HTTPS not work with onlyofficedoc + Onlyoffice.plone + Plone 6

onlyoffice.plone 4.0.0 with Plone 6.0.10.1 + nginx reverse proxy.

onlyofficedoc installed the last version by docker, also tested install in ubuntu 22.04 by script (bash install-Debian.sh)

It’s work:
plone-ip:8080 → http://my-onlyofficedoc-server-ip

It’s also work with nginx http:
user → http:/ /myplonesite.com → ngnix → plone-ip:8080 → http:// my-onlyofficedoc-server-ip

Not work with https (just enable the ssl settings of ngnix config file):
user → https://myplonesite.com → ngnix → plone-ip:8080 → http://my-onlyofficedoc-server-ip
The error is: ONLYOFFICE cannot be reached

Not work with onlyoffice+enable https:
user → https://myplonesite.com → ngnix → plone-ip:8080 → https://my-onlyofficedoc-server.com

Not work with only onlyoffice+enable https:
user → plone-ip:8080 → https://my-onlyofficedoc-server.com

plone-oo1321×492 29.5 KB

Hello, @JIMYE

Could you please provide the following information:

1. The version of ONLYOFFICE Docs.
2. How do you switch ONLYOFFICE Docs to HTTPS? Are you using our instructions? Running ONLYOFFICE Docs using HTTPS
3. What proxy configuration are you using?
   Is your configuration based on our examples? ONLYOFFICE Docs proxy configuration examples

Thanks for your reply.

1. The version of ONLYOFFICE Docs is 8.0.1-31 installed on ubuntu by “bash install-Debian.sh”.
   And also tested the docker version.

2. Switch to HTTPS by ONLYOFFICE Docs instructions: cp -f /etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl /etc/onlyoffice/documentserver/nginx/ds.conf
   And edit ds.conf to change ssl_certificate /etc/ssl/certs/mydomain.pem; ssl_certificate_key /etc/ssl/certs/mydomain.key;

3. I have tested two ngnix config:
   One is taken from the official plone documentation:

add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header Content-Security-Policy-Report-Only "default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'";

server {
	 listen 443 default ssl;
	  ssl_certificate /etc/ssl/certs/my-plone6.com.crt;
	  ssl_certificate_key /etc/ssl/certs/my-plone6.com.key;
	  server_name my-plone6.com;

	       location / {
			 proxy_pass http://plone6-server-ip:8080/;
			 proxy_set_header Host $host;
			 proxy_set_header X-Real-IP $remote_addr;
			 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

			     }
	}

Another is use this document-server-proxy/nginx/proxy-https-to-http.conf at master · ONLYOFFICE/document-server-proxy · GitHub
I just replace the cert and backendserver-address to plone6-server-ip:8080

Both of above nginx configs are work fine with plone6, but all test failed for cannot be reached.

Even with out proxy, just plone-ip:8080 → https ://my-onlyofficedoc-server.com still get the ONLYOFFICE cannot be reached error.

Dear @Nikolas.

Do you have any further information on this issue? Looking forward to your prompt reply

Jim

Apologies for the long wait

Let’s start with ensuring the correctness of the document server setup with HTTPS.

1. Is the OnlyOffice Docs server accessible via your URL? https://my-onlyofficedoc-server.com
   1.1. Have you completed steps 4 and 5 in the instructions?

4. When all the changes are made, you can start NGINX service again:

> sudo service nginx start

Port 443 must be opened for correct portal operation.

2. Execute the following script:

> sudo bash /usr/bin/documentserver-update-securelink.sh

Yes, The OnlyOffice Docs server is accessible via URL https ://my-onlyofficedoc-server.com

I have completed steps 4 and 5 in the [instructions].

I’ve tested everything I can think of.

@JIMYE

Is the example page working and the ability to create documents functioning properly?
Please share the document server logs.

/var/log/onlyoffice/documentserver/

Test example page is ok.

