I get this error in my var/logs/nextcloud
Hello @TotallyNotHax
Please share logs of Document Server too. They are located in /var/log/onlyoffice/documentserver/ inside the container.
Ok, I’ve been able to fix my issue. Always verify your SSL Certificate. Mine was missing the CA Authority and by not having it configured in Apache, blocked the connexion.
A good tools to check if your ssl certificates is properly installed and configured.
https://www.digicert.com/help/
Good job! I’m glad to hear that you’ve managed the issue.
Dear Constantine, i got same problem. My Nextcloud running on apache and onlyoffice ds running on nginx.
Hello @parolnix
I can see that you have replied to several threads, please do not duplicate identical posts in multiple threads.
First of all, you are using an outdated version of Document Server. Please consider updating for better results.
In general, please refer to this thread where similar issue is described for possible solution:
If information there doesn’t help, please provide logs of Document Server from /var/log/onlyoffice/documentserver for analysis here in this thread.
Hello, i upgraded onlyoffice-ds to 7.3.3-49 and postgresql version 13 on centos 7, but error not fixed yet. Kindly see some of my config and error screen.
##local.json##
"inbox": {
"header": "AuthorizationJwt",
"inBody": false
},
"outbox": {
"header": "AuthorizationJwt",
"inBody": false
}
},
"secret": {
"inbox": {
"string": "F6VvPqYrGmK8Rb8msfcyfGx5TD9AP68P"
},
"outbox": {
"string": "F6VvPqYrGmK8Rb8msfcyfGx5TD9AP68P"
},
"session": {
"string": "F6VvPqYrGmK8Rb8msfcyfGx5TD9AP68P"
}
}
}
},
"queue": {
"type": "rabbitmq"
},
"rabbitmq": {
"url": "amqp://guest:guest@localhost"
},
"storage": {
"fs": {
"secretString": "Ugnvzl7RoW0LdXoj1d7X"
}
#Default.json#
"requestDefaults": {
"headers": {
"User-Agent": "Node.js/6.13",
"Connection": "Keep-Alive"
},
"gzip": true,
"rejectUnauthorized": false
},
#Nextcloud Config#
'installed' => true,
'allow_local_remote_servers' => true,
'onlyoffice' =>
array (
'verify_peer_off' => true,
'jwt_secret' => 'F6VvPqYrGmK8Rb8msfcyfGx5TD9AP68P',
'jwt_header' => 'AuthorizationJwt',
),
#Converter out.log#
[2023-05-25T12:44:58.214] [ERROR] [localhost] [conv_check_2138923349_docx] [userId] nodeJS - error downloadFile:url=http://10.1.0.10/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.FOJRL4ndbhPKFjikyAiMMKoFhs_-JMztyuOyGOD205g;attempt=2;code:undefined;connect:undefined Error: Error response: statusCode:403; headers:{"date":"Thu, 25 May 2023 12:46:59 GMT","server":"Apache/2.4.6 (CentOS) PHP/8.1.19","referrer-policy":"no-referrer","x-content-type-options":"nosniff","x-frame-options":"SAMEORIGIN","x-permitted-cross-domain-policies":"none","x-robots-tag":"noindex, nofollow","x-xss-protection":"1; mode=block","x-powered-by":"PHP/8.1.19","set-cookie":["ocozz0ort8xk=uq316tu7ed0700n2c8akrbjhd3; path=/; HttpOnly; SameSite=Lax","oc_sessionPassphrase=i1jzGuYZFiWDDi0mcLD7Rg1V2H0SGVg9mL%2F8Cc3RiB3YF3iNHZoX8Tk8%2Bm3Xl9AgdwSilSI8VTvm7%2FIC0MjMz%2BKERLjYvf8aZzkZI8p15JGgWpbVsguW8iDY1VRAwaRi; path=/; HttpOnly; SameSite=Lax","ocozz0ort8xk=ecmv0a6ih06qmp4bigheolni6b; path=/; HttpOnly; SameSite=Lax","ocozz0ort8xk=ecmv0a6ih06qmp4bigheolni6b; path=/; HttpOnly; SameSite=Lax","nc_sameSiteCookielax=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax","nc_sameSiteCookiestrict=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict","ocozz0ort8xk=ecmv0a6ih06qmp4bigheolni6b; path=/; HttpOnly; SameSite=Lax"],"expires":"Thu, 19 Nov 1981 08:52:00 GMT","cache-control":"no-cache, no-store, must-revalidate","pragma":"no-cache","content-security-policy":"default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'","x-request-id":"ZG9Yww-1OtSq2k7Q5BbR0AAAAAs","feature-policy":"autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'","content-length":"27","keep-alive":"timeout=5, max=100","connection":"Keep-Alive","content-type":"application/json; charset=utf-8"};
