Open julyusito opened 3 years ago
hi @julyusito, try adding all rights for files in /PATH_TO_DOCKER_VOLUMES/nextcloud-onlyoffice/var/lib/onlyoffice
directory. It looks like Nginx process don't have enough permission for files in /var/lib/onlyoffice/documentserver/App_Data/cache/files
.
In the second case, the root of the problem is JWT mismatch.
Hi @agolybev,
Thanks for the answer.
I set all rights for the /var/lib/onlyoffice directory into the container: chmod 777 /var/lib/onlyoffice/* -R
Same results
In the second case I check the JWT and post here the json config and nextcloud config:
"token": {
"enable": {
"request": {
"inbox": true,
"outbox": true
},
"browser": true
},
"inbox": {
"header": "AuthorizationJwt",
"prefix": "Bearer ",
"inBody": false
},
"outbox": {
"header": "AuthorizationJwt",
"prefix": "Bearer ",
"inBody": false
}
},
"secret": {
"inbox": {
"string": "secret"
},
"outbox": {
"string": "secret"
},
"session": {
"string": "secret"
}
}
and the nextcloud conf:
'onlyoffice' => array(
'verify_peer_off' => true,
'jwt_header' => "AuthorizationJwt",
'jwt_secret' => "secret",
),
Hello @agolybev,
I disabled the JWT on onlyoffice config:
"token": {
"enable": {
"request": {
"inbox": false,
"outbox": false
},
"browser": false
},
"inbox": {
"header": "AuthorizationJwt",
"prefix": "Bearer ",
"inBody": false
},
"outbox": {
"header": "AuthorizationJwt",
"prefix": "Bearer ",
"inBody": false
}
},
"secret": {
"inbox": {
"string": "secret"
},
"outbox": {
"string": "secret"
},
"session": {
"string": "secret"
}
}
And nextcloud config:
'onlyoffice' => array(
'verify_peer_off' => true,
),
even I change the default.json like this:
"ipfilter": {
"rules": [{"address": "*", "allowed": true}],
"useforrequest": true,
"errorcode": 403
},
The forbidden persist
Hello @agolybev
I've install from zero and disabled everything in JWT access
This is my setup: Internet - HAProxy (https) --> nextcloud (http) Internet - HAProxy (https) --> onlyoffice (http)
nextcloud and onlyoffice are in the same network and can talk between them nextcloud(container_external) <---> onlyoffice(conatiner_external)
nextcloud config.php: 'trusted_domains' => array ( 0 => 'cloud.XXXX.com.co', 1 => 'documentserver.XXXX.com.co', 2 => 'documentserver', 3 => 'nextcloud.XXXX.com.co', ) 'overwrite.cli.url' => 'https://cloud.XXXX.com.co', 'overwritehost' => 'cloud.XXXX.com.co', 'overwriteprotocol' => 'https',
Same error:
Hi everyone,
I set the debug mode in nginx and I see the path for cache files does not match with any regex expresion set in the /etc/nginx/includes/ds-docservice.conf file:
docker logs office_onlyoffice_1 | grep -e error -e notice
2021/05/26 12:37:06 [notice] 5963#5963: *1 "^/$" does not match "/healthcheck", client: 192.168.16.1, server: , request: "GET /healthcheck HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:06 [notice] 5963#5963: *1 "^\/OfficeWeb(\/apps\/.*)$" does not match "/healthcheck", client: 192.168.16.1, server: , request: "GET /healthcheck HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:06 [notice] 5963#5963: *1 "^(\/web-apps\/apps\/(?!api\/).*)$" does not match "/healthcheck", client: 192.168.16.1, server: , request: "GET /healthcheck HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:06 [debug] 5963#5963: *1 uploadprogress error-tracker error: 0
2021/05/26 12:37:06 [notice] 5963#5963: *3 "^/$" does not match "/coauthoring/CommandService.ashx", client: 192.168.16.1, server: , request: "POST /coauthoring/CommandService.ashx HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:06 [notice] 5963#5963: *3 "^\/OfficeWeb(\/apps\/.*)$" does not match "/coauthoring/CommandService.ashx", client: 192.168.16.1, server: , request: "POST /coauthoring/CommandService.ashx HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:06 [notice] 5963#5963: *3 "^(\/web-apps\/apps\/(?!api\/).*)$" does not match "/coauthoring/CommandService.ashx", client: 192.168.16.1, server: , request: "POST /coauthoring/CommandService.ashx HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:06 [debug] 5963#5963: *3 uploadprogress error-tracker error: 0
2021/05/26 12:37:06 [notice] 5963#5963: *5 "^/$" does not match "/ConvertService.ashx", client: 192.168.16.1, server: , request: "POST /ConvertService.ashx HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:06 [notice] 5963#5963: *5 "^\/OfficeWeb(\/apps\/.*)$" does not match "/ConvertService.ashx", client: 192.168.16.1, server: , request: "POST /ConvertService.ashx HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:06 [notice] 5963#5963: *5 "^(\/web-apps\/apps\/(?!api\/).*)$" does not match "/ConvertService.ashx", client: 192.168.16.1, server: , request: "POST /ConvertService.ashx HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:07 [debug] 5963#5963: *5 uploadprogress error-tracker error: 0
