HTTPS not work with onlyofficedoc + Onlyoffice.plone + Plone 6

JIMYE · 18 April 2024 10:25

onlyoffice.plone 4.0.0 with Plone 6.0.10.1 + nginx reverse proxy.

onlyofficedoc installed the last version by docker, also tested install in ubuntu 22.04 by script (bash install-Debian.sh)

It’s work:
plone-ip:8080 → http://my-onlyofficedoc-server-ip

It’s also work with nginx http:
user → http:/ /myplonesite.com → ngnix → plone-ip:8080 → http:// my-onlyofficedoc-server-ip

Not work with https (just enable the ssl settings of ngnix config file):
user → https://myplonesite.com → ngnix → plone-ip:8080 → http://my-onlyofficedoc-server-ip
The error is: ONLYOFFICE cannot be reached

Not work with onlyoffice+enable https:
user → https://myplonesite.com → ngnix → plone-ip:8080 → https://my-onlyofficedoc-server.com

Not work with only onlyoffice+enable https:
user → plone-ip:8080 → https://my-onlyofficedoc-server.com

Nikolas · 22 April 2024 15:38

Hello, @JIMYE

Could you please provide the following information:

The version of ONLYOFFICE Docs.
How do you switch ONLYOFFICE Docs to HTTPS? Are you using our instructions? Running ONLYOFFICE Docs using HTTPS
What proxy configuration are you using?
Is your configuration based on our examples? ONLYOFFICE Docs proxy configuration examples

JIMYE · 23 April 2024 03:20

Thanks for your reply.

The version of ONLYOFFICE Docs is 8.0.1-31 installed on ubuntu by “bash install-Debian.sh”.
And also tested the docker version.
Switch to HTTPS by ONLYOFFICE Docs instructions: cp -f /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl /etc/onlyoffice/documentserver/nginx/ds.conf
And edit ds.conf to change ssl_certificate /etc/ssl/certs/mydomain.pem; ssl_certificate_key /etc/ssl/certs/mydomain.key;
I have tested two ngnix config:
One is taken from the official plone documentation:

add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header Content-Security-Policy-Report-Only "default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'";

server {
	 listen 443 default ssl;
	  ssl_certificate /etc/ssl/certs/my-plone6.com.crt;
	  ssl_certificate_key /etc/ssl/certs/my-plone6.com.key;
	  server_name my-plone6.com;

	       location / {
			 proxy_pass http://plone6-server-ip:8080/;
			 proxy_set_header Host $host;
			 proxy_set_header X-Real-IP $remote_addr;
			 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

			     }
	}

Another is use this document-server-proxy/nginx/proxy-https-to-http.conf at master · ONLYOFFICE/document-server-proxy · GitHub
I just replace the cert and backendserver-address to plone6-server-ip:8080

Both of above nginx configs are work fine with plone6, but all test failed for cannot be reached.

Even with out proxy, just plone-ip:8080 → https ://my-onlyofficedoc-server.com still get the ONLYOFFICE cannot be reached error.

JIMYE · 25 April 2024 05:20

Dear @Nikolas.

Do you have any further information on this issue? Looking forward to your prompt reply

Jim

Nikolas · 27 April 2024 11:03

Apologies for the long wait

Let’s start with ensuring the correctness of the document server setup with HTTPS.

Is the OnlyOffice Docs server accessible via your URL? https://my-onlyofficedoc-server.com
1.1. Have you completed steps 4 and 5 in the instructions?

When all the changes are made, you can start NGINX service again:
> sudo service nginx start
Port 443 must be opened for correct portal operation.

Execute the following script:
> sudo bash /usr/bin/documentserver-update-securelink.sh

JIMYE · 5 May 2024 03:28

Yes, The OnlyOffice Docs server is accessible via URL https ://my-onlyofficedoc-server.com

I have completed steps 4 and 5 in the [instructions].

I’ve tested everything I can think of.

