[Solved] Can't set secret key for ONLYOFFICE

I’m running NextCloud 14.0.1 on Ubuntu 18.04.1 and Apache 2.4.29 connected to ONLYOFFICE 5.2.0 CE on another Ubuntu 18.04.1 server, on nginx 1.14.0. It works fine until I try to set a secret key, to keep anybody’s brother from using my ONLYOFFICE server.

I’ve modified /etc/onlyoffice/documentserver/local.json as follows:

  "token": {
    "enable": {
      "request": {
        "inbox": true,
        "outbox": true
      },
      "browser": true
    },
    "inbox": {
      "header": "Authorization"
    },
    "outbox": {
      "header": "Authorization"
    }
  },
  "secret": {
    "inbox": {
      "string": "TOPSECRETSTRING"
    },
    "outbox": {
      "string": "TOPSECRETSTRING"
    },
    "session": {
      "string": "TOPSECRETSTRING"
    }
  }
}
  },

When I go to set the key in the NextCloud, I get the error:
“Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted.)”

In /var/log/onlyoffice/documentserver/converter/out.log, I get:

[2018-10-03 12:45:58.685] [ERROR] nodeJS - error downloadFile:url=https://cloud.chileverde.us/index.php/apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.dUlS2BokXBBdrWzP9Y6gp-Zqpz7Jjdvy4gCZT9PHp4k;attempt=3;code:undefined;connect:undefined;(id=conv_check_530239599_docx)
Error: Error response: statusCode:403 ;body:
{"message":"Access denied"}
    at Request._callback (/var/www/onlyoffice/documentserver/server/Common/sources/utils.js:250:18)
    at Request.self.callback (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:185:22)
    at emitTwo (events.js:126:13)
    at Request.emit (events.js:214:7)
    at Request.<anonymous> (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:1161:10)
    at emitOne (events.js:116:13)
    at Request.emit (events.js:211:7)
    at IncomingMessage.<anonymous> (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:1083:12)
    at Object.onceWrapper (events.js:313:30)
    at emitNone (events.js:111:20)

Any thoughts?

not exactly… i had a related problem here: ONLYOFFICE editors 5.2 released

but perhaps in your case, it could be some kind of unsupported special characters? I mean unsupported either on the nextcloud side, or on the onlyoffice side. just perhaps, just an idea

I’m not using any special characters at all, so that’s not it.

The local.json file in ONLYOFFICE is very poorly documented, so I imagine I’ve got something set wrong - I just don’t have any idea what.

If anyone is successful in connecting Nextcloud 14 and ONLYOFFICE 5.2.0 CE with a secret key, I’d sure appreciate seeing your setup.

From my point of view you just have to put the following now into local.json:

  [...]
  "token": {
    "enable": {
      "request": {
        "inbox": true,
        "outbox": true
      },
      "browser": true
    },
  [...]
  },

  [...]

  "secret": {
    "inbox": {
      "string": "s3cr3t"
    },
    "outbox": {
      "string": "s3cr3t"
    },
    "session": {
      "string": "s3cr3t"
    }
    [...]

and this stays within the default.json:

    [...]
    "ipfilter": {
            "rules": [{"address": "myDomain.de", "allowed": true},
                      {"address": "*", "allowed": false}],
            "useforrequest": false,
            "errorcode": 401
    },
    [...]
    "token": {
            [...]
            "browser": {
                    "secretFromInbox": true
            },
     [...]

afterwards of course:
supervisorctl restart all

So everything else that exists as a duplicate in default.json, seems to be overwritten by the local.json
But please dont take this last remark as a fact, try it out yourself, so that your security stays intact !

P.S. My Setup is: 1 Nextcloud instance with v14, 1 Nextcloud instance with v13, 1 OnlyOffice Documents 5.2, works fine with both Nextclouds and up-to-date version of the nextcloud-onlyoffice-plugin

1 Like

Do you have more than one nextcloud instance using this onlyoffice documentserver?

I didn’t do anything that I hadn’t already done before, but my setup is now working. I did upgrade to 14.0.2, so that could have fixed it (although I didn’t see anything that looked related to the problem in the release notes). The other thing I noticed is that after issuing

sudo supervisorctl restart all

it took about 10 seconds after that command finished executing before I was able to set the key in Nextcloud. Apparently nginx isn’t completely running yet after that command finishes. (I’m completely unfamiliar with nginx; Apache is completely ready to go after a “systemctl restart apache2”, so I wasn’t expecting this behavior.) It’s entirely possible that I could have been too impatient in my previous attempts and actually might have had it configured correctly all along, I just wasn’t waiting long enough before entering the key in Nextcloud.