WebTop + OnlyOffice

Has anyone successfully integrated OnlyOffice with WebTop 5?

I haven’t been able to get past a 403 Forbidden error:

HTTP Status 403 – Forbidden
Status Report Message: JWT token not signed correctly
Description: The server understood the request but refuses to authorize it.
Apache Tomcat/8.5.35

I think it may relate to the ‘documentserver.local.url’ entry and, if that is correct, perhaps permissions for document cache/storage.


I have a working OnlyOffice server - works perfect with NextCloud;
I’ve setup the webtop integratrion as per here: https://www.sonicle.com/docs/webtop5/doc-server.html
https://www.sonicle.com/docs/webtop5/core.html#core-docserver-settings-section

The one setting I wasn’t sure of was: documentserver.loopback.url - which I assume relates to the onlyoffice ‘callback handler’ I have tried a number of iterations all with the same result. The Document starts to open in view or edit mode and then fails with “Download Failed” and then: https://api.onlyoffice.com/editors/callback

image

Thanks,
Klaus

NethServer Version: 7.7.1908 (final
Module: webtop 5 (5.3)

Maybe @lucag or @gabriele_bulfon can give you some hints.

Hi @KdB,
for the documentserver.loopback.url key you must necessarily enter the complete URL with which the OnlyOffice server can reach webtop, for example: https://server.domain.com/webtop/

For the problem you showed, did you check what the logs show in this path ?
/var/log/onlyoffice/documentserver/
(for example: /var/log/onlyoffice/documentserver/nginx.error.log)

As soon as I have some time I will do some tests too.

In the meantime, @mrmarkuz could have been helpful as he wrote this HowTo and I think he knows OnlyOffice better than me :wink:

2 Likes

Same error here.
I assume you tried with a separate onlyoffice server.

I tested with the onlyoffice module.

I had to improve the onlyoffice secret to make it work because

The signing key’s size is 128 bits which is not secure enough for the HS256 algorithm. The JWT JWA Specification (RFC 7518, Section 3.2) states that keys used with HS256 MUST have a size >= 256 bits (the key size must be greater than or equal to the hash output size). Consider using the io.jsonwebtoken.security.Keys class’s ‘secretKeyFor(SignatureAlgorithm.HS256)’ method to create a key guaranteed to be secure enough for HS256. See https://tools.ietf.org/html/rfc7518#section-3.2 for more information.

Confirmed. If you use localhost instead of real server name for documentserver.loopback.url then it doesn’t work.

Error: Hostname/IP doesn't match certificate's altnames: "Host: localhost. is not in the cert's altnames: ...

So certificates are checked too.

But I end up with same error while it’s working in Nextcloud. I tested with Onlyoffice Document Server 5.4.0 and 5.4.1:

HTTP Status 403 – Forbidden


Type Status Report

Message JWT token not signed correctly

Description The server understood the request but refuses to authorize it.


Apache Tomcat/8.5.35

2 Likes

Thank you Gentlemen.

This is very strange in that it has started working as expected! After a power cycle it just started working!

I had spent much time on this working on getting the callback right. With all the correct settings in WebTop config still seeing this error in the onlyoffice/nginx error log - which was based on the SSL Cert and it trying to use “http://127.0.0.1” - I had run ‘supervisorctl restart all’ after any changes and did reboot a couple of times:

*331 connect() failed (111: Connection refused) while connecting to upstream, client: 202.*.*.*, server: , request: "GET /5.4.0-21//doc/b451231a846ca032eb3c/c/info?t=1574378457171 HTTP/1.1", upstream: "http://127.0.0.1:48000/doc/b451231a846ca032eb3c/c/info", host: "office.**.com.au:8082", referrer: "https://office.**.com.au:8082/5.4.0-21//web-apps/apps/spreadsheeteditor/main/index.html?_dc=5.4.0-21&lang=en_EN&customer=ONLYOFFICE&frameEditorId=ext-comp-1781-deplaceholder"

I didn’t change nginx settings at all so am still confused as to why it started working all of a sudden!! I’ll go back to start again (I have a snapshot) and will document for HowTos - assuming it works correctly this time.

@mrmarkuz : It isn’t a separate server install, it is your module and as per your instructions - thanks again. Yes, I did need to increase the password key to get started, that was the first obvious point in making it work from webtop.

Klaus

2 Likes

Confirmed. Don’t know why, I restarted several services but the reboot helped.

I am going to update onlyoffice to have more secure passwords so it should work out of the box…

1 Like

I managed to save the reboot with signal-event nethserver-webtop5-update - I assume that it is JVM / Java that needs the restart.

Klaus

2 Likes

I can confirm that @mrmarkuz onlyoffice module works well with webtop5 - opening/editing both NextCloud or WebTop/Documents.

@lucag would it be easy/possible to map the /com.sonicle.webtop.vfs/mydocuments/user/ folder to the user’s home folder? (ie /var/lib/nethserver/home/user/ )

I did attempt to add the home folder as a local resource but having permission issues there so still playing with that.

I do map the home folder to users’ PCs. Being able to access those folders through webtop remotely would be very handy.

Klaus

Hi @KdB,
currently there is no possibility to synchronize the WebTop cloud files with a client (as it can be done for Nextcloud) it is an unexpected thing.

You can optionally use the integration between WebTop and Nextcloud as described here: https://nethserver.docs.nethesis.it/en/master/webtop5.html#nextcloud-integration

2 Likes

…we never know what it may be expected in the future! :wink:

3 Likes