all the parameters in double curly brackets {{...}} for the actually used:
- {{SSL_CERTIFICATE_PATH}} - the path to the SSL certificate you have got;
- {{SSL_KEY_PATH}} - the path to the SSL certificate private key;
- {{SSL_VERIFY_CLIENT}} - whether or not the verification of client certificates is enabled (with available values of
on
, off
, optional
and optional_no_ca
);
- {{CA_CERTIFICATES_PATH}} - the path to the client certificate which will be verified if enabled with the previous parameter;
- {{ONLYOFFICE_HTTPS_HSTS_MAXAGE}} - advanced configuration option for setting the HSTS max-age in the Document Server NGINX vHost configuration, and applicable only when SSL is in use (usually defaults to
31536000
which is considered to be safe enough);
- {{SSL_DHPARAM_PATH}} - the path to the Diffie-Hellman parameter;
Please see NGINX documentation for more information on SSL parameters used in the configuration file.
- When all the changes are made, you can start NGINX service again:
sudo service nginx start
Port 443 must be opened for correct portal operation.