ONLYOFFICE Docs v7.3 released: enhanced forms, SmartArt, new security settings, Watch Window, and more
ONLYOFFICE Docs v7.3 released

Can't use onlyoffice after migrating NC to new server (error nodeJS - error downloadFile)

Do you want to: Ask a how-to question

Document Server version: latest patch of 7.2
Connector version: latest
DMS (platform) version: latest patch of 24
OS: CentOS 8 Stream, fully patched
Browser version: latest Chrome

So, I have a CentOS 8 Stream server with a rootless podman installation of NC and OO. If it’s important, the installation was migrated from a different server that was (almost) the same in configuration (same os, podman, NC, OO,…). Everything was working fine on the old server.

On the new server I thought it was going to be easy peasy. Migrated everything (db, storage, webroot of NC) and NC opens up nicely with all the apps, themes, configuration, files…everything.

Except for the OO.

So, my frontend is an nginx container that does ssl termination and just forwards everything to the NC nginx container :

server {
    listen 443      ssl http2;
    server_name nextcloud.example.com;

    ssl_certificate /etc/letsencrypt/nextcloud.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/nextcloud.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/nextcloud.example.com/chain.pem;

    location / {
      proxy_pass http://192.168.124.20:10000;
    }
}

10000 is the port of NC’s nginx web server (with all the complex configuration) from here (removed the certs and changed the ports, proxy endpoints…).

I also have a OO container :

  onlyoffice:
    image: onlyoffice/documentserver:7.2
    container_name: nextcloud_onlyoffice
    hostname: nextcloud_onlyoffice
    restart: unless-stopped
    volumes:
      - volume_docs:/var/www/onlyoffice/Data
    environment:
      JWT_ENABLED: true
      JWT_SECRET: aaabbbcccSecretaaabbbccc
      JWT_HEADER: "AuthorizationJwt"
      USE_UNAUTHORIZED_STORAGE: true
      JWT_IN_BODY: 'true'

In config.php I also have :

  array (
    'verify_peer_off' => true,
    'jwt_header' => "AuthorizationJwt"
  ),

Settings are as is and from each pods I can ping both ways by the DNS name.

But, when I do ‘Save’ I get :

Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted.) (version 7.2.1.34)

and in the logs I get :

[
    2022 - 12 - 05T20: 32: 42.560
][ERROR
][localhost
][conv_check_1059346562_docx
][userId
] nodeJS - error downloadFile: url = "http://nextcloud_nginx/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.2-rBqngr8IBSqjb8JgP4tGf40bVtlJy0YcfP9iinLG8"; attempt = 3; code: undefined; connect:undefined Error: Error response: statusCode: 403; headers: {
    "server": "nginx/1.21.6",
    "date": "Mon, 05 Dec 2022 20:32:42 GMT",
    "content-type": "application/json; charset=utf-8",
    "content-length": "27",
    "connection": "keep-alive",
    "expires": "Thu, 19 Nov 1981 08:52:00 GMT",
    "pragma": "no-cache",
    "set-cookie": [
        "oc_sessionPassphrase=UGbfp4l1lnk6ws90qcFBDTOr6Tw2%2FMufaq92XZeOUdaKO3PZ4kwjttMCqTDWpE7YsL8rSNacHujbd83G07E005SdqGYskH5f5PbVvslIWWelxU6q8c0agI0QwNTE70Cr; path=/; secure; HttpOnly; SameSite=Lax",
        "octry5ihd3s1=ffc6de588fe08397905402d8e5d981db; path=/; secure; HttpOnly; SameSite=Lax",
        "__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax",
        "__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict"
    ],
    "cache-control": "no-cache, no-store, must-revalidate",
    "x-request-id": "u4PRzxxrIBwvD9VdRz70",
    "content-security-policy": "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'",
    "feature-policy": "autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'",
    "x-robots-tag": "none, none",
    "referrer-policy": "no-referrer",
    "x-content-type-options": "nosniff",
    "x-download-options": "noopen",
    "x-frame-options": "SAMEORIGIN",
    "x-permitted-cross-domain-policies": "none",
    "x-xss-protection": "1; mode=block"
};
at Request.fResponse(/snapshot/server / build / server / Common / sources / utils.js)
at Request.emit(events.js: 400: 28)
at Request.onRequestResponse(/snapshot/server / build / server / Common / node_modules / request / request.js: 1059: 10)
at ClientRequest.emit(events.js: 400: 28)
at HTTPParser.parserOnIncomingClient(_http_client.js: 647: 27)
at HTTPParser.parserOnHeadersComplete(_http_common.js: 127: 17)
at Socket.socketOnData(_http_client.js: 515: 22)
at Socket.emit(events.js: 400: 28)
at addChunk(internal / streams / readable.js: 293: 12)
at readableAddChunk(internal / streams / readable.js: 267: 9)
at Socket.Readable.push(internal / streams / readable.js: 206: 10)
at TCP.onStreamRead(internal / stream_base_commons.js: 188: 23)

When I do ‘curl’ for the file above, I also get 403.

