OnlyOffice connector broken after ssl termination point move

Trouble with OpenOffice and Nextcloud behind VPS and Reverse Proxy

Our setup has evolved from a simple setup to one that is really pushing my knowledge. Recently my home IP address changed and broke DNS which created a few issues. Wanting to be a little more secure, I have since pointed my DNS to an AWS instance running HaProxy. HaProxy terminates SSL and forwards traffic through a Wireguard tunnel to my home Nginx reverse proxy. Nginx forwards traffic to the individual service’s server. I’ve got most of the bugs ironed out except for the connection between OnlyOffice and Nextcloud.

(Error occurred in the document service: Error while downloading the document file to be converted.) (version 8.0.1.31)
getConvertedUri on check error

The connector config in Nextcloud is set to https://onlyoffice.mydomain.org for each entry.
This worked when DNS pointed to nginx reverse proxy and broke when dns was pointed to haproxy on aws which also moved ssl termination.

Any help would be awesome!! TIA

Nextcloud version 29.0.3

AWS – ubuntu 22.04 – haproxy 2.4.24 - haproxy.cfg

# Global Settings
global
    log /dev/log local0
    log /dev/log local1 notice
    chroot /var/lib/haproxy
    user haproxy
    group haproxy
    daemon

# Default settings
defaults
    mode http
    log global
    option  httplog
    timeout connect 5000ms
    timeout client  50000ms
    timeout server  50000ms

# Frontend configuration for HTTPS
frontend https-in
    bind :80
    bind :443 ssl crt /etc/haproxy/certs/
    mode http
    option httplog

    # Set X-Forwarded-For header
    http-request set-header X-Forwarded-For %[src]
    # Redirect HTTP to HTTPS
    http-request redirect scheme https code 301 unless { ssl_fc }
    # Set X-Forwarded-Proto header for SSL connections
    http-request set-header X-Forwarded-Proto https if { ssl_fc }

    # Use ACL to route to the correct backend based on the domain
    acl is_mydomain_org hdr(host) -i mydomain.org
    acl is_mydomain_org hdr_end(host) -i .mydomain.org

# Direct traffic to the correct backend
    use_backend backend_mydomain_org if is_mydomain_org
    
# Backend configuration for mydomain.org
    backend backend_mydomain_org
      balance roundrobin
      option httpchk
      http-check expect status 200
      server server1 10.10.10.2:80

esxi – ubuntu 20.04 vm - nginx 1.18 - nginx/sites-available/config

server {
    listen                80;
    server_name           nextcloud.mydomain.org www.nextcloud.mydomain.org;
    set_real_ip_from      10.10.10.0/24;
    real_ip_header        X-Forwarded-For;
    location / {
        proxy_pass http://192.168.40.60;
        proxy_max_temp_file_size 2000m;
        client_max_body_size 0;
        }

    location /.well-known/carddav {
        return 301 https://$host/remote.php/dav;
      }
    location /.well-known/caldav  {
        return 301 https://$host/remote.php/dav;
      }

}


server {
    listen                80;
    server_name           onlyoffice.mydomain.org www.onlyoffice.mydomain.org;
    set_real_ip_from      10.10.10.0/24;
    real_ip_header        X-Forwarded-For;
    location / {
        proxy_pass http://192.168.40.56;
      }
}

esxi – ubuntu 22.04 vm – nextcloud 29.03 - nextcloud/config.php

<?php
$CONFIG = array (

  'trusted_domains' => 
  array (
    0 => 'nextcloud.mydomain.org',
  ),
  'overwritehost' => 'nextcloud.mydomain.org',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/',
  'overwrite.cli.url' => 'https://nextcloud.mydomain.org',
  'htaccess.RewriteBase' => '/',
  'trusted_proxies' => 
  array (
    0 => '127.0.0.1',
    1 => '192.168.40.1/24',
  ),
  'forwarded_for_headers' => 
  array (
    0 => 'HTTP_X_FORWARDED_FOR',
    1 => 'X_FORWARDED_FOR',
  ),
  'datadirectory' => '/srv/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '29.0.3.4',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 0,
  ),
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => 'true',
  'default_phone_region' => 'US',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'logfile_audit' => '/var/log/nextcloud/audit.log',
  'loglevel' => 1,
  'maintenance' => false,
  'maintenance_window_start' => 1,
  'theme' => '',
  'session_keepalive' => false,
  'auto_logout' => true,
  'session_lifetime' => 1800,
  'remember_login_cookie_lifetime' => 0,
  'mail_smtpsecure' => 'ssl',
);

apache2 2.4.52 - apache2/sites-enabled/mysite.conf

<VirtualHost *:80>
    DocumentRoot "/var/www/nextcloud.mydomain.org"
    ServerName nextcloud.mydomain.org

    <Directory "/var/www/nextcloud.mydomain.org/">
        Options MultiViews FollowSymLinks
        AllowOverride All
        Require all granted
        <IfModule mod_dav.c>
          Dav off
        </IfModule>
   </Directory>

   <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
   </IfModule>

   <IfModule mod_rewrite.c>
     RewriteEngine on
     RewriteRule /^\.well-known/cardav /nextcloud.mydomain.org/remote.php/dav [R=301,L]
     RewriteRule /^\.well-known/caldav /nextcloud.mydomain.org/remote.php/dav [R=301,L]
     RewriteRule /^\.well-known/webfinger /nextcloud.mydomain.org/index.php/.well-known/webfinger [R=301,L]
     RewriteRule /^\.well-known/nodeinfo /nextcloud.mydomain.org/index.php/.well-known/nodeinfo [R=301,L]
   </IfModule>
</VirtualHost>

Found the Solution to the error.

OnlyOffice connector advanced settings, removed the urls.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.