SSL Error When Connect To OnlyOffice Document Server

MrSolarius · November 10, 2019, 11:04am

Hi,
I have install only office document server with self signed certificate and when i try the connection with next cloud I get this error : (cURL error 60: SSL certificate problem: self signed certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html))
And I have no ideas to solve this problem. If you can help me please <3
Regards,
MrSolarius

Reiner_Nippes · November 10, 2019, 11:32am

https://www.c-rieger.de/nextcloud-and-only-office-nginx/

HINT (for self signed ssl environments only!):
Enhance your Nextcloud config.php by issuing 
sudo -u www-data vi /var/www/nextcloud/config/config.php and paste the following rows before the last *);* ... 

'onlyoffice' => array ( 'verify_peer_off' => TRUE, ), );

MrSolarius · November 10, 2019, 12:33pm

Thanks !
It work, but now I have another exception
When I try to connect I have this error : (Invalid token)
So I have follow this tutorial(https://youtu.be/vN9v9sJ0HVw) to enable the token. But I have the same error. However I have write the the correct token.

Reiner_Nippes · November 10, 2019, 1:10pm

do you need ssl connection to your onlyoffice server/container?

if you run everything on one server in docker containers you can set it up without. afaik.

MrSolarius · November 10, 2019, 2:01pm

Yes I need it, because if i’m not in ssl nextcloud don’t wan’t connect to onlyoffice server.
And I don’t use docker, I use ESXI with a single vm for onlyoffice server and single vm for nextcloud.
I know this is not the best way to work. But, I’m not realy comfortable with docker.

Reiner_Nippes · November 10, 2019, 2:25pm

sorry. to get a working setup with selfsigned certs is still on my todo list.

using docker I found this setting:

github.com

ReinerNippes/nextcloud_on_docker/blob/575c96b248cafb01b621ea3f6787c64418baa514/roles/nextcloud_config/tasks/configure_onlyoffice.yml#L16


    creates: '{{ nextcloud_www_dir }}/apps/onlyoffice'
  register: install_onlyoffice_app
  
- name: enable onlyoffice app
  shell: '{{ docker_occ_cmd }} app:enable onlyoffice'
  when: install_onlyoffice_app is changed


- name: setup onlyoffice app
  shell: '{{ docker_occ_cmd }} --no-warnings config:system:set onlyoffice {{ item }}'
  loop:
    - 'DocumentServerUrl --value="/ds-vpath/"'
    - 'DocumentServerInternalUrl --value="http://onlyoffice_documentserver/"'
    - 'StorageUrl --value="http://nginx/"'
  when: install_onlyoffice_app is changed

in this case nexctloud is reachable via http://nginx/ inside the docker network. and both, the DocumentServerInternalUrl and the StorageUrl, are http. the ssl stuff is handle by traefik as an ingress router.

and as far as i remember onlyoffice complains if nextcloud is using another protocol than nextcloud. or?

if you don’t find any solution you could add a “onlyoffice network” to your ESXi and add a virtual host to your nextcloud webserver to get a similar setup.

MrSolarius · November 10, 2019, 4:30pm

Thanks for your help, but I want test everything with my actual setup. And if nothing of all that works, I test it on docker ^^.

Reiner_Nippes · November 11, 2019, 9:39pm

this is the code how onlyoffice sets the JWT_SECRET in the docker container. and you have to enter as the secret key at settings nextcloud onlyoffice.

that should be the missing token.

github.com

ONLYOFFICE/Docker-DocumentServer/blob/c2b618792607e27c230ba3cd7ef94a049f264106/run-document-server.sh#L197


      
                  ;;
              esac 
            fi
          }
          
          update_redis_settings(){
            ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
            ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
          }
          
          update_jwt_settings(){
            if [ "${JWT_ENABLED}" == "true" ]; then
              ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
              ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
              ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
          
              ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
              ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
              ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
          
              ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"

MrSolarius · November 16, 2019, 7:57am

Ok so I have fund where the error come from. And I have resolve without docker container ^^.

The problem com from the document server secret settings.

So, first I have edit the config.php like you said to authorize self-signed certificate.

Then I have change JWT settings in /etc/onlyoffice/documentserver/local.json , here is example how it look like :

      "token": {
        "enable": {
          "request": {
            "inbox": true,
            "outbox": true
          },
          "browser": true
        },
        "inbox": {
          "header": "Authorization"
        },
        "outbox": {
          "header": "Authorization"
        }
      },
      "secret": {
        "inbox": {
          "string": "my_secret"
        },
        "outbox": {
          "string": "my_secret"
        },
        "session": {
          "string": "my_secret"
        }

“my_secret” value should be same as in Nextcloud connector settings and in the default.json. After edit local.json I just have restart document service like that :

supervisorctl restart all

After this modification everything works !!!

Mohamed_Fathy · March 16, 2020, 9:40pm

Hello MrSolarius, I can’t find default.json file in /etc/onlyoffice/documentserver/ or other paths.
Nextcloud version 17.
Operating system: Ubuntu 18.4 LTS.