Ofimática en la nube

Proxy reverso - Nginx

Nginx

Crearemos un host virtual y, dependiendo de la necesidad, utilizaremos una de las siguientes configuraciones de ejemplo. Existen tres posibilidades:

nano /etc/nginx/sites-available/oxool

Sustituiremos el nombre de dominio que utilizamos para OxOffice Online. No debes olvidar crear un registro A para este subdominio en el DNS.

1. SSL en ambos extremos:

La config correspondiente en /etc/oxool/oxool.xml es:

<ssl desc="SSL settings">

        <enable type="bool">true</enable>

</ssl>
server {
    listen       443 ssl;
    server_name  oficina.dominio.edu.ar;

    ssl_certificate /ruta/a/certificado_ssl;
    ssl_certificate_key /ruta/a/llave_certificado_ssl;

    # static files
    location ^~ /loleaflet {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

2. SSL termina en el proxy:

La config correspondiente en /etc/oxool/oxool.xml es:

<ssl desc="SSL settings">
        <enable type="bool">false</enable>
        <termination>true</termination>
</ssl>
server {
    listen       443 ssl;
    server_name  oficina.dominio.edu.ar;

    ssl_certificate /ruta/a/certificado_ssl;
    ssl_certificate_key /ruta/a/llave_certificado_ssl;

    # static files
    location ^~ /loleaflet {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        proxy_pass http://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        proxy_pass http://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

3. HTTP plano:

La config correspondiente en /etc/oxool/oxool.xml es:

<ssl desc="SSL settings">
        <enable type="bool">false</enable>
        <termination type="bool">false</termination>
</ssl>
server {
    listen       80;
    server_name  oficina.dominio.edu.ar;

    # static files
    location ^~ /loleaflet {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        proxy_pass http://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        proxy_pass http://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

Cerramos y guardamos el archivo. Luego probamos la configuración de Nginx.

nginx -t

Si la prueba es exitosa, recargamos Nginx.

systemctl reload nginx