Nikolas · 6 May 2024 14:46

@JIMYE

Is the example page working and the ability to create documents functioning properly?
Please share the document server logs.

/var/log/onlyoffice/documentserver/

JIMYE · 8 May 2024 06:49

Test example page is ok.

None error log , only some out.logs:

# docker exec bdfc52bd4576 cat /var/log/onlyoffice/documentserver/docservice/err.log
# docker exec bdfc52bd4576 cat /var/log/onlyoffice/documentserver/nginx.error.log
# docker exec bdfc52bd4576 cat /var/log/onlyoffice/documentserver/converter/err.log
# docker exec bdfc52bd4576 cat /var/log/onlyoffice/documentserver/metrics/err.log
# docker exec bdfc52bd4576 cat /var/log/onlyoffice/documentserver/docservice/out.log
[2024-05-07T09:59:03.274] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-05-07T09:59:03.276] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-05-07T09:59:03.682] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-05-07T09:59:46.483] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-05-07T09:59:46.485] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-05-07T09:59:46.627] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-05-07T09:59:49.115] [WARN] [localhost] [docId] [userId] nodeJS - start shutdown:%b true
[2024-05-07T09:59:49.115] [WARN] [localhost] [docId] [userId] nodeJS - active connections: 0
[2024-05-07T09:59:49.115] [WARN] [localhost] [docId] [userId] nodeJS - end shutdown
[2024-05-07T10:00:44.680] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-05-07T10:00:44.682] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-05-07T10:00:47.194] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-05-07T10:01:26.444] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-05-07T10:01:26.446] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-05-07T10:01:26.586] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-05-07T10:02:11.307] [WARN] [localhost] [docId] [userId] nodeJS - start shutdown:%b true
[2024-05-07T10:02:11.308] [WARN] [localhost] [docId] [userId] nodeJS - active connections: 0
[2024-05-07T10:02:11.308] [WARN] [localhost] [docId] [userId] nodeJS - end shutdown
[2024-05-08T01:59:31.883] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-05-08T01:59:31.886] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-05-08T01:59:34.497] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-05-08T02:00:13.414] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-05-08T02:00:13.416] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-05-08T02:00:13.562] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31

# docker exec bdfc52bd4576 cat /var/log/onlyoffice/documentserver/converter/out.log
[2024-05-07T09:59:02.948] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T09:59:02.950] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T09:59:02.956] [WARN] [localhost] [docId] [userId] nodeJS - worker 759 started.
[2024-05-07T09:59:02.959] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T09:59:02.959] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T09:59:48.033] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T09:59:48.034] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T09:59:48.041] [WARN] [localhost] [docId] [userId] nodeJS - worker 901 started.
[2024-05-07T09:59:48.042] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T09:59:48.042] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T10:00:44.255] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T10:00:44.256] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T10:00:44.262] [WARN] [localhost] [docId] [userId] nodeJS - worker 703 started.
[2024-05-07T10:00:44.264] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T10:00:44.264] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T10:01:27.995] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T10:01:27.997] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T10:01:28.002] [WARN] [localhost] [docId] [userId] nodeJS - worker 845 started.
[2024-05-07T10:01:28.003] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T10:01:28.003] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-08T01:59:31.564] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-08T01:59:31.565] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-08T01:59:31.572] [WARN] [localhost] [docId] [userId] nodeJS - worker 703 started.
[2024-05-08T01:59:31.573] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-08T01:59:31.574] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-08T02:00:14.969] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-08T02:00:14.970] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-08T02:00:14.976] [WARN] [localhost] [docId] [userId] nodeJS - worker 845 started.
[2024-05-08T02:00:14.978] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-08T02:00:14.978] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers

I just did another test:

Install docs-community by docker follow this link:
Installing ONLYOFFICE Docs for Docker on a local server - ONLYOFFICE

 docker run -i -t -d -p 80:80 --restart=always \
    -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
    -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
    -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
    -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql -e JWT_SECRET=my_jwt_secret onlyoffice/documentserver

