Still the nextcloud - onlyoffice document server problem

As the embeded document server does not work correctly. I’m trying to setup a distant one.
NC 18.03 on ubuntu 18.04
OO document server on another ubuntu 18.04 docker install of only the document server.
Network setup is the following :

  • internal private network with both server
  • external public network thru nat + nginx.
    Certificates are ok, tested with curl, no error, public and private fqdn are recognised.
    access from NC to OO is ok either with the public or the private address. healthcheck of the OO document server is ok.
    Communication between both server is ok.
    The setup in OnlyOffice app is url : https://public-url and in advanced setting I have put both private url. Secrets are on and the same. Inbox and outbox header are set to Authorization so is jwt_header on NC.
    The error I have on NC log is:
    GetConvertedUri on check error: Une erreur s’est produite dans le service de document: Error while downloading the document file to be converted.

BUT i have not the usual JwtError.

What is more interesting from my point of view is that on the documentserver I have the following error in the converter out log :
nodeJS - error downloadFile:url=https:///apps/onlyoffice/empty?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJlbXB0eSJ9.HO8yVThljmrKFAiXsGoWMtnWnjfNFj-idym\


Error: Error response: statusCode:404 ;body:

So… any idea ?

I have tried to activate the nginx access log on the OO server removing access_log no conf with access_log = /path, but with no success… nothing is written…

Thanks in advance

I have found the solution but it’s not perfect from my point of view :
I have changed the inner url for the NC instance from the private fqdn to the public fqdn, and than it works.
Si it seems that NC only accept the public url to recognize the document.

What I would like now is to avoid the transition thru the public nginx gateway.
The dirty way would be to add a local name resolution on the OO instance so that it get the correct iP address.
But I would prefer that the NC instance recognize itself either with the public fqdn and the private one… Is there any way to achieve this ?

Edit : I just tried to add the local fqdn in trusted domains, but it does not work…