Another NextCloud / OnlyOffice Frustration

I run Nextcloud in a LXD container and access it via a reverse proxy. I run an OnlyOffice doc server in a container which accessible via a reverse proxy. Everything in the OnlyOffice Settings page confirms as accurate. The Docs address resolves both for internal and external requests. Both the NextCloud and OnlyOffice LXD containers run in a ProxMox environment.

The problem is as follows. On a separate workstation I can access the Nextcloud server - and OnlyOffice - one of two ways:

1. Via Firefox in a Debian 11 environment
2. Via Firefox in a LXD container (running Ubuntu 20.04) within the Debian 11 environment.

I prefer option 2 as containerization offers more security. And, honestly it works near flawlessly! Except for this:

1. Via Firefox outside of the LXD container:

Outside of LXD

1. Via Firefox inside of the LXD container:

Inside LXD

Not withstanding their virtual locations, they are exactly the same. Point in fact, they should have the same IP too as LXD NATs via bridge. So while the LXD container has a different IP internally, it would look just like the ip for Firefox operating on the host.

What makes the issue worse is that Error provides absolutely no information.

Anyone with any ideas?

Info:

OnlyOffice Container: Ubuntu 20.04.3 OnlyOffice Integration App v7.2 (i believe)

Nextcloud Container: Ubuntu 21.04 Nextcloud v23

You should check log files found in:

/var/log/onlyoffice/documentserver/converter/
/var/log/onlyoffice/documentserver/docservice/

where you probably will learn that you cannot access your Nextcloud from within your LXC container.

My bet is that you are resolving your Nextcloud server with a public address and you cannot access Nextcloud 443 port from your LXC with that public address.

One workaround might be to access your Nextcloud as an internal address in your OnlyOffice server thanks to /etc/hosts modification.

What I’m saying here it’s already written in the documentation: Connecting ONLYOFFICE Docs to Nextcloud - Requirements .

You need an instance of ONLYOFFICE Docs that is resolvable and connectable both from Nextcloud and any end clients. ONLYOFFICE Docs must be able to POST to Nextcloud directly.

If I’m not right please post relevant logs from onlyoffice so that we understand better your problem.

I’ll be honest, I having trouble following what you are saying so if what I say now seems redundant, I apologize.

As a reminder, the issue with Firefox that runs in a container as follows:

Computer A: Host (192.168.86.x/24) → Firefox Container (192.168.86.x/14)

Computer B: ProxMox (192.168.86.x/24) →

• HAProxy Container (192.168.86.x/24)
• Nextcloud Container (192.168.86.x/24)
• Onlyoffice Container (192.168.86.x/24)

When outside of 192.168.86.x/24 (i.e. in the wild, not tunneling back to LAN via VPN) I have absolutely no issues. (In this scenario, call it WANComp1 it is: Firefox (no container) → Public IP → HAProxy Container (SSL) → Nextcloud Container → OnlyOffice Container.

When inside of the LAN (192.168.86.x/24) and NOT using the Firefox Container it goes Host → Local DNS → HAProxy Container (SSL) → Nextcloud Container → OnlyOffice Container. This produces no issues (and never leaves the LAN).

The issue occurs when:
Host → Firefox Container → Local DNS → HAProxy Container (SSL) → Nextcloud Container → OnlyOffice Container. This produces the issue (and still never leaves the LAN).

Incidentally, using the Firefox Container I can successfully resolve and successfully test the document server (https://onlyoffice.domain.com/example)

The only time the issue occurs is when Nextcloud is attempting to interact with the Onlyoffice server when Nextcloud is accessed via Firefox in the Firefox container.

I have tried “hardwiring” the local IPs into the /etc/hosts files in the respective containers and that actually caused OnlyOffice to fail in every scenario.

To finish this off, here are my end of the day logs (and I see there are errors but I don’t know enough to know what they mean):

docserver out.log

converter out.log

And, as always, thank you, thank you for your help and assistance. I sincerely appreciate it.

Hi @MnchstrCityBlues79, I am not sure I understood everything about your installation (I have little knowledge).
But in my onlyoffice document server, I use a reserse proxy and I had to add some lines to solve the same problem.

check this link for more details : Using ONLYOFFICE Docs behind the proxy - ONLYOFFICE

The issue occurs when:
Host → Firefox Container → Local DNS → HAProxy Container (SSL) → Nextcloud Container → OnlyOffice Container. This produces the issue (and still never leaves the LAN).

That’s too complex but if it’s your setup I guess it’s ok.

To finish this off, here are my end of the day logs (and I see there are errors but I don’t know enough to know what they mean):

docserver out.log

converter out.log

That’s not how it works with logging. You need to identify that the errors happen after you trigger your problem. I mean… if you send me the log as a full file you should tell me the lines from the log before your test and the lines from the log after your test (i.e. tell me the timestamp where the test started).

Once I have that data I will be willing to check your logs.

Docserver out.log following failure to load.

[2022-01-27T00:00:19.299] [WARN] nodeJS - Express server starting...
[2022-01-27T00:00:19.302] [WARN] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of plugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2022-01-27T00:00:19.328] [WARN] nodeJS - Express server listening on port 8000 in production-linux mode. Version: 6.4.2. Build: 6
[2022-01-27T08:54:00.397] [ERROR] nodeJS - changesError: docId = 4231057572 Error: SecurityError: The operation is insecure. Script: https://onlyoffice.matthewaaronsmith.com/6.4.2-6/sdkjs/cell/sdk-all-min.js Line: 1256:0 userAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 platform: Linux x86_64 isLoadFullApi: true isDocumentLoadComplete: false StackTrace: SJ/this.wM@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/sdkjs/cell/sdk-all-min.js:1256:38
SJ@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/sdkjs/cell/sdk-all-min.js:1258:80
nd.prototype.fFf@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/sdkjs/cell/sdk-all-min.js:970:83
nd.prototype.XDe/this.xl.XOa@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/sdkjs/cell/sdk-all-min.js:961:229
nd.prototype.l_d@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/sdkjs/cell/sdk-all-min.js:169:154
nd.prototype.ne/this.Yl.XOa@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/sdkjs/cell/sdk-all-min.js:162:103
Wd.prototype.uHf@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/sdkjs/cell/sdk-all-min.js:186:430
Wd.prototype.YGf@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/sdkjs/cell/sdk-all-min.js:191:400
Wd.prototype.nHf@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/sdkjs/cell/sdk-all-min.js:196:348
Wd.prototype.$Ud/De.onmessage@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/sdkjs/cell/sdk-all-min.js:196:101
[5]</r.prototype.dispatchEvent@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/web-apps/vendor/sockjs/sockjs.min.js:2:2901
[14]</</r.prototype._transportMessage/<@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/web-apps/vendor/sockjs/sockjs.min.js:2:12862
[14]</</r.prototype._transportMessage@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/web-apps/vendor/sockjs/sockjs.min.js:2:12840
[3]</r.prototype.emit@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/web-apps/vendor/sockjs/sockjs.min.js:2:1767
[38]</r/this.ws.onmessage@https://onlyoffice.matthewaaronsmith.com/6.4.2-6/web-apps/vendor/sockjs/sockjs.min.js:3:4926

Converter out.log following failure to load:

[2022-01-27T00:00:18.920] [WARN] nodeJS - update cluster with 1 workers
[2022-01-27T00:00:18.926] [WARN] nodeJS - worker 15234 started.
[2022-01-27T00:00:18.931] [WARN] nodeJS - update cluster with 1 workers

The failure to load occurred at or around 08:54 AM EST

With respect to being too complex, I don’t fully understand why you think that