Nextcloud not able to open documents using the Onlyoffice document viewer/editor
-
@girish OUCH! My fault, after installation and all the updates I switched on Cloudflare DNS proxy because I’ve set up there “country whitelist”. I just switched proxy off and it works!
How can I use Cloudflare proxy in this setup or even better would be to have on Cloudron per app geo blocking
-
-
@imc67 Is there something in Cloudflare "logs" (if there is such a thing) as to why the healthcheck request was blocked? I wonder if Cloudflare is throwing some captcha or something and the server/browser request cannot handle this (since this is an API call)?
-
GOT IT! I recently moved my Cloudron from a Netcup VPS to a Netcup RS, it got a new IP. Just seconds ago (I didn’t saw you latest comment but it was the same direction) I discovered by the Cloudflare WAF logs that according to Cloudflare this IP is not in Germany (DE) but in the UK! Therefore all proxied domains where blocked by their own server! Bizar!
-
@girish I have emailed support on Tuesday as requested.
What would be my next step to get assistance in determining what is causing the issue we are seeing?
Happy to perform any additional troubleshooting steps, seems like possibly doing a packet capture from the nextcloud and onlyoffice containers on the Demo system where this works and on a system where it doesn't work would at least provide us the ability to pinpoint the differences between the failure and success states.
-
OK, I tested this a bit.
Installed nextcloud with a proper cert
- Installed the onlyoffice app inside nextcloud.
- With the "Demo server" setting, it says "you are using demo server" warning when opening files.
- Installed onlyoffice app in cloudron with proper cert
- With bad server name, the error is
Error when trying to connect (cURL error 6: Could not resolve host: xxx
- With bad password, the error is
Error when trying to connect (Error occurred in the document service: Invalid token)
- With good hostname and password, it says
Settings have been successfully updated
- With bad server name, the error is
Installed nextcloud with self signed cert
- Used the demo server.
- When you open files, they just download and editor does not open. Meaning it's not working.
- Configured with onlyoffice app in Cloudron with proper cert
- Settings don't save at all -
Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted.)
- Settings don't save at all -
Installed nextcloud with propert cert again
- Install onlyoffice in cloudron with self-signed cert
- Without
Disable certificate verification
, error isError when trying to connect (cURL error 60: SSL certificate problem: unable to get local issuer certificate
- When
Disable certificate verification
is checked, settings save and documents open.
So, to conclude: when nextcloud has self-signed certs, onlyoffice integration does not work.
-
I found the magic incantation here - https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/4ae34b4d02822f68d661cca629083e1381d83612/run-document-server.sh#L340
You have to add below under services.CoAuthoring and restart the app:
"requestDefaults": { "rejectUnauthorized": false },
@ChristopherMag please try the above
-
@girish That worked, thank you! My old onlyoffice app is still broken but with this setting I was able to make a new onlyoffice app install work as expected.
I apologize as after you found this I searched the forum for
requestDefaults
and found that I had put in this feature request that would help resolve issues like these and in the request I mentioned an equivelant step of addingservices.CoAuthoring.requestDefaults.rejectUnauthorized=false
in the/etc/onlyoffice/documentserver/defaults.json
file to accomplish the same thing.I still don't know why the original onlyoffice app stopped working but I was missing this step in my documentation to build a new one and just making a new one would have resolved the issue if I hadn't lost track of this step being needed.
Thank you for your help and if there is any way we can bump up the priority of the other feature request it would help eliminate issues like this from occurring in the first place as custom root-ca certs would be implicitly trusted inside each container.
-
@ChristopherMag said in Nextcloud not able to open documents using the Onlyoffice document viewer/editor:
if there is any way we can bump up the priority of the other feature request
sorry, I lost track. What is this other feature request?
-
@girish Sorry, I hyper linked it but maybe that didn't work right, it is this one: https://forum.cloudron.io/topic/6381/if-the-custom-certificate-option-is-chosen-please-map-a-path-to-the-public-keys-into-each-container-s-ca-certificates-or-equivalent
Esentially if cloudron domain is set to manual such that it is bieng provided a certificate and a key, at minimum, all apps that are loaded under that same domain should trust that certificate such that if you have cross app https connections, those connections will be trusted for all apps within that same domain at minimum.
One might make an arguement for wanting to trust certs accross cloudron app domains but at least making everything within a single app domain trust each other would be a huge help and prevent a lot of issues we have hit when using apps that then need to communicate with other apps.
-
-
In case any one else is looking through this thread later, the best path forward in our case was to start using DigitalOcean's free DNS service and then change the domain configuration in cloudron from manual to DigitalOcean.
Our cloudron apps are hosted under a subdomain of the top level domain so we needed to setup both the top level domain and the subdomain in digital ocean with name server records for the subdomain defined at the top level domain. We also needed to change our domain registrar's setup so that they would point to DigitalOcean's name servers as authoritative for the domain.
All of this worked and has resulted in us being able to have a cloudron instance that is not reachable from the public internet in any way but is still able to use Let's Encrypt certificates for everything via cloudron's automatic certificate management.
If you go down this path please be sure to get things setup, change the domains configuration, sync dns, renew certificates, and reboot the cloudron server and if things are configured properly you should be able to see that the certificates being used switch from your manually loaded certificate to the Let's Encrypt certificate.
Ultimately this results in https connections between apps, like nextcloud and onlyoffice, working by default without work around needed to bypass certificate verification.