search

ONLYOFFICE / Docker-DocumentServer

ONLYOFFICE Document Server is an online office suite comprising viewers and editors for texts, spreadsheets and presentations, fully compatible with Office Open XML formats: .docx, .xlsx, .pptx and enabling collaborative editing in real time.
GNU Affero General Public License v3.0
1.43k stars 494 forks source link

nginx - SSL - CA seems not used #626

Closed 4lex11s closed 2 weeks ago

4lex11s commented 1 year ago

Hello,

Thank you for your software!

After a fresh installation, when I would like to edit a document from the example page, I received "The editor is loaded with the "The document could not be saved" message. Looking in the logs, I encounter a self-signed certificate error although the external CA certificate is in the Data folder with the right name : "userid":"uid-1"}]} Error: self signed certificate in certificate chain

And it's also the right CA certificat:

 pwd
       /var/www/onlyoffice/Data/certs
openssl verify -verbose -x509_strict  -CAfile ca-certificates.pem onlyoffice.crt
    onlyoffice.crt: OK
ls /var/www/onlyoffice/Data/certs
      ca-certificates.pem  dhparam.pem  onlyoffice.crt  onlyoffice.key
env
    SSL_CERTIFICATES_DIR=/var/www/onlyoffice/Data/certs

Furthermore, the used certificate is signed by only one certificate authority

Insecure Workaround -e USE_UNAUTHORIZED_STORAGE=true

How to reproduce

extPrt=80
CtPrt=80
extPrtSSL=443
CtPrtSSL=443

domaine="docs.example.fr"
OOdata=/var/local/onlyoffice/$domaine
OODocs=/var/local/onlyoffice/$domaine/docs
OOCache=/var/local/onlyoffice/$domaine/cache

OOrepertoires=("$OOdata" "$OODocs" "$OOCache")
for i in ${OOrepertoires[@]}; do mkdir -p $i -v ;done

sudo docker run -i -t -p $extPrt:$CtPrt -p $extPrtSSL:$CtPrtSSL  --restart=always \
    -e JWT_ENABLED=false \
    -e SSL_VERIFY_CLIENT=optional  -e NODE_TLS_REJECT_UNAUTHORIZED=0 \
    -e SSL_CERTIFICATES_DIR=/var/www/onlyoffice/Data/certs  \
    --hostname $domaine \
    -v $OOdata:/var/www/onlyoffice/Data \
    -v $OODocs:/var/log/onlyoffice \
    -v $OOCache:/var/lib/onlyoffice \
    --name $domaine \
     onlyoffice/documentserver

Did this work in previous versions of DocumentServer? no

DocumentServer Docker tag: & Host Operating System:

docker image ls
REPOSITORY                  TAG       IMAGE ID       CREATED        SIZE
onlyoffice/documentserver   latest    0da47c251add   2 months ago   2.84GB
onlyoffice/documentserver   5.6       f68fd6406374   2 years ago    2.16GB

lsb_release --codename --short
    jammy

Thanks in advance!

igwyd commented 1 month ago

Hello @4lex11s, sorry for the late reply. We added new docker variable for your own CA - NODE_EXTRA_CA_CERTS, describtion here available-configuration-parameters.

Rita-Bubnova commented 2 weeks ago

This issue was closed due no response.