Install nginx on ubuntu server 22.04.
Set up nginx for HTTPS and enable proxy by follow this link: Using ONLYOFFICE Docs behind the proxy - ONLYOFFICE

The nginx config

upstream docservice {
  server 10.x.x.x;
}

map $http_host $this_host {
    "" $host;
    default $http_host;
}

map $http_x_forwarded_proto $the_scheme {
     default $http_x_forwarded_proto;
     "" $scheme;
}

map $http_x_forwarded_host $the_host {
    default $http_x_forwarded_host;
    "" $this_host;
}

map $http_upgrade $proxy_connection {
  default upgrade;
  "" close;
}

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $the_host;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

server {
  listen 443 default ssl;
  server_name myonlyofficedomain.com;
  ssl_certificate /etc/ssl/certs/mydomain.pem;
  ssl_certificate_key /etc/ssl/certs/mydomain.key;
  ssl_verify_client off;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_prefer_server_ciphers   on
  location / {
    proxy_pass http://docservice;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

Now I can visit ONLYOFFICE Docs by https://myonlyofficedomain.com, test https://myonlyofficedomain.com/example/ is OK, create docx/xlsx files ok.

Go to plone to setup the ONLYOFFICE add-on:

only1016×717 36.5 KB

Oops~~~╮(╯▽╰)╭

Nikolas · 8 May 2024 11:38

@JIMYE
Does enabling the “Connect to demo ONLYOFFICE Document server” checkbox work correctly?

JIMYE · 9 May 2024 02:08

Not work for Error connecting to demo server (Error when trying to check ConvertService)

JIMYE · 9 May 2024 08:54

Hello, I installed another onlyoffice doc by deb package in ubuntu 22.04, also enabled the nginx ssl.

The exsample test OK:

Got a new error when setup plone:

After click save:

Full error log in plone6:

Exception Details
Back to Error Log
Time
May 09, 2024 03:42 AM
User Name
admin (admin)
Request URL
https://myplone6.com/test/@@onlyoffice-controlpanel
Exception Type
Invalid
Exception Value
Error when trying to check ConvertService
Traceback (innermost last):

Module ZPublisher.WSGIPublisher, line 181, in transaction_pubevents
Module ZPublisher.WSGIPublisher, line 391, in publish_module
Module ZPublisher.WSGIPublisher, line 285, in publish
Module ZPublisher.mapply, line 98, in mapply
Module ZPublisher.WSGIPublisher, line 68, in call_object
Module plone.z3cform.layout, line 61, in __call__
Module plone.z3cform.layout, line 45, in update
Module plone.z3cform.fieldsets.extensible, line 62, in update
Module plone.z3cform.patch, line 31, in GroupForm_update
Module z3c.form.group, line 145, in update
Module plone.app.z3cform.csrf, line 21, in execute
Module z3c.form.action, line 98, in execute
Module z3c.form.button, line 301, in __call__
Module z3c.form.button, line 159, in __call__
Module onlyoffice.plone.browser.controlpanel, line 223, in handleSave
Module onlyoffice.plone.browser.controlpanel, line 122, in settings_validation
Module onlyoffice.plone.browser.controlpanel, line 199, in check_doc_serv_convert_service
zope.interface.exceptions.Invalid: Error when trying to check ConvertService