None error log , only some out.logs:

# docker exec bdfc52bd4576 cat /var/log/onlyoffice/documentserver/docservice/err.log
# docker exec bdfc52bd4576 cat /var/log/onlyoffice/documentserver/nginx.error.log
# docker exec bdfc52bd4576 cat /var/log/onlyoffice/documentserver/converter/err.log
# docker exec bdfc52bd4576 cat /var/log/onlyoffice/documentserver/metrics/err.log
# docker exec bdfc52bd4576 cat /var/log/onlyoffice/documentserver/docservice/out.log
[2024-05-07T09:59:03.274] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-05-07T09:59:03.276] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-05-07T09:59:03.682] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-05-07T09:59:46.483] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-05-07T09:59:46.485] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-05-07T09:59:46.627] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-05-07T09:59:49.115] [WARN] [localhost] [docId] [userId] nodeJS - start shutdown:%b true
[2024-05-07T09:59:49.115] [WARN] [localhost] [docId] [userId] nodeJS - active connections: 0
[2024-05-07T09:59:49.115] [WARN] [localhost] [docId] [userId] nodeJS - end shutdown
[2024-05-07T10:00:44.680] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-05-07T10:00:44.682] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-05-07T10:00:47.194] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-05-07T10:01:26.444] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-05-07T10:01:26.446] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-05-07T10:01:26.586] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-05-07T10:02:11.307] [WARN] [localhost] [docId] [userId] nodeJS - start shutdown:%b true
[2024-05-07T10:02:11.308] [WARN] [localhost] [docId] [userId] nodeJS - active connections: 0
[2024-05-07T10:02:11.308] [WARN] [localhost] [docId] [userId] nodeJS - end shutdown
[2024-05-08T01:59:31.883] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-05-08T01:59:31.886] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-05-08T01:59:34.497] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31
[2024-05-08T02:00:13.414] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2024-05-08T02:00:13.416] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2024-05-08T02:00:13.562] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 8.0.1. Build: 31

# docker exec bdfc52bd4576 cat /var/log/onlyoffice/documentserver/converter/out.log
[2024-05-07T09:59:02.948] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T09:59:02.950] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T09:59:02.956] [WARN] [localhost] [docId] [userId] nodeJS - worker 759 started.
[2024-05-07T09:59:02.959] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T09:59:02.959] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T09:59:48.033] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T09:59:48.034] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T09:59:48.041] [WARN] [localhost] [docId] [userId] nodeJS - worker 901 started.
[2024-05-07T09:59:48.042] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T09:59:48.042] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T10:00:44.255] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T10:00:44.256] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T10:00:44.262] [WARN] [localhost] [docId] [userId] nodeJS - worker 703 started.
[2024-05-07T10:00:44.264] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T10:00:44.264] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T10:01:27.995] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T10:01:27.997] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-07T10:01:28.002] [WARN] [localhost] [docId] [userId] nodeJS - worker 845 started.
[2024-05-07T10:01:28.003] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-07T10:01:28.003] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-08T01:59:31.564] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-08T01:59:31.565] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-08T01:59:31.572] [WARN] [localhost] [docId] [userId] nodeJS - worker 703 started.
[2024-05-08T01:59:31.573] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-08T01:59:31.574] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-08T02:00:14.969] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-08T02:00:14.970] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-08T02:00:14.976] [WARN] [localhost] [docId] [userId] nodeJS - worker 845 started.
[2024-05-08T02:00:14.978] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-08T02:00:14.978] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers

I just did another test:

1. Install docs-community by docker follow this link:
   Installing ONLYOFFICE Docs for Docker on a local server - ONLYOFFICE

 docker run -i -t -d -p 80:80 --restart=always \
    -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
    -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
    -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
    -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql -e JWT_SECRET=my_jwt_secret onlyoffice/documentserver

2. Install nginx on ubuntu server 22.04.
   Set up nginx for HTTPS and enable proxy by follow this link: Using ONLYOFFICE Docs behind the proxy - ONLYOFFICE

The nginx config

upstream docservice {
  server 10.x.x.x;
}

map $http_host $this_host {
    "" $host;
    default $http_host;
}

map $http_x_forwarded_proto $the_scheme {
     default $http_x_forwarded_proto;
     "" $scheme;
}

map $http_x_forwarded_host $the_host {
    default $http_x_forwarded_host;
    "" $this_host;
}

map $http_upgrade $proxy_connection {
  default upgrade;
  "" close;
}

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $the_host;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

server {
  listen 443 default ssl;
  server_name myonlyofficedomain.com;
  ssl_certificate /etc/ssl/certs/mydomain.pem;
  ssl_certificate_key /etc/ssl/certs/mydomain.key;
  ssl_verify_client off;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_prefer_server_ciphers   on
  location / {
    proxy_pass http://docservice;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

Now I can visit ONLYOFFICE Docs by https://myonlyofficedomain.com, test https://myonlyofficedomain.com/example/ is OK, create docx/xlsx files ok.

only01916×392 19.8 KB

3. Go to plone to setup the ONLYOFFICE add-on:
   
   

   only1016×717 36.5 KB

Oops~~~╮(╯▽╰)╭

@JIMYE
Does enabling the “Connect to demo ONLYOFFICE Document server” checkbox work correctly?

Not work for Error connecting to demo server (Error when trying to check ConvertService)

Hello, I installed another onlyoffice doc by deb package in ubuntu 22.04, also enabled the nginx ssl.

The exsample test OK:

office1072×414 20.4 KB

Got a new error when setup plone:

plone1880×469 28.6 KB

plone2833×589 31.9 KB

Full error log in plone6:

Exception Details
Back to Error Log
Time
May 09, 2024 03:42 AM
User Name
admin (admin)
Request URL
https://myplone6.com/test/@@onlyoffice-controlpanel
Exception Type
Invalid
Exception Value
Error when trying to check ConvertService
Traceback (innermost last):

Module ZPublisher.WSGIPublisher, line 181, in transaction_pubevents
Module ZPublisher.WSGIPublisher, line 391, in publish_module
Module ZPublisher.WSGIPublisher, line 285, in publish
Module ZPublisher.mapply, line 98, in mapply
Module ZPublisher.WSGIPublisher, line 68, in call_object
Module plone.z3cform.layout, line 61, in __call__
Module plone.z3cform.layout, line 45, in update
Module plone.z3cform.fieldsets.extensible, line 62, in update
Module plone.z3cform.patch, line 31, in GroupForm_update
Module z3c.form.group, line 145, in update
Module plone.app.z3cform.csrf, line 21, in execute
Module z3c.form.action, line 98, in execute
Module z3c.form.button, line 301, in __call__
Module z3c.form.button, line 159, in __call__
Module onlyoffice.plone.browser.controlpanel, line 223, in handleSave
Module onlyoffice.plone.browser.controlpanel, line 122, in settings_validation
Module onlyoffice.plone.browser.controlpanel, line 199, in check_doc_serv_convert_service
zope.interface.exceptions.Invalid: Error when trying to check ConvertService

