Howto install Onlyoffice document server as Nextcloud app

nextcloud
v7

(Marc) #42

yes, already tried with that setting


(Markus Neuberger) #43

Can you browse to https://neth:8082 and see this site?

grafik

I tested it on another server now. I got similar error messages in the logfiles you posted but it works. I have to tidy up the scripts to throw less errors, it’s the first working draft.

Is nginx running and the port open?

netstat -tlpn | grep nginx

Maybe a wrong port in /etc/nginx/conf.d/onlyoffice-documentserver.conf?

Do you have some software on your testserver which may collide in some way with nginx/onlyoffice/port 8082?


(Marc) #44

Yes.

Yes.

tcp        0      0 0.0.0.0:8082            0.0.0.0:*               LISTEN      1575/nginx: master  
tcp6       0      0 :::8082                 :::*                    LISTEN      1575/nginx: master
## HTTPS host
server {
  listen 0.0.0.0:8082 ssl;
  listen [::]:8082 ssl default_server;

No, not that I’m aware.

Edit: But on Firefox console I can see some errors:

Content Security Policy: The page's settings blocked the loading of a resource at https://server.example.com/nextcloud/index.php/apps/onlyoffice/381 ("base-uri 'none'"). (unknown)
Content Security Policy: The page's settings blocked the loading of a resource at about:blank ("base-uri 'none'"). (unknown)
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.[Learn More] editor.js
ReferenceError: error is not defined
OCA.Onlyoffice.InitEditor()
 editor.js:46
n.Callbacks/j()
 core.js:2
n.Callbacks/k.fireWith()
 core.js:2
.ready()
 core.js:2
I()

(Markus Neuberger) #45

I think I could reproduce it. I get a blank page with nextcloud top nav when I enter a FQDN instead of IP in the Nextcloud/Admin/Onlyoffice settings. A FQDN only works if the certificate is valid/not self-signed, letsencrypt works.

grafik


(Marc) #46

Thanks for the heads up!
Yesterday, the first times I’ve tried with the IP I got:

file_get_contents(https:\/\/192.168.1.11:8082\/coauthoring\/CommandService.ashx): failed to open stream: operation failed at \/usr\/share\/nextcloud\/apps\/onlyoffice\/lib\/documentservice.php#351

Setting green IP it works, but only from internal network (‘no route to host’ from red).
Setting FQDN it’s working from both sides (green, red) on Chrome/Chromium but not on Firefox.

Will try it with Nextcloud 13 and Let’s Encrypt cert.


(Markus Neuberger) #47

Did you try it on red with using public IP in the Nextcloud onlyoffice settings and port forwarding to your virtualbox VM? https://IP_in_settings:8082 must be reachable from the client where you are using Firefox/Nextcloud.


(Marc) #48

forwarded 80, 443, 8082 ports but didn’t work. Don’t worry will move test to fqdn with letsencrypt


(Marc) #49

Setup

  • Nethserver 7.4
  • Nextcloud 13.0.0
  • OnlyOffice Document Server 5.0.7

All installed on the same server despite:

ONLYOFFICE Document Server and ownCloud/Nextcloud must be installed on different computers, otherwise problems might occur and no correct connector work can be guaranteed.

Notes:

  • Logs show the same warnings/errors as reported earlier.
  • OnlyOffice integration is working well (nextcloud app set with the https://FQDN:8082/)
  • Accessible from internal and public network using FQDN

Using Self-signed certificate:

  • Requires setting 'onlyoffice' => array ( 'verify_peer_off' => TRUE), in nextcloud config file, as reported by @flatspin
  • Works on Chrome/Chromium
  • Does not work on Firefox due to certificate trust (UNKNOWN ISSUER)

Using a valid certificated makes it work also on firefox.


I know it’s in early stage and, to be fair, I don’t know much about it (neither have a preference for onlyoffice or collabora) but we (all) can start considering how to secure it. I’m sure you already considered some options but if it’s of any help:

  • set a random postgres dbpass (even if only accessible from localhost)?
  • Having the document server exposed to Internet anyone can use it wasting server resources?



(Markus Neuberger) #50

Thanks again for testing, I really appreciate it.

It seems it’s by design:

http://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-postgresql.html#nethserver-postgres

I don’t know if it could be misused in some way but I’ll have a look at the links you posted to see if there is a possibility to make it more secure or filter it.

It’s really helpful as I just built the package straightforward out of the howto without thinking much about security in the first step.

I hope this is not a problem and they’re talking about running both on https port.


(Markus Neuberger) #51

I tested the token method for securing the documentserver and it worked - thanks @dnutan for the hint…

Edit /etc/onlyoffice/documentserver/default.json and execute supervisorctl restart all to restart the docserver as described here:

https://api.onlyoffice.com/editors/signature/

Enter the secret in Nextcloud onlyoffice advanced settings:

grafik


(Alessio Fattorini) #52

WAIT WAIT!
What??? A new module?
theincredibles_whoa_30347c8d


(Markus Neuberger) #53

Module update: https://wiki.nethserver.org/doku.php?id=onlyoffice

Now a token is used for securing onlyoffice server, see this post. You have to enter the secret in nextcloud onlyoffice advanced settings. To get the secret enter cat /var/lib/nethserver/secrets/onlyoffice on command line.


(Dan) #54

I’d be surprised if this couldn’t be automated in the post-install process by using the occ command–I know it can change configuration settings for the Nextcloud core, but I’m not 100% sure it will work for other apps.


(Markus Neuberger) #55

Thank you very much for this info. :+1: The whole app install process could be automated with occ :dark_sunglasses: :

sudo -u apache /usr/bin/php56 /usr/share/nextcloud/occ app:install onlyoffice
sudo -u apache /usr/bin/php56 /usr/share/nextcloud/occ config:app:set onlyoffice DocumentServerUrl --value="https://FQDN_OR_IP:8082/"
sudo -u apache /usr/bin/php56 /usr/share/nextcloud/occ config:app:set onlyoffice jwt_secret --value="`cat /var/lib/nethserver/secrets/onlyoffice`"

(Dan) #56

It came to mind because I’ve been working on something along those lines, but in a different context:

Edit: And you could probably pull the correct value for FQDN_OR_IP from the config database, thus automating it even further. The more that can be automated, the lower the chance of PEBCAK-type errors.


(Markus Neuberger) #57

Yes, you are right with automation.

sudo -u apache /usr/bin/php56 /usr/share/nextcloud/occ config:app:set onlyoffice DocumentServerUrl --value="https://`config get SystemName`.`config get DomainName`:8082/"

I’ll use a db prop “host” where you can configure a hostname if the default is not ok.


(Marc) #58

IIRC the php version changed for Nextcloud 13 on Nethserver. As v13 has been released there’s no need to support older versions IMO.


(Markus Neuberger) #59

You are right, I am already playing with php71:

sudo -u apache /opt/rh/rh-php71/root/usr/bin/php /usr/share/nextcloud/occ app:enable onlyoffice


(Markus Neuberger) #60

Module update:

https://wiki.nethserver.org/doku.php?id=onlyoffice

  • works with Nextcloud 13
  • onlyoffice app is configured automatically
  • accept self-signed certs
  • host property to set host part of url to “domain.tld” or “1.2.3.4”

What is the best default for the host part? The IP? At the moment it defaults to “host.domain.tld”.


(Dan) #61

I’d say host.domain.tld. If you use the IP address, you’re guaranteed to run into certificate errors. With the FQDN, if you have a trusted cert, you won’t.