Documentation for local.json doesn't match the generated local.json

I’m trying to get ONLYOFFICE Documentserver installed using the Debian package working with Nextcloud and I’m currently failing and while trying to debug this issue I have noticed that the documentation has this example local.json:

{
    "services": {
        "CoAuthoring": {
            "secret": {
                "browser": {
                    "string": "secret"
                },
                "inbox": {
                    "string": "secret"
                },
                "outbox": {
                    "string": "secret"
                },
            },
            "token": {
                "enable": {
                    "browser": true,
                    "request": {
                        "inbox": true,
                        "outbox": true
                    }
                }
            }
        }
    }
}

Which is invalid, if the syntax error is fixed the result is:

{
  "services": {
    "CoAuthoring": {
      "secret": {
        "browser": {
          "string": "secret"
        },
        "inbox": {
          "string": "secret"
        },
        "outbox": {
          "string": "secret"
        }
      },
      "token": {
        "enable": {
          "browser": true,
          "request": {
            "inbox": true,
            "outbox": true
          }
        }
      }
    }
  }
}

This doesn’t match what I have at /etc/onlyoffice/documentserver/local.json (omitting the PostgreSQL and RabbitMQ setings):

{
  "services": {
    "CoAuthoring": {
      "token": {
        "enable": {
          "request": {
            "inbox": true,
            "outbox": true
          },
          "browser": true
        },
        "inbox": {
          "header": "Authorization"
        },
        "outbox": {
          "header": "Authorization"
        }
      },
      "secret": {
        "inbox": {
          "string": "secret"
        },
        "outbox": {
          "string": "secret"
        },
        "session": {
          "string": "secret"
        }
      }
    }
  },
  "storage": {
    "fs": {
      "secretString": "storage_secret"
    }
  }
}

The differences are:

  1. The documentation has browser and I have session — is this a mistake in the documentation or the local.json I have or is not simply something that doesn’t matter?
  2. The documentation doesn’t have the header, should I assume this was omitted for brevity and having it is not an issue?

Incidently the same page also references supervisorctl restart all — this should be updated due to the update to use systemd?

Following the suggestion here I ran documentserver-update-securelink.sh with the “secret” as the only argument and this resulted in the local.json being updated as follows (again I have omitted the RabbitMQ, PostgreSQL and storage sections):

{
  "services": {
    "CoAuthoring": {
      "secret": {
        "browser": {
          "header": "Authorization",
          "string": "secret"
        },
        "inbox": {
          "header": "Authorization",
          "string": "secret"
        },
        "outbox": {
          "header": "Authorization",
          "string": "secret"
        }
      },
      "token": {
        "enable": {
          "browser": true,
          "request": {
            "inbox": true,
            "outbox": true
          }
        }
      }
    }
  }
}

Personally I find JSON hard to read, so converting it into YAML, these are the updated setting that fixed the 403 Forbidden error:

services:
  CoAuthoring:
    secret:
      browser:
        header: Authorization
        string: secret
      inbox:
        header: Authorization
        string: secret
      outbox:
        header: Authorization
        string: secret
    token:
      enable:
        browser: true
        request:
          inbox: true
          outbox: true

And this is what I had prior:

services:
  CoAuthoring:
    token:
      enable:
        request:
          inbox: true
          outbox: true
        browser: true
      inbox:
        header: Authorization
      outbox:
        header: Authorization
    secret:
      inbox:
        string: secret
      outbox:
        string: secret
      session:
        string: secret

The above, plus using the “storage_secret” from /etc/onlyoffice/documentserver/local.json:

} 
  "storage": {
    "fs": {
      "secretString": "storage_secret"
    }
  }
}

As the value for the $secure_link_secret in the /etc/onlyoffice/documentserver/nginx/ds.conf file:

  set $secure_link_secret "storage_secret";

Has fixed the connection between Nextcloud and ONLYOFFICE for me.

Hello, @chris

1. Extra comma in Sample local.json configuration
2. The documentation has `browser` and I have `session` — is this a mistake in the documentation or the `local.json` I have or is not simply something that doesn’t matter?
3. Incidently the same page also references **supervisorctl restart all** — this should be updated due to the update to use **systemd**?

services.CoAuthoring.secret.browser.string - is no longer relevant .
Now → services.CoAuthoring.secret.session.string.

I have transmitted information on these inaccuracies
(outdated information).

4. The documentation doesn’t have the `header`, should I assume this was omitted for brevity and having it is not an issue?

I didn’t quite understand what you meant.

1 Like

Thanks @Nikolas, sorry for the confusion, the example local.json here doesn’t contain:

{
"header": "Authorization"
}

And the /usr/bin/documentserver-jwt-status.sh script contains:

                JWT_HEADER=$($JSON "services.CoAuthoring.token.inbox.header")

Would it be possible to provide an example local.json the also includes the header field?

Although ONLYOFFICE / Nextcloud intergration appear to be working when I run documentserver-jwt-status.sh I get:

Your JWT settings:
JWT enabled -  true
JWT secret  -  tWFyIXJshYr2fM6cFB9w7jajelOWyWf
JWT header  - 

So it appears I don’t have the HTTP authorization header properly configured?

{
  "services": {
    "CoAuthoring": {
      "sql": {
        "type": "postgres",
        "dbHost": "localhost",
        "dbPort": "5432",
        "dbName": "onlyoffice",
        "dbUser": "onlyoffice",
        "dbPass": "onlyoffice"
      },
      "token": {
        "enable": {
          "request": {
            "inbox": true,
            "outbox": true
          },
          "browser": true
        },
        "inbox": {
          "header": "AuthorizationJwt"
        },
        "outbox": {
          "header": "AuthorizationJwt"
        }
      },
      "secret": {
        "inbox": {
          "string": "string"
        },
        "outbox": {
          "string": "string"
        },
        "session": {
          "string": "string"
        }
      }
    }
  },
  "rabbitmq": {
    "url": "amqp://guest:guest@localhost"
  },
  "storage": {
    "fs": {
      "secretString": "secret-secret"
    }
  }
}

this is an example

1 Like

Thanks very much ! It is worked for me !

1 Like