After a seemingly successful installation of the OnlyOffice DocumentServer and the related Nextcloud app, I am greeted with nothing but the background screen, whenever I create a new, or load an existing text, spreadsheet or presentation document.
Please note that I am not allowed to enter more than 4 links. Therefore, my links replace “//” with “\” to hide their being links :-).
Here is some background:
- Operating system: FreeBSD 13.2-RELEASE-p3
- Nextcloud version 27.1.0 (stable branch), with the full text search suite of apps removed for now, as it has been reported to cause issues with OnlyOffice running in a separate jail;
- Nextcloud OnlyOffice app: version 8.2.0 (there are no competing OnlyOffice communityserver or Collabora apps sinstalled);
- OnlyOffice version 7.4.0.163, compiled as port from the FreeBSD ports tree, with PostgreSQL support running in a separate jail;
- Nginx 1.24.0 as reverse proxy running in a separate jail;
- Networking: Nextcloud and OnlyOffice can be addressed by FQDNs using Letsencrypt certificates 9also used for other hosted applications), using two different subdomains https:\nextcloud.fqdn.com and https:\ds.fqdn.com. The same access also works flawlessly from with in jail. Means, from within the jail running OnlyOffice, I can load https://nextcloud.fqdn.com, and from the jail running Nextcloud, I can load %%https://%%ds.fqdn.com.
- Data flow: External requests hit FreeBSD’s pf firewall, get redirected to the reverse proxy with https and http2 enforced, then split up by requested name (nextcloud.fqdn.com versus ds.fqdn.com) and sent to the respective jails.
- Nginx reverse proxy versus application-level Nginx instances in : As much as possible, all rewriting and header work is done at the reverse proxy level. For Nextcloud, an application-level Ngnix server behind the Nginx reverse proxy just serves static content, whereas the Nginx server inside the OnlyOffice jail sticks to the tasks set in ./onlyoffice/documentserver/nginx/includes/ds-docservice.conf, with added “secure_link” variable definition. All other tasks set out in the other ./onlyoffice/documentserver/nginx/includes/ds-*.conf files are handled by the reverse proxy.
- Nextcloud configuration: all checks passed, A+ security.
- Nextcloud OnlyOffice app configuration: ONLYOFFICE docs access: “https:\ds.fqdn.com/”, Disable certificate verification: UNselect; Secret key: “secret”; Authorization header: [left blank]; ONLYOFFICE Docs address for internal requests from the server: “https:\ds.fqdn.com/”, Server address for internal requests from ONLYOFFICE Docs: “https:\nextcloud.fqdn.com”, Connect to demo ONLYOFFICE Docs server: UNselected, followed by a “Successfully saved” message upon hitting the “Save” button.
Likewise, if I go to https:\ds.fqdn.com, I get the welcome screen, and if I check https:\ds.fqdn.com/healthcheck, I am greeted by a “true”.
So far, so good.
More settings: - Nextcloud settings in Nextcloud jail in ./nextcloud/config/config.php: Nothing special, as we are dealing with FQDN-worthy certificates, safe proxy defined, nothing specific for OnlyOffice.
- OnlyOffice settings in OnlyOffice jail in ./onlyoffice/documentserver/ reflect database setting, RabbitMQ settings (both connecting as per available logs), automatic backups, secret strings as set in the Nextcloud OnlyOffice app.
Note: - There seems to be an obsolete Redis setting in ./onlyoffice/documentserver/default…json? No Redis server is ever installed as a dependence.
When I create a new, say, spreadsheet from the duly appearing drop-down with OnlyOffice additions, the system does create a file, which, however, I can only see, if I revert to the Nextcloud Files menu. What happens upon file creation or any attempt to edit an OnlyOffice file, is that I am honoured with the Nextcloud background, no more, no less.
There is no error message in the logs, even with Nextcloud in debug mode, except this one in the OnlyOffice DocService log:
[2023-09-20T09:33:10.802] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2023-09-20T09:33:10.805] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of pl
ugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2023-09-20T09:33:10.892] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-freebsd mode. Version:
7.4.0. Build: 163
[2023-09-20T09:57:35.310] [WARN] [localhost] [docId] [userId] nodeJS - Express server starting...
[2023-09-20T09:57:35.313] [WARN] [localhost] [docId] [userId] nodeJS - Failed to subscribe to plugin folder updates. When changing the list of pl
ugins, you must restart the server. https://nodejs.org/docs/latest/api/fs.html#fs_availability
[2023-09-20T09:57:35.395] [WARN] [localhost] [docId] [userId] nodeJS - Express server listening on port 8000 in production-freebsd mode. Version:
7.4.0. Build: 163
There is no entry in the Nginx application-level server inside the OnlyOffice jail, which actually means that the Nextcloud app does not reach the OnlyOffice jail, even though the connection check during the Nextcloud OnlyOffice app configuration works nicely. This is weird, but may provide the only hint.
Also noteworthy: It would be every so much easier, if the Nextcloud OnlyOffice app did not insist in https connections, which really do not make much sense in inter-jail communication. Without the need for https, we could use internal server names, like 127.0.1.106 and such, do away with some FreeBSD pf rdr hocus-pocus and have less of a spaghetti connection. Seriously: KISS is key, also for security!
After spending a few days on solving this, I am ready to ask for help 
! Thank you in advance!