Sort of interesting :
When I open https://nextcloud.example.com/ds-vpath/ I get the OO test webpage. I can create a document, but when I try to open the file for editing, it’s only blank.

What else should I check?

Hello @Klemenn

Please execute next command in the Document Server container bash documentserver-update-securelink.sh then try connecting.
If problem persists ever after please share log files of Document Server located in /var/log/onlyoffice/documentserver inside the container and logs of Nextcloud so we can check out the situation.

Waiting your feedback.

Hi,

your solution made no difference but bash autocomplete showed me that there is another script that does :


documentserver-jwt-status.sh
Your JWT settings:
JWT enabled -  false

This surprised me because in docker-compose I have :


version: "3.9"
services:
  onlyoffice:
    image: onlyoffice/documentserver:7.2
    container_name: nextcloud_onlyoffice
    hostname: nextcloud_onlyoffice
    restart: unless-stopped
    volumes:
      - volume_docs:/var/www/onlyoffice/Data
    environment:
      JWT_ENABLED: true
      JWT_SECRET: aaabbbccc111222333
      JWT_HEADER: "AuthorizationJwt"
      USE_UNAUTHORIZED_STORAGE: true
      JWT_IN_BODY: 'true'

and in the container I can clearly see that those env vars are properly set :

JWT_ENABLED=True
JWT_HEADER=AuthorizationJwt
JWT_IN_BODY=true
JWT_SECRET=BGhm6c6kn8H2BwB2IrNE
USE_UNAUTHORIZED_STORAGE=True

If I manually set variables in ‘/etc/onlyoffice/documentserver/default.json’ and do supervisor restart - it makes no difference.

When I modify ‘/etc/onlyoffice/documentserver/local.json’ and do supervisor restart then I get :

documentserver-jwt-status.sh
Your JWT settings:
JWT enabled -  true
JWT secret  -  aaabbbccc111222333
JWT header  -  AuthorizationJwt

What am I doing wrong and why is my env var not enabling jwt?

I was following this instructions.

In the version 7.2.1 JWT token is enabled by default.
Probably it didn’t modify the values because of wrong syntax. It should look like that:

      - JWT_ENABLED=true
      - JWT_SECRET=<your_secret>
      - JWT_HEADER=<your_header>
      - JWT_IN_BODY=true

As for the configs, there is specific order of them when loading Document Server:
default.json > production-linux.json > local.json
That’s why your changes were applied after modifying local.json. Basically, all changes are rewritten in that order.
Did configuring JWT credentials manually solved your problem? If not please share with us logs of Document Server and Nextcloud.

Don’t really know what to make of it. Removed the image, restarted, it works.

Just using this:

    environment:
      JWT_ENABLED: "true"
      JWT_SECRET: "aaabbbccc123123123"

Don’t really know anymore what to make out of this. Now it (again) doesn’t work.

This is the only error :

10.89.0.7 -  07/Dec/2022:22:03:28 +0000 "GET /index.php" 400
10.89.0.2 - - [07/Dec/2022:22:03:28 +0000] "GET /apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.o4z-FCf-pviq-uipnFXT68h-TixRpYewm8P3LY3uIfw HTTP/1.1" 400 7075 "-" "Node.js/6.13" "-"
[2022-12-07T22:03:28.580] [ERROR] [localhost] [conv_check_17485164_docx] [userId] nodeJS - error downloadFile:url=http://nextcloud_nginx/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.o4z-FCf-pviq-uipnFXT68h-TixRpYewm8P3LY3uIfw;attempt=1;code:undefined;connect:undefined Error: Error response: statusCode:400; headers:{"server":"nginx/1.23.2","date":"Wed, 07 Dec 2022 22:03:28 GMT","content-type":"text/html; charset=UTF-8","transfer-encoding":"chunked","connection":"keep-alive","expires":"Thu, 19 Nov 1981 08:52:00 GMT","cache-control":"no-store, no-cache, must-revalidate","pragma":"no-cache","set-cookie":["oc_sessionPassphrase=2EjjBITuiW613kkpNL7EDhOmAkk7I%2BzlwjzYdaeSvukkmEhzhKiSIDpkblz%2BZCdmLG23awdjO6zY9CraE3F%2FlIru1b1j0OY7XHj05S39DliIvuD9Z8aYvF%2FoZZfjkp4A; path=/; secure; HttpOnly; SameSite=Lax","octry5ihd3s1=de1a086532dad14937c58552592e0e28; path=/; secure; HttpOnly; SameSite=Lax","__Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax","__Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict"],"content-security-policy":"default-src 'self'; script-src 'self' 'nonce-WHNQeTR1K01HbWRIS2RPbndjNzhWYXFqei9QcTA5MnhpTjVnMENXK0FQaz06SnJtMG9ZSHZmVGRvUnVDUnN1V1pNY1BadThUZG9xV0k4cWNuZ0hmWE5iVT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';","referrer-policy":"no-referrer","x-content-type-options":"nosniff","x-download-options":"noopen","x-frame-options":"SAMEORIGIN","x-permitted-cross-domain-policies":"none","x-robots-tag":"none","x-xss-protection":"1; mode=block"};
    at Request.fResponse (/snapshot/server/build/server/Common/sources/utils.js)
    at Request.emit (events.js:400:28)
    at Request.onRequestResponse (/snapshot/server/build/server/Common/node_modules/request/request.js:1059:10)
    at ClientRequest.emit (events.js:400:28)
    at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:647:27)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:127:17)
    at Socket.socketOnData (_http_client.js:515:22)
    at Socket.emit (events.js:400:28)
    at addChunk (internal/streams/readable.js:293:12)
    at readableAddChunk (internal/streams/readable.js:267:9)
    at Socket.Readable.push (internal/streams/readable.js:206:10)
    at TCP.onStreamRead (internal/stream_base_commons.js:188:23)

