Anyone tried OnlyOffice document server?

Could you give us any information on how to secure Onlyoffice DocumentServer from access by non autorized Nextcloud instances?

And about the bug on post above you showing that Onlyoffice does not work if encryption is enabled?

1 Like

Hello!
Later we will implement a more advanced solution JWT and inform you about it.
In the current version of DS you may restrict access from alternative ownCloud, NextCloud or other file storages by editing Document Server configuration file /etc/onlyoffice/documentserver/default.json. Find the section 'filter’ and change it to the following look :

           "ipfilter": {
                   "rules": [
                     {
                       "address": "owncloud_IP_or_DN",
                       "allowed": true
                     },
                     {
                       "address": "*",
                       "allowed": false
                     }
                   ],
                   "useforrequest": true,
                   "errorcode": 403
                 }
1 Like

How can I do this with the Docker container?

And how is it possible to load files from encrypted Nextcloud storage with the Onlyoffice DocumentServer?

thats simple.
check your ID with docker ps
its the id with the name: onlyoffice/documentserver
then you enter it with
docker exec -it IMAGEID /bin/bash

after that you follow the instruction from JohnPerkin
But remember, if you update the documentserver with docker pull, you have to do that again.

1 Like

Unfortunately current version of ONLYOFFICE does not support working with encrypted storages. We will take this moment into consideration.

1 Like

I have one question about the filter setting. After you changed that, do you need to restart any service or the dockerimage, or does it read the /default.json file every call?
ok I tested it, you need to restart the image or service, but it works you get the blockmessage, after it loads onlyoffice.
That is fine for me, thanks :slight_smile:

Hello!
After editing configuration file use the command 'supervisorctl restart all’ if you are using .deb or .rpm-installed Document Server. For Docker version enter the container with 'docker exec -it container_ID /bin/bash' and then run 'supervisorctl restart all'.
Thank you for the interest in ONLYOFFICE.

1 Like

Since this seems to be working quite well now, are there also plans to update the integration with owncloud/nextcloud of the community server?

Well, you can use both ownCloud and Nextcloud as a cloud storage for Community. Here’s information from official ONLYOFFICE Help Center. Nextcloud is not on the list, but de facto it’s working.

That is cool, I thought it broke a while ago.
How about caldav support for the calendar to be able to subscribe to editable calendars? ICal only works read only sadly.

Will pass this idea to the developers :slight_smile:

Thanks for the help. It works now

It would be very useful for anyone using encrypted storage, especially external cloud services configured inside Nextcloud which are not considered trustworthy and therefore everything is stored encrypted.

Hi,
i tried it but it wont start and i am confused what to install. i want to install the docker version and have to use a different port like 8888 with http, its all for testing on local system. after installed docker like the howto said i called the site on testserver:8888, but got not correct installed message. I use debian jessie with latest docker and nc version. i am also interested in the restrictions / limits of onlyoffice, like the limit of documents opend or sessions.

I installed the latest community docker version of onlyoffice. Put my company’s official SSL certificate on it, and it works like a charm. Now, I want/need to restrict access.
In the docker image there is no /etc/onlyoffice/documentserver/default.json file. The directory /etc/onlyoffice/documentserver/ exists though.
The problem is: if in create a default.json file with this content :

{
"services": {
	"CoAuthoring": {
		"ipfilter": {
               "rules": [
                 {
                   "address": "ocloud.xxx.nl",
                   "allowed": true
                 },
				{
                   "address": "ocloudtest.xxx.nl",
                   "allowed": true
                 },
                 {
                   "address": "*",
                   "allowed": false
                 }
               ],
               "useforrequest": true,
               "errorcode": 403
		},
	}
}
}

It wont start anymore. What am I doing wrong?

I used it in the non-docker version and the restriction works fine, but this default.json has a lot more details than just the above. I would look if it is maybe stored at a different location in the docker version.

1 Like

The file is in the same location in the standard Docker container. Did you map it to the host system somewhere? What happens if you recreate the container?

1 Like

That file did not exist in the docker image was using at the time(or maybe i deleted it?), so thats why I created it(but did not have the rest on the file obviously). Today I pulled a new version, and the file was there. I added the rules, and it worked immediately.

Dear John,

are there any news on OnlyOffice in conjunction with encrypted storages? Or could you tell us if this is high priority for you or not – respectively will last over one year or more to be implemted?

Thx,
Michael

I can’t speak for OnlyOffice, but unless there’s a transfer of key files (which has to come from Nextcloud server or even via you) then OnlyOffice can’t process end to end encrypted files. You have to decrypt it first.

That said, if you enable server-side encryption (which is not exactly a terrible option!) then yes, OnlyOffice can edit those files since the server decrypts the file before sending it to the OnlyOffice server.