Nextcloud and Onlyoffice dockerized forbidden

Hi,

This is the info of my system.

System
**Operating system:** Linux 5.10.60-qnap #1 SMP Tue Dec 21 01:48:55 CST 2021 x86_64

**Webserver:** Apache/2.4.53 (Debian) (apache2handler)

**Database:** mysql 10.5.15

**PHP version:** 8.0.17

Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, ctype, curl, dom, fileinfo, filter, ftp, hash, iconv, json, mbstring, SPL, PDO, pdo_sqlite, session, posix, Reflection, standard, SimpleXML, Phar, tokenizer, xml, xmlreader, xmlwriter, mysqlnd, apache2handler, apcu, bcmath, exif, gd, gmp, imagick, intl, ldap, memcached, pcntl, pdo_mysql, pdo_pgsql, redis, sodium, zip, Zend OPcache

**Nextcloud version:** 23.0.3 - 23.0.3.2

**Updated from an older Nextcloud/ownCloud or fresh install:**

**Where did you install Nextcloud from:** unknown


List of activated apps
Enabled:
 - activity: 2.15.0
 - admin_audit: 1.13.0
 - announcementcenter: 6.1.1
 - apporder: 0.15.0
 - checksum: 1.1.3
 - circles: 23.1.0
 - cloud_federation_api: 1.6.0
 - comments: 1.13.0
 - contactsinteraction: 1.4.0
 - dashboard: 7.3.0
 - dav: 1.21.0
 - drawio: 1.0.2
 - duplicatefinder: 0.0.13
 - event_update_notification: 1.4.0
 - external: 3.10.2
 - extract: 1.3.3
 - federatedfilesharing: 1.13.0
 - files: 1.18.0
 - files_accesscontrol: 1.13.0
 - files_antivirus: 3.2.2
 - files_downloadactivity: 1.12.0
 - files_external: 1.15.0
 - files_fulltextsearch: 23.0.0
 - files_fulltextsearch_tesseract: 22.0.0
 - files_linkeditor: 1.1.9
 - files_mindmap: 0.0.26
 - files_pdfviewer: 2.4.0
 - files_rightclick: 1.2.0
 - files_sharing: 1.15.0
 - files_trashbin: 1.13.0
 - files_versions: 1.16.0
 - files_videoplayer: 1.12.0
 - flowupload: 1.1.3
 - forms: 2.4.0
 - fulltextsearch: 23.0.0
 - fulltextsearch_elasticsearch: 23.0.0
 - groupfolders: 11.1.2
 - groupquota: 0.1.7
 - guests: 2.1.0
 - impersonate: 1.10.0
 - logreader: 2.8.0
 - lookup_server_connector: 1.11.0
 - metadata: 0.15.0
 - nextcloud_announcements: 1.12.0
 - notifications: 2.11.1
 - oauth2: 1.11.0
 - ocdownloader: 1.8.0
 - onlyoffice: 7.3.2
 - password_policy: 1.13.0
 - photos: 1.5.0
 - polls: 3.5.4
 - privacy: 1.7.0
 - provisioning_api: 1.13.0
 - quota_warning: 1.13.1
 - recommendations: 1.2.0
 - scanner: 0.2.2
 - serverinfo: 1.13.0
 - settings: 1.5.0
 - sharebymail: 1.13.0
 - spreed: 13.0.4
 - support: 1.6.0
 - survey_client: 1.11.0
 - systemtags: 1.13.0
 - text: 3.4.1
 - theming: 1.14.0
 - twofactor_backupcodes: 1.12.0
 - twofactor_totp: 6.2.0
 - updatenotification: 1.13.0
 - user_ldap: 1.13.1
 - user_status: 1.3.1
 - user_usage_report: 1.7.0
 - video_converter: 1.0.4
 - viewer: 1.7.0
 - weather_status: 1.3.0
 - workflow_ocr: 1.23.2
 - workflow_pdf_converter: 1.8.0
 - workflow_script: 1.8.0
 - workflowengine: 2.5.0
Disabled:
 - accessibility: 1.6.0
 - backup: 1.0.6
 - calendar: 3.2.2
 - contacts: 4.1.0
 - encryption
 - federation: 1.10.1
 - files_readmemd: 1.2.2
 - files_texteditor: 2.14.0
 - files_trackdownloads: 1.11.0
 - firstrunwizard: 2.9.0
 - nextbackup: 21.1.0
 - pdfdraw: 0.1.2
 - printer: 0.0.5
 - radio: 1.0.3
 - ransomware_detection: 0.10.0
 - ransomware_protection: 1.12.0
 - side_menu: 2.3.4
 - socialsharing_email: 2.4.0
 - talk_simple_poll: 1.3.1
 - timemanager: 0.2.9
 - twofactor_admin: 3.2.0
 - twofactor_nextcloud_notification: 3.3.1

