I apologize for my English.
I have already done five clean installations.
The installation is not in Docker, it’s Ubuntu 24.04.
On a clean installation without SSL, the demo mode works correctly.
After adding the configuration in ds.conf and restarting Nginx, the demo mode does not work.
The certificate is displayed correctly on the website.
Corporate certificates issued through Windows Server 2016 are used.
DNS is configured on Windows Server 2016.
Ports were opened through UFW, and permissions were granted for the Nginx full application.
The default.json and local.json configurations have not been changed.
What should I do and where should I look?
that my ds.conf
root@nexoffice:/home/me# cat /etc/onlyoffice/documentserver/nginx/ds.conf
include /etc/nginx/includes/http-common.conf;
## Normal HTTP host
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name _;
server_tokens off;
set $secure_link_secret verysecretstring;
## Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
listen 127.0.0.1:80;
listen [::1]:80;
server_name localhost; #changed hostname, and it not work
server_tokens off;
set $secure_link_secret verysecretstring;
include /etc/nginx/includes/ds-common.conf;
include /etc/nginx/includes/ds-docservice.conf;
}
## HTTPS host
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl default_server;
server_tokens off;
set $secure_link_secret verysecretstring;
root /usr/share/nginx/html;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_certificate /etc/ssl/certs/onlyofficecert.crt;
ssl_certificate_key /etc/ssl/private/onlyofficekey_nopass.key;
# Uncomment string below and specify the path to the file with the password if you use encrypted certificate key
# ssl_password_file {{SSL_PASSWORD_PATH}};
ssl_verify_client off;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
## Replace with your ssl_trusted_certificate. For more info see:
## - https://medium.com/devops-programming/4445f4862461
## - https://www.ruby-forum.com/topic/4419319
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 10s;
## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs
## sudo openssl dhparam -out dhparam.pem 4096
##
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
include /etc/nginx/includes/ds-*.conf;
}
Could you specify exactly what error you’re encountering when open document, and also provide the logs from the Document Server?
You can find the Document Server logs at the following path :
/var/log/onlyoffice/documentserver/
Hello @Origimato,
According to your logs, we see a certificate error. Please follow these steps:
Open the document for editing.
Open the browser console.
Reload the page.
After that, please attach a screenshot of the console to this thread.
Additionally, check if your SSL certificate is properly configured (ensure the certificate chain is complete).
Also, verify if the RabbitMQ service is running and works correctly.
After completing all the steps above, please execute the script: sudo bash /usr/bin/documentserver-update-securelink.sh
Also, if your Docs instance is publicly accessible, try checking your domain using an SSL checker, such as: SSL Checker
Thank you very much for your answer Roman
You were right about the certificate chains, I didn’t install the root one.
However, after installing the root one, nothing happened.
The chain is quite primitive, there is a certification center, followed immediately by a certificate.
Good afternoon @Roman.
It’s still a new installation.
When installing Ubuntu, nothing changes except the date.
I tried to create a self-signed certificate.
We managed to avoid the red code error, but the saving error remained.
Moreover, if I ignore this error, I can edit the file, but I will not be able to save it, since the save button is disabled.
But if you go file>save copy as , the save will be successful.
You can use the rejectUnauthorized parameter.
To use a self-signed certificate, set the rejectUnauthorized parameter to false.
After changing the parameters, restart all services using the command: systemctl restart ds-* A link to the documentation for configuration is provided below:
We also recommend checking if all the necessary ports for the Document Server and its dependencies are open. The list of ports can be found at the following link:
