Nextcloud Mobile app connection to Onlyoffice net::ERR_BLOCKED_BY_RESPONSE

GlaucomaPredator · 3 August 2023 16:01

Document Server version: latest container
Connector version: ?
DMS (platform) version: Nextcloud Hub 4 (26.0.4)
OS: official docker
Browser version: Nextcloud app

I have the document server and nextcloud running in docker containers behind an nginx reverse proxy.
I can load,open, and edit documents in web browsers without issues.
The issue occurs when I use the nextcloud mobile app, the documents do not work in there. I suspect my proxy configuration.

When I open a document in the nextcloud app I get the following error:

Web page not available
The web page at https://onlyoffice.subdomain.duckdns.org/7.4.0-163/web-apps/apps/spreadsheeteditor/mobile/index_loader.html?_dc=7.4.0-163&lang=en&customer=ONLYOFFICE&frameEditorId=iframeEditor&compact=true&parentOrigin=https://cloud.subdomain.duckdns.org&uitheme=theme-dark could not be loaded because:

net::ERR_BLOCKED_BY_RESPONSE

I am using the linuxserver.io SWAG container for the reverse proxy, here are the conf files for that.

ssl.conf

## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/ssl.conf.sample

### Mozilla Recommendations
# generated 2022-08-05, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6

ssl_certificate /config/keys/cert.crt;
ssl_certificate_key /config/keys/cert.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;

# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /config/nginx/dhparams.pem;

# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;

# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;

# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /config/keys/cert.crt;

# Optional additional headers
#add_header Cache-Control "no-transform" always;
#add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'";
#add_header Permissions-Policy "interest-cohort=()";
add_header Referrer-Policy "same-origin" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
#add_header X-UA-Compatible "IE=Edge" always;
add_header X-XSS-Protection "1; mode=block" always;

onlyoffice.subdomain.conf

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name  onlyoffice.*;
    server_tokens off;

    include /config/nginx/ssl.conf;   

    set $app 192.168.1.151;
    set $port 90;
    set $proto http;

    client_max_body_size 0;

    location / {
        proxy_pass $proto://$app:$port;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        add_header Access-Control-Allow-Origin *;
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

nextcloud.subdomain.conf

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name cloud.*;

    include /config/nginx/ssl.conf;
    
    set $nextcloud 192.168.1.151;
    set $port 448;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app $nextcloud;
        set $upstream_port $port;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

	# Hide proxy response headers from Nextcloud that conflict with ssl.conf
        # Uncomment the Optional additional headers in SWAG's ssl.conf to pass Nextcloud's security scan
        proxy_hide_header Referrer-Policy;
        proxy_hide_header X-Content-Type-Options;

        proxy_hide_header X-Frame-Options;
        proxy_hide_header X-XSS-Protection;

        proxy_max_temp_file_size 2048m;

        # Disable proxy buffering
        proxy_buffering off;
    }
}

Constantine · 8 August 2023 14:09

Hello @GlaucomaPredator

Please try accessing your Nextcloud portal from a browser on your mobile device and opening any document for editing. The goal is to see if it would open editors that way or not.

Also, in terms of testing you can try connecting your Nextcloud portal with our mobile app Documents. You can download it here:

The guide on how to connect you can find here.

GlaucomaPredator · 8 August 2023 23:57

@Constantine I can confirm that I can access the documents from the office for android app and mobile web on the Android phone.

Thanks

GlaucomaPredator · 9 August 2023 16:02

This is so weird, the issue seems to have fixed itself after the app crashed on me today, now I can open all my documents on mobile in the NextCloud app.

Constantine · 14 August 2023 08:35

This is unusual I have to admit. Please let us know if the issue comes back.