WSS connection error of OnlyOffice

I’m using Docker version trying to validate OnlyOffice. And it basically works.
When I start OnlyOffice from NC and look at the console log of the web browser, wss error always occurs when OnlyOffice starts.

WebSocket connection to ‘wss://onlyoffice.MYSERVER/5.4.1-39//doc/AAA/BBB/CCC/DDD/websocket’ failed: Error during WebSocket handshake: Unexpected response code: 400

AAA, BBB, and CCC above are usually random serial numbers. DDD is 4z3ysqvp or SpellCheck.

I’m looking for this cause, but I don’t know anymore.
I can connect to http://onlyoffice.myserver and https://onlyoffice.myserver with a web browser. However, I can’t connect with an IP address. https://IP-ADDRESS:443
Is it natural that I can’t connect to SSL with an IP address because I haven’t obtained a certificate? I create a self-certification in Docker.

What is the cause of the connection error in wss?

I also checked the post below.

I’m different from that person and the 503 Bad Error does not occur.

  1. curl https://onlyoffice.yourdomain.tld/welcome
  2. curl https://onlyoffice.yourdomain.tld/healthcheck

The curl command in the above post does not generate an error.
1 reslult:

<!DOCTYPE html>
<html lang="en">
<meta charset="utf-8">
<pre>Redirecting to <a href="/welcome/">/welcome/</a></pre>

2 result:


I have also inserted the following into config.php of Nextcloud:

 ‘onlyoffice’ =>
array (
‘verify_peer_off’ => TRUE,

How can I solve the WSS error?

The reason I’m considering OnlyOffice is because Collabora can’t input Japanese on a smartphone. This gets worse every time Collabora is updated. OnlyOffice can’t be used with the mobile Nextcloud application, so I would like to expect Collabora.

Nextcloud 17.0.1, CentOS 7.7, Docker 19.03.4, OnlyOffice app 3.0.2

I wrote an nginx proxy as follows: However, the WSS error is not resolved. If not, what else should I doubt?

	location / {
		proxy_pass http://localhost:8880;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;

	location ~ /websocket$ {
		proxy_pass http://localhost:8880;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";

yes. because the certificate is valid only for the fqdn aka common-name you gave it. the certificates is saying: "i’m onlyoffice.yourdomain.tld" it is not saying "i’m"

but the real problem is if you are using self signed certificates onlyoffice doesn’t trust nextcloud server. (if the nextcloud server has also selfsigned certs.)

the following should not work in your case:

normally with selfsigned certificates you would have to add --insecure to curl.

to setup onlyoffice with selfsigned certificates (is a bad idea, use letsencrypt) you have to follows this thread:

problem with docker, if just login to the container and do as described above that change will be gone with the next update.

i created a pull request for onlyoffice to fix this.

since it is not merged by onlyoffice with this fork you can build your own onlyoffice container right now. but you wouldn’t get any updates also. or you have to build a new image yourself.

another idea is to use the following dockerfile. but i’m not sure if you would get updates with this method.

FROM onlyoffice/documentserver 
COPY /app/onlyoffice/ 
EXPOSE 80 443 
VOLUME /var/log/onlyoffice /var/lib/onlyoffice /var/www/onlyoffice/Data /var/lib/postgresql /usr/share/fonts/truetype/custom 
ENTRYPOINT /app/onlyoffice/ 

plus: you have to download the file from my patch and set -e SSL_SELFSIGNED_CERTIFICATE=true during docker run ...


I was advised that I don’t need a self-signed certificate in Docker because my site is SSL-enabled with Let’s Encrypt. I’m currently working on the container ignoring the self-signed certificate entry in the OnlyOffice manual. The result was exactly the same as before.

In that state, adjusting the proxy syntax below doesn’t change it either. It doesn’t get better or worse.

I will try your self-signed certificate later.

sorry. for the misunderstanding. if you have letsencrypt certificates use them.

you won’t solve your problem with selfsigned certificates.

if it would help you have a look at my two ansible playbooks to setup nextcloud.

both setup nextcloud and onlyoffice with letsencrypt certifcates.

but don’t use them on your existing installation. that would break your setup.

get a new server (cloud, virtual box, …) and follow the readme.

either you move your nextcloud data to the new machine or you examine the config and find out what is wrong with your setup.


Is there a possibility that Nextcloud’s OnlyOffice application is the cause?

I had a similar Websocket problem when I introduced Mattermost. I was able to eliminate it by disabling CORS. Does Nextcloud have settings related to CORS?