Yes, this issue exists with the following settings in settings.php:
$settings['reverse_proxy'] = TRUE;
$settings['reverse_proxy_addresses'] = array($_SERVER['REMOTE_ADDR']);
$settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED;
This is also all cross-checked against phpinfo:
HTTP Request GET /admin/reports/status/php HTTP/1.1
Host REDACTED.com
X-Request-ID 3a240d7e5df3deb587dc3a1874b64a4e
X-Real-IP REDACTED
X-Forwarded-For REDACTED
X-Forwarded-Host REDACTED.com
X-Forwarded-Port 443
X-Forwarded-Proto https
X-Forwarded-Scheme https
X-Scheme httpsFor this we ended up patching the module to rewrite the formation of the urls, where we hardcode the scheme to https.
I think this issue is more at the drupal core level than the module level, so this may be closed. Though an option (like a checkbox on the settings page) to enforce the preferred scheme in the module would be helpful.
Yes, understood.
I have tested the cert on the host I am using for onlyoffice with https://www.ssllabs.com/ to be sure. It is a valid, trusted LE Certificate. The issue cited in the warning is for the tls_process_server_certificate, where ssl labs is able to complete the tls handshake.
I know that this question is beyond the scope of this particular ticket (which with your bugfix I consider resolved) and probably the module in general, but is there anything that we might do on either end to override the ssl certification requirement? At this point we are trying to get a proof of concept prepared in order to get approval to acquire an enterprise license of onlyoffice, and can certainly continue to debug this for production.
I updated the module on our Drupal with the recent bugfix - thank you. Now the docservice out.log says:
[2023-06-02T00:40:22.238] [ERROR] [localhost] [ae0e1018-6109-41e9-9fec-c173883ea09f_MTY4NTY2MjQ5Mg==] [11] nodeJS - sendServerRequest error: url = https://REDACTED/onlyoffice-callback/ZmRPbTNtQ3lteHVGWDBFdHZqYTRyZm1EcTh5NFJCTkxmbng4WXlFdDIzRT83MThiNTc1ZC0xZjA4LTQ5Y2MtYTM4NS0wOWIyZjRmZmQ5YmU;data = {"key":"ae0e1018-6109-41e9-9fec-c173883ea09f_MTY4NTY2MjQ5Mg==","status":2,"url":"https://REDACTED/cache/files/data/ae0e1018-6109-41e9-9fec-c173883ea09f_MTY4NTY2MjQ5Mg==_9308/output.docx/output.docx?md5=0QbYr-aoDQVBkYGjFIrIbg&expires=1685667322&filename=output.docx","history":{},"users":["1"],"actions":[{"type":0,"userid":"1"}],"lastsave":"2023-06-01T23:39:38.000Z","notmodified":false,"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJhZTBlMTAxOC02MTA5LTQxZTktOWZlYy1jMTczODgzZWEwOWZfTVRZNE5UWTJNalE1TWc9PSIsInN0YXR1cyI6MiwidXJsIjoiaHR0cHM6Ly80NS03OS0xOTItNzkuaXAubGlub2RldXNlcmNvbnRlbnQuY29tL2NhY2hlL2ZpbGVzL2RhdGEvYWUwZTEwMTgtNjEwOS00MWU5LTlmZWMtYzE3Mzg4M2VhMDlmX01UWTROVFkyTWpRNU1nPT1fOTMwOC9vdXRwdXQuZG9jeC9vdXRwdXQuZG9jeD9tZDU9MFFiWXItYW9EUVZCa1lHakZJckliZyZleHBpcmVzPTE2ODU2NjczMjImZmlsZW5hbWU9b3V0cHV0LmRvY3giLCJoaXN0b3J5Ijp7fSwidXNlcnMiOlsiMSJdLCJhY3Rpb25zIjpbeyJ0eXBlIjowLCJ1c2VyaWQiOiIxIn1dLCJsYXN0c2F2ZSI6IjIwMjMtMDYtMDFUMjM6Mzk6MzguMDAwWiIsIm5vdG1vZGlmaWVkIjpmYWxzZSwiZmlsZXR5cGUiOiJkb2N4IiwiaWF0IjoxNjg1NjY2NDIxLCJleHAiOjE2ODU2NjY3MjF9.4wLwcePpIeMHQBT07VtNegbV76r0NURZlEHJXrs1GH0","filetype":"docx"} Error: Error response: statusCode:400; headers:{"date":"Fri, 02 Jun 2023 00:40:22 GMT","content-type":"application/json","transfer-encoding":"chunked","connection":"keep-alive","x-powered-by":"PHP/8.1.19","cache-control":"must-revalidate, no-cache, private","x-ua-compatible":"IE=edge","content-language":"en","x-content-type-options":"nosniff","x-frame-options":"SAMEORIGIN","expires":"Sun, 19 Nov 1978 05:00:00 GMT","x-generator":"Drupal 9 (https://www.drupal.org)","strict-transport-security":"max-age=15724800; includeSubDomains"}; body:
{"error":1,"message":"Error download file from https:\/\/REDACTED\/cache\/files\/data\/ae0e1018-6109-41e9-9fec-c173883ea09f_MTY4NTY2MjQ5Mg==_9308\/output.docx\/output.docx?md5=0QbYr-aoDQVBkYGjFIrIbg\u0026expires=1685667322\u0026filename=output.docx"}
at Request._callback (/snapshot/server/build/server/Common/sources/utils.js)
at Request.callback (/snapshot/server/build/server/Common/node_modules/request/request.js:185:22)
at Request.emit (events.js:400:28)
at Request.<anonymous> (/snapshot/server/build/server/Common/node_modules/request/request.js:1154:10)
at Request.emit (events.js:400:28)
at IncomingMessage.<anonymous> (/snapshot/server/build/server/Common/node_modules/request/request.js:1076:12)
at Object.onceWrapper (events.js:519:28)
at IncomingMessage.emit (events.js:412:35)
at endReadableNT (internal/streams/readable.js:1333:12)
at processTicksAndRejections (internal/process/task_queues.js:82:21)
[2023-06-02T00:40:22.243] [WARN] [localhost] [ae0e1018-6109-41e9-9fec-c173883ea09f_MTY4NTY2MjQ5Mg==] [11] nodeJS - storeForgotten
In this case, we are using the ONLYOFFICE docker deployment through the Linode marketplace. We have not made any customizations to the default deployment. https://www.linode.com/docs/products/tools/marketplace/guides/onlyoffice/
@aleksandr.fedorov yes, it is a certificate issued by Linode.
k.elizabeth β created an issue.
k.elizabeth β created an issue.