Enabling HTTPS for the Document Server

To connect NextCloud to OnlyOffice document server, the latter must be running in HTTPS mode (Both the Nextcloud server and user browsers will need to make contact with document server). The following steps show how to obtain and install Let’s Encrypt TLS certificate.

First, we need to edit the OnlyOffice Nginx server block file.

sudo vim /etc/nginx/conf.d/ds.conf

We add a server_name directive like below. Setup DNS “A” record for onlyoffice.yourdomain.com.

include /etc/nginx/includes/http-common.conf;
server {
  listen 0.0.0.0:80;
  listen [::]:80 default_server;
  server_tokens off;
  server_name onlyoffice.your-domain.com;

  include /etc/nginx/includes/ds-*.conf;
}

Save and close the file. Reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Then install certbot (Let’s Encrypt) client and the Nginx plugin.

sudo apt install certbot python3-certbot-nginx

Next, run the following command to obtain a free TLS certificate using the Nginx plugin.

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d onlyoffice.your-domain.com

Where:

• Unordered List Item –nginx: Use the nginx plugin.
• Unordered List Item –agree-tos: Agree to terms of service.
• Unordered List Item –redirect: Force HTTPS by 301 redirect.
• Unordered List Item – hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.
• Unordered List Item –staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.

Within a few seconds, you shall see a message like below, which means the TLS certificate is successfully obtained.

Visit https://onlyoffice.yourdomain.com in web browser to verify OnlyOffice document server is running correctly in HTTPS mode.