Huh, it seems that the problem was in config.php - I had two ‘2’-s in allowed domain list :]

Now it works - nc24 and oo7.2, but I get this error when I try to open a file :

==> /var/log/onlyoffice/documentserver/docservice/out.log <==
[2022-12-07T23:07:53.387] [ERROR] [localhost] [3020840916] [octry5ihd3s1_kkobetic1] nodeJS - changesError: Error: Uncaught TypeError: Cannot read properties of null (reading 'zsj') Script: https://nextcloud.example.com/ds-vpath/7.2.1-34/sdkjs/cell/sdk-all-min.js Line: 1527:320 userAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 platform: Linux x86_64 isLoadFullApi: true isDocumentLoadComplete: false StackTrace: TypeError: Cannot read properties of null (reading 'zsj')
    at Sb.w$g (https://nextcloud.example.com/ds-vpath/7.2.1-34/sdkjs/cell/sdk-all-min.js:1527:320)
    at i.onDocumentContentReady (https://nextcloud.example.com/ds-vpath/7.2.1-34/web-apps/apps/spreadsheeteditor/main/app.js:8:2367962)
    at i.onLongActionEnd (https://nextcloud.example.com/ds-vpath/7.2.1-34/web-apps/apps/spreadsheeteditor/main/app.js:8:2363052)
    at D (https://nextcloud.example.com/ds-vpath/7.2.1-34/web-apps/apps/spreadsheeteditor/main/app.js:8:7870)
    at z.<anonymous> (https://nextcloud.example.com/ds-vpath/7.2.1-34/web-apps/apps/spreadsheeteditor/main/app.js:8:8074)
    at z.<anonymous> (https://nextcloud.example.com/ds-vpath/7.2.1-34/web-apps/apps/spreadsheeteditor/main/app.js:8:1249)
    at z.trigger (https://nextcloud.example.com/ds-vpath/7.2.1-34/sdkjs/cell/sdk-all-min.js:1160:262)
    at Sb.ee (https://nextcloud.example.com/ds-vpath/7.2.1-34/sdkjs/cell/sdk-all-min.js:1427:462)
    at Sb.iw (https://nextcloud.example.com/ds-vpath/7.2.1-34/sdkjs/cell/sdk-all-min.js:1256:78)
    at https://nextcloud.example.com/ds-vpath/7.2.1-34/sdkjs/cell/sdk-all-min.js:1265:480

Developer tools say it cant download

1. Request URL:

http://nextcloud.sos-sw.si/ds-vpath/cache/files/data/3020840916/Editor.bin/Editor.bin?md5=y1JC1-OQjQ1M7ZXBfCEQHQ&expires=1673073228&filename=Editor.bin

due to mixed content rule.

Please close Advanced server settings in the connector, hit the ‘Save’ button, preproduce the issue and share a log archive with me (via PM if sensitive data can be found).
Also attach next configs and screenshots to the archive:

  • /etc/onlyoffice/documentserver/local.json
  • /etc/onlyoffice/documentserver/nginx/ds.conf
  • /etc/onlyoffice/documentserver/nginx/includes/ds-docservice.conf
  • /etc/nginx/conf.d/default.conf
  • screenshots of browser’s console Network and Console tabs.

To do these screenshots please follow this scenario:

  1. open any document in the editor to reproduce the issue;
  2. open browser’s console (F12 in Chrome/Firefox/Edge);
  3. reload the page;
  4. make screenshots of Network and Console tabs of browser’s console.

I see from your log entries that these errors are occurring for specific 3020840916 file. Is it so or it happens to all files?

Hi,

thank you for your support.

I have found the issue - missing the host header(-s) in external web server. It’s working now.