OnlyOffice. This content is blocked. Contact the site owner to fix the issue

Nextcloud Server version: 22.2.3
Operating system and version: 5.10.61-gentoo-x86_64
Apache or nginx version: Apache 2.4.51
PHP version : 8.0

After updating Onlyoffice or Nextcloud, Nextcloud stopped opening documents in Onlyoffice. In Chrome browser it says “This content is blocked. Contact the site owner to fix the issue.”

изображение

Blank screen in firefox browser

Hello,

I am facing the same problem - did you find any solution to this?

Thanks & cheers,
Georg

Bug description

When I try to open a onlyoffice file in nextcloud I Get this error,

“This content is blocked. Contact the site owner to fix the issue.”

both of my services nextcloud and onlyoffice run in docker behind a reverse proxy all of that is hosted on my QNAP nas
I dont see any error log in portainer.

Steps to reproduce

I’ve Install nextcloud and onlyoffice with docker
both sit behind a reverse proxy

Expected behavior

open the document with the onlyoffice editor

Installation method

Official Docker image

Operating system

Other

PHP engine version

PHP 8.0

Web server

Apache (supported)

Database engine version

SQlite

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

config.php

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'instanceid' => 'XXXXXXXXXXXXX',
  'passwordsalt' => 'XXXXXXXXXXXXXXXXXXXXXX',
  'secret' => 'XXXXXXXXXXXXXXXXXXX',
  'trusted_domains' => 
  array (
    0 => 'localhost:8085',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'sqlite3',
  'version' => '23.0.1.2',
  'overwrite.cli.url' => 'http://localhost:8085',
  'overwrite.cli.url' => 'http://nextcloud.XXX.fr',
  'installed' => true,
  'trusted_proxies'   => ['10.0.3.1'],
  'overwritehost'     => 'nextcloud.XXX.fr',
  'overwriteprotocol' => 'https',
  'overwritewebroot'  => '/',
  'overwritecondaddr' => '^10\.0\.3\.1$',
);

Hi,

Same problem here.

NC 22.2.5 (Non Docker install)
OnlyOffice on a different VM server (Docker install)
PHP 7.4
DB: MariaDB
All 2 behind SSL connection, access from web are ok
When I insert server adress (https://docs.xxx.xx/) in the OnlyOffice Section in NC Parameters, got a green message that said version 7.xxx are ok
RP Nginx
Only Office Connector are up to date (7.3.2)

Tested on Chrome, Firefox and Edge

Same Error on all web nav

Ditto same issue!

Hi @tj0xin, have you tried to clear the cache and cookies of your web browser?

Yes, i did. Still it shows “This content is blocked. Contact the site owner to fix the issue.” on Edge and Google Chrome.

On Opera it shows blank screen.

I have the same problem on Chrome. On my Mac‘s Safari everything is good. On Firefox just blank white page.

Ok solved by myself today. Just time to prepare the explanation and post it here to help you.

So, hi to all,

1st sorry for my english but I’m french speaking.

The problem comes from the xxx.conf file assigned to your documentserver. It does the job of accessing your docserver.youradress.xyz, so that Nextcloud recognizes it in the Nextcloud OnlyOffice settings but does not allow access to OnlyOffice itself. So here is my 3 step solution.

Behind Nginx Reverse Proxy

1st) Your .conf file without Letsencrypt at /etc/nginx/conf.d (for exemple: docs.conf)

upstream stream-docs {
   server local.ip.adress.here;
}

server {
   server_name docs.yoursite.xyz;

    access_log  /var/log/nginx/docs.access.log;
    error_log   /var/log/nginx/docs.error.log;

    location / {
        proxy_pass      http://stream-docs;
        proxy_redirect default;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $host;
    }
}

2nd) After save push it to SSL with letsencrypt on your Nginx RP

sudo certbot --nginx

3rd) Your .conf file should look like this

upstream stream-docs {
   server local.ip.adress.here;
}

server {
   server_name docs.yoursite.xyz;

    access_log  /var/log/nginx/docs.access.log;
    error_log   /var/log/nginx/docs.error.log;

    location / {
        proxy_pass      http://stream-docs;
        proxy_redirect default;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $host;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/docs.yoursite.xyz/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/docs.yoursite.xyz/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = docs.yoursite.xyz) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

   server_name docs.yoursite.xyz;
    listen 80;
    return 404; # managed by Certbot


}

4th) add the commented lines to your .conf file without forgetting to uncomment them (remove the #)

upstream stream-docs {
   server local.ip.adress.here;
}

# map $http_host $this_host {
#    "" $host;
#    default $http_host;
# }

# map $http_x_forwarded_proto $the_scheme {
#     default $http_x_forwarded_proto;
#     "" $scheme;
# }

# map $http_x_forwarded_host $the_host {
#    default $http_x_forwarded_host;
#    "" $this_host;
# }

# map $http_upgrade $proxy_connection {
#  default upgrade;
#  "" close;
# }

server {
   # listen 0.0.0.0:80;
   server_name docs.yoursite.xyz;
   # server_tokens off;

    access_log  /var/log/nginx/docs.access.log;
    error_log   /var/log/nginx/docs.error.log;

    location / {
      #  proxy_set_header Upgrade $http_upgrade;
      # proxy_set_header Connection $proxy_connection;
       # proxy_set_header X-Forwarded-Host $the_host;
       # proxy_set_header X-Forwarded-Proto $the_scheme;
       # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass      http://stream-docs;
        proxy_redirect default;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $host;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/docs.yoursite.xyz/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/docs.yoursite.xyz/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = docs.yoursite.xyz) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


   server_name docs.yoursite.xyz;
    listen 80;
    return 404; # managed by Certbot


}

5th) Reload Nginx RP

sudo systemctl reload Nginx

Then go to your nextcloud instance as admin. Go to settings → Only Office and add the documentserver adress, no need to use advanced parameters.

For exemple : https:/docs.youradress.xyz/ (don’t forget the / at end)

that’s all Folks

NOTE: The #Manage by Certbot lines must stay commented ofc :smiley:

2 Likes

Hi Irvin,

thanks for posting your solution!

I have the same issue and nearly the same setup(nextcloud non-dockerized and apache reverse proxy). I do not understand what you mean by "…does not allow access OnlyOffice itself. So I’m not able to figure out a solution for apache.

Can you/someone explain it more detailed?

I accessed the outside docserver-https-url from within the docker-container and this seems to work fine.

I found the fix for me.

Since my docker-instance is running on plain http and running on port 80(within the docker container) and the reverse-proxy is handling the SSL, I had to specify the following 2 config options for the reverse proxy:

  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Port "443"

The full apache2 virtual host section is:

<VirtualHost *:443>

        ServerName server.domain.tld

        SSLCertificateFile      /etc/letsencrypt/live/server.domain.tld/cert.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/server.domain.tld/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/server.domain.tld/chain.pem

        ErrorLog ${APACHE_LOG_DIR}/onlyoffice_error.log
        CustomLog ${APACHE_LOG_DIR}/onlyoffice_access.log combined

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/empty

        <Location />
                RequestHeader set X-Forwarded-Proto "https"
                RequestHeader set X-Forwarded-Port "443"
                ProxyPass http://localhost:10080/
                ProxyPassReverse http://localhost:10080
        </Location>
</VirtualHost>


1 Like