Display traceback as text

REQUEST
form
form.widgets.docUrl	'https://onlyoffice.mydomain.com'
form.widgets.docUrlPublicValidation	['selected']
form.widgets.docUrlPublicValidation-empty-marker	'1'
form.widgets.demoEnabled-empty-marker	'1'
form.widgets.jwtSecret	'xY7xzCIq4tNzXugv9Yrrs9proCEkKUwh'
form.widgets.ploneUrl	''
form.widgets.docInnerUrl	''
form.buttons.save	'Save'
_authenticator	'5e01fb5eb1fcea09ebc75f268039d575718985aa'
cookies
ph_phc_t3lgBB66QsPW4HEfiGopO14um4XGNtBcefEKYWelWda_posthog	'{"distinct_id":"f10f8c1cd3a886700a270457e1f7cff2a86ea479c77dcf8397085b0b97d67287","$device_id":"18b1d8a0c0516-08d7439e13d036-57b1a33-1fa400-18b1d8a0c0659f","$user_state":"identified","$sesid":[1707294289230,"18d82aa2d39a6f-00aee64ff812f9-623b5e53-1fa400-18d82aa2d3a1110",1707294207289],"$groups":{"cluster":"3a664585-28bf-4f74-b989-030b7ba95446"},"$user_id":"f10f8c1cd3a886700a270457e1f7cff2a86ea479c77dcf8397085b0b97d67287","$session_recording_enabled_server_side":false,"$autocapture_disabled_server_side":true,"$active_feature_flags":[],"$enabled_feature_flags":{},"$feature_flag_payloads":{}}'
__ac	'NjE2NDZkNjk2ZTo2MTY0NmQ2OTZl'
lazy items
SESSION	<bound method SessionDataManager.getSessionData of <SessionDataManager at /session_data_manager>>
other
SERVER_URL	'https://myplone6.com'
URL	'https://myplone6.com/test/@@onlyoffice-controlpanel'
method	'POST'
TraversalRequestNameStack	[]
ACTUAL_URL	'https://myplone6.com/test/@@onlyoffice-controlpanel'
VirtualRootPhysicalPath	('',)
VIRTUAL_URL_PARTS	('https://myplone6.com', 'test/@@onlyoffice-controlpanel')
VIRTUAL_URL	'https://myplone6.com/test/@@onlyoffice-controlpanel'
LANGUAGE_TOOL	<plone.i18n.utility.LanguageBinding object at 0x7fe961e34cd0>
LANGUAGE	'en'
PUBLISHED	<Products.Five.browser.metaconfigure.OnlyofficeControlPanelView object at 0x7fe961e34df0>
AUTHENTICATED_USER	<PropertiedUser 'admin'>
AUTHENTICATION_PATH	''
disable_border	True
disable_plone.leftcolumn	True
disable_plone.rightcolumn	True
_plone_ec_cache	{140640346408512: <Products.PageTemplates.Expressions.ZopeContext object at 0x7fe961e37430>}
__catalog_cache__	<WeakKeyDictionary at 0x7fe9623b9570>
BASE1	'https://myplone6.com'
URL0	https://myplone6.com/test/@@onlyoffice-controlpanel
URL1	https://myplone6.com/test
URL2	https://myplone6.com
BASE0	https://myplone6.com
BASE1	https://myplone6.com
BASE2	https://myplone6.com/test
BASE3	https://myplone6.com/test/@@onlyoffice-controlpanel
environ
REMOTE_ADDR	'my.plone.ip.adress'
REMOTE_HOST	'my.plone.ip.adress'
REMOTE_PORT	'39702'
REQUEST_METHOD	'POST'
SERVER_PORT	'8080'
SERVER_NAME	'waitress.invalid'
SERVER_SOFTWARE	'waitress'
SERVER_PROTOCOL	'HTTP/1.1'
SCRIPT_NAME	''
