search

CollaboraOnline / richdocumentscode

Built-in CODE Server app
https://apps.nextcloud.com/apps/richdocumentscode
Apache License 2.0
121 stars 29 forks source link

NC26 Built-in CODE Server can't get rid of 'Is SSL enabled in error?' #220

Open pepperoni-pi opened 1 year ago

pepperoni-pi commented 1 year ago

Ubuntu: 22.04 Nextcloud: 26 Apache2: 2.4.52 PHP: 8.1

I have been searching around trying to find how to get rid of these logs:

[Wed Apr 05 11:25:24.192444 2023] [proxy_fcgi:error] [pid 156064:tid 139900612372032] [client x.x.x.x:53800] AH01071: Got error 'PHP message: richdocumentscode (proxy.php) error exit, PID: 155816, Message: The param should be 'status' or 'req=...', but is: '''

[Wed Apr 05 11:25:31.308419 2023] [proxy_fcgi:error] [pid 156064:tid 139900612372032] [client x.x.x.x:53800] AH01071: Got error 'PHP message: richdocumentscode (proxy.php) error exit, PID: 155816, Message: No content in reply from coolwsd. Is SSL enabled in error ?'

I did a fresh install of Nextcloud 26 and then installed and enabled the Built-in CODE Server using the admin WebUI in Nextcloud. Document editing works, but I can't seem to get rid of the apache errors. I'm not using docker containers and it is not behind a reverse proxy. I'm not sure what triggers the first log, but the SSL log seems to trigger on closing a document.

WOPI URL:

https://cloud.asfdjklmnop.com/apps/richdocumentscode/proxy.php?req=

My apache configuration is below:

DocumentRoot "/path/to/nextcloud/"
ServerName cloud.asfdjklmnop.com

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>

# Enable h2, h2c and http1.1
Protocols h2 h2c http/1.1

# Solves slow upload speeds caused by http2
H2WindowSize 5242880

# SSL
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/cloud.asfdjklmnop.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.asfdjklmnop.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/cloud.asfdjklmnop.com/chain.pem
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

# Disable HTTP TRACE method.
TraceEnable off
<Files ".ht*">
    Require all denied
</Files>

# Support big file uploads
LimitRequestBody 0

<Directory "/">
    Satisfy Any
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews

    <IfModule mod_dav.c>
        Dav off
    </IfModule>
</Directory>

Note: cloud.asfdjklmnop.com is not actually my domain and is just a made up placeholder.

DerP4si commented 1 year ago

I don't know if my solution fits your problem but i had problems with the ssl:enable stuff myself... in my case the nc is behind a apache2 reverse proxy and i had to enable 2 header options... This is my config: of course (MYDOMAIN) equals something like blabla.com and the (NC-SERVER-IP) is the local server ip like: 192.168.x.x ...

<IfModule mod_ssl.c>
<VirtualHost *:443>
 ServerName www.(MYDOMAIN)
 ProxyPreserveHost On 
 DocumentRoot /var/www/html
 ProxyPass /.well-known !
 ProxyPass / http://(NC-SERVER-IP):80/ flushpackets=on
 ProxyPassReverse / http://(NC-SERVER-IP):80/
 LimitRequestBody 0

 RequestHeader set X-Forwarded-SSL "1"
 RequestHeader set X-Forwarded-Proto "https" env=HTTPS

 <IfModule mod_headers.c>
   RewriteEngine On
   Header always set Strict-Transport-Security "max-age=15768000; preload"
   Redirect 301 /.well-known/carddav https://www.(MYDOMAIN)/remote.php/dav
   Redirect 301 /.well-known/caldav https://www.(MYDOMAIN)/remote.php/dav
   Redirect 301 /.well-known/webfinger https://www.(MYDOMAIN)/index.php/.well-known/webfinger
   Redirect 301 /.well-known/nodeinfo https://www.(MYDOMAIN)/index.php/.well-known/nodeinfo
 </IfModule>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/(MYDOMAIN)-0003/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/(MYDOMAIN)-0003/privkey.pem
</VirtualHost>
</IfModule>

Let me know if this helps. It should be added to the documentation anyway.

mrAceT commented 1 year ago

I tried this also, didn't work for me, but this did: https://github.com/CollaboraOnline/richdocumentscode/issues/186#issuecomment-1579477529

Githopp192 commented 11 months ago

nc 27.1.4, PHP 8.2,mariadb1 10.6:

richdocumentscode (proxy.php) error exit, PID: 602582, Message: The param should be 'status' or 'req=...', but is: richdocumentscode (proxy.php) error exit, PID: 602626, Message: No content in reply from coolwsd. Is SSL enabled in error ?

Do not have got a proxy, running the nc through ssl domain.

nextcloud office seems to work without issues !?