Before you can start to switch your ONLYOFFICE Docs to HTTPS protocol, you will need to create a security certificate and the certificate private key. Put them into a folder on the computer where ONLYOFFICE Docs is installed.
Once you have the certificate, proceed with the steps below:
All the commands should be executed with administrative privileges. To start a command prompt as an administrator, right-click the Start menu button in the lower left corner of the desktop and click the Command Prompt (Admin) option.
- Stop the ONLYOFFICE DocumentServer Proxy service:
net stop DsProxySvc
- Copy the
%ProgramFiles%\ONLYOFFICE\DocumentServer\nginx\conf\ds-ssl.conf.tmpl
file to the %ProgramFiles%\ONLYOFFICE\DocumentServer\nginx\conf\ds.conf
file using the following command:
COPY /Y "%ProgramFiles%\ONLYOFFICE\DocumentServer\nginx\conf\ds-ssl.conf.tmpl" "%ProgramFiles%\ONLYOFFICE\DocumentServer\nginx\conf\ds.conf"
- Edit the
%ProgramFiles%\ONLYOFFICE\DocumentServer\nginx\conf\ds.conf
file changing all the parameters in double curly brackets {{...}} for the actually used:
Please note that the backslash characters ( \ ) must be escaped in one of the following ways: С:\\yourfolder\\certificates\\onlyoffice.key
or С:/yourfolder/certificates/onlyoffice.key
. If there are spaces in the path, you need to take it all into quotation marks, e.g.: "С:/yourfolder/my certificates/onlyoffice.key"
.
- {{SSL_CERTIFICATE_PATH}} - the path to the SSL certificate you have got;
- {{SSL_KEY_PATH}} - the path to the SSL certificate private key;
- {{SSL_VERIFY_CLIENT}} - whether or not the verification of client certificates is enabled (with available values of
on
, off
, optional
and optional_no_ca
);
- {{CA_CERTIFICATES_PATH}} - the path to the client certificate which will be verified if enabled with the previous parameter;
- {{ONLYOFFICE_HTTPS_HSTS_MAXAGE}} - advanced configuration option for setting the HSTS max-age in the ONLYOFFICE Docs NGINX vHost configuration, and applicable only when SSL is in use (usually defaults to
31536000
which is considered to be safe enough);
- {{SSL_DHPARAM_PATH}} - the path to the Diffie-Hellman parameter;
Please see NGINX documentation for more information on SSL parameters used in the configuration file.
- When all the changes are made, you can start the ONLYOFFICE DocumentServer Proxy service again:
net start DsProxySvc
Port 443 must be opened for correct portal operation.
- Execute
%ProgramFiles%\ONLYOFFICE\DocumentServer\bin\documentserver-update-securelink.bat