PATH_INFO	'/VirtualHostBase/https/myplone6.com/VirtualHostRoot/test/@@onlyoffice-controlpanel'
REQUEST_URI	'/VirtualHostBase/https/myplone6.com/VirtualHostRoot/test/@@onlyoffice-controlpanel'
QUERY_STRING	''
wsgi.url_scheme	'http'
wsgi.version	(1, 0)
wsgi.errors	<_io.TextIOWrapper name='<stderr>' mode='w' encoding='utf-8'>
wsgi.multithread	True
wsgi.multiprocess	False
wsgi.run_once	False
wsgi.input	<_io.BytesIO object at 0x7fe961dd58f0>
wsgi.file_wrapper	<class 'waitress.buffers.ReadOnlyFileBasedBuffer'>
wsgi.input_terminated	True
HTTP_HOST	'plone.mydomain.com'
HTTP_X_REAL_IP	'my.pc.ip.address'
HTTP_X_FORWARDED_FOR	'my.pc.ip.address'
HTTP_X_FORWARDED_PROTO	'https'
HTTP_CONNECTION	'close'
CONTENT_LENGTH	'1186'
HTTP_CACHE_CONTROL	'max-age=0'
HTTP_SEC_CH_UA	'"Chromium";v="119", "Not?A_Brand";v="24"'
HTTP_SEC_CH_UA_MOBILE	'?0'
HTTP_SEC_CH_UA_PLATFORM	'"Windows"'
HTTP_UPGRADE_INSECURE_REQUESTS	'1'
HTTP_ORIGIN	'https://myplone6.com'
CONTENT_TYPE	'multipart/form-data; boundary=----WebKitFormBoundaryFizTmIs8AmAAXLo4'
HTTP_USER_AGENT	'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.160 Safari/537.36'
HTTP_ACCEPT	'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
HTTP_SEC_FETCH_SITE	'same-origin'
HTTP_SEC_FETCH_MODE	'navigate'
HTTP_SEC_FETCH_USER	'?1'
HTTP_SEC_FETCH_DEST	'document'
HTTP_REFERER	'https://myplone6.com/test/@@onlyoffice-controlpanel'
HTTP_ACCEPT_ENCODING	'gzip, deflate, br'
HTTP_COOKIE	'ph_phc_t3lgBB66QsPW4HEfiGopO14um4XGNtBcefEKYWelWda_posthog=%7B%22distinct_id%22%3A%22f10f8c1cd3a886700a270457e1f7cff2a86ea479c77dcf8397085b0b97d67287%22%2C%22%24device_id%22%3A%2218b1d8a0c0516-08d7439e13d036-57b1a33-1fa400-18b1d8a0c0659f%22%2C%22%24user_state%22%3A%22identified%22%2C%22%24sesid%22%3A%5B1707294289230%2C%2218d82aa2d39a6f-00aee64ff812f9-623b5e53-1fa400-18d82aa2d3a1110%22%2C1707294207289%5D%2C%22%24groups%22%3A%7B%22cluster%22%3A%223a664585-28bf-4f74-b989-030b7ba95446%22%7D%2C%22%24user_id%22%3A%22f10f8c1cd3a886700a270457e1f7cff2a86ea479c77dcf8397085b0b97d67287%22%2C%22%24session_recording_enabled_server_side%22%3Afalse%2C%22%24autocapture_disabled_server_side%22%3Atrue%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%2C%22%24feature_flag_payloads%22%3A%7B%7D%7D; I18N_LANGUAGE=zh_CN; __ac=NjE2NDZkNjk2ZTo2MTY0NmQ2OTZl'
waitress.client_disconnected	<bound method HTTPChannel.check_client_disconnected of <waitress.channel.HTTPChannel connected my.plone.ip.adress:39702 at 0x7fe962411120>>
Zope2.httpexceptions	<ZPublisher.httpexceptions.HTTPExceptionHandler object at 0x7fe972272770>
HTTP_X_THEME_ENABLED	True
plone.protect.safe_oids	[b'\x00\x00\x00\x00\x00\x01g\xdb', None]
_auth_token	'4a907242aa56ca2560c2ab7f107b6f3fd71385a2'