2021/05/26 12:37:07 [notice] 5963#5963: *7 "^/$" does not match "/cache/files/conv_check_417210437_docx/output.docx/check_417210437.docx", client: 192.168.16.1, server: , request: "GET /cache/files/conv_check_417210437_docx/output.docx/check_417210437.docx?md5=Qm2rHXrMD9bMmpZX_0BcFQ&expires=1622051528&disposition=attachment&filename=check_417210437.docx HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:07 [notice] 5963#5963: *7 "^\/OfficeWeb(\/apps\/.*)$" does not match "/cache/files/conv_check_417210437_docx/output.docx/check_417210437.docx", client: 192.168.16.1, server: , request: "GET /cache/files/conv_check_417210437_docx/output.docx/check_417210437.docx?md5=Qm2rHXrMD9bMmpZX_0BcFQ&expires=1622051528&disposition=attachment&filename=check_417210437.docx HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:07 [notice] 5963#5963: *7 "^(\/web-apps\/apps\/(?!api\/).*)$" does not match "/cache/files/conv_check_417210437_docx/output.docx/check_417210437.docx", client: 192.168.16.1, server: , request: "GET /cache/files/conv_check_417210437_docx/output.docx/check_417210437.docx?md5=Qm2rHXrMD9bMmpZX_0BcFQ&expires=1622051528&disposition=attachment&filename=check_417210437.docx HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:07 [error] 5963#5963: *7 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_417210437_docx/output.docx" failed (13: Permission denied), client: 192.168.16.1, server: , request: "GET /cache/files/conv_check_417210437_docx/output.docx/check_417210437.docx?md5=Qm2rHXrMD9bMmpZX_0BcFQ&expires=1622051528&disposition=attachment&filename=check_417210437.docx HTTP/1.1", host: "documentserver.XXXX.com.co"
2021/05/26 12:37:07 [debug] 5963#5963: *7 uploadprogress error-tracker error: 403
2021/05/26 12:37:07 [debug] 5963#5963: *7 uploadprogress error-tracker not tracking in this location
This is the content of /etc/nginx/includes/ds-docservice.conf file:
#welcome page
rewrite ^/$ $the_scheme://$the_host/welcome/ redirect;
#support old version
rewrite ^\/OfficeWeb(\/apps\/.*)$ $the_scheme://$the_host/6.2.2-21/web-apps$1 redirect;
#script caching protection
rewrite ^(\/web-apps\/apps\/(?!api\/).*)$ $the_scheme://$the_host/6.2.2-21$1 redirect;
#disable caching for api.js
location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps\/apps\/api\/documents\/api\.js)$ {
expires -1;
gzip_static on;
alias /var/www/onlyoffice/documentserver/$2;
}
#suppress logging the unsupported locale error in web-apps
location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps)(\/.*\.json)$ {
expires 365d;
error_log /dev/null crit;
gzip_static on;
alias /var/www/onlyoffice/documentserver/$2$3;
}
#suppress logging the unsupported locale error in plugins
location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(sdkjs-plugins)(\/.*\.json)$ {
expires 365d;
error_log /dev/null crit;
gzip_static on;
alias /var/www/onlyoffice/documentserver/$2$3;
}
location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\/.*)$ {
expires 365d;
gzip_static on;
alias /var/www/onlyoffice/documentserver/$2$3;
}
location ~* ^(\/cache\/files.*)(\/.*) {
alias /var/lib/onlyoffice/documentserver/App_Data$1;
add_header Content-Disposition "$arg_disposition; filename*=UTF-8''$arg_filename";
set $secret_string verysecretstring;
secure_link $arg_md5,$arg_expires;
secure_link_md5 "$secure_link_expires$uri$secret_string";
if ($secure_link = "") {
return 403;
}
if ($secure_link = "0") {
return 410;
}
}
# Allow internal service only from 127.0.0.1
location ~* ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(info|internal)(\/.*)$ {
allow 127.0.0.1;
deny all;
proxy_pass http://docservice/$2$3;
}
location / {
proxy_pass http://docservice;
}
location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?(\/doc\/.*) {
proxy_pass http://docservice$2;
proxy_http_version 1.1;
}
location /6.2.2-21/ {
proxy_pass http://docservice/;
}
The full nginx error log output is here:
did you manage to fix this?
Hi,
I've installed nextcloud and onlyoffice latest version within docker with this setup:
I'm not running any other script, just the docker setup, because it's on a NAS system
This is my setup on nextcloud:
All of this is behind a proxy (HAProxy):
All saves perfect on nextcloud and there is no error on logs, but when I open a file from nextcloud, throws the "Unknown error"
All healtcheck pass with "true" result
In the /var/log/onlyoffice/documentserver/nginx.error.log of onlyoffice show this: Permission denied 2021/05/19 05:37:19 [error] 13024#13024: *21 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/409621677/Editor.bin" failed (13: Permission denied), client: 192.168.16.1, server: , request: "GET /cache/files/409621677/Editor.bin/Editor.bin?md5=OMlXJtxJY4iPP0pXiy64sQ&expires=1624012640&disposition=attachment&filename=Editor.bin HTTP/1.1", host: "documentserver.XXXX.com.co", referrer: "https://documentserver.XXXX.com.co/6.2.2-21/web-apps/apps/documenteditor/main/index_loader.html?_dc=6.2.2-21&lang=es&customer=ONLYOFFICE&frameEditorId=iframeEditor&compact=true&parentOrigin=https://XXXX.XXXX.com.co"
If I use this setup on nextcloud:
There is an error on Nextcloud: Forbidden
Please help!