[partial] solution to OnlyOffice-Nextcloud problem, a second vbox server

I was facing one impossible problem… yunohost and rabbitmq, affecting roundcube and onlyoffice.

The rabbitmq problem have a very difficult solution so we can use a workaround. 2 servers.

Let’s me explain:

I have a domain… (like everyone else selfhosting in my case with noip)
My router have the ports redirected to an sbc (originaly a vbox) at 192.168.1.50 with my dnsmasq solution for hairpining, my nextcloud, my mail, xmmp, and a pletora of things more…
So how could… have onlyoffice, if i cannot install it, or use it, since rabbitmq is F**^*ing around

Solution:
Go to my dns provider and add a host… doc.domain.net
Go to yunohost and add the doc.domain.net, get the certs, blah blah blah…

Create a virtualbox in another pc (here is the first trick)
1 cpu, 2 gigs of ram, 128 gb hard disk
Install debian 9, pure, just ssh option nothing else
name the machine doc
domain… domain.net of course!!
follow this very guide by heart

with some small tricks, like not using sudo since i already was root, i had too to follow it slowly… by the way… DON’T CHANGE ANY NAME… i’m saying the host is doc… well in the line

echo onlyoffice-documentserver onlyoffice/db-host string <DB_HOST> | sudo debconf-set-selections

I suppress sudo and change <DB_HOST> with doc, the name of my machine. Remember to use the same database name, postgresql user name, password… anyway that database is going to be local and impossible to access remotely.

Ignore the ubuntu thing, is not needed that paragraph.

But here again our lovely friend RabbitMQ… is mention NOWHERE… but if you are not going to use a RabbitMQ user, use the default “guest” password “guest”.

Now call 192.168.1.55 the fixed ip for this vbox… and in http://192.168.1.55 I found the gratification of the server working page.

But wait… my router send port 80, 443, 5222 blah blah blah to 192.168.1.50 and this little devil need ssl to be accessed from nextcloud, and be accessed from outside to the document server to work well…

Here comes our lovely friend nginx… let me resume the trick to jump to that machine everytime we call that domain…

Since my dnsmasq is my dns cache in my 192.168.1.50 in the /etc/hosts file add a line

192.168.1.55 doc.domain.net doc

Copy the certs to the vbox from /etc/yunohost/certs/doc.domain.net/ both crt.pem and key.pem to the vbox in /etc/whateveryouwant with the help of scp is easy

Follow this very guide more or less, just need to change the {{}} values about the cert and the key… nothing more, the rest is optional.

Now we have a working vbox in 192.168.1.55 even with the cert for https but only works local, inside my net… now the gateway in the 192.168.1.50 (first machine domain.net) need to be done… and is tricky…

2 hours, 3 coffees and walking the dogs in between, here is the simple solution:

in 192.168.1.50 we go to /etc/nginx/conf.d/doc.domain.net.conf nano will do.
add this:

location / {
resolver 192.168.1.55;
proxy_set_header Host doc.domain.net;
proxy_pass http://192.168.1.55:80/;
}

in the server 80 listen section… adding # to the access_by_lua… line

in the server 443 listen section add # to the lines saying more_set_headers
change the line saying resolver 127.0.0.1 to 192.168.1.55

add # to access_by_lua line
add # to include /etc/conf.d/yunohost_… lines… both

include this:

location / {
resolver 192.168.1.55;
proxy_set_header Host doc.domain.net;
proxy_pass https://192.168.1.55:443;
}

systemctl restart dnsmasq
systemctl restart nginx

and v’oila you have the server exposed only in what you want… now you can add to nextcloud the plugging for onlyoffice, server https://doc.domain.net mark the options you want… and … WORKS…

From inside my net and outside my net… it just works as expected.
Any question? where’s my award?

take care with this step

sudo cp -f /etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver-ssl.conf.template /etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver.conf

it should be

sudo cp -f /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl ds.conf

and don’t forget to change in ds.con the {{}} params to the where the crt.pem and key.pem is…

it happens with the latest version… at least the update taken today 05/29/2019…