Help me close OnlyOffice to the internet

sse450 · 28 June 2024 08:57

I have running OnlyOffice in docker container with Nextcloud on the same server. We can access OnlyOffice within Nextcloud with no problem. It is https to https type of connection.

However, OnlyOffice is also reachable from the internet. I would appreciate any help to close OnlyOffice to the internet.

Thank you.

Here is my Apache config file for OnlyOffice:

<IfModule unixd_module>
  User daemon
  Group daemon
</IfModule>

<VirtualHost *:443>
    ServerName onlyoffice.mydomain.com

    SSLEngine on
#    SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
    SSLProtocol all -SSLv2 -SSLv3
    SSLCompression off
    SSLHonorCipherOrder on
    SSLCertificateFile  /home/appdata/onlyofficeds/data/certs/onlyoffice.crt
    SSLCertificateKeyFile /home/appdata/onlyofficeds/data/certs/onlyoffice.key
    SSLOpenSSLConfCmd DHParameters "/home/appdata/onlyofficeds/data/certs/dhparam.pem"

    SSLProxyEngine on
    SSLProxyCheckPeerCN on
    SSLProxyCheckPeerExpire on

    CustomLog logs/onlyoffice_access_log combined
    ErrorLog logs/onlyoffice_error_log

    SetEnvIf Host "^(.*)$" THE_HOST=$1
    RequestHeader setifempty X-Forwarded-Proto https
    RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
    ProxyAddHeaders Off

    RewriteEngine on
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule ^/?(.*) "wss://onlyoffice.mydomain.com:8888/$1" [P,L]
    ProxyPass / "https://onlyoffice.mydomain.com:8888/"
    ProxyPassReverse / "https://onlyoffice.mydomain.com:8888/"
</VirtualHost>

And this is the docker run command:

sudo docker run -i -t -d --name onlyoffice -p 8888:443 --restart=always -v /home/appdata/onlyofficeds/logs:/var/log/onlyoffice -v /home/appdata/onlyofficeds/data/:/var/www/onlyoffice/Data -v /home/appdata/onlyofficeds/lib:/var/lib/onlyoffice -v /home/appdata/onlyofficeds/db:/var/lib/postgresql -e JWT_ENABLED=true -e JWT_SECRET=wEc4jdL7NTkoRVeNhgrUntFvDqVCWpa -e SSL_CERTIFICATE_PATH=/var/www/onlyoffice/Data/certs/onlyoffice.crt -e SSL_KEY_PATH=/var/www/onlyoffice/Data/certs/onlyoffice.key -e SSL_DHPARAM_PATH=/var/www/onlyoffice/Data/certs/dhparam.pem onlyoffice/documentserver:8.1.0.1

OnlyOffice Docker: 8.1.0.1
Connector version: 9.2.2
Nextcloud version: 28.0.7
OS: AlmaLinux 9.4
Apache version: 2.4.57
Additional information: All these software running on our VPS.

Constantine · 1 July 2024 13:43

Hello @sse450

Can you please elaborate on what do you mean by “close”? Do you want to make Document Server inaccessible from the Internet or you want to limit Document Servers’ connection to the Internet? Any details would be much appreciated.