Integrating Onlyoffice and nextcloud 12.0.4

Filip_Francis · January 5, 2018, 11:04pm

Hi all,

I am trying already for days to get onlyoffice to work with nextcloud.
So far the onlyoffice document server is running when i go to the https:///welcome it says its running.
So the ssl encryption is working with letsencrypt so that’s not an issue.
When i enable the onlyoffice in nextcloud and add https:// i am not getting any error message
So then i go to a document or ediit a new document i just get a blank page.
no errors what so ever.
So i followed the following installation https://www.linuxbabe.com/ubuntu/integrate-nextcloud-onlyoffice
but no luck its driving me crazy already working on this for days.

so can somebody help me to debug this
REgards
Filip

Krischan · January 6, 2018, 6:15am

You need to provide a few more details. Is there anything unusual in the browser console (press f12) when you try to open a document in nextcloud?
Have you tried a different browser?

Is only office running under a different domain or subdomain? My pure guess is that it might be a cross site scripting issue.

Filip_Francis · January 6, 2018, 9:30am

Hi,
Ok just been checking on that option.
and getting in the console the following messages.
Load denied by X-Frame-Options: https:///2017-12-07-11-28/web-apps/apps/documenteditor/main/index.html?_dc=2017-12-07-11-28&lang=en&customer=ONLYOFFICE&frameEditorId=iframeEditor does not permit cross-origin framing.
So i have been checking the nginx conf file and i have pput the following line in there:
proxy_set_header X-Frame-Options SAMEORIGIN;
in my reverse proxy server that is a NGINX system.
So also checked the nginx config file on the onlyoffice system and there is nt proxy_set_header
restarted everything and still getting the same error.
This is on firefox 52.0.2 so i will try on a different system with chrome and iexplorer
REgards
Filip

Filip_Francis · January 6, 2018, 9:32am

Ok now i used a different version of web browser iexplorer and that is also saying issue with iframe
getting this error
this content cannot be displayed in a iframe
so openend an other window and now i am getting the page where its loading loading
but no document
REgards
Filip

Krischan · January 6, 2018, 10:48am

Is probably the opposite of what you want as it specifically disallows cross-domain iframes AFAIK.

Filip_Francis · January 6, 2018, 10:52am

Krischan,
ok so what should it be then
Filip

Krischan · January 6, 2018, 11:36am

Something else

Honestly not an expert on it either and struggling with a similar issue with another external site right now.
But you really need to provide more details on your setup, for example this URL you posted looks really strange:

Also did you try with Chrome or Chromium? Im my experience it is a bit less strict on such issues than Firefox and thus might give you some pointers where it fails.

Schmu · January 7, 2018, 9:47pm

@Filip_Francis Could you show us all your header settings with some indication for what they are (onlyoffice, nextcloud).
Then I can help you what you need to define, to make it work.

Filip_Francis · January 9, 2018, 8:22am

Waht do you mean with header settings?
The setup is the following.
I have in front of the nextcloud a nginx reverse proxy that connects to the nextcloud server running apache.
Then Onlyoffice is running on a debian machine (as nextcloud is running a Omnios) and onlyoffice is also in front of the nginx reverse proxy.

