Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nginx - SSL - CA seems not used #626

Open
4lex11s opened this issue May 16, 2023 · 0 comments
Open

nginx - SSL - CA seems not used #626

4lex11s opened this issue May 16, 2023 · 0 comments

Comments

@4lex11s
Copy link

4lex11s commented May 16, 2023

Hello,

Thank you for your software!

After a fresh installation, when I would like to edit a document from the example page, I received "The editor is loaded with the "The document could not be saved" message.
Looking in the logs, I encounter a self-signed certificate error although the external CA certificate is in the Data folder with the right name :
"userid":"uid-1"}]} Error: self signed certificate in certificate chain

And it's also the right CA certificat:

 pwd
       /var/www/onlyoffice/Data/certs
openssl verify -verbose -x509_strict  -CAfile ca-certificates.pem onlyoffice.crt
    onlyoffice.crt: OK
ls /var/www/onlyoffice/Data/certs
      ca-certificates.pem  dhparam.pem  onlyoffice.crt  onlyoffice.key
env
    SSL_CERTIFICATES_DIR=/var/www/onlyoffice/Data/certs

Furthermore, the used certificate is signed by only one certificate authority

Insecure Workaround
-e USE_UNAUTHORIZED_STORAGE=true

How to reproduce

extPrt=80
CtPrt=80
extPrtSSL=443
CtPrtSSL=443

domaine="docs.example.fr"
OOdata=/var/local/onlyoffice/$domaine
OODocs=/var/local/onlyoffice/$domaine/docs
OOCache=/var/local/onlyoffice/$domaine/cache

OOrepertoires=("$OOdata" "$OODocs" "$OOCache")
for i in ${OOrepertoires[@]}; do mkdir -p $i -v ;done


sudo docker run -i -t -p $extPrt:$CtPrt -p $extPrtSSL:$CtPrtSSL  --restart=always \
    -e JWT_ENABLED=false \
    -e SSL_VERIFY_CLIENT=optional  -e NODE_TLS_REJECT_UNAUTHORIZED=0 \
    -e SSL_CERTIFICATES_DIR=/var/www/onlyoffice/Data/certs  \
    --hostname $domaine \
    -v $OOdata:/var/www/onlyoffice/Data \
    -v $OODocs:/var/log/onlyoffice \
    -v $OOCache:/var/lib/onlyoffice \
    --name $domaine \
     onlyoffice/documentserver

Did this work in previous versions of DocumentServer?
no

DocumentServer Docker tag: & Host Operating System:

docker image ls
REPOSITORY                  TAG       IMAGE ID       CREATED        SIZE
onlyoffice/documentserver   latest    0da47c251add   2 months ago   2.84GB
onlyoffice/documentserver   5.6       f68fd6406374   2 years ago    2.16GB

lsb_release --codename --short
    jammy

Thanks in advance!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@4lex11s