OnlyOffice cURL error35

Hi All

I know there are lots of topics about this specific error already, but none of them have helped me so far. This is not the first NC + OO + HAProxy installation I have done, and my other ones worked well, so something is screwing with me here.

I initially tried to use the new community document server shipped with Nextcloud, but ran into the same issue.
I have a HAProxy set up in front of Nextcloud and OnlyOffice integration edition (both running on the same machine, different ports) services. SSL handoff happens at HAProxy. I know it works correctly, because navigating to https://nextcloud.mydomain.com gives me nextcloud, and navigating to https://onlyoffice.mydomain.com gives me the OnlyOffice server screen. But, installing OnlyOffice app and setting my documentserver address to https://onlyoffice.mydomain.com/ results in:

This connection is not behind a proxy, although I have two networks, one living behind a proxy and one not, the routing is setup in such a way that this host needs to go to the internet without a proxy. (I did at one point configure a proxy in config.php, but it has been removed, somewhere I can check if that setting is being cached?)

I have LetsEncrypt certs installed for both domains on the HAProxy, and using
curl -v nextcloud.mydomain.com & curl -v onlyoffice.mydomain.com from the command line returns a good result (no errors).

I am really at a loss here. Getting quite frustrated because I have been at it for nearly 2 days now.

Any help would be greatly appreciated.

Sorry for the bump, but no-one have any ideas?

Have you really test
curl -v nextcloud.mydomain.com & curl -v onlyoffice.mydomain.com
with https?
curl -v https://nextcloud.mydomain.com & curl -v https://onlyoffice.mydomain.com

I installed Nextcloud and OnlyOffice on one server with only one subdomain https://cloud … I think it is not necessary to use a own subdomain for onlyoffice.

I only tested as indicated, seeing as my HAProxy takes any request incoming on 80 and redirects it to 443. The reason for the two sub domains were just to be able to let HAProxy know where to route what based on incoming headers.

But, tested now, and seem to get the same error as Nextcloud was throwing. So where to start with this?

image

This was the result of curl -vvvv https://onlyoffice.mydomain.com but it does the same for the nextcloud sub domain.

This is on CentOS 8 and curl --version yields:

Please check again direct on server and post something about TLS version and certificate.

openssl s_client -connect onlyoffice.mydomain.com:https

This is what I get doing it directly from that server:

But doing it from another machine I get a proper response showing my certs etc.

image

Thank you for all the help so far btw. Really appreciate it.

The client-server SSL-communication beteeen client (nextcloud…) and server (onlyoffice…) do not work because there is no certificate direct on the same machine.

I think there are to possibilitys:

a.) correct configuration of webserver with ssl
b.) use ONLYOFFICE directly without a separate subdomain / webservice

OK this is good progress. Thank you very much! I fixed it by adding the HAProxy server’s internal (private) address to /etc/hosts file, and it seems both curl and openssl now finds a cert and all is well. But now I get a 502 Bad gateway error when the server tries to find https://onlyoffice.mydomain.com/healtheck.
I have checked whether this issue may lie within HAProxy by connecting to the nginx instance directly and I get the same issue. But hitting the forums now to check and will report back.

Thank you very much for your trouble!

Edit: Note to self: For OnlyOffice ensure the supervisord service on CentOS is started, it fixed the 502. Thank you @devnull you have been a great help!

2 Likes

Just droped by to say thanks, spend days over this.
I had to modify both host files nc & oo and point to the local haproxy IP by pointing each to the other servers external sub.example.com equivalent for haproxy cert delivery to work.

Lets say your LXC container setup is,

haproxy 10.1.1.10 (haproxy.example.com)
nextcloud 10.1.1.20 (nextcloud.example.com)
onlyoffice 10.1.1.30 (onlyoffice.example.com)

nextcloud’s /etc/hosts

127.0.0.1 localhost
10.1.1.10 onlyoffice.example.com

onlyoffice’s /etc/hosts

127.0.0.1 localhost
10.1.1.10 nextcloud.example.com