Nextcloud 14 requests OnlyOffice pages without SSL

Hi,

I hope someone can help.

Here is my architecture :

Nextcloud 14 is installed on Server 1 and accessible from (sorry for using pre-formatted text but as new user I can’t post more than 4 links…)

https://nextcloud.mydomain.tld

Nextcloud works fine.
I have installed Nextcloud following these instructions:

https://docs.nextcloud.com/server/14/admin_manual/installation/source_installation.html#example-installation-on-ubuntu-16-04-lts-server

Here is the configuration for server 1 :

Nextcloud 14
Ubuntu Server 16.04
Apache/2.4.34 (Ubuntu)
PHP OPcache
PHP-FPM
Cache php-apcu
SSL (Let’s Encrypt)
HTTP2

OnlyOffice Document Server is installed on Server 2 and accessible from https://onlyoffice.mydomain.tld
The page says:
Thank you for choosing ONLYOFFICE!
Document Server is running
I have installed Nextcloud following these instructions :

https://helpcenter.onlyoffice.com/server/linux/document/linux-installation.aspx

Here is the configuration for server 2 :

onlyoffice-documentserver 5.2.2-2
Ubuntu Server 16.04
Apache/2.4.18 (Ubuntu) --> Older than Server 1
SSL (Let’s Encrypt)

I use Apache as reverse proxy for OnlyOffice Document Server. I have changed the default port, OnlyOffice Document Server is listening on non-SSL port 8806.

Here is onlyoffice.mydomain.tld.conf :

<VirtualHost *:80>
        ServerName onlyoffice.mydomain.tld
        ServerAdmin me@domain.tld
        RewriteEngine On
        RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</VirtualHost>

<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerName onlyoffice.mydomain.tld
                ServerAdmin me@domain.tld

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
                Header always set Referrer-Policy "no-referrer"

                SSLCertificateFile /etc/letsencrypt/live/onlyoffice.mydomain.tld/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/onlyoffice.mydomain.tld/privkey.pem

                SSLEngine on
                SSLProtocol all -TLSv1 -TLSv1.1 -SSLv2 -SSLv3
                SSLHonorCipherOrder on
                SSLCompression off
                SSLOptions +StrictRequire
                SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

                ProxyPreserveHost On
                ProxyPass / http://127.0.0.1:8806/
                ProxyPassReverse / http://127.0.0.1:8806/
        </VirtualHost>
</IfModule>

What’s the problem ?

In Nextcloud (Server 1) I open the ~/index.php/settings/admin#onlyoffice page with administrative settings for ONLYOFFICE section. I Enter the following address to connect ONLYOFFICE Document Server: https://onlyoffice.mydomain.tld/ and I click on “Save”.

Then there is an error message a few seconds on the top of the page : “Error when trying to connect (Error occurred in the document service)”

And the Nextcloud logs are saying :

Error	onlyoffice	Request converted file on check error: http://onlyoffice.mydomain.tld/cache/files/conv_check_193202075_docx/output.docx/empty%3Fdoc%3DeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.docx?md5=cxvWUer2d8mV8dqkqwgCwg==&expires=1539006888&disposition=attachment&ooname=output.docx Error occurred in the document service	2018-10-08T15:39:47+0200

Error	PHP	file_get_contents(http://onlyoffice.mydomain.tld/cache/files/conv_check_193202075_docx/output.docx/empty%3Fdoc%3DeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.docx?md5=cxvWUer2d8mV8dqkqwgCwg==&amp;expires=1539006888&amp;disposition=attachment&amp;ooname=output.docx): failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden at /var/www/nextcloud/apps/onlyoffice/lib/documentservice.php#381

There is an error because Nextcloud is requesting OnlyOffice non-SSL pages (http://onlyoffice.mydomain.tld).

But onlyoffice.mydomain.tld is only accessible using SSL (https://onlyoffice.mydomain.tld).

Thanks for your help

i suggest you add:

‘onlyoffice’ => array ( ‘verify_peer_off’ => TRUE ),

to your config.php first, then after this we’d consider to have further steps to check.

thank you for helping

The error is exactly the same, so I have removed this line from config.php after testing your suggestion.

thank you for your response.

could you please check if your proxy has anything to do with it? maybe bypass it for a short period of time, just to check?

Unfortunately I have not much time for that. That simply doesn’t work and nobody seems to have the answer.

I will setup another dedicated server from my company with OnlyOffice and Nginx, without Apache (I needed Apache because I have other apps running on this server).

Anyway that was kind from you to help me.

Regards