Https can't open documents

stanos4 · 30 April 2024 04:05

Document Server version: 8.0.1. Build: 31
Type of installation of the Document Server: Docker inside Ubuntu 22.04.4 LXC on Proxmox 8.2.2 (see installation steps below)
OS: Ubuntu 22.04.4 LXC guest on Proxmox 8.2.2 host (6.8.4-2-pve kernel)
Browser version: Firefox 125
Additional information:

Hello all,
my first post. I’m trying to set up the secured https version for enabling the nextcloud connection.
Not much luck - everything seems to work (ds-example) over http - I can open & edit text/spreadsheet documents, close/reopen them. When I try to switch to https, I can open the welcome page (hosted on my local network), I can start the ds-example, but opening (example) documents won’t work. The most success is I get only ‘Download failed. Press “OK” to return to document list’ (see attached screenshot with some firefox messages)

I think yesterday I managed to get “a step further” - the error message would not appear, but neither would the document load, but I can’t reproduce that today anymore, with the installation/setup steps below.

Can anyone help please?

Installation steps, pretty much following the official docker installation (although some steps are not always clear there/one can find several similar guidelines (4 at least, but I can paste only 2 links as new user) with slightly differing details, such as keys/certificates naming)

https://helpcenter.onlyoffice.com/installation/docs-community-install-docker.aspx

steps for installing docker & onlyoffice image

apt update
apt upgrade
apt install ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc 
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
apt list --upgradable 
apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
vim.tiny /etc/default/docker     #uncomment & change line: DOCKER_OPTS="--dns 192.168.2.254"
systemctl restart docker.service
#docker run -i -t -d -p 80:80 --restart=always -e JWT_SECRET=kIjmBpeV9u onlyoffice/documentserver
docker run -i -t -d -p 80:80 -p 443:443 -e SSL_CERTIFICATE_PATH=/var/www/onlyoffice/Data/certs/onlyoffice.crt -e SSL_KEY_PATH=/var/www/onlyoffice/Data/certs/onlyoffice.key -e SSL_DHPARAM_PATH=/var/www/onlyoffice/Data/certs/dhparam.pem -e SSL_VERIFY_CLIENT=false -e JWT_SECRET=my_secret -e JWT_HEADER=custom_jwt_header -e USE_UNAUTHORIZED_STORAGE=true onlyoffice/documentserver

specifying the key/cert/dhparam location seems to do nothing & I need to manually copy/modify the nginx config (below)

inside docker

cd
mkdir .ssh
chmod 600 .ssh
cd .ssh
openssl genrsa -out onlyoffice.key 2048
openssl req -new -key onlyoffice.key -out onlyoffice.csr
openssl x509 -req -days 365 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt
openssl dhparam -out dhparam.pem 2048
mkdir -p /app/onlyoffice/DocumentServer/data/certs
cp onlyoffice.key /app/onlyoffice/DocumentServer/data/certs/
cp onlyoffice.crt /app/onlyoffice/DocumentServer/data/certs/
cp dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
chmod 600 /app/onlyoffice/DocumentServer/data/certs/*
chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
apt update
apt install vim-tiny
cp /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl /etc/onlyoffice/documentserver/nginx/ds.conf
vim.tiny /etc/onlyoffice/documentserver/nginx/ds.conf
    #changed lines:
    #  #ssl on;
    #  ssl_certificate /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt;
    #  ssl_certificate_key /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key;

vim.tiny /etc/onlyoffice/documentserver/default.json
    #change from true to false:
    #  "rejectUnauthorized": false
supervisorctl restart all
service nginx restart
supervisorctl start ds:example
vim.tiny /etc/onlyoffice/documentserver/local.json 
    #"header": "Authorization",  --> "header": "custom_jwt_header",

(error) logs:
cat /var/log/onlyoffice/documentserver/nginx.error.log

2024/04/30 03:10:26 [error] 7930#7930: *2 connect() failed (111: Unknown error) while connecting to upstream, client: 192.168.2.15, server: , request: "GET /example/ HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "192.168.2.142", referrer: "https://192.168.2.142/welcome/"
2024/04/30 03:10:26 [error] 7930#7930: *2 connect() failed (111: Unknown error) while connecting to upstream, client: 192.168.2.15, server: , request: "GET /example/ HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "192.168.2.142", referrer: "https://192.168.2.142/welcome/"
2024/04/30 03:11:00 [error] 7930#7930: *82 open() "/var/www/onlyoffice/documentserver/web-apps/vendor/socketio/socket.io.min.js.map" failed (2: No such file or directory), client: 192.168.2.15, server: , request: "GET /8.0.1-31/web-apps/vendor/socketio/socket.io.min.js.map HTTP/1.1", host: "192.168.2.142"
2024/04/30 03:21:04 [error] 8531#8531: *127 open() "/var/www/onlyoffice/documentserver/web-apps/vendor/socketio/socket.io.min.js.map" failed (2: No such file or directory), client: 192.168.2.15, server: , request: "GET /8.0.1-31/web-apps/vendor/socketio/socket.io.min.js.map HTTP/1.1", host: "192.168.2.142"