Display traceback as text

REQUEST
form
form.widgets.docUrl	'https://onlyoffice.mydomain.com'
form.widgets.docUrlPublicValidation	['selected']
form.widgets.docUrlPublicValidation-empty-marker	'1'
form.widgets.demoEnabled-empty-marker	'1'
form.widgets.jwtSecret	'xY7xzCIq4tNzXugv9Yrrs9proCEkKUwh'
form.widgets.ploneUrl	''
form.widgets.docInnerUrl	''
form.buttons.save	'Save'
_authenticator	'5e01fb5eb1fcea09ebc75f268039d575718985aa'
cookies
ph_phc_t3lgBB66QsPW4HEfiGopO14um4XGNtBcefEKYWelWda_posthog	'{"distinct_id":"f10f8c1cd3a886700a270457e1f7cff2a86ea479c77dcf8397085b0b97d67287","$device_id":"18b1d8a0c0516-08d7439e13d036-57b1a33-1fa400-18b1d8a0c0659f","$user_state":"identified","$sesid":[1707294289230,"18d82aa2d39a6f-00aee64ff812f9-623b5e53-1fa400-18d82aa2d3a1110",1707294207289],"$groups":{"cluster":"3a664585-28bf-4f74-b989-030b7ba95446"},"$user_id":"f10f8c1cd3a886700a270457e1f7cff2a86ea479c77dcf8397085b0b97d67287","$session_recording_enabled_server_side":false,"$autocapture_disabled_server_side":true,"$active_feature_flags":[],"$enabled_feature_flags":{},"$feature_flag_payloads":{}}'
__ac	'NjE2NDZkNjk2ZTo2MTY0NmQ2OTZl'
lazy items
SESSION	<bound method SessionDataManager.getSessionData of <SessionDataManager at /session_data_manager>>
other
SERVER_URL	'https://myplone6.com'
URL	'https://myplone6.com/test/@@onlyoffice-controlpanel'
method	'POST'
TraversalRequestNameStack	[]
ACTUAL_URL	'https://myplone6.com/test/@@onlyoffice-controlpanel'
VirtualRootPhysicalPath	('',)
VIRTUAL_URL_PARTS	('https://myplone6.com', 'test/@@onlyoffice-controlpanel')
VIRTUAL_URL	'https://myplone6.com/test/@@onlyoffice-controlpanel'
LANGUAGE_TOOL	<plone.i18n.utility.LanguageBinding object at 0x7fe961e34cd0>
LANGUAGE	'en'
PUBLISHED	<Products.Five.browser.metaconfigure.OnlyofficeControlPanelView object at 0x7fe961e34df0>
AUTHENTICATED_USER	<PropertiedUser 'admin'>
AUTHENTICATION_PATH	''
disable_border	True
disable_plone.leftcolumn	True
disable_plone.rightcolumn	True
_plone_ec_cache	{140640346408512: <Products.PageTemplates.Expressions.ZopeContext object at 0x7fe961e37430>}
__catalog_cache__	<WeakKeyDictionary at 0x7fe9623b9570>
BASE1	'https://myplone6.com'
URL0	https://myplone6.com/test/@@onlyoffice-controlpanel
URL1	https://myplone6.com/test
URL2	https://myplone6.com
BASE0	https://myplone6.com
BASE1	https://myplone6.com
BASE2	https://myplone6.com/test
BASE3	https://myplone6.com/test/@@onlyoffice-controlpanel
environ
REMOTE_ADDR	'my.plone.ip.adress'
REMOTE_HOST	'my.plone.ip.adress'
REMOTE_PORT	'39702'
REQUEST_METHOD	'POST'
SERVER_PORT	'8080'
SERVER_NAME	'waitress.invalid'
SERVER_SOFTWARE	'waitress'
SERVER_PROTOCOL	'HTTP/1.1'
SCRIPT_NAME	''
