Page 1 of 1

Community Server restore issue and 403 error

PostPosted: Thu Aug 30, 2018 7:57 pm
by atsenoc
Hi,

We exported our data from a non-profit cloud instance which has 1000 user limit. We installed community server edition on a separate install, restored the data from the backup manually (custom scripts among other techniques), and now have 2 problems:

1. We still have a 1000 user limit, even though the community edition doesn't have a user limit.
2. Some files give a 403 forbidden, even if they're newly created by the user trying to access them. Permissions and other location/settings are fine.

Any help would be appreciated here. We've researched in the forums to determine where there might be a data/license file, except there are no license.lic files as mentioned because only the database and backed up attachments were restored. As for the 403 error, this is an irrational problem given that it's only forum attachments that have the issue (old, or newly created). In contrast old project files and attachments are accessible upon restore. I can confirm that OnlyOffice created the paths, and that the attachments are present on disk with content. Clients however can not access them, despite permissions being identical to surrounding data, and no significant errors or data have been generated to indicate a configuration issue in debug mode, nor using GDB to debug.

Re: Community Server restore issue and 403 error

PostPosted: Mon Sep 03, 2018 7:40 am
by Maxim
Hello atsenoc!
1. We still have a 1000 user limit, even though the community edition doesn't have a user limit.

How did you find it out?
restored the data from the backup manually (custom scripts among other techniques)

How did you restore your data?

Re: Community Server restore issue and 403 error

PostPosted: Tue Sep 04, 2018 3:55 pm
by atsenoc
Hi,

1. We imported a CSV file with unique entries into the database to push the current 830 users past 1000. It stated that we reached the user limit, again despite there not being a user limit in the Open Source version. That implies that a data restore also includes information about the license.

2. The data restoration was done by:
a. Restoring the tables from a non-profit backup, and using a custom script to import the data into the respective tables. The import worked fine with a few warning messages, but ultimately didn't appear to have too many problems. If this had been an issue then OnlyOffice would have told me about it by now I assume.
b. Attachments were imported by analyzing config files and watching the software's behavior. Basically I let the software do its own work by creating top-level folders under /var/www/onlyoffice/Data, and then copied previous data into those locations. These paths live alongside newly created data, and Project and Document modules can see previous or newly created data just fine.

The second bullet, b., doesn't matter in terms of what I'm having trouble with though. The Forum module is the space where both newly created files, and previous data alike generate a 403 despite data being present, and findable. In other words: If I move the file away from where it lives I receive a 404 error as expected, but if the files are present I get a 403 despite whether or not its old or new data. Permissions appear sane:

Top Level
Code: Select all
 root@ip:/var/www/onlyoffice/Data/Products/Community/Modules/Forum/Data/Attachments/09/06/24# ls -lah
total 20K
drwxr-xr-x 5 onlyoffice onlyoffice 4.0K Aug 21 20:15 .
drwxr-xr-x 3 onlyoffice onlyoffice 4.0K Aug 17 21:27 ..
drwxr-xr-x 3 onlyoffice onlyoffice 4.0K Aug 17 21:27 15330
drwxr-xr-x 3 onlyoffice onlyoffice 4.0K Aug 17 21:44 25513
drwxr-xr-x 3 onlyoffice onlyoffice 4.0K Aug 21 20:15 25844


The files
Code: Select all
root@ip:/var/www/onlyoffice/Data/Products/Community/Modules/Forum/Data/Attachments/09/06/24/25844/38259/63c40de8-4d5d-4289-9d12-278e97bd2084# ls -lah
total 4.0M
drwxr-xr-x 2 onlyoffice onlyoffice 4.0K Aug 22 21:33 .
drwxr-xr-x 3 onlyoffice onlyoffice 4.0K Aug 27 21:13 ..
-rw-r--r-- 1 onlyoffice onlyoffice  29K Aug 22 21:33 loremIpsum.txt
-rwxrwxrwx 1 onlyoffice onlyoffice 4.0M Aug 21 20:15 TheCodersApprentice.pdf


In the above example, 15330 and 25513 are folders that I restored, versus 25844 which is a newly created folder path for new testing data (25844 and the subsequent sub-folders were created by the software automatically).

