Nginx / proxy / owncloud

Fuchs385 · 25 September 2023 10:23

Hello,
I have the following problem:

I have a fresh installation of owncloud on Ubuntu. This works perfectly.

Additionally, I have a new installation of Onlyoffice on a Windows Server. Everything according to instructions. This also works so far. “Document Server is running” appears. The /example website also works and test documents can also be created and edited.

Unfortunately, the integration of Onlyoffice does not work with owncloud. All that appears is: “Error while downloading the document file to be converted.”

The tokens from local.js match those in the owncloud config.

I currently have “Authorization” in the header. I read that you should set this value to “AuthorizationJwt” and restart everything.

If I do that, I can no longer edit documents in the /example of onlyoffice. The error “Error while downloading” appears. Integrating with owncloud doesn’t work either. Unfortunately no other error appears either.

Do you have any idea what I can do?

Edit:
Following is seeing in the logs:

[2023-09-26T08:52:26.055] [ERROR] [localhost] [conv_check_907351611_docx] [userId] nodeJS - error downloadFile:url=https://owncloudserver/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.R4R0j_XnxZF6MBP0ZO6b1F-5LoOaecAv32nFcCo5ZJc;attempt=3;code:undefined;connect:undefined Error: Error response: statusCode:404; headers:{"date":"Tue, 26 Sep 2023 06:52:26 GMT","server":"Apache/2.4.41 (Ubuntu)","strict-transport-security":"max-age=15552000; includeSubDomains","x-content-type-options":"nosniff","x-xss-protection":"0","x-robots-tag":"none","x-frame-options":"SAMEORIGIN","x-download-options":"noopen","x-permitted-cross-domain-policies":"none","upgrade":"h2,http:/1.1","connection":"Upgrade, Keep-Alive","set-cookie":["oc0qai3dvl0a=soflhjhfb2ld4ndsh3mmu9ltfi; path=/; secure; HttpOnly; SameSite=Strict","oc_sessionPassphrase=%2BnHLCSMaPgD7gUwegKDKCQFWlDNKRE53zwvPXZXLm18d%2F3%2B5FsqzlOY8a77sl32b7dBv9idINtffPQMjmQhgzt7j1OMpGO5eaZwWOALyzTiR5LGdwUlliBcSdnuV5Xrj; expires=Tue, 26-Sep-2023 07:12:26 GMT; Max-Age=1200; path=/; secure; HttpOnly; SameSite=Strict"],"expires":"Thu, 19 Nov 1981 08:52:00 GMT","cache-control":"no-cache, no-store, must-revalidate","pragma":"no-cache","content-security-policy":"default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'","content-length":"28","keep-alive":"timeout=5, max=100","content-type":"application/json; charset=utf-8"};
    at Request.fResponse (C:\snapshot\server\build\server\Common\sources\utils.js)
    at Request.emit (events.js:400:28)
    at Request.onRequestResponse (C:\snapshot\server\build\server\Common\node_modules\request\request.js:1059:10)
    at ClientRequest.emit (events.js:400:28)
    at HTTPParser.parserOnIncomingClient (_http_client.js:647:27)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:127:17)
    at TLSSocket.socketOnData (_http_client.js:515:22)
    at TLSSocket.emit (events.js:400:28)
    at addChunk (internal/streams/readable.js:293:12)
    at readableAddChunk (internal/streams/readable.js:267:9)
    at TLSSocket.Readable.push (internal/streams/readable.js:206:10)
    at TLSWrap.onStreamRead (internal/stream_base_commons.js:188:23)

Fuchs385 · 26 September 2023 13:36

The last log wasn´t quite corret. This is the corret log:

[2023-09-26T15:02:00.702] [ERROR] [localhost] [conv_check_2046730380_docx] [userId] nodeJS - error downloadFile:url=https://onlyofficeserver/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.R4R0j_XnxZF6MBP0ZO6b1F-5LoOaecAv32nFcCo5ZJc;attempt=3;code:undefined;connect:undefined Error: Error response: statusCode:404; headers:{"server":"nginx","date":"Tue, 26 Sep 2023 13:02:00 GMT","content-type":"text/html; charset=utf-8","transfer-encoding":"chunked","connection":"keep-alive","vary":"Accept-Encoding","content-security-policy":"default-src 'none'","x-content-type-options":"nosniff","content-encoding":"gzip"};
    at Request.fResponse (C:\snapshot\server\build\server\Common\sources\utils.js)
    at Request.emit (events.js:400:28)
    at Request.onRequestResponse (C:\snapshot\server\build\server\Common\node_modules\request\request.js:1059:10)
    at ClientRequest.emit (events.js:400:28)
    at HTTPParser.parserOnIncomingClient (_http_client.js:647:27)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:127:17)
    at TLSSocket.socketOnData (_http_client.js:515:22)
    at TLSSocket.emit (events.js:400:28)
    at addChunk (internal/streams/readable.js:293:12)
    at readableAddChunk (internal/streams/readable.js:267:9)
    at TLSSocket.Readable.push (internal/streams/readable.js:206:10)
    at TLSWrap.onStreamRead (internal/stream_base_commons.js:188:23)

