Onlyoffice connector giving "Error when trying to connect (Bad Request or timeout error)"

I’ve installed onlyoffice on a separate server in a docker container. Onlyoffice is working fine, and is able to connect to my nextcloud webdav. However, when trying to connect the document service via the connector app in Nextcloud, I just get “Error when trying to connect (Bad Request or timeout error)” when saving, and the integration doesn’t work. Any idea where I should start looking to try to diagnose/fix?


You could try to reach Onlyoffice from your NC server via curl for example and check that you use the correct port and that firewalls aren’t blocking anything.
Check the log files of course. Maybe they give some further hints, what exactly fails.

You could open the browser debug console and look for suspicious error messages. I’m not sure if your Content Security Policy (CSP) settings could interfere here.

1 Like

I’m able to curl and everything looks fine. I can also access the entire onlyoffice installation via a browser. Nextcloud log is telling me this:

{“reqId”:“XAxkmn3FplvPn5X8XHWSIQAAABQ”,“level”:3,“time”:“2018-12-09T00:40:59+00:00”,“remoteAddr”:“”,“user”:“koree”,“app”:“PHP”,“method”:“PUT”,“url”:"/index.php/apps/onlyoffice/ajax/settings",“message”:“file_get_contents( failed to open stream: HTTP request failed! HTTP/1.1 502 Bad Gateway\r\n at /home/koreeme/public_html/nextcloud/apps/onlyoffice/lib/documentservice.php#385”,“userAgent”:“Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15”,“version”:“”}

I was unaware of the healthcheck url before. What is that 502 from nginx telling me?

Well not an expert, but how I understand it, when I came accross that sometimes: In the nginx config file you can configure different/ multiple server and upstream. And in the server parts you usually link to the upstream; for example to link to the php-handler (fpm).

When this error message occurs now, it means that the defined upstream is unknown or not configured correctly. While Onlyoffice runs in a docker container that’s rather difficult to check and fix though.
I just send this info out, although I have no solution right now, but I try to think of something. Maybe it helps you already and you figure something yourself out in the meantime.

1 Like

Definitely helpful. I’ll keep digging on it. Thanks!

What’s interesting is, the onlyoffice portal itself works just fine and great. Just can’t connect to the document service from outside. That’s probably a clue of some sort…

Yeah, well. The healthcheck might be some config part. For example like:

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
    fastcgi_pass php-handler;

Where php-handler is the upstream:

upstream php-handler {

So for the healthcheck url part, there might be some redirection to an upstream which isn’t configured. Or something like that.

Oh and I really suggest activating HTTPS on your servers. Usernames and passwords are sent unencrypted to the server with HTTP-only right now.

I’ll check into that config. I’ll definitely activate HTTPS once I figure this out. Not worried about it just yet.

The logs on the docker container seem to be not useful. :frowning:

I was wondering later when my PC was already shutdown: you use the Onlyoffice Community-Server docker image, right? That’s my guess due to the login screen, which I don’t have for my Onlyoffice docker image and I am using the Document-Server. I’m not sure if the Community-Server is supposed to have that healthcheck and run with Nextcloud.

Anyway, can you get to the nginx config (where the server and upstreams are configured) and post them here? Maybe we find something useful in there.

This is the config for nginx.

user www-data;
worker_processes 1;
pid /run/;

events {
worker_connections 1048576;
# multi_accept on;

http {

# Basic Settings

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

# SSL Settings

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

# Logging Settings

access_log off;
error_log /var/log/nginx/error.log;

# Gzip Settings

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

# Virtual Host Configs

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;


#mail {

# See sample authentication script at:


# auth_http localhost/auth.php;

# pop3_capabilities “TOP” “USER”;

# imap_capabilities “IMAP4rev1” “UIDPLUS”;

server {

listen localhost:110;

protocol pop3;

proxy on;


server {

listen localhost:143;

protocol imap;

proxy on;



Here’s the onlyoffice config in conf.d

root@9553ae94f2d1:/etc/nginx/conf.d# cat onlyoffice-documentserver.conf
include /etc/nginx/includes/onlyoffice-http.conf;
server {
listen [::]:80 default_server;
server_tokens off;

include /etc/nginx/includes/onlyoffice-documentserver-*.conf;

wow, this config is complex. Here’s an include file for the document server config.

#welcome page
rewrite ^/$ $the_scheme://$the_host/welcome/ redirect;

#support old version
rewrite ^/OfficeWeb(/apps/.*)$ $the_scheme://$the_host/v5.2.3-64/web-apps$1 redirect;

#script caching protection
rewrite ^(/web-apps/apps/(?!api/).*)$ $the_scheme://$the_host/v5.2.3-64/$1 redirect;

#disable caching for api.js
location ~ ^(/v[\d]+.[\d]+.[\d]+[.|-][\d]+)?/(web-apps/apps/api/documents/api.js)$ {
expires -1;
gzip_static on;
alias /var/www/onlyoffice/documentserver//$2;

#suppress logging the unsupported locale error
location ~ ^(/v[\d]+.[\d]+.[\d]+[.|-][\d]+)?/(web-apps)(/.*.json)$ {
expires 365d;
error_log /dev/null crit;
gzip_static on;
alias /var/www/onlyoffice/documentserver/$2$3;

location ~ ^(/v[\d]+.[\d]+.[\d]+[.|-][\d]+)?/(web-apps|sdkjs|sdkjs-plugins|fonts)(/.*)$ {
expires 365d;
gzip_static on;
alias /var/www/onlyoffice/documentserver/$2$3;

location ~ ^(/cache/files.)(/.) {
alias /var/lib/onlyoffice/documentserver/App_Data$1;
add_header Content-Disposition $arg_disposition;

set $secret_string onlyoffice;
secure_link $arg_md5,$arg_expires;
secure_link_md5 “$secure_link_expires$uri$secret_string”;

if ($secure_link = “”) {
return 403;

if ($secure_link = “0”) {
return 410;

Allow server info only from

location /info {
deny all;
proxy_pass http://docservice;

location / {
proxy_pass http://docservice;

location ~ ^(/v[\d]+.[\d]+.[\d]+[.|-][\d]+)?(/doc/.*) {
proxy_pass http://docservice$2;
proxy_http_version 1.1;

location /v5.2.3-64/ {
proxy_pass http://docservice/;

I tried to compare with my version of Onlyoffice (also docker image), where the healthcheck works, but I couldn’t find anything, unfortunately :frowning:

@alexander_onlyoffice can you help here? Or should he open an issue on Github (which repository would be best then?)?

I ended up abandoning the docker version of this and just installed natively. Everything worked perfectly the first time. My final verdict is that I hate Docker.

I have this problem as well now, since 2 weeks already and I can’t fix it myself. It started with the update to NC15 and I tried to fix it with an update of the docker version of Onlyoffice as well, but no luck so far :frowning:
I’m really frustrated right now.

@koree Could you explain how exactly you installed Onlyoffice natively? On the very same machine Nextcloud runs on? Which web servers are NC and Onlyoffice using on your system? Could you probably share how you achieved that and your config files so I could follow your way?

I used the normal onlyoffice installer. When it asked if I wanted to install in a docker, I just said “n”

That ran through a whole bunch of installation and yum transactions. At the end, it was done.

For the Nextcloud config, if you do the install this way, you don’t need “ds-vpath” at the end of the URL.

Next, I just ran certbot. It pretty much automatically took care of the cert and set up SSL without me having to do anything except answer questions.

1 Like

The problem with the native installer is that it doesn’t allow using mariadb and requires mysql. So you shouldn’t hate docker but onlyoffice.