完整教程:【DOCKER】DOCKER容器部署的ONLYOFFICE 启用HTTPS
DOCKER容器部署的ONLYOFFICE 启用HTTPS
背景:已准备好私钥文件onlyoffice.key和证书文件onlyoffice.pem,onlyoffice通过docker容器部署
1. 准备工作(备份与判断部署方式)
在进行任何配置更改前,强烈建议先备份原有配置文件。
进入正在运行的 ONLYOFFICE 容器:
sudo docker exec -it <容器名称或ID> /bin/bash提示:可使用
sudo docker ps查看容器信息。在容器内备份原始
ds.conf:cp /etc/onlyoffice/documentserver/nginx/ds.conf /etc/onlyoffice/documentserver/nginx/ds.conf.backup
2. 停止 Nginx 服务(可选)
可以不停止服务,后续直接重启,但为避免配置加载冲突,建议先停止:
sudo systemctl stop nginx3. 复制 HTTPS 模板覆盖原配置
仅适用于 v5.3 及以上版本,使用 SSL 模板:
sudo cp -f /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl /etc/onlyoffice/documentserver/nginx/ds.conf其他版本请参考官方文档:Switching ONLYOFFICE Docs to HTTPS protocol
4. 修改 ds.conf 中的参数
使用编辑器打开配置文件:
sudo vim /etc/onlyoffice/documentserver/nginx/ds.conf将以下 {{...}} 占位符替换为实际值:
| 参数 | 说明 |
|---|---|
{{SSL_CERTIFICATE_PATH}} | SSL 证书路径(如 /etc/ssl/onlyoffice.crt) |
{{SSL_KEY_PATH}} | 证书私钥路径(如 /etc/ssl/onlyoffice.key) |
{{SSL_VERIFY_CLIENT}} | 是否启用客户端证书验证,可选:on、off、optional、optional_no_ca |
{{CA_CERTIFICATES_PATH}} | 客户端 CA 证书路径(如需双向认证) |
{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}} | HSTS 最大有效期(默认 31536000,单位:秒) |
{{SSL_DHPARAM_PATH}} | Diffie-Hellman 参数文件路径(增强密钥交换安全) |
更多 Nginx SSL 参数配置可参考:Module ngx_http_ssl_module
例如:
include /etc/nginx/includes/http-common.conf;
## Normal HTTP host
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name _;
server_tokens off;
set $secure_link_secret verysecretstring;
## Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
listen 127.0.0.1:80;
listen [::1]:80;
server_name localhost;
server_tokens off;
set $secure_link_secret verysecretstring;
include /etc/nginx/includes/ds-common.conf;
include /etc/nginx/includes/ds-docservice.conf;
}
## HTTPS host
server {
listen 0.0.0.0:443 ssl http2;
listen [::]:443 ssl default_server http2;
server_tokens off;
set $secure_link_secret verysecretstring;
root /usr/share/nginx/html;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_certificate /var/www/onlyoffice/Data/certs/onlyoffice.pem;
ssl_certificate_key /var/www/onlyoffice/Data/certs/onlyoffice.key;
# Uncomment string below and specify the path to the file with the password if you use encrypted certificate key
# ssl_password_file {{SSL_PASSWORD_PATH}};
ssl_verify_client off;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Content-Type-Options nosniff;
include /etc/nginx/includes/ds-*.conf;
}5. 重启 ONLYOFFICE 容器
停止ONLYOFFICE 容器:
sudo docker stop <容器名称或ID>删除ONLYOFFICE 容器:
sudo docker rm <容器名称或ID>启动ONLYOFFICE 容器:
这条命令有很多参数可视情况自行选择,不要照搬sudo docker run -itd -p 8081:80 -p 7443:443 -v /home/wst/docx_deploy/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -v /home/wst/docx_deploy/onlyoffice/DocumentServer/data/nginx/ds.conf:/etc/onlyoffice/documentserver/nginx/ds.conf --name onlyoffice-document-server-9.0.4.1 --privileged -e JWT_SECRET=my_jwt_secret --restart=always onlyoffice/documentserver:9.0.4.1
✅ 验证配置
- 在容器内检查 Nginx 配置语法:
sudo nginx -t - 访问您的 ONLYOFFICE Docs 地址,确认已通过
https://ip:7443正常访问,并且 HTTP 请求被重定向。
浙公网安备 33010602011771号