anyone can connect to it and edit documents to their hearts content - which would waste my resource but also expose a potential security issue.
I just use onlyoffice.x.com to check. Does the Document Server is running or not (now it got redirected to NextCloud instead of onlyoffice.x.com/welcome, I do not know why). I also do not give a SSL for onlyoffice.x.com since I think it’s only a redirect to onlyoffice.x.com/welcome to check whether the document server is running or not (is this true?). As of right now, everything works perfectly. I am not sure if this could be a potential security issues and potentially waste resource.
You can set a password in the OnlyOffice configuration which would have to be provided by any client trying to use the server. This makes it very secure, and it’s what I do - precisely to prevent unauthorized access to my document server.
Start here:
And don’t forget to add the very same password to your Nextcloud OnlyOffice app configuration.