Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

File upload is broken when SSL is offloaded on a reverse proxy #89

kykc opened this issue Dec 18, 2017 · 1 comment

File upload is broken when SSL is offloaded on a reverse proxy #89

kykc opened this issue Dec 18, 2017 · 1 comment


Copy link

kykc commented Dec 18, 2017

Used configuration

CommunityServer is being launched from docker container like this:

  image: onlyoffice/communityserver:
  restart: always
  stdin_open: true
  tty: true
  container_name: onlyoffice-cs
   - onlyoffice-ds:document_server
   - ""
   - ""
   - "5222:5222"
   - /home/████████/server_data/onlyoffice/cs/logs:/var/log/onlyoffice
   - /home/████████/server_data/onlyoffice/cs/data:/var/www/onlyoffice/Data
   - /home/████████/server_data/onlyoffice/cs/mysql:/var/lib/mysql
   - /home/████████/server_data/onlyoffice/ds/data:/var/www/onlyoffice/DocumentServerData
   - MYSQL_SERVER_DB_NAME=onlyoffice_cs
   - MYSQL_SERVER_PASS=████████
   - DOCUMENT_SERVER_PORT_80_TCP_ADDR=oods.████████

It is accessed through nginx reverse proxy which offloads SSL and then redirects plain http to like this:

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;

server {
    listen 80;
    server_name office.████████;
    return 301 https://$server_name$request_uri;

server {
    listen 443 ssl;
    ssl on;
    server_name office.████████;
    ssl_certificate ████████;
    ssl_certificate_key ████████;

    location = /favicon.ico {
        return 204;
        access_log off;
        log_not_found off;

    location / {
        client_max_body_size    4G;

	proxy_read_timeout 1800;
	proxy_connect_timeout 1800;
	proxy_set_header Host $http_host;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Real-IP $remote_addr;

Steps to reproduce

In Documents click upload button and select any file.

Observed behavior

I'm getting error like this:

Mixed Content: The page at 'https://office.████████/products/files/#1' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://office.████████/products/files/ChunkedUploader.ashx?uid=73b614d569e448d4ac753a7f19507a62'. This request has been blocked; the content must be served over HTTPS.

I've tinkered a little with client JS code and found out that this http link to ChunkedUploader is being sent by server in a response to /api/2.0/files/1/upload/create_session.json call. As JS is minified on the client I can't provide exact file/line of code where it happens. Code in the debugger looks like this:

 var i = jq.format("{0}files/{1}/upload/create_session.json", ASC.Resources.Master.ApiPath, n.fid)
          , t = null;
        return jq.ajax({

The whole response that I'm getting looks like this:

  "success": true,
  "data": {
    "id": "b7d920e3776742d9832367fcbcd37131",
    "path": [
    "created": "2017-12-17T14:46:05.832996Z",
    "expired": "2017-12-18T02:46:05.832996Z",
    "location": "http://office.████████/products/files/ChunkedUploader.ashx?uid=b7d920e3776742d9832367fcbcd37131",
    "bytes_uploaded": 0,
    "bytes_total": 12354

Expected behavior

File upload working as intended 😁

Side notes

  • If I place breakpoint in the aforementioned code and correct returned link by hand the rest part of file upload is working as intended.
  • As seen from my nginx virtualhost config I pass X-Forwarded-Proto header, but seems that it's not being considered by the server when generating ChunkedUploader link
@alexeybannov alexeybannov self-assigned this Dec 22, 2017
Copy link

Carazyda commented Aug 4, 2022

Closed for a reason - there has been no activity for a long time.

@Carazyda Carazyda closed this as completed Aug 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

No branches or pull requests

3 participants