If visit plone by ip http://plone-ip:8080/test, theDocument Editing service setting can be saved successfully with the https url: https://onlyoffice.mydomain.com

But always report download failed：

Alexandre · 13 May 2024 11:55

Hello @JIMYE
If you don’t mind, I will step to this thread too.

If visit plone by ip http://plone-ip:8080/test, theDocument Editing service setting can be saved successfully with the https url: https://onlyoffice.mydomain.com

But always report download failed

Please reproduce the situation one more time and provide us with fresh Document server and Plone logs. Additionally, please confirm that you are using the connector app v.4.0.0 with Plone 6.0.10.1 in this test.

JIMYE · 14 May 2024 04:00

Version of Plone:

Version of onlyoffice connector:
onlyoffice-version

Plone full instance log from save the onlyoffice setup to create a new presentation.pptx
createppt

/backend/instance/var/log# cat instance.log
2024-05-14 11:14:03,303 WARNING [waitress.queue:114][MainThread] Task queue depth is 1
2024-05-14 11:14:08,165 INFO    [plone.protect:32][waitress-1] auto rotating keyring _forms
2024-05-14 11:14:08,165 INFO    [plone.protect:32][waitress-1] auto rotating keyring _forms
2024-05-14 11:14:08,165 INFO    [plone.protect:32][waitress-1] auto rotating keyring _anon
2024-05-14 11:14:08,165 INFO    [plone.protect:32][waitress-1] auto rotating keyring _anon
2024-05-14 11:14:08,165 INFO    [plone.protect:32][waitress-1] auto rotating keyring _forms
2024-05-14 11:14:08,165 INFO    [plone.protect:32][waitress-1] auto rotating keyring _forms
2024-05-14 11:14:08,166 INFO    [plone.protect:32][waitress-1] auto rotating keyring _anon
2024-05-14 11:14:08,166 INFO    [plone.protect:32][waitress-1] auto rotating keyring _anon
2024-05-14 11:18:49,850 ERROR   [onlyoffice:217][waitress-1] SAdfasdf
2024-05-14 11:19:05,747 INFO    [onlyoffice:138][waitress-3] getting config for http://10.83.64.67:8080/test/presentation.pptx
2024-05-14 11:19:06,917 INFO    [onlyoffice:55][waitress-0] got callback request for http://10.83.64.67:8080/test/presentation.pptx
2024-05-14 11:19:06,928 INFO    [onlyoffice:104][waitress-2] got download request for http://10.83.64.67:8080/test/presentation.pptx
2024-05-14 11:19:06,928 ERROR   [Zope.SiteErrorLog:36][waitress-2] Exception: http://10.83.64.67:8080/test/presentation.pptx/onlyoffice-dl/file
Traceback (innermost last):
  Module ZPublisher.WSGIPublisher, line 181, in transaction_pubevents
  Module ZPublisher.WSGIPublisher, line 391, in publish_module
  Module ZPublisher.WSGIPublisher, line 285, in publish
  Module ZPublisher.mapply, line 98, in mapply
  Module ZPublisher.WSGIPublisher, line 68, in call_object
  Module plone.namedfile.browser, line 97, in __call__
  Module onlyoffice.plone.browser.api, line 110, in _getFile
Exception: Expected JWT
2024-05-14 11:19:07,934 INFO    [onlyoffice:104][waitress-1] got download request for http://10.83.64.67:8080/test/presentation.pptx
2024-05-14 11:19:07,935 ERROR   [Zope.SiteErrorLog:36][waitress-1] Exception: http://10.83.64.67:8080/test/presentation.pptx/onlyoffice-dl/file
Traceback (innermost last):
  Module ZPublisher.WSGIPublisher, line 181, in transaction_pubevents
  Module ZPublisher.WSGIPublisher, line 391, in publish_module
  Module ZPublisher.WSGIPublisher, line 285, in publish
  Module ZPublisher.mapply, line 98, in mapply
  Module ZPublisher.WSGIPublisher, line 68, in call_object
  Module plone.namedfile.browser, line 97, in __call__
  Module onlyoffice.plone.browser.api, line 110, in _getFile
Exception: Expected JWT
2024-05-14 11:19:08,942 INFO    [onlyoffice:104][waitress-3] got download request for http://10.83.64.67:8080/test/presentation.pptx
2024-05-14 11:19:08,942 ERROR   [Zope.SiteErrorLog:36][waitress-3] Exception: http://10.83.64.67:8080/test/presentation.pptx/onlyoffice-dl/file
Traceback (innermost last):
  Module ZPublisher.WSGIPublisher, line 181, in transaction_pubevents
  Module ZPublisher.WSGIPublisher, line 391, in publish_module
  Module ZPublisher.WSGIPublisher, line 285, in publish
  Module ZPublisher.mapply, line 98, in mapply
  Module ZPublisher.WSGIPublisher, line 68, in call_object
  Module plone.namedfile.browser, line 97, in __call__
  Module onlyoffice.plone.browser.api, line 110, in _getFile
Exception: Expected JWT

