Onlyoffice - Documents not saved


#1

The registration of documents is no longer done since I activated HTTPS.
The URL https://xxx.xxx/onlyofficeds/welcome is ok
The SSL certficat is valid and is issued by an authority (not self-signed).
The error below is in /app/onlyoffice/DocumentServer/logs/documentserver/docservice/out.log:
<td>

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (ssl.c:581)

_

Exception Location:
_ /home/seafileUnif/seafile-server-6.1.1/seahub/thirdpart/requests-2.13.0-py2.6.egg/requests/adapters.py in send, line 512_

How to disable certificate verification if this is the solution?

my configuration:
Debian 8
Seafile CE 6.1.1
Onlyoffice via subfolder
Docker version 17.06.2-ce, build cec0b72
nginx version: nginx / 1.13.5

seahub_setting.py:
ENABLE_ONLYOFFICE = True
VERIFY_ONLYOFFICE_CERTIFICATE = False
ONLYOFFICE_APIJS_URL = ‘https://subdomaine.domaine/onlyofficeds/web-apps/apps/api/documents/api.js
ONLYOFFICE_FILE_EXTENSION = (‘doc’, ‘docx’, ‘ppt’, ‘pptx’, ‘xls’, ‘xlsx’, ‘odt’, ‘fodt’, ‘odp’, ‘fodp’, ‘ods’, ‘fods’)
ONLYOFFICE_EDIT_FILE_EXTENSION = (‘doc’, ‘docx’, ‘ppt’, ‘pptx’, ‘xls’, ‘xlsx’, ‘odt’, ‘fodt’, ‘odp’, ‘fodp’, ‘ods’, ‘fods’)

ngnix seafile.conf:
location /onlyofficeds/ {
# IMPORTANT ! - Trailing slash !
proxy_pass https://127.0.0.1:8443/;

            proxy_http_version 1.1;:q

            client_max_body_size 100M; # Limit Document size to 100MB
            proxy_read_timeout 3600s;
            proxy_connect_timeout 3600s;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $proxy_connection;

            # IMPORTANT ! - Subfolder and NO trailing slash !
            proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;

            proxy_set_header X-Forwarded-Proto $the_scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

To launch Docker
docker run -i -t -d -p 8443:443 -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice -v /app/onlyoffice/DocumentServer/cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files --name oods onlyoffice/documentserver

docker ps:
1a24761a772e onlyoffice/documentserver “/bin/sh -c 'bash …” About an hour ago Up About an hour 80/tcp, 0.0.0.0:8443->443/tcp oods

Thanks for any help


#2

Did you configure a SSL-certificate in your docker machine? If not, you need OnlyOffice to listen on port 80 internally:

sudo docker run -i -t -d -p 8443:80 onlyoffice/documentserver

and in the nginx config:

proxy_pass http://localhost:8443/;

This doesn’t have any security impact, if the seafileserver and the documentserver are the same, because it’s just the local serverprocess communication which is not encrypted.
The external connection is encrypted by your nginx webserver.

That’s how it works on my server. But I use a subdomain instead of a subfolder. Regardless this should work the same way.


#3

Hi.

Thank you for your reply.

I have disabled https in Docker but I still have the same invalid certificate error.

Log seahub_django_request.log :

2017-10-10 13:44:30,940 [ERROR] django.request:256 handle_uncaught_exception Internal Server Error: /onlyoffice/editor-callback/
Traceback (most recent call last):
  File "/home/seafileUnif/seafile-server-6.1.1/seahub/thirdpart/Django-1.8.18-py2.7.egg/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/home/seafileUnif/seafile-server-6.1.1/seahub/thirdpart/Django-1.8.18-py2.7.egg/django/views/decorators/csrf.py", line 58, in wrapped_view
    return view_func(*args, **kwargs)
  File "/home/seafileUnif/seafile-server-6.1.1/seahub/seahub/onlyoffice/views.py", line 65, in onlyoffice_editor_callback
    requests.post(update_url, files=files)
  File "/home/seafileUnif/seafile-server-6.1.1/seahub/thirdpart/requests-2.13.0-py2.6.egg/requests/api.py", line 112, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/home/seafileUnif/seafile-server-6.1.1/seahub/thirdpart/requests-2.13.0-py2.6.egg/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/home/seafileUnif/seafile-server-6.1.1/seahub/thirdpart/requests-2.13.0-py2.6.egg/requests/sessions.py", line 507, in request
    resp = self.send(prep, **send_kwargs)
  File "/home/seafileUnif/seafile-server-6.1.1/seahub/thirdpart/requests-2.13.0-py2.6.egg/requests/sessions.py", line 628, in send
    r = adapter.send(request, **kwargs)
  File "/home/seafileUnif/seafile-server-6.1.1/seahub/thirdpart/requests-2.13.0-py2.6.egg/requests/adapters.py", line 512, in send
    raise SSLError(e, request=request)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)

Log /app/onlyoffice/DocumentServer/logs/documentserver/docservice/out.log:

[2017-10-10 13:44:32.904] [ERROR] nodeJS - sendServerRequest error: docId = e1af4cc3c52ee2994bbc;url = https://subdomaine.domaine/onlyoffice/editor-callback/;data = {“key”:“e1af4cc3c52ee2994bbc”,“status”:2,“url”:“https://subdomaine.domaine/onlyofficeds/cache/files/e1af4cc3c52ee2994bbc_5528/output.docx/output.docx?md5=dmboI9y2-URaO8rNQ1OeqA==&expires=1510235071&disposition=attachment&ooname=output.docx",“changesurl”:“https://subdomaine.domaine/onlyofficeds/cache/files/e1af4cc3c52ee2994bbc_5528/changes.zip/changes.zip?md5=VOVnWUS3e7F5sECjCcpXDQ==&expires=1510235071&disposition=attachment&ooname=output.zip”,“history”:{“serverVersion”:“4.4.3”,“changes”:[{“created”:"2017-10-10 13:25:00”,“user”:{“id”:“uid-1507641884235”,“name”:“jnemare”}},{“created”:“2017-10-10 13:31:37”,“user”:{“id”:“uid-1507642229161”,“name”:“jnemare”}},{“created”:“2017-10-10 13:39:29”,“user”:{“id”:“uid-1507642762042”,“name”:“jnemare”}},{“created”:“2017-10-10 13:44:15”,“user”:{“id”:“uid-1507643042731”,“name”:“jnemare”}}]},“users”:[“uid-1507643042731”],“actions”:[{“type”:0,“userid”:“uid-1507643042731”}],“lastsave”:“2017-10-10T13:44:15.431Z”,“notmodified”:false}^M
Error: Error response: statusCode:500 ;body:

Docker ps
c973d8a63485 onlyoffice / documentserver “/ bin / sh -c 'bash …” 31 minutes ago Up 31 minutes 443 / tcp, 0.0.0.0:88->80/tcp oods

I do not know where to look.
Thanks


#4

Hm… Maybe my config helps you… But this is for subdomains.

Nginx:

server {
        listen       80;
        server_name  doc.domain.com;
    return 301 https://$host$request_uri;
    }

server {
    listen 443;
    server_name doc.domain.com;

####

    ssl on;
    ssl_protocols TLSv1.2;
    ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_certificate /etc/letsencrypt/live/domain.com-0002/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.com-0002/privkey.pem;
    ssl_stapling on;
    ssl_stapling_verify on;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    add_header X-Content-Type-Options nosniff;

    gzip off;

    server_tokens off;

     location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              http://localhost:8083/;
     }
}

seahub_settings.py

# Enable Only Office
ENABLE_ONLYOFFICE = True
VERIFY_ONLYOFFICE_CERTIFICATE = False
ONLYOFFICE_APIJS_URL = 'https://doc.domain.com/web-apps/apps/api/documents/api.js'
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods')

And I start docker via

sudo docker run -i -t -d -p 8083:80 onlyoffice/documentserver

//edit: I just remember this thread. Someone else with that problem:


#5

HI,

I solved my problem by disabling the verification of the certificate in the files:
/seahub/seahub/onlyoffice/settings.py
/seahub/thirdpart/requests-2.13.0-py2.6.egg/requests/sessions.py
/seahub/thirdpart/requests-2.13.0-py2.6.egg/requests/adapters.py

hoping it helps.

I noticed that simultaneous changes do not work when the file is shared and opened in editing at the same time by 2 users.
Does OnlyOffice integrated in Seafile allow this functioning as the onlyOffice original application?


[SOLVED] Seafile / Onlyoffice pptx xslx error
#6

hello, im having the same issue, over https i cant save the documents, seems stucked in cache.
May i have yor files, or how i disable the verification of certificate.

Thanks for your help.


#7

I had the same issue when I run Only Office as a DEB package on dedicated server behind HTTPS proxy where HTTPS proxy used wildcart certificate (standard setup). It looks that DJANGO on Seafile side wont work with wildcard certtificates as those by default miss common name of a web server used for OnlyOffice and then Seafile Django trows an SSL Handshake missing common name error on OnlyOffice server when it tries to save files back to Seafile.

Solution was to run HTTPS directly on OnlyOffice server using it’s own NGINX configuration with a certificate that has common name for my OnlyOffice server.

BR
Babiloni


#8

Solution was to run HTTPS directly on OnlyOffice server using it’s own NGINX configuration with a certificate that has common name for my OnlyOffice server.

How can i do that_ i followed OO installation process using nginx, but i dont know hot to run https directly_


#9

https://helpcenter.onlyoffice.com/server/linux/document/switch-to-https.aspx

Inside NGINX conf file edit these lines

{{SSL_CERTIFICATE_PATH}} - the path to the SSL certificate you have got;
{{SSL_KEY_PATH}} - the path to the SSL certificate private key;

You will valid SSL for your OO server.


#10

Actually i got the same error. download error cant save document. Im going to try deploying through docker.