When i manually open the link on the onlyoffice server in a browser following appears:
Cannot GET /index.php/apps/onlyoffice/empty

It looks like somehtin is wrong with the nginx

This is my nginx config:

include includes/http-common.conf;

## Normal HTTP host
server {
  listen 0.0.0.0:80;
  listen [::]:80 default_server;
  server_name onlyofficeserver;
  server_tokens off;
  set $secure_link_secret 123123;

  ## Redirects all traffic to the HTTPS host
  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
  rewrite ^ https://$host$request_uri? permanent;
}

#HTTP host for internal services
server {
  listen 127.0.0.1:80;
  listen [::1]:80;
  server_name localhost;
  server_tokens off;
  set $secure_link_secret 123123;
  
  include includes/ds-common.conf;
  include includes/ds-docservice.conf;
}

## HTTPS host
server {
  listen 0.0.0.0:443 ssl;
  listen [::]:443 ssl default_server;
  server_tokens off;
  set $secure_link_secret 123123;
  root /usr/share/nginx/html;

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
#  ssl on;
  ssl_certificate c:\ssl\cert.crt;
  ssl_certificate_key c:\ssl\key.key;
  # Uncomment string below and specify the path to the file with the password if you use encrypted certificate key
  # ssl_password_file {{SSL_PASSWORD_PATH}};
  ssl_verify_client off;

  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

  ssl_protocols TLSv1.2;
  ssl_session_cache  builtin:1000  shared:SSL:10m;

  ssl_prefer_server_ciphers   on;

  add_header Strict-Transport-Security max-age=31536000;
  # add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
  ## Replace with your ssl_trusted_certificate. For more info see:
  ## - https://medium.com/devops-programming/4445f4862461
  ## - https://www.ruby-forum.com/topic/4419319
  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  # resolver_timeout 10s;

  ## [Optional] Generate a stronger DHE parameter:
  ##   cd /etc/ssl/certs
  ##   sudo openssl dhparam -out dhparam.pem 4096
  ##
  # ssl_dhparam /etc/ssl/certs/dhparam.pem;

  include includes/ds-*.conf;

}

Fuchs385 · 27 September 2023 13:21

Problem solved. The onlyoffice app on the owncloud unbutu server was not registered correctly. This helped:

Installing ownCloud ONLYOFFICE integration app

The ownCloud administrator can install the integration app from the in-built application market. For that click the upper-left hamburger menu and select Market. After that find ONLYOFFICE in the list of available applications and install it.

If the server with the ownCloud installed does not have an Internet access, or if you need it for some other reason, the administrator can install the application manually:

    Go to the ownCloud server apps/ directory (or some other directory used):

    cd apps/

Get the ownCloud ONLYOFFICE integration app. There are several ways to do that:

a. Download the latest signed version from the official store for ownCloud.

b. Or you can download the latest signed version from the application release page on GitHub.

c. Or you can clone the application source code and compile it yourself:

git clone https://github.com/ONLYOFFICE/onlyoffice-owncloud.git onlyoffice
cd onlyoffice
git submodule update --init --recursive

ownCloud does not work with unsigned applications giving an alert, so you will need to use either option a or b to get the application.

Change the owner to update the application right from ownCloud web interface:

chown -R www-data:www-data onlyoffice

    In ownCloud open the ~/settings/admin?sectionid=apps&category=disabled page with Not enabled apps by administrator and click Enable for the ONLYOFFICE application.

Constantine · 2 October 2023 08:01

Hello @Fuchs385

We are glad to know that you’ve managed to resolve the issue by yourself. Good job.
May I ask what version of Document Server are you using?

Fuchs385 · 4 October 2023 08:20

sure!
Package: onlyoffice-documentserver
Version: 7.4.1-36

owncloud: 10.13.1