Switching ONLYOFFICE Docs to HTTPS protocol

Introduction

In most cases accessing the editors via HTTPS protocol is much more secure than via HTTP which is used by default. But to change the editors' access method, certain actions must be performed. Please follow the steps below to find out how to switch your ONLYOFFICE Docs to HTTPS protocol.

Switching ONLYOFFICE Docs to HTTPS using certbot

The easiest way to switch ONLYOFFICE Docs to HTTPS is to automatically get Let's Encrypt SSL Certificates using certbot.

Install certbot. This process differs depending on the operating system - DEB- or RPM-based. Please choose the corresponding tab to read instructions for your OS:

For example, on Ubuntu 20 this can be done with the following commands: 
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
For example, on CentOS8 this can be done with the following commands: 
sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Once certbot is installed on your machine, run the script specifying your email and domain:

sudo bash /usr/bin/documentserver-letsencrypt.sh email@example.com yourdomain.com

The script will automatically create and install the letsencrypt.org CA-signed certificate to your server and restart the NGINX service for the changes to take effect.

Now, your ONLYOFFICE Docs should be available at the https://yourdomain.com address.

Switching ONLYOFFICE Docs v5.3 and later to HTTPS

Before you can start to switch your ONLYOFFICE Docs to HTTPS protocol, you will need to create a security certificate and the certificate private key. Put them into a folder on the computer where ONLYOFFICE Docs is installed.

Once you have the certificate, proceed with the steps below:

  1. Stop the NGINX service: 
    sudo service nginx stop
  2. Copy the ds-ssl.conf.tmpl file to the ds.conf file using the following command: 
    sudo cp -f /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl /etc/onlyoffice/documentserver/nginx/ds.conf
  3. Edit the /etc/onlyoffice/documentserver/nginx/ds.conf file changing all the parameters in double curly brackets {{...}} for the actually used:
    • {{SSL_CERTIFICATE_PATH}} - the path to the SSL certificate you have got;
    • {{SSL_KEY_PATH}} - the path to the SSL certificate private key;
    • {{SSL_VERIFY_CLIENT}} - whether the verification of client certificates is enabled (with available values of on, off, optional and optional_no_ca);
    • {{CA_CERTIFICATES_PATH}} - the path to the client certificate, which will be verified if enabled with the previous parameter;
    • {{ONLYOFFICE_HTTPS_HSTS_MAXAGE}} - advanced configuration option for setting the HSTS max-age in the ONLYOFFICE Docs NGINX vHost configuration, and applicable only when SSL is in use (usually defaults to 31536000 which is considered to be safe enough);
    • {{SSL_DHPARAM_PATH}} - the path to the Diffie-Hellman parameter;
    Please see NGINX documentation for more information on SSL parameters used in the configuration file.
  4. When all the changes are made, you can start NGINX service again: 
    sudo service nginx start
    Port 443 must be opened for correct portal operation.
  5. Execute the following script: 
    sudo bash /usr/bin/documentserver-update-securelink.sh

Host ONLYOFFICE Docs on your own server or use it in the cloud

Get it nowUse in the cloud
Article with the tag:
Browse all tags