Cloud Computing Insider Awards 2022: Vote for ONLYOFFICE
Vote for ONLYOFFICE

How to secure OO when used with nextcloud so that not everyone can use it?

first of all, that’s my setup:
nextcloud and OO running in docker with a docker-compose.yml that looks something like this (removed the not important parts):

version: '3'

volumes:
  nextcloud:
  db:

services:
  db:
    image: mariadb
    [...]

  app:
    image: nextcloud
    links:
      - db
    volumes:
      - [...]
    networks:
      default:
      proxy_net:

  documentserver:
    image: onlyoffice/documentserver
    volumes:
      - [...]
    networks:
      default:
      proxy_net:

networks:
  proxy_net:
    external: true
  default:

both of them run behind an nginx proxy. NC is reachable as cloud.domain.com and OO as office.domain.com

Now to my question: If I’m not mistaken, everone can now use my documentserver with their Nextcloud, right? If so, how can i prevent this? Of course I could just block access to OO from the Internet, but that means, that I can’t use it from outside my network myself

Infos:

  • OO Version 7.1.1.23
  • Intergration App Version 7.3.4
  • Nextcloud Version 24.0.1

Hi, please enable jwt settings to prevent unwanted access to your Document Server.
Here’s instructions how to enable jwt in Document Server:
https://api.onlyoffice.com/editors/signature/
You need to take the value from

"inbox": {
  "string": "secret"
                },
"outbox": {
  "string": "secret"
                }

And insert it into the secret key field of the connector settings.

1 Like

For anyone with the same problem, you can switch on jwt by setting the variables

    environment:
      - JWT_ENABLED=true
      - JWT_SECRET=<some_password>
1 Like