cat /var/log/onlyoffice/documentserver/docservice/out.log

[2024-04-30T03:01:45.609] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-04-30T03:01:45.612] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-04-30T03:01:45.954] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-04-30T03:02:15.213] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-04-30T03:02:15.216] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-04-30T03:02:15.414] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-04-30T03:04:10.267] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-04-30T03:04:10.274] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-04-30T03:04:10.471] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-04-30T03:08:07.381] [WARN] [localhost] [docId] [userId] nodeJS - start shutdown:%b true
[2024-04-30T03:08:07.382] [WARN] [localhost] [docId] [userId] nodeJS - active connections: 0
[2024-04-30T03:08:07.382] [WARN] [localhost] [docId] [userId] nodeJS - end shutdown
[2024-04-30T03:08:28.932] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-04-30T03:08:28.937] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-04-30T03:08:29.207] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-04-30T03:08:52.650] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-04-30T03:08:52.653] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-04-30T03:08:52.817] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-04-30T03:20:27.821] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-04-30T03:20:27.828] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-04-30T03:20:28.042] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31

cat /var/log/onlyoffice/documentserver/converter/out.log

[2024-04-30T03:20:27.315] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 8; availableParallelism: undefined
[2024-04-30T03:20:27.317] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-04-30T03:20:27.332] [WARN] [localhost] [docId] [userId] nodeJS - worker 8572 started.
[2024-04-30T03:20:27.336] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 8; availableParallelism: undefined
[2024-04-30T03:20:27.337] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-04-30T03:20:40.202] [ERROR] [localhost] [192.168.2.15new.docx1714446332385] [uid-1] nodeJS - error downloadFile:url=https://192.168.2.142/example/download?fileName=new.docx&useraddress=192.168.2.15;attempt=1;code:null;connect:null Error: Error response: statusCode:403; headers:{"server":"nginx","date":"Tue, 30 Apr 2024 03:20:40 GMT","content-type":"text/plain; charset=utf-8","content-length":"9","connection":"keep-alive","access-control-allow-origin":"*","etag":"W/\"9-PatfYBLj4Um1qTm5zrukoLhNyPU\""};
    at Request.fResponse (/snapshot/server/Common/sources/utils.js)
    at Request.emit (node:events:527:28)
    at Request.onRequestResponse (/snapshot/server/Common/node_modules/request/request.js:1066:10)
    at ClientRequest.emit (node:events:527:28)
    at HTTPParser.parserOnIncomingClient (node:_http_client:631:27)
    at HTTPParser.parserOnHeadersComplete (node:_http_common:128:17)
    at TLSSocket.socketOnData (node:_http_client:494:22)
    at TLSSocket.emit (node:events:527:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at TLSSocket.Readable.push (node:internal/streams/readable:228:10)
    at TLSWrap.onStreamRead (node:internal/stream_base_commons:190:23)

Nikolas · 3 May 2024 09:39

Hi @stanos4

According to the instructions on GitHub, using self-signed certificates should work.

SSL_VERIFY_CLIENT: Enable verification of client certificates using the CA_CERTIFICATES_PATH file. By default, it’s set to false.
SSL_CERTIFICATE_PATH, SSL_KEY_PATH, SSL_DHPARAM_PATH: By default, it’s set to /var/www/onlyoffice/Data/certs/…

Following the instructions on GitHub, you can start a container with the document server by binding the /app/onlyoffice/DocumentServer/data volume to the container’s /var/www/onlyoffice/Data directory. On the host machine, you should create a directory and place three certificates (tls.key, tls.crt, and dhparam.pem) there:

mkdir -p /app/onlyoffice/DocumentServer/data/certs

Then, run the Docker container:

docker run -i -t -d -p 443:443 -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -e USE_UNAUTHORIZED_STORAGE=true onlyoffice/documentser

USE_UNAUTHORIZED_STORAGE: Set to true if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to false

stanos4 · 15 May 2024 19:13

hi, sorry for late reply, I was out of town and got to try your suggestion only now. I’m not sure (yet) what was the problem, but now it’s working - even the integration with nextcloud is working. I used the default tls.* naming, and started the container with (almost) your command:

docker run -i -t -d -p 443:443 -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -e USE_UNAUTHORIZED_STORAGE=true onlyoffice/documentserver

Thanks!

Nikolas · 20 May 2024 09:17

Hi @stanos4
I’m really glad the problem got resolved