OxOffice Online 佈署設定

與 OxOffice Online 佈署及設定相關內容

設定啟用 OxOOL SSL 憑證

若要設定 OxOOL 服務的主機運作在 SSL 協定上時,請確認已經有申請到正式的 hostname,接下來透過以下設定方式啟動 SSL:

<ssl desc="SSL settings">
    <enable type="bool" desc="Controls whether SSL encryption is enable (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">true</enable>
    <termination desc="Connection via proxy where oxoolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
    <cert_file_path desc="Path to the cert file" relative="false">/etc/oxool/ssl/certificate.crt</cert_file_path>
    <key_file_path desc="Path to the key file" relative="false">/etc/oxool/ssl/private.key</key_file_path>
    <ca_file_path desc="Path to the ca file" relative="false">/etc/oxool/ssl/ca_bundle.crt</ca_file_path>
    <cipher_list desc="List of OpenSSL ciphers to accept" default="ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"></cipher_list>
    <hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
        <max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
        <report_uri desc="HPKP's report-uri directive - pin validation failure are reported at this URL" enable="false"></report_uri>
        <pins desc="Base64 encoded SPKI fingerprints of keys to be pinned">
        <pin></pin>
        </pins>
    </hpkp>
</ssl>
# systemctl restart oxool
https://yourhostname:9980
  1. 在設定 richdocument 的位置時,建議使用 FQDN 而不是 IP。
  2. 如果 Nextcloud / ownCloud 及 OxOOL 的 SSL 模式都設定正常但 OxOOL 仍無法正確開啟時,請將 ca_bundle.crt 的檔案 copy 到 Nextcloud 主程式目錄路行,並取代檔案 ca-bundle.crt(記得檔案名稱不要修改),應該就可以正常開啟。
[nextcloud主程式目錄]/resources/config/ca-bundle.crt

設定讓其它的 Nextcloud 來存取 OxOOL

在撰寫說明文件的過程中,demo 環境都是設定在「Private IP 環境」中,若您的佈署的環境為以下二種情境者,需額外進行進階的設定,二種情境如下:

<wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
<host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host>
<host desc="Regex pattern of hostname to allow or deny."
allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny."
allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">117\.56\.68\.133</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">odf\.nat\.gov\.tw</host>
<host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
<max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
</wopi>
<host desc="Regex pattern of hostname to allow or deny." allow="true">117\.56\.68\.133</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">odf\.nat\.gov\.tw</host>
# systemctl restart oxool