search

ONLYOFFICE / onlyoffice-nextcloud

The app which enables the users to edit office documents from Nextcloud using ONLYOFFICE Document Server, allows multiple users to collaborate in real time and to save back those changes to Nextcloud
GNU Affero General Public License v3.0
563 stars 161 forks source link

Problematic Documentation for Integration with Nextcloud #79

Open c0fe opened 5 years ago

c0fe commented 5 years ago

Do you want to request a feature or report a bug? Bug What is the current behavior? Incorrect documentation for integrated onlyoffice with Nextcloud If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.

I am trying to integrate OnlyOffice with Nextcloud (version 15) but I am running into issues.

I have a setup in which I have NextCloud and Onlyoffice running on two local servers behind an NGiNX reverse proxy that handles SSL termination. So the setup is:

[INTERNET] ==> [NGINX PROXY] ==> [ONLYOFFICE]/[NEXTCLOUD]

I have pulled the documentation from here:

https://helpcenter.onlyoffice.com/server/document/document-server-proxy.aspx

But I am getting issues with using the site configuration:

# Use this example for proxy HTTPS traffic to the document server running at 'backendserver-address'.
# Replace {{SSL_CERTIFICATE_PATH}} with the path to the ssl certificate file
# Replace {{SSL_KEY_PATH}} with the path to the ssl private key file

upstream docservice {
  server [LOCAL_IP_OF_ONLYOFFICE_SERVER];
}

map $http_host $this_host {
    "" $host;
    default $http_host;
}

map $http_x_forwarded_proto $the_scheme {
     default $http_x_forwarded_proto;
     "" $scheme;
}

map $http_x_forwarded_host $the_host {
    default $http_x_forwarded_host;
    "" $this_host;
}

map $http_upgrade $proxy_connection {
  default upgrade;
  "" close;
}

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $the_host;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

## Normal HTTP host
server {
  listen 80;
  listen [::]:80 default_server;
  server_name onlyoffice.server.com;
  server_tokens off;

  ## Redirects all traffic to the HTTPS host
  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
  rewrite ^ https://$host$request_uri? permanent;
}

server {
  listen 443 ssl;
  listen [::]:443 ssl default_server;
  server_tokens off;
  root /usr/share/nginx/html;

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  ssl on;
  ssl_certificate /etc/letsencrypt/live/onlyoffice.server.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/onlyoffice.server.com/privkey.pem;
  ssl_verify_client off;

  ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_cache  builtin:1000  shared:SSL:10m;

  ssl_prefer_server_ciphers   on;

  add_header Strict-Transport-Security max-age=31536000;
  # add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
  ## Replace with your ssl_trusted_certificate. For more info see:
  ## - https://medium.com/devops-programming/4445f4862461
  ## - https://www.ruby-forum.com/topic/4419319
  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  # resolver_timeout 10s;

  ## [Optional] Generate a stronger DHE parameter:
  ##   cd /etc/ssl/certs
  ##   sudo openssl dhparam -out dhparam.pem 4096
  ##
  # ssl_dhparam /etc/ssl/certs/dhparam.pem;

  location / {
    proxy_pass http://docservice;
    proxy_http_version 1.1;
  }
}

When I use this site configuration the domain "onlyoffice.server.com" resolves to my default website which in this case is my Nextcloud server.

The documentation here is not clear or is incorrect.

What is the expected behavior?

Did this work in previous versions of DocumentServer?

DocumentServer version:

Operating System: Ubuntu 18.04 Browser version: Chrome 74

alexanderonlyoffice commented 4 years ago

@c0fe, please specify if the servers are accessible for each others. You can check it with wget command: wget https://nextcloud_address/ from the server with Document Server and wget https://documentserver_address/ from the server with Nextcloud.

Can Document Server's domain name be resolved from the machine where it is installed? Please try to execute wget https://documentserver_domain_name/ on the server with the Document Server.

Check also the logs of the Document Server and Nginx logs. Logs of the Document Server are in folder /app/onlyoffice/DocumentServer/logs/documentserver/ (for Docker installation) and /var/log/onlyoffice/documentserver/logs (for DEB/RPM installation).

You can try to add the domain names connected to the ip addresses in /etc/hosts files on each server correspondingly.

Please note that this is a working example of the config for proxy.

alexanderonlyoffice commented 4 years ago

@c0fe, please describe also the problem you encounter in more details, if you see any errors, please send us the screenshots.