How to pass JWT_SECRET to the nextcloud app from the environment?

mortee · 23 March 2022 20:09

I’m running both Nextcloud and Onlyoffice in docker, and in the latter, I can pass JWT_SECRET as an environment variable.

Can I possibly do the same on the NC side? Or, having it read up from a file would be even better.

Alexandre · 24 March 2022 13:55

Hello @mortee
Sorry, we didn’t test such scenario. And I’m not sure that this scenario is possible, because we do not build Nextcloud containers. Probably, it’s better for you to contact Nextcloud team and discuss about this feature with them.
As for the situation in general, there are only 2 ways to add jwt_secret on Nextcloud side: the connector page and config.php file.

mortee · 24 March 2022 14:12

Okay, I was looking for ways to specify the secret in config.php, but I didn’t find where to put it.

Alexandre · 24 March 2022 14:28

You should add these lines to config.php:

'onlyoffice' =>
  array (
    'jwt_secret' => 'your_secret',
    'jwt_header' => 'your_header'
)

mortee · 24 March 2022 14:32

Thank you. Is this documented somewhere? I would much rather look there than ask around here.

What I’m not sure about whether it would work if I only specify the secret here; and if the header is arbitrary and up to me, or it must match something?

Alexandre · 24 March 2022 15:05

These parameters must match your local.json config file on the Document server side.
Earlier connector app version didn’t have jwt settings, so it was the only way for integration (via config.php). But now it’s more simpler to use connector app page to set jwt_secret.
As for documentation, I’m not sure that these lines are described somewhere at the moment, since it’s easier to use connector app page. But you can notice the same structure for self-signed certificate validation here:

'onlyoffice' => array (
    'verify_peer_off' => true
)

ONLYOFFICE Api Documentation - Nextcloud ONLYOFFICE integration app

mortee · 25 March 2022 11:49

This doesn’t seem to work.

$ cat /storage/nextcloud/config/config.php                                                                  <?php
$CONFIG = array (
  ...
  'onlyoffice' =>
  array (
    'jwt_secret' => 'MYSECRETSECRET'
  )
);

$ docker exec -ti -u www-data $(docker ps -q -f name=nextcloud_app) php occ config:list onlyoffice
{
    "apps": {
        "onlyoffice": {
            ...
            "enabled": "yes",
            "installed_version": "7.3.2",
            "jwt_secret": "",
            ...
        }
    }
}

Alexandre · 25 March 2022 13:04

Let’s try to add comma symbol, so it looks like:

'onlyoffice' =>

array (

'jwt_secret' => 'mysecret',

),

One more thing. Did you try to open any file for editing after changes had been made?

mortee · 25 March 2022 16:23

Weird, but apparently it works indeed with the added comma. And yes, I can open libreoffice files now in the browser.

Thanks for the help.