Get onlyoffice to work with nextcloud

mrmarkuz · April 25, 2018, 4:45pm

I don’t think it will help but you may try edit the port and restart the services. We have to find out why the port 8082 is not open.

To open another port in firewall: http://docs.nethserver.org/projects/nethserver-devel/en/v7/services.html#add-a-new-network-service

EDIT:

You may check iptables for port 8082 with following command:

iptables -S | grep 8082

hector · April 25, 2018, 9:43pm

Hi there I followed the installation procedure, everythings works well but when I tried to open a document it says:

Don’t know what to do, or were to look.

ONLYOFFICE-DocumentServer-5.1.1
NextCloud 13
NethServer release 7.4.1708 (Final)

mrmarkuz · April 25, 2018, 9:49pm

Hi @hector,

did you install the module or from this howto?

Port 8082 has to be open to the public.

If you installed the module: Did you set the host property?

config setprop fw_onlyoffice host info2.yourdomain.com
signal-event nethserver-onlyoffice-update

hector · April 25, 2018, 10:09pm

I installed it from the module, I configure the host property but I can’t change the other settings “Document Editing service” and “Server address for internal requests from the Document Editing Service”.

I checked the Firewall 8082 and is opened

mrmarkuz · April 25, 2018, 10:48pm

You only need to set “document editing service address” and it is set via the host property.

Can you see the documentserver page on https://yourdomain.com:8082?

vmakol · April 26, 2018, 6:02am

iptables -S | grep 8082
-A loc2fw -p tcp -m multiport --dports 8082,80,443,980 -m comment --comment “fw_onlyoffice, httpd, httpd-admin” -j ACCEPT
-A net2fw -p tcp -m multiport --dports 8082,80,443,980,22 -m comment --comment “fw_onlyoffice, httpd, httpd-admin, sshd” -j ACCEPT
-A net2loc -d 192.168.1.1/32 -p tcp -m conntrack --ctorigdst 217.71.195.125 -m tcp --dport 8082 -m conntrack --ctorigdstport 8082 -m comment --comment “from net” -j ACCEPT
-A net2loc -d 192.168.1.1/32 -p udp -m conntrack --ctorigdst 217.71.195.125 -m udp --dport 8082 -m conntrack --ctorigdstport 8082 -m comment --comment “from net” -j ACCEPT

mrmarkuz · April 26, 2018, 2:05pm

Did you enter manual firewall rules/port forwards for port 8082?

I tried it on my gateway now and I only get 2 rules:

[root@server ~]# iptables -S | grep 8082
-A ens224_in -p tcp -m multiport --dports 8082,80,443 -m comment --comment "fw_onlyoffice, httpd" -j NFQUEUE --queue-num 0 --queue-bypass
-A loc2fw -p tcp -m multiport --dports 8082,80,443,980 -m comment --comment "fw_onlyoffice, httpd, httpd-admin" -j NFQUEUE --queue-num 0 --queue-bypass

vmakol · April 26, 2018, 6:36pm

No, I did not enter anything manually.

hector · April 26, 2018, 7:31pm

that was it, I miss the port 8082, that was all.

vmakol · April 27, 2018, 2:57am

When I disable 8082 port forwarding, I also get two rows. Can you please check your port forwarding setting?
[root@gateway ~]# iptables -S | grep 8082
-A loc2fw -p tcp -m multiport --dports 8082,80,443,980 -m comment --comment “fw_onlyoffice, httpd, httpd-admin” -j ACCEPT
-A net2fw -p tcp -m multiport --dports 8082,80,443,980,22 -m comment --comment “fw_onlyoffice, httpd, httpd-admin, sshd” -j ACCEPT

mrmarkuz · April 27, 2018, 6:27am

You don’t need additional port forwarding on your Nethserver for port 8082. You only would need it if there’s another router before your Nethserver.

I still can’t reach your port 8082.

Maybe there are other firewall rules making problems?

db fwrules show

vmakol · April 27, 2018, 7:49am

I had it re-enabled, but now have disabled it.

Returns nothing.

vmakol · April 27, 2018, 9:03am

Should I re-install?

mrmarkuz · April 27, 2018, 9:15am

I couldn’t reproduce the firewall problem but maybe reinstall is too much in first step.

Could you please post “netstat -tlpn | grep 8082” maybe it’s listening directly to a wrong IP…

Could you port forward port 8082 to some internal webserver (router, wlan ap, whatever) just to test if that opens port 8082 to the public.

vmakol · April 27, 2018, 10:19am

[root@gateway ~]# netstat -tlpn | grep 8082
tcp 0 0 0.0.0.0:8082 0.0.0.0:* LISTEN 24464/nginx: master
tcp6 0 0 :::8082 :::* LISTEN 24464/nginx: master

Something weird is going on. I have opened up 8999, 8081, 18080 and forwarded them all to a tomcat installation and they all work. Please try with http:// not https://

How can I change onlyoffice to use port 8081 instead of 8082 since we know for sure its not blocked?
I spoke with the ISP person again and was told again that they block no ports.

mrmarkuz · April 27, 2018, 10:34am

You may change the ports in /etc/nginx/conf.d/onlyoffice-documentserver.conf:

## HTTPS host
server {
  listen 0.0.0.0:8081 ssl;
  listen [::]:8081 ssl default_server;

Restart services:

systemctl restart nginx
supervisorctl restart all

And you have to change the port in the Nextcloud onlyoffice app settings.

If it’s possible you may try some old router instead of the Nethserver to see if port forwarding 8082 is working with another device. If it’s not working, there has to be a problem at the providers side.

8999, 8081 are open.
18080 is not.

vmakol · April 27, 2018, 10:39am

Sorry, I had it disabled. Its now enabled.

mrmarkuz · April 27, 2018, 10:44am

No problem, the ports are open now and I can connect with a browser and see the tomcat site.

vmakol · April 27, 2018, 11:00am

I made the changes and restarted the services but document server is not running. When I saved the
port changes in the onlyoffice app, it gives ‘cannot connect’ error.

Nginx is up though.
systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2018-04-27 12:50:19 CEST; 7min ago
Process: 4796 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 4793 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 4789 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 4797 (nginx)
CGroup: /system.slice/nginx.service
├─4797 nginx: master process /usr/sbin/nginx
├─4798 nginx: worker process
├─4799 nginx: worker process
├─4800 nginx: worker process
├─4801 nginx: worker process
├─4802 nginx: worker process
├─4803 nginx: worker process
├─4804 nginx: worker process
├─4805 nginx: worker process
├─4806 nginx: worker process
├─4807 nginx: worker process
├─4808 nginx: worker process
├─4809 nginx: worker process
├─4810 nginx: worker process
├─4811 nginx: worker process
├─4812 nginx: worker process
├─4813 nginx: worker process
└─4814 nginx: cache manager process

Apr 27 12:50:19 gateway.vmakol.lan systemd[1]: Starting The nginx HTTP and reverse proxy server…
Apr 27 12:50:19 gateway.vmakol.lan nginx[4793]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Apr 27 12:50:19 gateway.vmakol.lan nginx[4793]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Apr 27 12:50:19 gateway.vmakol.lan systemd[1]: Started The nginx HTTP and reverse proxy server.

mrmarkuz · April 27, 2018, 11:42am

I forgot the firewall config:

config setprop fw_onlyoffice TCPPort 8081
signal-event firewall-adjust

EDIT:

It’s working, I can reach your documentserver on port 8081 now.

grafik

The problem is that a reboot/update may reset the onlyoffice port config. I’ll provide an update for the module where you can choose the onlyoffice port via the config db.