OnlyOffice as a subfolder with SSL


#1

I followed this manual: https://manual.seafile.com/deploy/only_office.html. OnlyOffice works on port 88. I have tried with a docker container and also with packages from OnlyOffice.

If I use Seafile without SSL I can open office files with OnlyOffice and save them. But if I use Seafile with SSL I receive only a blank page after open an office file. This is with Firefox. Then I change the showed URL from https to http. After that the document is showing an I can save it.

With Chromium it is a bit different. I also see a blank page but in the upper right corner I can choose “load unsafe scripts”. After that the document is loaded and I can save it.

Has the URL in seahub_settings.py to be http or https? For me both does not work. In the nginx config I use proxy_pass http://127.0.0.1:88/;. Should I use https there?

I can call “http://seafile.domain.site/onlyofficeds/web-apps/apps/api/documents/api.js” but not
https://seafile.domain.site/onlyofficeds/web-apps/apps/api/documents/api.js”. Seafile says that the requested page was not found.

But https://seafile.domain.site/onlyofficeds/welcome/ works fine. The same URL without SSL also of course.


#2

I found the reason why the URL https://seafile.domain.site/onlyofficeds/web-apps/apps/api/documents/api.js not worked. In the seahub_settings.py the variable ONLYOFFICE_APIJS_URL has to be with HTTPS. Then I can open the mentioned URL and also the documents without problems.

But then I cannot save them. It gives me the error -331. This is the error I found on the document server log.:

[2019-03-13T18:24:54.616] [ERROR] nodeJS - sendServerRequest error: docId = e3d7c1578cd4d7e21101;url = https://seafile.domain.site/onlyoffice/editor-callback/;data = {“key”:“e3d7c1578cd4d7e21101”,“status”:2,“url”:“https://seafile.domain.site/onlyofficeds/cache/files/e3d7c1578cd4d7e21101_4151/output.xlsx/output.xlsx?md5=rBc0BpKdRA9h_B7T97o0KQ==&expires=1552498795&disposition=attachment&ooname=output.xlsx",“changesurl”:“https://seafile.domain.site/onlyofficeds/cache/files/e3d7c1578cd4d7e21101_4151/changes.zip/changes.zip?md5=rM5kvNllUhFmVeAcnFrkPw==&expires=1552498795&disposition=attachment&ooname=output.zip”,“history”:{“serverVersion”:“5.2.8”,“changes”:[{“created”:"2019-03-13 17:23:16”,“user”:{“id”:“uid-1552497790331”,“name”:“dbet1”}}]},“users”:[“uid-1552497790331”],“actions”:[{“type”:0,“userid”:“uid-1552497879327”}],“lastsave”:“2019-03-13T17:24:03.267Z”,“notmodified”:false}
Error: Error response: statusCode:500 ;body:

Page unavailable

Page unavailable

<p>Sorry, but the requested page is unavailable due to a server hiccup.</p>

<p>Our engineers have been notified, so check back later.</p>
at Request._callback (/var/www/onlyoffice/documentserver/server/Common/sources/utils.js:283:18)
at Request.self.callback (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:185:22)
at emitTwo (events.js:126:13)
at Request.emit (events.js:214:7)
at Request.<anonymous> (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:1161:10)
at emitOne (events.js:116:13)
at Request.emit (events.js:211:7)
at IncomingMessage.<anonymous> (/var/www/onlyoffice/documentserver/server/Common/node_modules/request/request.js:1083:12)
at Object.onceWrapper (events.js:313:30)
at emitNone (events.js:111:20)
at IncomingMessage.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1064:12)
at _combinedTickCallback (internal/process/next_tick.js:139:11)
at process._tickCallback (internal/process/next_tick.js:181:9)

#3

I have never been able to run Seafile CE and OnlyOffice (subdirectory mode) without SSL. As you observe ONLYOFFICE_APIJS_URL = 'https://… is required.

Similarly, I must have the Seafile server CE 6.3.4 (with Nginx) running SSL too. I suggest you get a certificate from Let’s Encrypt and give it a try.

On the flip side if anyone knows how to get Seafile CE and OO to work with only HTTP please advise. It’s an academic point but still of interest.

-Thank you


#4

I am trying the same with a certificate from let’s encrypt now. Seafile is installed on the machine, OnlyOffice is in a docker container. On this machine I had installed Apache a long time ago and many sites run with it, Seafile also.
Now if I try to call the URL https://subdomain.domain.tld/onlyofficeds/welcome, I receive a HTTP 404 and Seafile shows that the page cannot find. The URL http://subdomain.domain.tld:88/welcome is working, but I want do operate with a subfolder.
If I ignore that an set the URL https://subdomain.domain.tld/onlyofficeds/web-apps/apps/api/documents/api.js in seahub_settings.py I receive a blank page after clicking an office document.
If I change the URS in the setting file to http://subdomain.domain.tld:88/web-apps/apps/api/documents/api.js I receive a Page unavailable error:

Page unavailable
Sorry, but the requested page is unavailable due to a server hiccup.
Our engineers have been notified, so check back later.

Nothing works, absolutely nothing.


#5

One thin I have found. I have to configure ProxyPass and ProxyPassReverse two times. One inside the Location block and one outside. I don’t understand, why.

Define VPATH /onlyofficeds
Define DS_ADDRESS 127.0.0.1:88

<Location ${VPATH}>
Require all granted
SetEnvIf Host "^(.)$" THE_HOST=$1
RequestHeader setifempty X-Forwarded-Proto httpS
RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
RequestHeader edit X-Forwarded-Host (.
) $1${VPATH}
ProxyAddHeaders Off
ProxyPass http://${DS_ADDRESS}
ProxyPassReverse http://${DS_ADDRESS}

ProxyPassMatch ^${VPATH}(.*)(/websocket)$ “ws://${DS_ADDRESS}/$1$2”
ProxyPass ${VPATH} http://${DS_ADDRESS}
ProxyPassReverse ${VPATH} http://${DS_ADDRESS}


#6

You might want to post your configuration files, or relevant portions that pertain directly to OO, so that people who are familiar with setups like yours can offer some feedback.

Another thing, have you compared your setup and installation to that in the Seafile Community Manual?

Is there anything that you are doing that varies from the suggested setups in the Seafile Manual or the Community Manual?


#7

I allready have done this. The fact is that both

has to be inside the location block and also outside. Furthermore they must not have a slash at the end.

The IfModule block for unixd_module is not only unnecessary for me, it destroys the functionality of the other webs that runs on this web server, because I use not user and group daemon for the Apache web server.