HSTS and self-signed certificates

Discussion of issues you faced using ONLYOFFICE
Post Reply
Posts: 1
Joined: Sat Nov 16, 2019 3:03 pm

HSTS and self-signed certificates

Post by mmccarn » Sat Nov 16, 2019 3:39 pm

- Recent updates to Firefox and Chrome seem to block access to onlyoffice community server with SSL enabled using a self-signed certificate
- The onlyoffice help center provides a list of runtime options, one of which can be used to disable HSTS (ONLYOFFICE_HTTPS_HSTS_ENABLED=false)
- The automatic installation script provided for easy installation, configuration, and updating of openoffice (opensource-install.sh / search for "wget"), does not provide any documented method for using custom docker parameters.

1) Manual install
Presumably (untested) I could switch from managing and updating my onlyoffice using opensource-install.sh to doing it manually, then add the setting for HSTS in my docker run command:
https://github.com/ONLYOFFICE/Docker-CommunityServer#installing-community-server wrote:sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 \
-e MYSQL_SERVER_DB_NAME=onlyoffice \
-e MYSQL_SERVER_HOST=onlyoffice-mysql-server \
-e MYSQL_SERVER_USER=onlyoffice_user \
-e MYSQL_SERVER_PASS=onlyoffice_pass \
-v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \
-v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \
2) Using opensource-install.sh
I found I could disable HSTS by adding the new setting to /etc/environment (ubuntu 18.04) and rebooting the server
(I *also* had to clear my recent firefox browser history before the change was recognized.)

Code: Select all

sudo echo ONLYOFFICE_HTTPS_HSTS_ENABLED=false>> /etc/environment
sudo reboot

Posts: 355
Joined: Mon Feb 09, 2015 11:17 am

Re: HSTS and self-signed certificates

Post by Kate » Mon Nov 18, 2019 1:16 pm


This is a forum for ONLYOFFICE Cloud; Desktop and Mobile applications. You can ask your questions regarding Community Server on our forum http://dev.onlyoffice.org/.

Post Reply