SO maybe its this you need
GET
https://flupke.homeunix.org/apps/files_reader/js/plugin.js [HTTP/2.0 200 OK 0ms]
Content Security Policy: Ignoring “‘unsafe-inline’” within script-src or style-src: nonce-source or hash-source specified (unknown)
Content Security Policy: Directive ‘frame-src’ has been deprecated. Please use directive ‘child-src’ instead. (unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src ‘nonce-SkRVcWhBUnY5TS9vVlQwS1dJdUZraU1LemlyRHI3bTQ3TEs2S0V6enFOTT06U2w5NDkwd0FyZmVzWkF4bkZiTEN5MFJmdUIrczQ1TDBoOXp5R0hYYy9wUT0=’ https://office9800.homeunix.org/ ‘unsafe-inline’ ‘unsafe-eval’”). Source: ;!function(){var t=0,e=function(t,e){ret… 72735:1
JQMIGRATE: Migrate is installed, version 1.4.0 core.js:7:542
GET
https://flupke.homeunix.org/core/search/js/search.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/apps/apporder/js/apporder.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/apps/files_pdfviewer/js/previewplugin.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/index.php/js/core/merged-share-backend.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/apps/files_reader/js/plugin.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/apps/files_videoplayer/js/viewer.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/index.php/js/notifications/merged.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/apps/workin2gether/js/workin2gether_v3.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/core/js/jquery-ui-fixes.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/core/js/files/fileinfo.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/core/js/files/client.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/core/js/contactsmenu.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/apps/onlyoffice/js/editor.js [HTTP/2.0 200 OK 34ms]
Headers
Params
Response
Cookies
Accept-RangesbytesCache-Controlmax-age=15778463Content-EncodinggzipContent-Length1464Content-Typeapplication/javascriptDateTue, 09 Jan 2018 08:20:44 GMTEtag"eb2-560eef49a0e53-gzip"Last-ModifiedFri, 22 Dec 2017 14:51:45 GMTServerNone of Your BusinessVaryAccept-Encoding,User-AgentX-Content-Type-Optionsnosniff, nosniff, nosniffX-Firefox-Spdyh2X-Frame-OptionsDENYX-Robots-TagnoneX-XSS-Protection1; mode=block, 1; mode=blockx-download-optionsnoopenx-permitted-cross-domain-policiesnone
Accept*/*Accept-Encodinggzip, deflate, brAccept-Languageen-US,en;q=0.5Connectionkeep-aliveCookienc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oc_music_volume=75; ocgit2mwvy4k=8ab3h8bol51af8ema0kahca55l; oc_sessionPassphrase=t3uto7t4Phhv4Wm3%2BSXH716ukKAbsJAclqA8yPWbXUWP6NvzGB1Io%2BrIeITR6bbB4OarP8uDX4EhPyrKdzJ%2FaexMRJabQtWIaxycejhpA92YuRGYdjyP3Ly3mQCzRzxOHostflupke.homeunix.orgUser-AgentMozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0

GET
https://flupke.homeunix.org/index.php/apps/theming/js/theming [HTTP/2.0 200 OK 0ms]
GET
XHR
https://flupke.homeunix.org/index.php/apps/onlyoffice/ajax/config/72735 [HTTP/2.0 200 OK 144ms]
Headers
Response
Cookies
Call Stack
Cache-Controlno-cache, no-store, must-revalidateContent-EncodinggzipContent-Length513Content-Typeapplication/json; charset=utf-8DateTue, 09 Jan 2018 08:20:44 GMTExpiresThu, 19 Nov 1981 08:52:00 GMTPragmano-cacheServerNone of Your BusinessVaryAccept-Encoding,User-AgentX-Content-Type-Optionsnosniff, nosniff, nosniffX-Firefox-Spdyh2X-Frame-OptionsSAMEORIGIN, DENYX-Powered-ByPHP/7.1.12X-Robots-TagnoneX-XSS-Protection1; mode=block, 1; mode=blockcontent-security-policydefault-src ‘none’;base-uri ‘none’;manifest-src ‘self’;script-src ‘nonce-a3NPbHRxcTg3ZXczOGFIelVjejBZSGxNMEttNkdPd2MxZ1cyQVBPdnhpVT06L0tuM3hlTFR0TlJ6d0pDZUhQV3pPUjRacHB6VlZNZFF2V3YrTU1xQWtHST0=’ ‘unsafe-eval’;style-src ‘self’ blob: ‘unsafe-inline’;img-src ‘self’ data: blob: https://source.unsplash.com https://images.unsplash.com;font-src ‘self’;connect-src ‘self’;media-src ‘self’ data:;frame-src ‘self’;child-src 'self’x-download-optionsnoopenx-permitted-cross-domain-policiesnone
Accept*/*Accept-Encodinggzip, deflate, brAccept-Languageen-US,en;q=0.5Connectionkeep-aliveCookienc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oc_music_volume=75; ocgit2mwvy4k=8ab3h8bol51af8ema0kahca55l; oc_sessionPassphrase=t3uto7t4Phhv4Wm3%2BSXH716ukKAbsJAclqA8yPWbXUWP6NvzGB1Io%2BrIeITR6bbB4OarP8uDX4EhPyrKdzJ%2FaexMRJabQtWIaxycejhpA92YuRGYdjyP3Ly3mQCzRzxOHostflupke.homeunix.orgOCS-APIREQUESTtrueUser-AgentMozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0X-Requested-WithXMLHttpRequestrequesttokenJDUqhARv9M/oVT0KWIuFkiMKzirDr7m47LK6KEzzqNM=:Sl9490wArfesZAxnFbLCy0RfuB+s45L0h9zyGHXc/pQ=

Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user’s experience. For more help http://xhr.spec.whatwg.org/ core.js:4:14346
GET
XHR
https://flupke.homeunix.org/index.php/apps/apporder/getOrder [HTTP/2.0 200 OK 92ms]
GET
XHR
https://flupke.homeunix.org/ocs/v2.php/apps/notifications/api/v2/notifications [HTTP/2.0 200 OK 129ms]
POST
XHR
https://flupke.homeunix.org/index.php/apps/workin2gether/ajax/getcolor.php [HTTP/2.0 200 OK 102ms]
POST
XHR
https://flupke.homeunix.org/index.php/apps/workin2gether/ajax/getcolor.php [HTTP/2.0 200 OK 110ms]
GET
https://office9800.homeunix.org/web-apps/apps/documenteditor/main/index.html [HTTP/2.0 302 Found 27ms]
GET
https://office9800.homeunix.org/2017-12-07-11-28/web-apps/apps/documenteditor/main/index.html [HTTP/2.0 200 OK 31ms]
Headers
Params
Response
Cookies
Cache-Controlmax-age=31536000Content-EncodinggzipContent-Typetext/htmlDateTue, 09 Jan 2018 08:20:45 GMTEtagW/"5a2925e4-2dc8"ExpiresWed, 09 Jan 2019 08:20:45 GMTLast-ModifiedThu, 07 Dec 2017 11:28:36 GMTServerNone of Your BusinessStrict-Transport-Securitymax-age=15768000VaryAccept-EncodingX-Content-Type-Optionsnosniff, nosniffX-Firefox-Spdyh2X-Frame-OptionsSAMEORIGIN, DENYX-XSS-Protection1; mode=block
Accepttext/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Encodinggzip, deflate, brAccept-Languageen-US,en;q=0.5Connectionkeep-aliveCookie_ym_uid=15139769841027519395; _ga=GA1.3.256061103.1513976986Hostoffice9800.homeunix.orgUpgrade-Insecure-Requests1User-AgentMozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0

Load denied by X-Frame-Options: https://office9800.homeunix.org/2017-12-07-11-28/web-apps/apps/documenteditor/main/index.html?_dc=2017-12-07-11-28&lang=en&customer=ONLYOFFICE&frameEditorId=iframeEditor does not permit cross-origin framing. (unknown)
[Passman extension] Stopping, vault key not set inject.js:388:21
GET
XHR
https://flupke.homeunix.org/ocs/v2.php/apps/notifications/api/v2/notifications [HTTP/2.0 200 OK 149ms]
GET
XHR
https://flupke.homeunix.org/ocs/v2.php/apps/notifications/api/v2/notifications [HTTP/2.0 200 OK 166ms]

Filip_Francis · January 9, 2018, 8:37am

Ok,

Now i have changed some things.
And now i get this:
Content Security Policy: Ignoring “‘unsafe-inline’” within script-src or style-src: nonce-source or hash-source specified (unknown)
Content Security Policy: Directive ‘frame-src’ has been deprecated. Please use directive ‘child-src’ instead. (unknown)
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src ‘nonce-Q3IwVWF1RllHYUpVU1FQWW5SZG1JbEF1TFFMTWM2VTBJTy9CdmpOQWJPUT06Wk5kR0dhazNRSm9RZURLMTBDNGhlemQ3V3plalA0NTRTNEdKamdwdk9xTT0=’ https://office9800.homeunix.org/ ‘unsafe-inline’ ‘unsafe-eval’”). Source: ;!function(){var t=0,e=function(t,e){ret… 72735:1
JQMIGRATE: Migrate is installed, version 1.4.0 core.js:7:542
Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user’s experience. For more help http://xhr.spec.whatwg.org/ core.js:4:14346
Load denied by X-Frame-Options: https://office9800.homeunix.org/2017-12-07-11-28/web-apps/apps/documenteditor/main/index.html?_dc=2017-12-07-11-28&lang=en&customer=ONLYOFFICE&frameEditorId=iframeEditor does not permit cross-origin framing.
Filip

Schmu · January 9, 2018, 10:14pm

Hi @Filip_Francis

Sorry for the late response. I actually meant the settings in the web server config like
add_header X-*****

