yes, already tried with that setting
Can you browse to https://neth:8082 and see this site?
I tested it on another server now. I got similar error messages in the logfiles you posted but it works. I have to tidy up the scripts to throw less errors, itās the first working draft.
Is nginx running and the port open?
netstat -tlpn | grep nginx
Maybe a wrong port in /etc/nginx/conf.d/onlyoffice-documentserver.conf?
Do you have some software on your testserver which may collide in some way with nginx/onlyoffice/port 8082?
Yes.
Yes.
tcp 0 0 0.0.0.0:8082 0.0.0.0:* LISTEN 1575/nginx: master
tcp6 0 0 :::8082 :::* LISTEN 1575/nginx: master
## HTTPS host
server {
listen 0.0.0.0:8082 ssl;
listen [::]:8082 ssl default_server;
No, not that Iām aware.
Edit: But on Firefox console I can see some errors:
Content Security Policy: The page's settings blocked the loading of a resource at https://server.example.com/nextcloud/index.php/apps/onlyoffice/381 ("base-uri 'none'"). (unknown)
Content Security Policy: The page's settings blocked the loading of a resource at about:blank ("base-uri 'none'"). (unknown)
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.[Learn More] editor.js
ReferenceError: error is not defined
OCA.Onlyoffice.InitEditor()
editor.js:46
n.Callbacks/j()
core.js:2
n.Callbacks/k.fireWith()
core.js:2
.ready()
core.js:2
I()
I think I could reproduce it. I get a blank page with nextcloud top nav when I enter a FQDN instead of IP in the Nextcloud/Admin/Onlyoffice settings. A FQDN only works if the certificate is valid/not self-signed, letsencrypt works.
Thanks for the heads up!
Yesterday, the first times Iāve tried with the IP I got:
file_get_contents(https:\/\/192.168.1.11:8082\/coauthoring\/CommandService.ashx): failed to open stream: operation failed at \/usr\/share\/nextcloud\/apps\/onlyoffice\/lib\/documentservice.php#351
Setting green IP it works, but only from internal network (āno route to hostā from red).
Setting FQDN itās working from both sides (green, red) on Chrome/Chromium but not on Firefox.
Will try it with Nextcloud 13 and Letās Encrypt cert.
Did you try it on red with using public IP in the Nextcloud onlyoffice settings and port forwarding to your virtualbox VM? https://IP_in_settings:8082 must be reachable from the client where you are using Firefox/Nextcloud.
forwarded 80, 443, 8082 ports but didnāt work. Donāt worry will move test to fqdn with letsencrypt
1 Like
Setup
- Nethserver 7.4
- Nextcloud 13.0.0
- OnlyOffice Document Server 5.0.7
All installed on the same server despite:
ONLYOFFICE Document Server and ownCloud/Nextcloud must be installed on different computers, otherwise problems might occur and no correct connector work can be guaranteed.
Notes:
- Logs show the same warnings/errors as reported earlier.
- OnlyOffice integration is working well (nextcloud app set with the
https://FQDN:8082/) - Accessible from internal and public network using FQDN
Using Self-signed certificate:
- Requires setting
'onlyoffice' => array ( 'verify_peer_off' => TRUE),in nextcloud config file, as reported by @flatspin - Works on Chrome/Chromium
- Does not work on Firefox due to certificate trust (UNKNOWN ISSUER)
Using a valid certificated makes it work also on firefox.
I know itās in early stage and, to be fair, I donāt know much about it (neither have a preference for onlyoffice or collabora) but we (all) can start considering how to secure it. Iām sure you already considered some options but if itās of any help:
- set a random postgres dbpass (even if only accessible from localhost)?
- Having the document server exposed to Internet anyone can use it wasting server resources?
2 Likes
Thanks again for testing, I really appreciate it.
It seems itās by design:
I donāt know if it could be misused in some way but Iāll have a look at the links you posted to see if there is a possibility to make it more secure or filter it.
Itās really helpful as I just built the package straightforward out of the howto without thinking much about security in the first step.
I hope this is not a problem and theyāre talking about running both on https port.
I tested the token method for securing the documentserver and it worked - thanks @dnutan for the hintā¦
Edit /etc/onlyoffice/documentserver/default.json and execute supervisorctl restart all to restart the docserver as described here:
https://api.onlyoffice.com/editors/signature/
Enter the secret in Nextcloud onlyoffice advanced settings:
WAIT WAIT!
What??? A new module?
2 Likes
Module update: https://wiki.nethserver.org/doku.php?id=onlyoffice
Now a token is used for securing onlyoffice server, see this post. You have to enter the secret in nextcloud onlyoffice advanced settings. To get the secret enter cat /var/lib/nethserver/secrets/onlyoffice on command line.
2 Likes
Iād be surprised if this couldnāt be automated in the post-install process by using the occ commandāI know it can change configuration settings for the Nextcloud core, but Iām not 100% sure it will work for other apps.
4 Likes
Thank you very much for this info. 
The whole app install process could be automated with occ 
:
sudo -u apache /usr/bin/php56 /usr/share/nextcloud/occ app:install onlyoffice
sudo -u apache /usr/bin/php56 /usr/share/nextcloud/occ config:app:set onlyoffice DocumentServerUrl --value="https://FQDN_OR_IP:8082/"
sudo -u apache /usr/bin/php56 /usr/share/nextcloud/occ config:app:set onlyoffice jwt_secret --value="`cat /var/lib/nethserver/secrets/onlyoffice`"
4 Likes
It came to mind because Iāve been working on something along those lines, but in a different context:
Edit: And you could probably pull the correct value for FQDN_OR_IP from the config database, thus automating it even further. The more that can be automated, the lower the chance of PEBCAK-type errors.
4 Likes
Yes, you are right with automation.
sudo -u apache /usr/bin/php56 /usr/share/nextcloud/occ config:app:set onlyoffice DocumentServerUrl --value="https://`config get SystemName`.`config get DomainName`:8082/"
Iāll use a db prop āhostā where you can configure a hostname if the default is not ok.
2 Likes
IIRC the php version changed for Nextcloud 13 on Nethserver. As v13 has been released thereās no need to support older versions IMO.
2 Likes
You are right, I am already playing with php71:
sudo -u apache /opt/rh/rh-php71/root/usr/bin/php /usr/share/nextcloud/occ app:enable onlyoffice
3 Likes
Module update:
https://wiki.nethserver.org/doku.php?id=onlyoffice
- works with Nextcloud 13
- onlyoffice app is configured automatically
- accept self-signed certs
- host property to set host part of url to ādomain.tldā or ā1.2.3.4ā
What is the best default for the host part? The IP? At the moment it defaults to āhost.domain.tldā.
4 Likes
Iād say host.domain.tld. If you use the IP address, youāre guaranteed to run into certificate errors. With the FQDN, if you have a trusted cert, you wonāt.
4 Likes