Configuration (config/config.php)
{
    "htaccess.RewriteBase": "\/",
    "memcache.local": "\\OC\\Memcache\\APCu",
    "allow_local_remote_servers": true,
    "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
    "auth.webauthn.enabled": false,
    "filelocking.enabled": true,
    "apps_paths": [
        {
            "path": "\/var\/www\/html\/apps",
            "url": "\/apps",
            "writable": false
        },
        {
            "path": "\/var\/www\/html\/custom_apps",
            "url": "\/custom_apps",
            "writable": true
        }
    ],
    "memcache.distributed": "\\OC\\Memcache\\Redis",
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "redis": {
        "host": "***REMOVED SENSITIVE VALUE***",
        "password": "***REMOVED SENSITIVE VALUE***",
        "port": 6379
    },
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "cloud.XXX.com.co",
        "office",
        "XXX.XX.1.3:10106",
        "XXX.XX.1.1",
        "172.29.60.3",
        "nc_apps"
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "mysql",
    "version": "23.0.3.2",
    "overwrite.cli.url": "https:\/\/cloud.XXX.com.co",
    "overwritehost": "cloud.XXX.com.co",
    "overwriteprotocol": "https",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "mysql.utf8mb4": true,
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "simpleSignUpLink.shown": false,
    "allow_user_to_change_display_name": false,
    "defaultapp": "apporder",
    "default_language": "es",
    "force_language": "es",
    "default_locale": "es_CO",
    "force_locale": "es_CO",
    "default_phone_region": "CO",
    "mail_smtpmode": "smtp",
    "mail_smtpsecure": "tls",
    "mail_sendmailmode": "smtp",
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpauthtype": "PLAIN",
    "mail_smtpauth": true,
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "587",
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
    "ldapIgnoreNamingRules": true,
    "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
    "maintenance": false,
    "auth.bruteforce.protection.enabled": false,
    "forwarded_for_headers": [
        "HTTP_X_FORWARDED_FOR",
        "HTTP_X_REAL_IP",
        "HTTP_X_FORWARDED",
        "HTTP_FORWARDED_FOR",
        "X_FORWARDED_FOR"
    ],
    "debug": false,
    "logtimezone": "America\/Bogota",
    "APACHE_DISABLE_REWRITE_IP": "1",
    "theme": "",
    "loglevel": 0
}

Nextcloud and onlyoffice are in different dockers but same network

I've try everything in both forums:
- delete system config app manually with php occ config:app:delete onlyoffice settingnames
- delete the oc_onlyoffice_filekey and restoring from other fresh installation
- maintenance:repair
- db:add-missing-columns
- db:add-missing-indices
- db:add-missing-primary-keys
- setting the variable in onlyoffice container USE_UNAUTHORIZED_STORAGE=true
- check file permissions in onlyoffice
- double and triple check the proxy settings
- clear cache files in onlyoffice
...