The testing data is present on disk and permissions are sane, but I get a 403 despite that. In the above example, I also experimented by modifying permissions:

Code: Select all
chmod 777 PDF_file.txt


It doesn't help. This implies an nginx issue so I checked the config and everything looks fine (or more to the point they're the default config files provided by onlyoffice):

sites-enabled
Code: Select all
upstream fastcgi_backend_apisystem {
        server unix:/var/run/onlyoffice/onlyofficeApiSystem.socket;
        keepalive 32;
}

upstream fastcgi_backend {
        server unix:/var/run/onlyoffice/onlyoffice.socket;
        keepalive 32;
}

fastcgi_cache_path /var/cache/nginx/onlyoffice
        levels=1:2
        keys_zone=onlyoffice:16m
        max_size=256m
        inactive=1d;

map $http_host $this_host {
  "" $host;
  default $http_host;
}

map $http_x_forwarded_proto $the_scheme {
  default $http_x_forwarded_proto;
  "" $scheme;
}

map $http_x_forwarded_host $the_host {
  default $http_x_forwarded_host;
  "" $this_host;
}

server {
        listen 80;

        add_header Access-Control-Allow-Origin *;

        large_client_header_buffers 4 16k;

        set $X_REWRITER_URL $the_scheme://$the_host;

        if ($http_x_rewriter_url != '') {
                set $X_REWRITER_URL $http_x_rewriter_url ;
        }

        include /etc/nginx/includes/onlyoffice-communityserver-*.conf;
}
"sites-enabled/onlyoffice" 46L, 946C


Common
Code: Select all
location / {
        root    /var/www/onlyoffice/WebStudio/;
        index   index.html index.htm default.aspx Default.aspx;

        client_max_body_size    4G;

        access_log      /var/log/onlyoffice/nginx.access.log;
        error_log       /var/log/onlyoffice/nginx.error.log;

        fastcgi_pass fastcgi_backend;
        fastcgi_keep_conn on;

        error_page 404 /404.htm;

        gzip             off;
        gzip_comp_level  2;
        gzip_min_length  1000;
        gzip_proxied     expired no-cache no-store private auth;
        gzip_types       text/html application/x-javascript text/css application/xml;

        fastcgi_index   Default.aspx;
        fastcgi_intercept_errors off;

        include fastcgi_params;

        fastcgi_param HTTP_X_REWRITER_URL $X_REWRITER_URL;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO "";

        fastcgi_read_timeout    600;
        fastcgi_send_timeout    600;


        location  ~* ^/(warmup[2-9]?)/ {
                rewrite /warmup([^/]*)/(.*) /$2 break;
                fastcgi_pass unix:/var/run/onlyoffice/onlyoffice$1.socket;
        }


        location ~* (^\/(?:skins|products|addons).*\.(?:jpg|jpeg|gif|png|svg|ico)$)|(.*bundle/(?!clientscript).*) {
                fastcgi_pass fastcgi_backend;

                fastcgi_temp_path        /var/cache/nginx/tmp 1 2;
                fastcgi_cache            onlyoffice;
                fastcgi_cache_key        "$scheme|$request_method|$host|$request_uri|$query_string";
                fastcgi_cache_use_stale  updating error timeout invalid_header http_500;
                fastcgi_cache_valid      1d;
                fastcgi_ignore_headers   Cache-Control Expires Set-Cookie;

                add_header X-Fastcgi-Cache $upstream_cache_status;
                access_log off;
                log_not_found off;
                expires max;
        }

}
"/etc/nginx/includes/onlyoffice-communityserver-common.conf" 96L, 3139C


Services
Code: Select all
location /addons/talk/http-poll/httppoll.ashx {
        proxy_pass http://localhost:5280/http-poll/;
        proxy_buffering off;
        client_max_body_size 10m;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
}


location /socketio {
        rewrite /socketio/(.*) /$1  break;
        proxy_pass http://localhost:9899;

        client_max_body_size 100m;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Proto "http";
        proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
}


location /healthcheck {
        rewrite /healthcheck(.*) /$1  break;
        proxy_pass http://localhost:9810;
        proxy_redirect ~*/(.*) /healthcheck/$1;

        client_max_body_size 100m;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Proto $scheme;
}
"onlyoffice-communityserver-services.conf" 44L, 1451C



This is a fresh install of Ubuntu 16.04 specifically for OnlyOffice. Error logs report the following when I click on a newly created attachment in the Forums module:

[04/Sep/2018:14:52:35 +0000] "GET /storage/forum/root/25844/38259/63c40de8-4d5d-4289-9d12-278e97bd2084/loremIpsum.txt?expire=10&auth=273768750414.9VRMSG0U0TQZZ2HSPR1QPHTLWCWB6D6BVFP74FHO8VS HTTP/1.1" 403 0 "http://HOST-SCRUBBED/products/community/modules/forum/posts.aspx?&t=67693" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0"


Also, SELinux is not active and therefore does not apply to this situation; I've already checked.

Also, I've already tested and enabled debugging in NGINX, and it doesn't change the error messages in any meaningful way to me but here ya go:

