Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Owncloud integration - Error while downloading the document file to be converted.) (version 6.3.0.111) #343

Open
gitqud opened this issue May 31, 2021 · 4 comments
Open

Owncloud integration - Error while downloading the document file to be converted.) (version 6.3.0.111) #343

gitqud opened this issue May 31, 2021 · 4 comments

Comments

@gitqud
Copy link

gitqud commented May 31, 2021

Hello,

I am trying to integrate onlyoffice on my owncloud instance, however I have an error that persists despite the services running correctly.

Is there a manipulation I missed?

OS : Debian 10
Owncloud version : 10.7
Onlyoffice version : 6.3.0.111

Configuration file local.json

{
  "services": {
    "CoAuthoring": {
      "sql": {
        "type": "postgres",
        "dbHost": "localhost",
        "dbPort": "5432",
        "dbName": "onlyoffice",
        "dbUser": "onlyoffice",
        "dbPass": "StronPassword"
      },
      "token": {
        "enable": {
          "request": {
            "inbox": false,
            "outbox": false
          },
          "browser": false
        },
        "inbox": {
          "header": "Authorization"
        },
        "outbox": {
          "header": "Authorization"
        }
      },
      "secret": {
        "inbox": {
          "string": "StronPassword"
        },
        "outbox": {
          "string": "StronPassword"
        },
        "session": {
          "string": "StronPassword"
        }
      }
    }
  },
  "rabbitmq": {
    "url": "amqp://guest:guest@localhost"
  }
}

apache2 configuration files :

<VirtualHost *:443>
    ServerName xxx.com
    ServerAlias www.xxx.com

    ServerAdmin ok@domain.com

    DirectoryIndex index.php
    
    LogLevel warn

    DocumentRoot /var/www/onlyoffice/documentserver/
    
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/xxx/fullchain-privkey.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/xxx/fullchain-privkey.pem
    SSLCACertificateFile /etc/letsencrypt/live/xxx/fullchain-privkey.pem

    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    SSLHonorCipherOrder Off

    <Directory "/var/www/onlyoffice/documentserver/">
        Options -Indexes +FollowSymLinks -MultiViews
        Require all granted
        AllowOverride All
    </Directory>
    
    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
    <FilesMatch "\.php$">
       SetHandler "proxy:unix:/var/run/php/php7.4-fpm.sock|fcgi://localhost/"
    </FilesMatch>
    <Proxy "fcgi://localhost/">
    </Proxy>

    LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" MatomoFormat
    ErrorLog ${APACHE_LOG_DIR}/xxx_error.log
    CustomLog ${APACHE_LOG_DIR}/xxx_access.log MatomoFormat
    Protocols h2 http/1.1
    SSLSessionTickets off
    Header always set Strict-Transport-Security "max-age=63072000"
    ProxyPreserveHost On
    #SSLProxyEngine on
    ProxyPass         / http://127.0.0.1:8800/ retry=1 acquire=5000 timeout=5000
    ProxyPassReverse  / http://127.0.0.1:8800/
    RequestHeader set X-Forwarded-Port "443"
    RequestHeader set X-Forwarded-Proto "https"
    Timeout 3000
    ProxyTimeout 3000
</VirtualHost>

nginx configuration file :

include /etc/nginx/includes/http-common.conf;
server {
  listen 0.0.0.0:8800;
  listen [::]:8800 default_server;
  server_tokens off;
  server_name _;
  ## Redirects all traffic to the HTTPS host
  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
  #rewrite ^ https://$host$request_uri? permanent;
  include /etc/nginx/includes/ds-*.conf;
}
#HTTP host for internal services
server {
  listen 127.0.0.1:8800;
  listen [::1]:8800;
  server_name localhost;
  server_tokens off;
  
  include /etc/nginx/includes/ds-common.conf;
  include /etc/nginx/includes/ds-docservice.conf;
}

rabbitmq service : ok
apache2 service : ok
nginx service : ok
supervisor service : ok
curl healthcheck : ok

curl  https://xxx.com/healthcheck 
true
@agolybev
Copy link

agolybev commented Jun 1, 2021

Hi @gitqud, it looks enough, but the Nginx config is strange. To my mind, it's based on SSL config, just use HTTP config for document server.
Also, can you check curl https://xxx.com/baseurl to verify proxy settings?

@gitqud
Copy link
Author

gitqud commented Jun 1, 2021

new config for nginx :

include /etc/nginx/includes/http-common.conf;

## Normal HTTP host
server {
  listen 0.0.0.0:8443;
  listen [::]:8443 default_server;
  server_name _;
  server_tokens off;

  ## Redirects all traffic to the HTTPS host
  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
  rewrite ^ https://$host$request_uri? permanent;
}

#HTTP host for internal services
server {
  listen 127.0.0.1:8443;
  listen [::1]:8443;
  server_name localhost;
  server_tokens off;
  include /etc/nginx/includes/ds-common.conf;
  include /etc/nginx/includes/ds-docservice.conf;
}

## HTTPS host
server {
  listen 0.0.0.0:9443 ssl;
  listen [::]:9443 ssl default_server;
  server_tokens off;
  root /usr/share/nginx/html;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/xxx/fullchain-privkey.pem;
  ssl_certificate_key /etc/letsencrypt/live/xxx/fullchain-privkey.pem;
  ssl_verify_client off;

  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_cache  builtin:1000  shared:SSL:10m;

  ssl_prefer_server_ciphers   on;

  add_header Strict-Transport-Security max-age=31536000;
  # add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  include /etc/nginx/includes/ds-*.conf;

}

with the change on the apache side of course on the proxy side

Still not working into owncloud

@agolybev
Copy link

agolybev commented Jun 1, 2021

It's wrong to turn on and use documentserver with SSL(HTTPS) behind a proxy. The proxy can't validate the certificate of documentserver cause it working with a local address.

@gitqud
Copy link
Author

gitqud commented Jun 1, 2021

here is the proxy part of vhost into apache

    ErrorLog ${APACHE_LOG_DIR}/x_error.log
    CustomLog ${APACHE_LOG_DIR}/x_access.log MatomoFormat
    Protocols h2 http/1.1
    SSLSessionTickets off
    Header always set Strict-Transport-Security "max-age=63072000"
    ProxyPreserveHost On
    SSLProxyEngine on
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    ProxyPass         / https://127.0.0.1:9443/ retry=1 acquire=5000 timeout=5000
    ProxyPassReverse  / https://127.0.0.1:9443/
    RequestHeader set X-Forwarded-Proto "https"
    Timeout 3000
    ProxyTimeout 3000

I tell the proxy that it should not check the certificate.

Whether I use HTTP or HTTPS the problem is still there

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@agolybev @gitqud