PATH_INFO	'/VirtualHostBase/https/myplone6.com/VirtualHostRoot/test/@@onlyoffice-controlpanel'
REQUEST_URI	'/VirtualHostBase/https/myplone6.com/VirtualHostRoot/test/@@onlyoffice-controlpanel'
QUERY_STRING	''
wsgi.url_scheme	'http'
wsgi.version	(1, 0)
wsgi.errors	<_io.TextIOWrapper name='<stderr>' mode='w' encoding='utf-8'>
wsgi.multithread	True
wsgi.multiprocess	False
wsgi.run_once	False
wsgi.input	<_io.BytesIO object at 0x7fe961dd58f0>
wsgi.file_wrapper	<class 'waitress.buffers.ReadOnlyFileBasedBuffer'>
wsgi.input_terminated	True
HTTP_HOST	'plone.mydomain.com'
HTTP_X_REAL_IP	'my.pc.ip.address'
HTTP_X_FORWARDED_FOR	'my.pc.ip.address'
HTTP_X_FORWARDED_PROTO	'https'
HTTP_CONNECTION	'close'
CONTENT_LENGTH	'1186'
HTTP_CACHE_CONTROL	'max-age=0'
HTTP_SEC_CH_UA	'"Chromium";v="119", "Not?A_Brand";v="24"'
HTTP_SEC_CH_UA_MOBILE	'?0'
HTTP_SEC_CH_UA_PLATFORM	'"Windows"'
HTTP_UPGRADE_INSECURE_REQUESTS	'1'
HTTP_ORIGIN	'https://myplone6.com'
CONTENT_TYPE	'multipart/form-data; boundary=----WebKitFormBoundaryFizTmIs8AmAAXLo4'
HTTP_USER_AGENT	'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.160 Safari/537.36'
HTTP_ACCEPT	'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'
HTTP_SEC_FETCH_SITE	'same-origin'
HTTP_SEC_FETCH_MODE	'navigate'
HTTP_SEC_FETCH_USER	'?1'
HTTP_SEC_FETCH_DEST	'document'
HTTP_REFERER	'https://myplone6.com/test/@@onlyoffice-controlpanel'
HTTP_ACCEPT_ENCODING	'gzip, deflate, br'
HTTP_COOKIE	'ph_phc_t3lgBB66QsPW4HEfiGopO14um4XGNtBcefEKYWelWda_posthog=%7B%22distinct_id%22%3A%22f10f8c1cd3a886700a270457e1f7cff2a86ea479c77dcf8397085b0b97d67287%22%2C%22%24device_id%22%3A%2218b1d8a0c0516-08d7439e13d036-57b1a33-1fa400-18b1d8a0c0659f%22%2C%22%24user_state%22%3A%22identified%22%2C%22%24sesid%22%3A%5B1707294289230%2C%2218d82aa2d39a6f-00aee64ff812f9-623b5e53-1fa400-18d82aa2d3a1110%22%2C1707294207289%5D%2C%22%24groups%22%3A%7B%22cluster%22%3A%223a664585-28bf-4f74-b989-030b7ba95446%22%7D%2C%22%24user_id%22%3A%22f10f8c1cd3a886700a270457e1f7cff2a86ea479c77dcf8397085b0b97d67287%22%2C%22%24session_recording_enabled_server_side%22%3Afalse%2C%22%24autocapture_disabled_server_side%22%3Atrue%2C%22%24active_feature_flags%22%3A%5B%5D%2C%22%24enabled_feature_flags%22%3A%7B%7D%2C%22%24feature_flag_payloads%22%3A%7B%7D%7D; I18N_LANGUAGE=zh_CN; __ac=NjE2NDZkNjk2ZTo2MTY0NmQ2OTZl'
waitress.client_disconnected	<bound method HTTPChannel.check_client_disconnected of <waitress.channel.HTTPChannel connected my.plone.ip.adress:39702 at 0x7fe962411120>>
Zope2.httpexceptions	<ZPublisher.httpexceptions.HTTPExceptionHandler object at 0x7fe972272770>
HTTP_X_THEME_ENABLED	True
plone.protect.safe_oids	[b'\x00\x00\x00\x00\x00\x01g\xdb', None]
_auth_token	'4a907242aa56ca2560c2ab7f107b6f3fd71385a2'

