Opened ports on both servers:
80 (http)
443 (https)
5672 (RabbitMQ)
5432 (PostgreSQL)
6379 (Redis)
8000 (DocService)
Owncloud is on a physical server with a FQDN supported with a Let’s Encrypt SSL and running on port 443. This is accessible both internally and externally.
OnlyOffice document server is on a virtual server with a FQDN supported with a Let’s Encrypt SSL and running on port 443. This displays, “Document server is running”, both internally and externally.
Both servers are Cent OS 7.
I have the OnlyOffice connector enabled in owncloud, with the FQDN entered as a https connection. However, when I try to save, I get the following error message:
"Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted)"
I have looked at everything I can think of and I can see no reason as to why this is occuring.
I have found the following error message in the /var/log/onlyoffice/documentserver/converter/out.log
[2020-03-20T09:39:51.389] [ERROR] nodeJS - error downloadFile:url=https://xxxxxxxxx.co.uk/index.php$
Error: Error response: statusCode:403 ;body:
{"message":"Access denied"}
at Request._callback (/snapshot/server/build/server/Common/sources/utils.js:0:0)
at Request.init.self.callback (/snapshot/server/build/server/Common/node_modules/request/request.$
at Request.emit (events.js:198:13)
at Request.<anonymous> (/snapshot/server/build/server/Common/node_modules/request/request.js:1154$
at Request.emit (events.js:198:13)
at IncomingMessage.<anonymous> (/snapshot/server/build/server/Common/node_modules/request/request$
at Object.onceWrapper (events.js:286:20)
at IncomingMessage.emit (events.js:203:15)
at endReadableNT (_stream_readable.js:1143:12)
at process._tickCallback (internal/process/next_tick.js:63:19)
I checked the connection from OnlyOffice to owncloud with wget https://xxxxxxxx.co.uk/index.php and the page was saved with no errors.
I don’t know enough about how OnlyOffice works to find out why the error is occuring.
So I you can log in to your ownCloud server’s CLI and run the following command: curl -I https://only-office-document-server.tld
Then I would also do the same in the other direction, by logging into the OnlyOffice document server’s CLI: curl -I https://ownCloud-server.tld/index.php
A final test would be to run both these curls on your desktop to make sure that the servers are accessible for the client (web browser).
You should always receive a HTTP 200 status code.
As far as I understand it, you don’t have a reverse proxy terminating your OnlyOffice SSL connection. I recently had the problem with Traefik that it wouldn’t set the X-Forwarded-Proto header to https, which OnlyOffice needs to function properly behind a reverse proxy.
Another thing that comes to mind reading your post is SELinux because you are using CentOS. Make sure that this is not interfering with your setup by checking the audit log.
Thanks for the reply. Sorry it has taken me so long to get around to responding.
I am using Nginx as a reverse proxy and it has the same SSL certificates on it as are on the actual servers. All are Let’sEncrypt, so they all get automatically updated by Certbot.
I have done as you suggested and ran the Curl -I test from both machines.
OnlyOffice to ownCloud returns a 200 OK.
OwnCloud to OnlyOffice returned a 302 as it is re-directing to https://onlyoffice-server/welcome/
If I change the Curl -I to include the /welcome/, then it returns a 200 OK.
I ran both of the Curl -I requests from my offsite laptop and got a 200 OK from both, again, only if I include the /welcome/ to onlyoffice.
Both servers are CentOS 7 and are configured the same way regarding their Reverse Proxy scripts.
Both also have SELinux disabled. This was done when they were built, as advised in the ownCloud setup instructions.
If I change the OnlyOffice URL then it fails to find the healthcheck.
If I correct the URL again, then it would appear to pass the healthcheck and then return the original error, so it would seem the two servers are talking to each other, just unable to resolve the final configuration stage.
Any further thoughts are most welcomed and I will try to respond a bit quicker this time!!
That’s how it is with my setup and it is working fine.
What health-check?
So you are saying because you are also using HTTPS between reverse proxy and final endpoints you don’t need to set the X-Forwarded-Proto header to https.
Perhaps this is something more for the ONLYOFFICE forums, as you’re getting on the document server side and not on the ownCloud side of it.
After further investigation, I have worked out that the error is directly related to the passing of the JWT Authentication between ownCloud and OnlyOffice.
I double checked all the config files and everything was correct according to the OnlyOffice setup that I had been following.
As I was unable to resolve this, I have turned the JWT Authentication off in the same config files and it now works fine.
I can only assume that it has something to do with how the JWT is passed through the Nginx reverse proxy, which is the only anomaly in my setup that isn’t covered in the configuration instructions.
If I decide to venture down this route again, or anyone else manages to resolve the issue with a similar setup, please update this post.