This is from onlyoffice nginx error log

==> /var/log/onlyoffice/documentserver/nginx.error.log <==
2022/04/05 04:22:37 [error] 6737#6737: *16105 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/conv_check_1630946211_docx/output.docx" failed (13: Permission denied), client: 172.29.60.3, server: , request: "GET /cache/files/conv_check_1630946211_docx/output.docx/check_1630946211.docx?md5=wBVLoBKTVfgfUWJa_gDkfA&expires=1649151458&filename=check_1630946211.docx HTTP/1.1", host: "office"

Just after deleting the settings_error option:

php occ config:app:delete onlyoffice settings_error

The onlyoffice options turn enable in nextcloud, but when I try to open a file I get this error in onlyoffice logs:

2022/04/05 04:56:59 [error] 6737#6737: *18146 open() "/var/lib/onlyoffice/documentserver/App_Data/cache/files/4192161833/Editor.bin" failed (13: Permission denied), client: XXX.XX.1.1, server: , request: "GET /cache/files/4192161833/Editor.bin/Editor.bin?md5=9fWEuGURrQuNfMWGn7jcFg&expires=1651744764&filename=Editor.bin HTTP/1.1", host: "documentserver.XXX.com.co", referrer: "https://documentserver.XXX.com.co/7.0.1-37/web-apps/apps/documenteditor/main/index_loader.html?_dc=7.0.1-37&lang=es&customer=ONLYOFFICE&frameEditorId=iframeEditor&compact=true&parentOrigin=https://cloud.XXX.com.co"

And “Unknown error” window in nextcloud.

This is my docker configuration:

Docker config
version: '3' 

services:

  nc_db:
    image: mariadb:10.5
    hostname: nc_db
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --max_connections=1000
    env_file: /share/DockerVolumes/cloud/nextcloud-db.env
    networks:
      - containers_b_private 
    deploy:
      restart_policy:
        condition: on-failure
    volumes:
      - /share/DockerVolumes/cloud/nextcloud-db/var/lib/mysql:/var/lib/mysql
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped
  
  nc_apps:
    image: nextcloud:23.0.3
    hostname: nextcloud
    env_file: /share/DockerVolumes/cloud/nextcloud-apps.env
    networks:
      - containers_a_public 
      - containers_b_private 
    deploy:
      update_config:
        delay: 10s
      restart_policy:
        condition: on-failure
    ports:
      - XXX.XX.1.3:10106:80
    depends_on:
      - nc_db
    volumes:
      - /share/DockerVolumes/cloud/nextcloud-apps/var/www/html:/var/www/html
      - /share/DockerVolumes/cloud/nextcloud-apps/var/www/html/config:/var/www/html/config
      - /share/DockerVolumes/cloud/nextcloud-apps/var/www/html/custom_apps:/var/www/html/custom_apps
      - /share/CACHEDEV1_DATA/NCData/cloud:/var/www/html/data
      - /share/DockerVolumes/cloud/nextcloud-apps/var/www/html/themes:/var/www/html/themes
      - /etc/localtime:/etc/localtime:ro
      - /share/DockerVolumes/cloud/nextcloud-apps/etc/apache2/mods-enabled/mpm_prefork.conf:/etc/apache2/mods-enabled/mpm_prefork.conf
    restart: unless-stopped

  nc_cron:
    image: nextcloud:23.0.3
    hostname: nc_cron
    deploy:
      update_config:
        delay: 15s
      restart_policy:
        condition: on-failure
    depends_on:
      - nc_apps
    volumes:
      - /share/DockerVolumes/cloud/nextcloud-apps/var/www/html:/var/www/html
      - /share/CACHEDEV1_DATA/NCData/cloud:/var/www/html/data
    user: www-data
    networks:
      - containers_b_private 
    entrypoint: |
      bash -c 'bash -s <<EOF
        trap "break;exit" SIGHUP SIGINT SIGTERM
        while [ ! -f /var/www/html/config/config.php ]; do
          sleep 1
        done
        while true; do
          php -f /var/www/html/cron.php
          sleep 5m
        done
      EOF'

networks:
  containers_a_public :
    external: true
  containers_b_private :
    external: true

I have another NC+Onlyoffice installation in the same machine and works fine.

Could you please help?
:pleading_face:

Resolved: