πŸ‡ΊπŸ‡ΈUnited States @k.elizabeth

Account created on 17 February 2012, almost 13 years ago
#

Recent comments

πŸ‡ΊπŸ‡ΈUnited States k.elizabeth

Yes, this issue exists with the following settings in settings.php:

$settings['reverse_proxy'] = TRUE;
$settings['reverse_proxy_addresses'] = array($_SERVER['REMOTE_ADDR']);
$settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED;

This is also all cross-checked against phpinfo:

HTTP Request	GET /admin/reports/status/php HTTP/1.1
Host	REDACTED.com
X-Request-ID	3a240d7e5df3deb587dc3a1874b64a4e
X-Real-IP	REDACTED
X-Forwarded-For	REDACTED
X-Forwarded-Host	REDACTED.com
X-Forwarded-Port	443
X-Forwarded-Proto	https
X-Forwarded-Scheme	https
X-Scheme	https

For this we ended up patching the module to rewrite the formation of the urls, where we hardcode the scheme to https.

I think this issue is more at the drupal core level than the module level, so this may be closed. Though an option (like a checkbox on the settings page) to enforce the preferred scheme in the module would be helpful.

πŸ‡ΊπŸ‡ΈUnited States k.elizabeth

Yes, understood.

I have tested the cert on the host I am using for onlyoffice with https://www.ssllabs.com/ to be sure. It is a valid, trusted LE Certificate. The issue cited in the warning is for the tls_process_server_certificate, where ssl labs is able to complete the tls handshake.

I know that this question is beyond the scope of this particular ticket (which with your bugfix I consider resolved) and probably the module in general, but is there anything that we might do on either end to override the ssl certification requirement? At this point we are trying to get a proof of concept prepared in order to get approval to acquire an enterprise license of onlyoffice, and can certainly continue to debug this for production.

πŸ‡ΊπŸ‡ΈUnited States k.elizabeth

I updated the module on our Drupal with the recent bugfix - thank you. Now the docservice out.log says:

[2023-06-02T00:40:22.238] [ERROR] [localhost] [ae0e1018-6109-41e9-9fec-c173883ea09f_MTY4NTY2MjQ5Mg==] [11] nodeJS - sendServerRequest error: url = https://REDACTED/onlyoffice-callback/ZmRPbTNtQ3lteHVGWDBFdHZqYTRyZm1EcTh5NFJCTkxmbng4WXlFdDIzRT83MThiNTc1ZC0xZjA4LTQ5Y2MtYTM4NS0wOWIyZjRmZmQ5YmU;data = {"key":"ae0e1018-6109-41e9-9fec-c173883ea09f_MTY4NTY2MjQ5Mg==","status":2,"url":"https://REDACTED/cache/files/data/ae0e1018-6109-41e9-9fec-c173883ea09f_MTY4NTY2MjQ5Mg==_9308/output.docx/output.docx?md5=0QbYr-aoDQVBkYGjFIrIbg&expires=1685667322&filename=output.docx","history":{},"users":["1"],"actions":[{"type":0,"userid":"1"}],"lastsave":"2023-06-01T23:39:38.000Z","notmodified":false,"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJhZTBlMTAxOC02MTA5LTQxZTktOWZlYy1jMTczODgzZWEwOWZfTVRZNE5UWTJNalE1TWc9PSIsInN0YXR1cyI6MiwidXJsIjoiaHR0cHM6Ly80NS03OS0xOTItNzkuaXAubGlub2RldXNlcmNvbnRlbnQuY29tL2NhY2hlL2ZpbGVzL2RhdGEvYWUwZTEwMTgtNjEwOS00MWU5LTlmZWMtYzE3Mzg4M2VhMDlmX01UWTROVFkyTWpRNU1nPT1fOTMwOC9vdXRwdXQuZG9jeC9vdXRwdXQuZG9jeD9tZDU9MFFiWXItYW9EUVZCa1lHakZJckliZyZleHBpcmVzPTE2ODU2NjczMjImZmlsZW5hbWU9b3V0cHV0LmRvY3giLCJoaXN0b3J5Ijp7fSwidXNlcnMiOlsiMSJdLCJhY3Rpb25zIjpbeyJ0eXBlIjowLCJ1c2VyaWQiOiIxIn1dLCJsYXN0c2F2ZSI6IjIwMjMtMDYtMDFUMjM6Mzk6MzguMDAwWiIsIm5vdG1vZGlmaWVkIjpmYWxzZSwiZmlsZXR5cGUiOiJkb2N4IiwiaWF0IjoxNjg1NjY2NDIxLCJleHAiOjE2ODU2NjY3MjF9.4wLwcePpIeMHQBT07VtNegbV76r0NURZlEHJXrs1GH0","filetype":"docx"} Error: Error response: statusCode:400; headers:{"date":"Fri, 02 Jun 2023 00:40:22 GMT","content-type":"application/json","transfer-encoding":"chunked","connection":"keep-alive","x-powered-by":"PHP/8.1.19","cache-control":"must-revalidate, no-cache, private","x-ua-compatible":"IE=edge","content-language":"en","x-content-type-options":"nosniff","x-frame-options":"SAMEORIGIN","expires":"Sun, 19 Nov 1978 05:00:00 GMT","x-generator":"Drupal 9 (https://www.drupal.org)","strict-transport-security":"max-age=15724800; includeSubDomains"}; body:
{"error":1,"message":"Error download file from https:\/\/REDACTED\/cache\/files\/data\/ae0e1018-6109-41e9-9fec-c173883ea09f_MTY4NTY2MjQ5Mg==_9308\/output.docx\/output.docx?md5=0QbYr-aoDQVBkYGjFIrIbg\u0026expires=1685667322\u0026filename=output.docx"}
    at Request._callback (/snapshot/server/build/server/Common/sources/utils.js)
    at Request.callback (/snapshot/server/build/server/Common/node_modules/request/request.js:185:22)
    at Request.emit (events.js:400:28)
    at Request.<anonymous> (/snapshot/server/build/server/Common/node_modules/request/request.js:1154:10)
    at Request.emit (events.js:400:28)
    at IncomingMessage.<anonymous> (/snapshot/server/build/server/Common/node_modules/request/request.js:1076:12)
    at Object.onceWrapper (events.js:519:28)
    at IncomingMessage.emit (events.js:412:35)
    at endReadableNT (internal/streams/readable.js:1333:12)
    at processTicksAndRejections (internal/process/task_queues.js:82:21)
[2023-06-02T00:40:22.243] [WARN] [localhost] [ae0e1018-6109-41e9-9fec-c173883ea09f_MTY4NTY2MjQ5Mg==] [11] nodeJS - storeForgotten

In this case, we are using the ONLYOFFICE docker deployment through the Linode marketplace. We have not made any customizations to the default deployment. https://www.linode.com/docs/products/tools/marketplace/guides/onlyoffice/

πŸ‡ΊπŸ‡ΈUnited States k.elizabeth

@aleksandr.fedorov yes, it is a certificate issued by Linode.

Production build 0.71.5 2024