In the meantime Onlyoffice Log (ignoring the difference in time/time zone Settings) ：

cat  /var/log/onlyoffice/documentserver/converter/out.log 
[2024-05-14T00:00:22.829] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-14T00:00:22.830] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-14T00:00:22.835] [WARN] [localhost] [docId] [userId] nodeJS - worker 474180 started.
[2024-05-14T00:00:22.836] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-14T00:00:22.837] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-14T03:19:06.826] [ERROR] [localhost] [cHJlc2VudGF0aW9uLnBwdHhfMjAyNC8wNS8xNCAxMToxOTo1LjYzODE0MyBVUy9DZW50cmFs] [admin] nodeJS - error downloadFile:url=http://10.83.64.67:8080/test/presentation.pptx/onlyoffice-dl/file?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJwcmVzZW50YXRpb24ucHB0eCJ9.XqEmteI0bFHfVmZOwu27IVsnfw2QgU3JM93k0ihmDpg;attempt=1;code:null;connect:null Error: Error response: statusCode:500; headers:{"content-length":"27","content-type":"application/json","date":"Tue, 14 May 2024 03:19:06 GMT","server":"waitress","via":"waitress","x-frame-options":"SAMEORIGIN","x-powered-by":"Zope (www.zope.dev), Python (www.python.org)"};
    at Request.fResponse (/snapshot/server/Common/sources/utils.js)
    at Request.emit (node:events:527:28)
    at Request.onRequestResponse (/snapshot/server/Common/node_modules/request/request.js:1066:10)
    at ClientRequest.emit (node:events:527:28)
    at HTTPParser.parserOnIncomingClient [as onIncoming] (node:_http_client:631:27)
    at HTTPParser.parserOnHeadersComplete (node:_http_common:128:17)
    at Socket.socketOnData (node:_http_client:494:22)
    at Socket.emit (node:events:527:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at Socket.Readable.push (node:internal/streams/readable:228:10)
    at TCP.onStreamRead (node:internal/stream_base_commons:190:23)
[2024-05-14T03:19:07.832] [ERROR] [localhost] [cHJlc2VudGF0aW9uLnBwdHhfMjAyNC8wNS8xNCAxMToxOTo1LjYzODE0MyBVUy9DZW50cmFs] [admin] nodeJS - error downloadFile:url=http://10.83.64.67:8080/test/presentation.pptx/onlyoffice-dl/file?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJwcmVzZW50YXRpb24ucHB0eCJ9.XqEmteI0bFHfVmZOwu27IVsnfw2QgU3JM93k0ihmDpg;attempt=2;code:null;connect:null Error: Error response: statusCode:500; headers:{"content-length":"27","content-type":"application/json","date":"Tue, 14 May 2024 03:19:07 GMT","server":"waitress","via":"waitress","x-frame-options":"SAMEORIGIN","x-powered-by":"Zope (www.zope.dev), Python (www.python.org)"};
    at Request.fResponse (/snapshot/server/Common/sources/utils.js)
    at Request.emit (node:events:527:28)
    at Request.onRequestResponse (/snapshot/server/Common/node_modules/request/request.js:1066:10)
    at ClientRequest.emit (node:events:527:28)
    at HTTPParser.parserOnIncomingClient [as onIncoming] (node:_http_client:631:27)
    at HTTPParser.parserOnHeadersComplete (node:_http_common:128:17)
    at Socket.socketOnData (node:_http_client:494:22)
    at Socket.emit (node:events:527:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at Socket.Readable.push (node:internal/streams/readable:228:10)
    at TCP.onStreamRead (node:internal/stream_base_commons:190:23)
[2024-05-14T03:19:08.840] [ERROR] [localhost] [cHJlc2VudGF0aW9uLnBwdHhfMjAyNC8wNS8xNCAxMToxOTo1LjYzODE0MyBVUy9DZW50cmFs] [admin] nodeJS - error downloadFile:url=http://10.83.64.67:8080/test/presentation.pptx/onlyoffice-dl/file?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJwcmVzZW50YXRpb24ucHB0eCJ9.XqEmteI0bFHfVmZOwu27IVsnfw2QgU3JM93k0ihmDpg;attempt=3;code:null;connect:null Error: Error response: statusCode:500; headers:{"content-length":"27","content-type":"application/json","date":"Tue, 14 May 2024 03:19:08 GMT","server":"waitress","via":"waitress","x-frame-options":"SAMEORIGIN","x-powered-by":"Zope (www.zope.dev), Python (www.python.org)"};
    at Request.fResponse (/snapshot/server/Common/sources/utils.js)
    at Request.emit (node:events:527:28)
    at Request.onRequestResponse (/snapshot/server/Common/node_modules/request/request.js:1066:10)
    at ClientRequest.emit (node:events:527:28)
    at HTTPParser.parserOnIncomingClient (node:_http_client:631:27)
    at HTTPParser.parserOnHeadersComplete (node:_http_common:128:17)
    at Socket.socketOnData (node:_http_client:494:22)
    at Socket.emit (node:events:527:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at Socket.Readable.push (node:internal/streams/readable:228:10)
    at TCP.onStreamRead (node:internal/stream_base_commons:190:23)