If visit plone by ip http://plone-ip:8080/test, theDocument Editing service setting can be saved successfully with the https url: https://onlyoffice.mydomain.com

But always report download failed：

plone31307×726 44.2 KB

Hello @JIMYE
If you don’t mind, I will step to this thread too.

If visit plone by ip http://plone-ip:8080/test, theDocument Editing service setting can be saved successfully with the https url: https://onlyoffice.mydomain.com

But always report download failed

Please reproduce the situation one more time and provide us with fresh Document server and Plone logs. Additionally, please confirm that you are using the connector app v.4.0.0 with Plone 6.0.10.1 in this test.

Version of Plone:

Plone-Version712×253 13 KB

Version of onlyoffice connector:

Plone full instance log from save the onlyoffice setup to create a new presentation.pptx

/backend/instance/var/log# cat instance.log
2024-05-14 11:14:03,303 WARNING [waitress.queue:114][MainThread] Task queue depth is 1
2024-05-14 11:14:08,165 INFO    [plone.protect:32][waitress-1] auto rotating keyring _forms
2024-05-14 11:14:08,165 INFO    [plone.protect:32][waitress-1] auto rotating keyring _forms
2024-05-14 11:14:08,165 INFO    [plone.protect:32][waitress-1] auto rotating keyring _anon
2024-05-14 11:14:08,165 INFO    [plone.protect:32][waitress-1] auto rotating keyring _anon
2024-05-14 11:14:08,165 INFO    [plone.protect:32][waitress-1] auto rotating keyring _forms
2024-05-14 11:14:08,165 INFO    [plone.protect:32][waitress-1] auto rotating keyring _forms
2024-05-14 11:14:08,166 INFO    [plone.protect:32][waitress-1] auto rotating keyring _anon
2024-05-14 11:14:08,166 INFO    [plone.protect:32][waitress-1] auto rotating keyring _anon
2024-05-14 11:18:49,850 ERROR   [onlyoffice:217][waitress-1] SAdfasdf
2024-05-14 11:19:05,747 INFO    [onlyoffice:138][waitress-3] getting config for http://10.83.64.67:8080/test/presentation.pptx
2024-05-14 11:19:06,917 INFO    [onlyoffice:55][waitress-0] got callback request for http://10.83.64.67:8080/test/presentation.pptx
2024-05-14 11:19:06,928 INFO    [onlyoffice:104][waitress-2] got download request for http://10.83.64.67:8080/test/presentation.pptx
2024-05-14 11:19:06,928 ERROR   [Zope.SiteErrorLog:36][waitress-2] Exception: http://10.83.64.67:8080/test/presentation.pptx/onlyoffice-dl/file
Traceback (innermost last):
  Module ZPublisher.WSGIPublisher, line 181, in transaction_pubevents
  Module ZPublisher.WSGIPublisher, line 391, in publish_module
  Module ZPublisher.WSGIPublisher, line 285, in publish
  Module ZPublisher.mapply, line 98, in mapply
  Module ZPublisher.WSGIPublisher, line 68, in call_object
  Module plone.namedfile.browser, line 97, in __call__
  Module onlyoffice.plone.browser.api, line 110, in _getFile
Exception: Expected JWT
2024-05-14 11:19:07,934 INFO    [onlyoffice:104][waitress-1] got download request for http://10.83.64.67:8080/test/presentation.pptx
2024-05-14 11:19:07,935 ERROR   [Zope.SiteErrorLog:36][waitress-1] Exception: http://10.83.64.67:8080/test/presentation.pptx/onlyoffice-dl/file
Traceback (innermost last):
  Module ZPublisher.WSGIPublisher, line 181, in transaction_pubevents
  Module ZPublisher.WSGIPublisher, line 391, in publish_module
  Module ZPublisher.WSGIPublisher, line 285, in publish
  Module ZPublisher.mapply, line 98, in mapply
  Module ZPublisher.WSGIPublisher, line 68, in call_object
  Module plone.namedfile.browser, line 97, in __call__
  Module onlyoffice.plone.browser.api, line 110, in _getFile
Exception: Expected JWT
2024-05-14 11:19:08,942 INFO    [onlyoffice:104][waitress-3] got download request for http://10.83.64.67:8080/test/presentation.pptx
2024-05-14 11:19:08,942 ERROR   [Zope.SiteErrorLog:36][waitress-3] Exception: http://10.83.64.67:8080/test/presentation.pptx/onlyoffice-dl/file
Traceback (innermost last):
  Module ZPublisher.WSGIPublisher, line 181, in transaction_pubevents
  Module ZPublisher.WSGIPublisher, line 391, in publish_module
  Module ZPublisher.WSGIPublisher, line 285, in publish
  Module ZPublisher.mapply, line 98, in mapply
  Module ZPublisher.WSGIPublisher, line 68, in call_object
  Module plone.namedfile.browser, line 97, in __call__
  Module onlyoffice.plone.browser.api, line 110, in _getFile
Exception: Expected JWT

In the meantime Onlyoffice Log (ignoring the difference in time/time zone Settings) ：