I wanted to see if there are some obvious mistakes and then compare more in detail with my settings. Nevertheless I just found the time to see my settings and I came across the following header setting underneath the web server config for Onlyoffice:
add_header X-Frame-Options "ALLOW-FROM https://nextcloud.mydomain.net/" always;

So my config looks like this:

server {
listen 443 ssl http2;
server_name onlyoffice.mydomain.net;
 
server_tokens off;

***SSL-stuff***

## Headers
add_header Referrer-Policy "no-referrer";

add_header X-Frame-Options "ALLOW-FROM https://nextcloud.mydomain.net/" always;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

location / {
        proxy_pass         https://onlyoffice-docker;
        proxy_redirect     off;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
    }
}

I though about the Content-Security-Policy as well as possible reason for this problem, but I learned that the CSP is automatically defined within Nextcloud PHP files. While I didn’t change anything there, I believe my mentioned header setting might be enough. If not we need to look deeper into CSP.
However the main problem I see here is:

Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src ‘nonce-Q3***TT0=’ https://office9800.homeunix.org/ ‘unsafe-inline’ ‘unsafe-eval’”)

Filip_Francis · January 10, 2018, 4:01am

So its still not getting the iframe correctly
Regards
Filip

tabcom · January 11, 2018, 12:18am

It is recommended to spin up 2 Virtual Private Servers natively. Running 3 docker instances on a single host adds to the complexity. One of the benefits of using docker containers is that they include all dependencies and run out-of-the-box. One of the downsides of using docker containers is that they are not as easily modified as a native installation. For example, enabling HTTPS using LetsEncrypt certs inside a docker container is a challenge in itself. A native (non-docker) installation is less memory intensive and offers slightly better performance.

We simply run Community Server and Document Server as two subdomains i.e. Community server as “portal.mydomain.com” and Document Server as “docs.mydomain.com”. After registering the main domain name “mydomain.com” you can use the Domain Name System control panel of our domain name registrar and create two DNS A records for subdomains and point to the IP address of the respective Virtual Private Servers where you installed Community Server and Document Server.

We have ONLYOffice + nextCloud in production on a number of Virtual Private Servers and can provide technical assistance to businesses and individuals.

Filip_Francis · January 11, 2018, 5:55am

Those are 3 seperated systems
so one with nginx as reverse proxy to nextcloud and to the only office.
nextcloud is running on one system and onlyoffice is running on an other system
So its seperated.
but still iframe issue ands do not see where its coming from
Filip

tabcom · January 11, 2018, 10:38am

I have in front of the nextcloud a nginx reverse proxy that connects to the nextcloud server running apache.
Then Onlyoffice is running on a debian machine (as nextcloud is running a
Omnios) and onlyoffice is also in front of the nginx reverse proxy.

This needs clarification, especially the use of a reverse proxy in your setup. Having another Nginx web server installation running in your network outside of the OnlyOffice + nextcloud server adds to the complexity. I am not familiar with Omnios.

It is generally best to take small steps and start with something that works that you can expand rather than with something complex that needs troubleshooting. Make it right before you make it faster.

I would spin up 1x Debian Jessie VPS with OnlyOffice Document Server and 1x VPS with nextcloud. Register 1 domain name and configure 2 subdomains “server1.mydomain.com” and “server2.mydomain.com” in your name registrar’s DNS control panel using DNS A records for each subdomain. Point each subdomain to the IP address of each server. Test both URLs in your internet browser. Only then activate the OnlyOffice integration app on your nextcloud server and see if it works.

Note that you can also run ONLYOffice Community Server (collaboration) on yet another VPS and use this as the main portal instead of nextCloud. You can connect both your nextcloud server (storage) AND ONLYOffice Document Server (document editing) to this ONLYOffice Community Server portal. I understand you simply want to use the ONLYOffice integration app on your nextcloud server to edit documents using ONLYOffice Document Server.

Please read the following carefully:

I can have a look at your installation if you like. Can’t post email addresses. Forum does not have private messaging. You can find us here: https://tablelandscomputers.com/contact/

pstech · May 24, 2018, 5:37am

Thanks @Schmu! Your

add_header X-Frame-Options "ALLOW-FROM https://nextcloud.mydomain.net/" always;

got onlyoffice working for me externally.