at Request.fResponse (/snapshot/server/build/server/Common/sources/utils.js)
at Request.emit (events.js:400:28)
at Request.onRequestResponse (/snapshot/server/build/server/Common/node_modules/request/request.js:1059:10)
at ClientRequest.emit (events.js:400:28)
at HTTPParser.parserOnIncomingClient (_http_client.js:647:27)
at HTTPParser.parserOnHeadersComplete (_http_common.js:126:17)
at Socket.socketOnData (_http_client.js:515:22)
at Socket.emit (events.js:400:28)
at addChunk (internal/streams/readable.js:290:12)
at readableAddChunk (internal/streams/readable.js:265:9)
at Socket.Readable.push (internal/streams/readable.js:204:10)
at TCP.onStreamRead (internal/stream_base_commons.js:188:23)
[2023-05-25T12:44:59.645] [ERROR] [localhost] [conv_check_2138923349_docx] [userId] nodeJS - error downloadFile:url=http://10.1.0.10/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.FOJRL4ndbhPKFjikyAiMMKoFhs_-JMztyuOyGOD205g;attempt=3;code:undefined;connect:undefined Error: Error response: statusCode:403; headers:{"date":"Thu, 25 May 2023 12:47:01 GMT","server":"Apache/2.4.6 (CentOS) PHP/8.1.19","referrer-policy":"no-referrer","x-content-type-options":"nosniff","x-frame-options":"SAMEORIGIN","x-permitted-cross-domain-policies":"none","x-robots-tag":"noindex, nofollow","x-xss-protection":"1; mode=block","x-powered-by":"PHP/8.1.19","set-cookie":["ocozz0ort8xk=rffp4enijpquh0r05dv5efa378; path=/; HttpOnly; SameSite=Lax","oc_sessionPassphrase=HPYOFQ4bPvOTDtBXIFwLNAT4RAdp78VWGoPrwxKpeJbST%2FXsl2vrM0LwJEOsEpUf0xTwehjA8FCGGOF8yf3%2FnuE2mP%2BTV6IoNmH9gO8A2eIqZ5ehdYFYDtMh%2BIVEiYxI; path=/; HttpOnly; SameSite=Lax","ocozz0ort8xk=0huso0tu4v8tmnlmb10j801nnu; path=/; HttpOnly; SameSite=Lax","ocozz0ort8xk=0huso0tu4v8tmnlmb10j801nnu; path=/; HttpOnly; SameSite=Lax","nc_sameSiteCookielax=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax","nc_sameSiteCookiestrict=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict","ocozz0ort8xk=0huso0tu4v8tmnlmb10j801nnu; path=/; HttpOnly; SameSite=Lax"],"expires":"Thu, 19 Nov 1981 08:52:00 GMT","cache-control":"no-cache, no-store, must-revalidate","pragma":"no-cache","content-security-policy":"default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'","x-request-id":"ZG9Yxb-jhkGT633KESDNWwAAAAY","feature-policy":"autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'","content-length":"27","keep-alive":"timeout=5, max=100","connection":"Keep-Alive","content-type":"application/json; charset=utf-8"};
at Request.fResponse (/snapshot/server/build/server/Common/sources/utils.js)
at Request.emit (events.js:400:28)
at Request.onRequestResponse (/snapshot/server/build/server/Common/node_modules/request/request.js:1059:10)
at ClientRequest.emit (events.js:400:28)
at HTTPParser.parserOnIncomingClient (_http_client.js:647:27)
at HTTPParser.parserOnHeadersComplete (_http_common.js:126:17)
at Socket.socketOnData (_http_client.js:515:22)
at Socket.emit (events.js:400:28)
at addChunk (internal/streams/readable.js:290:12)
at readableAddChunk (internal/streams/readable.js:265:9)
at Socket.Readable.push (internal/streams/readable.js:204:10)
at TCP.onStreamRead (internal/stream_base_commons.js:188:23)
Please check http://<document_server_address>/healthcheck page and share the output.
Additionally, execute this command bash /usr/bin/documentserver-update-securelink.sh and check the situation again.
i used these 2 commands as per your instruction.
#bash /usr/bin/documentserver-update-securelink.sh
#supervisorctl restart all
But nothing change.
Regard with thanks
Thank you for the information.
Try adding your Nextcloud address to the trusted in config.php:
'trusted_domains' =>
array (
0 => 'http://10.1.0.10',
),
I have taken the address from your reply in another post, use proper one if this is not valid.
Check if it helps afterwards.
By the way, is there any proxy used in your environment?
Dear @Constantine , i already added trusted_domains as following:
‘trusted_domains’ =>
array (
0 => ‘10.1.0.10’,
1 => ‘10.1.0.15’,
),
and i don’t use proxy.
i installed as this guide : Installing ONLYOFFICE Docs for CentOS and derivatives - ONLYOFFICE
##Nextcloud config##
<?php
$CONFIG = array (
'instanceid' => 'ocozz0ort8xk',
'passwordsalt' => 'D+2v4Wq0+xKBJj5sVI39h01VQOF2XY',
'secret' => 'mxNF0/Gb1r5AHbDHpA9EP9FC0FC7wkjde3kNam8/NnTsLdcR',
'trusted_domains' =>
array (
0 => '10.1.0.10',
1 => '10.1.0.15',
),
'datadirectory' => '/var/www/html/nextcloud/data',
'dbtype' => 'mysql',
'version' => '25.0.6.1',
'overwrite.cli.url' => 'http://10.1.0.10',
'dbname' => 'clouddb',
'dbhost' => '127.0.0.1',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'dbusername',
'dbpassword' => 'dbpassword',
'installed' => true,
'allow_local_remote_servers' => true,
'onlyoffice' =>
array (
'verify_peer_off' => true,
'jwt_secret' => 'F6VvPqYrGmK8Rb8msfcyfGx5TD9AP68P',
'jwt_header' => 'AuthorizationJwt',
),
'theme' => '',
'loglevel' => 2,
'maintenance' => false,
'updater.secret' => '$2y$10$oiKdXC07YHEYSdOd4bKaIOS9CmHoAUXNtH6feRr2bCw8.QHBS78RS',
);
#Running Services and Ports on Document Server#
Regard with thanks
What are the versions of Nextcloud and the connector app?
Also, run an accessibility test:
- execute
wget <document_server_address>from Nextcloud server; - execute
wget <nextcloud_address>from the server where Document Server is installed.
After that share outputs of these commands.
Dear @Constantine , Nextcloud version : 25.0.6 and Connector Version: 7.8.0. Kindly see attached screenshot of wget cross test.
Regard with thanks
#wget from nc to ds#
Thank you.
Actually, this command is used for Docker installations to restart Document Server services. Did you use it after changing JWT header in local.json? If yes, then try systemctl restart ds-* and check if you can connect afterwards.
Dear @Constantine , i also used that command after changing local.json, systemctl restart ds-* and systemctl restart nginx, but error not fixed.
Regard with thanks
Please run another test and disable JWT token for Document Server and remove 'jwt_secret' and 'jwt_header' strings from config.php of Nextcloud and retry.
To disable JWT on Document Server side change next parameters in local.json:
"token": {
"enable": {
"request": {
"inbox": false,
"outbox": false
},
"browser": false
},
And restart Document Server services with systemctl restart ds-*.
Also, after attempting to connect and if it does not succeed, check logs of Nextcloud and provide them too.
Dear @Constantine , after disabling JWT as per your instruction, NC connected to Onlyoffice Document Server.
Thanks you so much for your support.
Regard with Thanks
Actually, we usually do not recommend disabling JWT for security reasons, I have asked you to check if it connects to make sure that we have a problem with JWT in the first place.
Eventually, if you are fine with disabled JWT, then I was glad to help. However, if you decide to dig down into the problem and resolve the issue with enabled JWT to increase security measures, feel free to contact me back.
Dear @Constantine , Thanks you for your suggestion. I would like to enable Jwt and fixed that error. But unicode fonts are display incorrectly now, i will post in relevant topic of forum.
Thanks for your time and support.
Regard with thanks
Okay, let me know when you are ready to continue.