No other new logs.

Alexandre · 16 May 2024 10:35

Hello @JIMYE

…
Exception: Expected JWT
…

Could you please double check that JWT matches on both side?
Also, please run a test and disable JWT on both sides. Will the issue occur?

JIMYE · 17 May 2024 05:58

This is /etc/onlyoffice/documentserver/local.json

{
  "services": {
    "CoAuthoring": {
      "sql": {
        "type": "postgres",
        "dbHost": "localhost",
        "dbPort": "5432",
        "dbName": "onlyoffice",
        "dbUser": "onlyoffice",
        "dbPass": "onlyoffice"
      },
      "token": {
        "enable": {
          "request": {
            "inbox": true,
            "outbox": true
          },
          "browser": true
        },
        "inbox": {
          "header": "AuthorizationJwt"
        },
        "outbox": {
          "header": "AuthorizationJwt"
        }
      },
      "secret": {
        "inbox": {
          "string": "xY7xzCIq4tNzXugv9Yrrs9proCEkKUwh"
        },
        "outbox": {
          "string": "xY7xzCIq4tNzXugv9Yrrs9proCEkKUwh"
        },
        "session": {
          "string": "xY7xzCIq4tNzXugv9Yrrs9proCEkKUwh"
        }
      }
    }
  },
  "rabbitmq": {
    "url": "amqp://guest:guest@localhost"
  },
  "storage": {
    "fs": {
      "secretString": "BS5sXr2AnJVCHb6J7J5D"
    }
  }
}

Set the same key in plone:
onlykey

Get an Authorization error if I enter the wrong key:
onlykey2

By the way, how to disable JWT on onlyoffice? I edited local.json and only changed these from true to false.

      "token": {
        "enable": {
          "request": {
            "inbox": false,
            "outbox": false
          },
          "browser": false

Then restart the onlyoffice server and the exsample tests failed.

I’m also tried install by: docker run -i -t -d -p 80:80 --restart=always -e JWT_ENABLED=false onlyoffice/documentserver, and get the same Download failed error.