cat  /var/log/onlyoffice/documentserver/converter/out.log 
[2024-05-14T00:00:22.829] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-14T00:00:22.830] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-14T00:00:22.835] [WARN] [localhost] [docId] [userId] nodeJS - worker 474180 started.
[2024-05-14T00:00:22.836] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 6; availableParallelism: undefined
[2024-05-14T00:00:22.837] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2024-05-14T03:19:06.826] [ERROR] [localhost] [cHJlc2VudGF0aW9uLnBwdHhfMjAyNC8wNS8xNCAxMToxOTo1LjYzODE0MyBVUy9DZW50cmFs] [admin] nodeJS - error downloadFile:url=http://10.83.64.67:8080/test/presentation.pptx/onlyoffice-dl/file?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJwcmVzZW50YXRpb24ucHB0eCJ9.XqEmteI0bFHfVmZOwu27IVsnfw2QgU3JM93k0ihmDpg;attempt=1;code:null;connect:null Error: Error response: statusCode:500; headers:{"content-length":"27","content-type":"application/json","date":"Tue, 14 May 2024 03:19:06 GMT","server":"waitress","via":"waitress","x-frame-options":"SAMEORIGIN","x-powered-by":"Zope (www.zope.dev), Python (www.python.org)"};
    at Request.fResponse (/snapshot/server/Common/sources/utils.js)
    at Request.emit (node:events:527:28)
    at Request.onRequestResponse (/snapshot/server/Common/node_modules/request/request.js:1066:10)
    at ClientRequest.emit (node:events:527:28)
    at HTTPParser.parserOnIncomingClient [as onIncoming] (node:_http_client:631:27)
    at HTTPParser.parserOnHeadersComplete (node:_http_common:128:17)
    at Socket.socketOnData (node:_http_client:494:22)
    at Socket.emit (node:events:527:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at Socket.Readable.push (node:internal/streams/readable:228:10)
    at TCP.onStreamRead (node:internal/stream_base_commons:190:23)
[2024-05-14T03:19:07.832] [ERROR] [localhost] [cHJlc2VudGF0aW9uLnBwdHhfMjAyNC8wNS8xNCAxMToxOTo1LjYzODE0MyBVUy9DZW50cmFs] [admin] nodeJS - error downloadFile:url=http://10.83.64.67:8080/test/presentation.pptx/onlyoffice-dl/file?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJwcmVzZW50YXRpb24ucHB0eCJ9.XqEmteI0bFHfVmZOwu27IVsnfw2QgU3JM93k0ihmDpg;attempt=2;code:null;connect:null Error: Error response: statusCode:500; headers:{"content-length":"27","content-type":"application/json","date":"Tue, 14 May 2024 03:19:07 GMT","server":"waitress","via":"waitress","x-frame-options":"SAMEORIGIN","x-powered-by":"Zope (www.zope.dev), Python (www.python.org)"};
    at Request.fResponse (/snapshot/server/Common/sources/utils.js)
    at Request.emit (node:events:527:28)
    at Request.onRequestResponse (/snapshot/server/Common/node_modules/request/request.js:1066:10)
    at ClientRequest.emit (node:events:527:28)
    at HTTPParser.parserOnIncomingClient [as onIncoming] (node:_http_client:631:27)
    at HTTPParser.parserOnHeadersComplete (node:_http_common:128:17)
    at Socket.socketOnData (node:_http_client:494:22)
    at Socket.emit (node:events:527:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at Socket.Readable.push (node:internal/streams/readable:228:10)
    at TCP.onStreamRead (node:internal/stream_base_commons:190:23)
[2024-05-14T03:19:08.840] [ERROR] [localhost] [cHJlc2VudGF0aW9uLnBwdHhfMjAyNC8wNS8xNCAxMToxOTo1LjYzODE0MyBVUy9DZW50cmFs] [admin] nodeJS - error downloadFile:url=http://10.83.64.67:8080/test/presentation.pptx/onlyoffice-dl/file?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJwcmVzZW50YXRpb24ucHB0eCJ9.XqEmteI0bFHfVmZOwu27IVsnfw2QgU3JM93k0ihmDpg;attempt=3;code:null;connect:null Error: Error response: statusCode:500; headers:{"content-length":"27","content-type":"application/json","date":"Tue, 14 May 2024 03:19:08 GMT","server":"waitress","via":"waitress","x-frame-options":"SAMEORIGIN","x-powered-by":"Zope (www.zope.dev), Python (www.python.org)"};
    at Request.fResponse (/snapshot/server/Common/sources/utils.js)
    at Request.emit (node:events:527:28)
    at Request.onRequestResponse (/snapshot/server/Common/node_modules/request/request.js:1066:10)
    at ClientRequest.emit (node:events:527:28)
    at HTTPParser.parserOnIncomingClient (node:_http_client:631:27)
    at HTTPParser.parserOnHeadersComplete (node:_http_common:128:17)
    at Socket.socketOnData (node:_http_client:494:22)
    at Socket.emit (node:events:527:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at Socket.Readable.push (node:internal/streams/readable:228:10)
    at TCP.onStreamRead (node:internal/stream_base_commons:190:23)

No other new logs.

Hello @JIMYE

…
Exception: Expected JWT
…

Could you please double check that JWT matches on both side?
Also, please run a test and disable JWT on both sides. Will the issue occur?

