Module not working for HTTPS-Only HumHub installations

[daum3ns]

The Module sets the document.url incorrect so that a "download failed" alert is seen:
https://stackoverflow.com/questions/46545410/docker-document-server-download-failed

https://api.onlyoffice.com/editors/config/document#url
i see in the logs that the url is set like humhub was plain-http although humhub is setup to use https. there is no way to set this in gui, nor in config files..

when i disable automatic redirect of http traffic to https for humhub, the module works ...

please fix this issue, or let me help you fix it! i think it must be quite simple, but i don't know the framework...

[Eloncase]

Hello! Thanks for your contribution.
We are using framework method Url::to to generate links, same method used to generate permalinks for example.
It's probably related to this issue and until it is resolved we can't really tell if this is our problem or not. As soon as issue is resolved we'll make appropriate changes.

[daum3ns]

thanks eloncase for reply. as i understand the issue you linked it is about termination off ssl and plan http humhub. but i have set humhub to use HTTPS and still the module generates an http url.. thats what i think is strange. so it is the other way arround:
client->HTTPS->proxy->HTTPS->HUMHUB
then the client gets a plain HTTP url as callback, so it will receive a redirect from the proxy which onlyoffice cant handle..
as HumHub is set to use HTTPS i would assume an HTTPS link... (for example sharing a file is no problem, there it works...)

on the linked issue a plain HTTP linke makes sense for me, as the installation is plain HTTP...

[Eloncase]

Have you tried making permalink to a post? Is it http or https?

The issue mostly about that Base URL setting (Settings -> General -> Base URL) should be taken into consideration when generating any kind of URL. Right now it takes current context to do that.
For example if you set Base URL to https://192.168.1.10 but navigate to humhub using http://localhost all links will navigate to http://localhost ignoring settings.

Is Forwarded headers configured properly on your proxy server?
Especially Forwarded-Proto.

[daum3ns]

thanks eloncase, i will check this as soon as i have some spare minutes, i think BaseUrl should be correct but the headers i have to check!

[bha-lockdrives]

Are there any news? I have the same problems. Humhub is on SSL only.

[dreua]

To add a data point here: My https only installation works fine after some debugging. (Only issue remaining: #28) The installation experience could be improved by more/better error messages or maybe a wizard / some automated tests though.

I have the document server docker image with a port switch: -p 8080:80 (Earlier mistake: Use port 8080 of the container. Not sure what that is but it surely does not work.) Make sure you can access the document server with your browser via Https. It should display a nicely formatted welcome page ("ONLYOFFICE Docs™ Community Edition – Welcome!").

Apache is setup with virtual hosts for two subdomains, one serving the onlyoffice document server as proxy adding Https (my configuration) and the other serving Humhub.

[daum3ns]

@bha-lockdrives when i remember correctly adding this in humhub/protected/config/web.php did the trick for me:
$_SERVER['HTTPS'] = 'on';

(see humhub/humhub#3815)

[smurf1965]

Hi, recently added DocServer to Humhub. Apparently successfully connected, however when trying to create doument, Humhub throws up 'Could not Onlyoffice Document editor'. Now I think that as Hunhub is on https:// and Digital Ocen Docserver on http://, this could be the issue? Not entirely certain, however any help or suggestion would be greatly appreciated!

[dreua]

Hunhub is on https:// and Digital Ocen Docserver on http://, this could be the issue?

Yes this is the issue. The other way around works but you should never attempt to use http resources in a page loaded via https. It creates warnings or does not work at all.

[smurf1965]

@dreua Thanks for that, glad to see on the right track! :)

[dreua]

@smurf1965 Happy to help! Getting OO+Humhub to work together can really be a p... - well let's call it difficult 😉
If you have further questions I'd suggest you create a new issue, maybe I can help. In my opinion, appending to already existing issues is only advisable if you are quite sure that you have the same issue and you have something valuable to add. (Otherwise do it Youtube-Style: Hit thumbs up on the top post and subscribe! Or create a new issue and link to the existing issue.)

@ someone with moderation privilege: Feel free to hide my off-topic comments here.

[monacoblue]

@Eloncase @dreua @daum3ns

Hi guys,

Sorry to revisit this issue , but I'm a newbie that tried a kazillion things and am desperately trying to get this to work!

Log Error: "Expected JWT"
"The document could not be saved. Please check connection settings or contact your administrator"

Version: Humhub 1.9,1
Document Server: ONLYOFFICE DOCS 6.4.1 (Cloudron/Docker) runing on https://office.glowrepeat.net
Humhub Server: LAMP installation on CentOS WHM PHP 7.3. AutoSSL (Secticgo) running on https://hub.glowrepe.at

Here's what I did/tried so far:

• Checked that all prerequisites are met on my CentOS LAMP installation - they are - green checkmarks on everything. Installation completed without issues and everything else works.
• Checked that both Humhub and Onlyoffice is running on https- they are Humhub base url is configured correctly and permalinks are https://
• To verify things are working at the Onlyoffice end, I created a free humhub account on humhub.com and tested the plugin there connecting to my onlyoffice office.glowrepeat.net - works pefectly!
• However configuring the plugin start well on my own server with: "ONLYOFFICE Docs successfully connected! - Installed version: 6.4.1.45" BUT when opening document I get the "JWT Expected" error in log.
• Checked that WHM Firewall is not blocking ports - all ok as far as I can see.

