I want to connect NextCloud and OnlyOffice using the internal IP of NAT configuration

[Lucas-Baek-HYU]

Dear @All,

Hello :) I have my NextCloud and built OnlyOffice locally.

For personal convenience and study I am trying to combine these. However, the following problems occurred.

Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted.) (version 7.5.1.23)

I guessed from many other questions and answers that this would be a JWT issue. So I tried the solution below:

1. In "{OnlyOffice Document Server PATH}/local.json”, modify JWT contents as follows.
   • Add "CoAuthoring", "request-filtering-agent": { "allowPrivateIPAddress": true, "allowMetaIPAddress": true },
   • Modify "token", "inbox": { "header": "AuthorizationJwt", "inBody": false }, "outbox": { "header": "AuthorizationJWT", "inBody": false }
2. In "{OnlyOffice Document Server PATH}/nginx/ds.conf", modify secure link secret as follows.
   • Modify "secure_link_secret", set $secure_link_secret {MY_STORAGE_SECRET_STRING in local.json};
3. In "{NextCloud PATH}/config/config.php", modify JWT contents as follows.
   • Add "onlyoffice", 'onlyoffice' => array( 'verify_peer_off' => true, 'allow_local_remote_servers' => true, 'jwt_secret' => '{JWT_SECRET_STRING in local.json}', 'jwt_header' => 'AuthorizationJwt', ),

But it didn't solve my problems, I checked the log file. (/var/log/onlyoffice/documentserver/converter/out.log) And I confirmed that this error was occurring.

Error: DNS lookup {MY_IP}(family:{NUM}, host:{MY_CLOUD_DOMAIN}) is not allowed. Because, It is private IP address. at validateIPAddress (/snapshot/server/build/server/Common/node_modules/request-filtering-agent/lib/request-filtering-agent.js:71:20)

And, at TLSSocket. (/snapshot/server/build/server/Common/node_modules/request-filtering-agent/lib/request-filtering-agent.js:88:21) at TLSSocket.emit (events.js:400:28) at emitLookup (net.js:1055:12) at /snapshot/server/build/server/Common/node_modules/dnscache/lib/index.js:80:28 at /snapshot/server/build/server/Common/node_modules/dnscache/lib/cache.js:116:13 at RawTask.call (/snapshot/server/build/server/Common/node_modules/asap/asap.js:40:19) at flush (/snapshot/server/build/server/Common/node_modules/asap/raw.js:50:29) at processTicksAndRejections (internal/process/task_queues.js:77:11)

I thought it might simply be an issue with the JWT, but the logs seem to be pointing to a problem with my NAT configuration. And I referred to the official document below. Both my NextCloud and OnlyOffice are already managed in /etc/hosts. (https://helpcenter.onlyoffice.com/installation/groups-nat-docker.aspx)

Additionally, I am authenticating over HTTPS using a private certificate (certificate chain self-signed with OpenSSL). Therefore, Disable certificate verification (insecure) is checked in the OnlyOffice settings window in my NextCloud.

Of course, before checking the logs I also tried disabling JWT. But still I can't solve this problem. Are there any more things I can try?

If anyone has had a similar problem or has a way to solve it, please help me.

[RSerejo]

Maybe an angel bring the answer why i want know too

[SergeyKorneyev]

Hello,

Setting the allowPrivateIPAddress parameter to true should have prevented the error in the converter logs from appearing. Do you restart the Document Server services with the supervisorctl restart all command inside the container to apply the changes to the config?

Additionally, if you're using self-signed certificates for both Docs and Nextcloud and wish to disable certificate verification, you need to do it for both sides: the checkbox in the connector settings only disables it for Nextcloud. For Docs, you need to set the rejectUnauthorized parameter to false: https://helpcenter.onlyoffice.com/installation/docs-developer-configuring.aspx#services-CoAuthoring-requestDefault-rejectUnauthorized.