This is /etc/onlyoffice/documentserver/local.json

{
  "services": {
    "CoAuthoring": {
      "sql": {
        "type": "postgres",
        "dbHost": "localhost",
        "dbPort": "5432",
        "dbName": "onlyoffice",
        "dbUser": "onlyoffice",
        "dbPass": "onlyoffice"
      },
      "token": {
        "enable": {
          "request": {
            "inbox": true,
            "outbox": true
          },
          "browser": true
        },
        "inbox": {
          "header": "AuthorizationJwt"
        },
        "outbox": {
          "header": "AuthorizationJwt"
        }
      },
      "secret": {
        "inbox": {
          "string": "xY7xzCIq4tNzXugv9Yrrs9proCEkKUwh"
        },
        "outbox": {
          "string": "xY7xzCIq4tNzXugv9Yrrs9proCEkKUwh"
        },
        "session": {
          "string": "xY7xzCIq4tNzXugv9Yrrs9proCEkKUwh"
        }
      }
    }
  },
  "rabbitmq": {
    "url": "amqp://guest:guest@localhost"
  },
  "storage": {
    "fs": {
      "secretString": "BS5sXr2AnJVCHb6J7J5D"
    }
  }
}

Set the same key in plone:

Get an Authorization error if I enter the wrong key:

By the way, how to disable JWT on onlyoffice? I edited local.json and only changed these from true to false.

      "token": {
        "enable": {
          "request": {
            "inbox": false,
            "outbox": false
          },
          "browser": false

Then restart the onlyoffice server and the exsample tests failed.

onlyexsamplefailed861×503 12.8 KB

I’m also tried install by: docker run -i -t -d -p 80:80 --restart=always -e JWT_ENABLED=false onlyoffice/documentserver, and get the same Download failed error.

Hi!

Could you clarify how your network is set up, specifically the network with Plone6 and ONLYOFFICE?
Which instructions did you follow to install Plone6 and add HTTPS with Nginx?

Regarding the issue with the example:
In the example configuration, you also need to change the token.enable parameter to true/false.
You can fix this parameter in the file:

/etc/onlyoffice/documentserver-example/local.json

Then apply the settings using the command:

supervisorctl restart all

Still get the Download failed error after changed the token.enable to false.
But I found the error log: /var/log/onlyoffice/documentserver/converter/out.log

[ERROR] [localhost] [my-ip-address new__1_.xlsx1716456067905] [uid-1] nodeJS - error downloadFile:url=https://onlyoffice.mitac.com.cn/example/download?fileName=new%20(1).xlsx&useraddress=my-ip-address ;attempt=3;code:null;connect:null Error: DNS lookup onlyoffice-ip-address (family:4, host:onlyoffice.mydomain.com) is not allowed. Because, It is private IP address.
    at validateIPAddress (/snapshot/server/Common/node_modules/request-filtering-agent/lib/request-filtering-agent.js:71:20)
    at TLSSocket.<anonymous> (/snapshot/server/Common/node_modules/request-filtering-agent/lib/request-filtering-agent.js:88:21)
    at TLSSocket.emit (node:events:527:28)
    at emitLookup (node:net:1075:12)
    at /snapshot/server/Common/node_modules/dnscache/lib/index.js:80:28
    at /snapshot/server/Common/node_modules/dnscache/lib/cache.js:116:13
    at RawTask.call (/snapshot/server/Common/node_modules/asap/asap.js:40:19)
    at flush (/snapshot/server/Common/node_modules/asap/raw.js:50:29)
    at processTicksAndRejections (node:internal/process/task_queues:78:11)

Both plone6 VM and ONLYOFFICE VM are in the same VLAN, and all firewalls are disabled.

The plone6 install instruction is follow Create a project – Install — Plone Documentation v6.0

The ngnix config:

add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header Content-Security-Policy-Report-Only "default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'";

server {
	 listen 443 default ssl;
	  ssl_certificate /etc/ssl/certs/my-plone6.com.crt;
	  ssl_certificate_key /etc/ssl/certs/my-plone6.com.key;
	  server_name my-plone6.com;

	       location / {
			 proxy_pass http://plone6-server-ip:8080/;
			 proxy_set_header Host $host;
			 proxy_set_header X-Real-IP $remote_addr;
			 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

			     }
	}

@JIMYE

Document Server does not allow localhost or internal IP addresses by default.
Use this solution: https://forum.onlyoffice.com/t/when-i-call-conversion-api-the-editor-seems-to-be-blocked/7584/7

Parameter allowPrivateIPAddress defines if it is allowed to connect private IP address or not. This includes private IP addresses and reserved IP addresses.

Thanks! The exsample test Download failed error sovled.

Now, onlyoffice with https works with plone after disable JWT, but still not work with https + plone.