Here is the humhub LOG:

`2021-10-12 15:39:22 [78.129.139.241][-][-][error][onlyoffice] Expected JWT
2021-10-12 15:39:22 [78.129.139.241][-][-][info][application] $_GET = [
'key' => '(hidden)'
]

$_SERVER = [
'CONTENT_LENGTH' => '161'
'CONTENT_TYPE' => 'application/json'
'CONTEXT_DOCUMENT_ROOT' => '/home/glowrepe/public_html/APP_hub'
'CONTEXT_PREFIX' => ''
'DOCUMENT_ROOT' => '/home/glowrepe/public_html/APP_hub'
'GATEWAY_INTERFACE' => 'CGI/1.1'
'HTTPS' => 'on'
'HTTP_CPANEL_LOCALHOST' => '1'
'HTTP_HOST' => 'hub.glowrepe.at'
'HTTP_USER_AGENT' => 'Node.js/6.13'
'HTTP_X_FORWARDED_FOR' => '46.101.106.221'
'HTTP_X_FORWARDED_HOST' => 'hub.glowrepe.at'
'HTTP_X_FORWARDED_PORT' => '443'
'HTTP_X_FORWARDED_PROTO' => 'https'
'HTTP_X_FORWARDED_SERVER' => 'hub.glowrepe.at'
'HTTP_X_REAL_IP' => '46.101.106.221'
'PATH' => '/bin:/usr/bin'
'PHP_INI_SCAN_DIR' => '/opt/cpanel/ea-php73/root/etc:/opt/cpanel/ea-php73/root/etc/php.d:.'
'QUERY_STRING' => 'key=(hidden)'
'REDIRECT_HTTPS' => 'on'
'REDIRECT_QUERY_STRING' => 'key=(hidden)'
'REDIRECT_STATUS' => '200'
'REDIRECT_UNIQUE_ID' => '(hidden)'
'REDIRECT_URL' => '/onlyoffice/backend/track'
'REDIRECT_isproxyrequest' => '1'
'REMOTE_ADDR' => '78.129.139.241'
'REMOTE_PORT' => '40560'
'REQUEST_METHOD' => 'POST'
'REQUEST_SCHEME' => 'https'
'REQUEST_URI' => '/onlyoffice/backend/track?key=(hidden)'
'SCRIPT_FILENAME' => '/home/glowrepe/public_html/APP_hub/index.php'
'SCRIPT_NAME' => '/index.php'
'SERVER_ADDR' => '78.129.139.242'
'SERVER_ADMIN' => '(hidden)'
'SERVER_NAME' => 'hub.glowrepe.at'
'SERVER_PORT' => '443'
'SERVER_PROTOCOL' => 'HTTP/1.1'
'SERVER_SIGNATURE' => ''
'SERVER_SOFTWARE' => 'Apache'
'TZ' => 'Europe/Copenhagen'
'UNIQUE_ID' => '(hidden)'
'isproxyrequest' => '1'
'PHP_SELF' => '/index.php'
'REQUEST_TIME_FLOAT' => (hidden)
'REQUEST_TIME' => (hidden)
'argv' => [
0 => 'key=(hidden)'
]
'argc' => 1
]`

Onlyoffice and Humhub are on two different servers so it seems the internal requests sections are not relevant.

I suspect that it is related to the AutoSSL that is preventing onlyoffice from seeing Humhub? However I am havinga hard time wrapping my head around what specifically I need to do to fix that?

I would be very grateful for any tips or help 🙏

Many thanks,
M

[daum3ns]

thats weird, did you configure JWT secret in the module configuration?

[monacoblue]

thats weird, did you configure JWT secret in the module configuration?

Thanks for getting back daum3ns :). Yes I configured Fields 'Hostname' and JWT secret and it immediately connects successfully with green message on top in module config: "ONLYOFFICE Docs successfully connected! - Installed version: 6.4.1.45".

But when I try to open document i get the error message:
"The document could not be saved. Please check connection settings or contact your administrator"

And in log "Expected JWT" as shown in post above.

[daum3ns]

argh, i remember having exactly that message.. did you verify the setting i mentioned here: #3 (comment)

[monacoblue]

argh, i remember having exactly that message.. did you verify the setting i mentioned here: #3 (comment)

Thanks... for your feedback :). Yes - saw your message in ealier dialogue, and added that to web.php, because thought it couldn't hurt - but no dice. Did you configure the proxy settings in humhub admin - Is that what I am missing. I have not actively set a proxy for use on my server, but perhaps simply enabling AutoSSL on my Cpanel/WHM is somehting that now intercepts humhub as a proxy?

[daum3ns]

no i don't have proxy settings set... (although i have a reverse proxy in front, but that's all handled by docker-compose in my case i think, the same reverse proxy is in front of the docserver and translates back to plain http, i.e the docserver itself thinks its plain http when i remember correctly)

it was a time ago i set this up.. maybe give it a try without autossl... idk..

[monacoblue]

Ok many thanks daum3ns - very good to know! Can't justify abandoning AutoSSL, but you're right I could try and switch it off.

If anyone has ideas to share, I would be eternally grateful :)

[monacoblue]

Problem remains and I'm stuck with "The document could not be saved. Please check connection settings or contact your administrator"

Does anything in my error log posted above spring into your eyes - what am I missing?

@Eloncase @dreua I know you are probably super busy, but would be grateful for any help/pointers :)