Code: Select all
2018/09/04 15:43:49 [debug] 28338#28338: *7 write new buf t:1 f:0 0000558264C7CD58, pos 0000558264C7CD58, size: 215 file: 0, size: 0
2018/09/04 15:43:49 [debug] 28338#28338: *7 http write filter: l:0 f:0 s:215
2018/09/04 15:43:49 [debug] 28338#28338: *7 http cacheable: 0
2018/09/04 15:43:49 [debug] 28338#28338: *7 http upstream process upstream
2018/09/04 15:43:49 [debug] 28338#28338: *7 pipe read upstream: 1
2018/09/04 15:43:49 [debug] 28338#28338: *7 pipe preread: 16
2018/09/04 15:43:49 [debug] 28338#28338: *7 readv: 1, last:3950
2018/09/04 15:43:49 [debug] 28338#28338: *7 readv() not ready (11: Resource temporarily unavailable)
2018/09/04 15:43:49 [debug] 28338#28338: *7 pipe recv chain: -2
2018/09/04 15:43:49 [debug] 28338#28338: *7 pipe buf free s:0 t:1 f:0 0000558264D05CE0, pos 0000558264D05D62, size: 16 file: 0, size: 0
2018/09/04 15:43:49 [debug] 28338#28338: *7 pipe length: 8
2018/09/04 15:43:49 [debug] 28338#28338: *7 http fastcgi record byte: 01
2018/09/04 15:43:49 [debug] 28338#28338: *7 http fastcgi record byte: 03
2018/09/04 15:43:49 [debug] 28338#28338: *7 http fastcgi record byte: 00
2018/09/04 15:43:49 [debug] 28338#28338: *7 http fastcgi record byte: 01
2018/09/04 15:43:49 [debug] 28338#28338: *7 http fastcgi record byte: 00
2018/09/04 15:43:49 [debug] 28338#28338: *7 http fastcgi record byte: 08
2018/09/04 15:43:49 [debug] 28338#28338: *7 http fastcgi record byte: 00
2018/09/04 15:43:49 [debug] 28338#28338: *7 http fastcgi record byte: 00
2018/09/04 15:43:49 [debug] 28338#28338: *7 http fastcgi record length: 8
2018/09/04 15:43:49 [debug] 28338#28338: *7 http fastcgi sent end request
2018/09/04 15:43:49 [debug] 28338#28338: *7 pipe write downstream: 1
2018/09/04 15:43:49 [debug] 28338#28338: *7 pipe write downstream done
2018/09/04 15:43:49 [debug] 28338#28338: *7 event timer: 24, old: 1536076429435, new: 1536076429457
2018/09/04 15:43:49 [debug] 28338#28338: *7 http upstream exit: 0000000000000000
2018/09/04 15:43:49 [debug] 28338#28338: *7 finalize http upstream request: 0
2018/09/04 15:43:49 [debug] 28338#28338: *7 finalize http fastcgi request
2018/09/04 15:43:49 [debug] 28338#28338: *7 free keepalive peer
2018/09/04 15:43:49 [debug] 28338#28338: *7 free keepalive peer: saving connection 0000558264CA6A28
2018/09/04 15:43:49 [debug] 28338#28338: *7 event timer del: 24: 1536076429435
2018/09/04 15:43:49 [debug] 28338#28338: *7 free rr peer 1 0
2018/09/04 15:43:49 [debug] 28338#28338: *7 http upstream temp fd: -1
2018/09/04 15:43:49 [debug] 28338#28338: *7 http output filter "/storage/forum/root/25844/38259/63c40de8-4d5d-4289-9d12-278e97bd2084/loremIpsum.txt?expire=10&auth=273771798546.EU5RVSZRBZX7E7CKLIMGJXIFUEQRNCN8EBVRH1XKYDA"
2018/09/04 15:43:49 [debug] 28338#28338: *7 http copy filter: "/storage/forum/root/25844/38259/63c40de8-4d5d-4289-9d12-278e97bd2084/loremIpsum.txt?expire=10&auth=273771798546.EU5RVSZRBZX7E7CKLIMGJXIFUEQRNCN8EBVRH1XKYDA"
2018/09/04 15:43:49 [debug] 28338#28338: *7 image filter
2018/09/04 15:43:49 [debug] 28338#28338: *7 xslt filter body
2018/09/04 15:43:49 [debug] 28338#28338: *7 http postpone filter "/storage/forum/root/25844/38259/63c40de8-4d5d-4289-9d12-278e97bd2084/loremIpsum.txt?expire=10&auth=273771798546.EU5RVSZRBZX7E7CKLIMGJXIFUEQRNCN8EBVRH1XKYDA" 00007FFC3659F750
2018/09/04 15:43:49 [debug] 28338#28338: *7 write old buf t:1 f:0 0000558264C7CD58, pos 0000558264C7CD58, size: 215 file: 0, size: 0
2018/09/04 15:43:49 [debug] 28338#28338: *7 write new buf t:0 f:0 0000000000000000, pos 0000000000000000, size: 0 file: 0, size: 0
2018/09/04 15:43:49 [debug] 28338#28338: *7 http write filter: l:1 f:0 s:215
2018/09/04 15:43:49 [debug] 28338#28338: *7 http write filter limit 0
2018/09/04 15:43:49 [debug] 28338#28338: *7 writev: 215 of 215
2018/09/04 15:43:49 [debug] 28338#28338: *7 http write filter 0000000000000000
2018/09/04 15:43:49 [debug] 28338#28338: *7 http copy filter: 0 "/storage/forum/root/25844/38259/63c40de8-4d5d-4289-9d12-278e97bd2084/loremIpsum.txt?expire=10&auth=273771798546.EU5RVSZRBZX7E7CKLIMGJXIFUEQRNCN8EBVRH1XKYDA"
2018/09/04 15:43:49 [debug] 28338#28338: *7 http finalize request: 0, "/storage/forum/root/25844/38259/63c40de8-4d5d-4289-9d12-278e97bd2084/loremIpsum.txt?expire=10&auth=273771798546.EU5RVSZRBZX7E7CKLIMGJXIFUEQRNCN8EBVRH1XKYDA" a:1, c:1
2018/09/04 15:43:49 [debug] 28338#28338: *7 set http keepalive handler
2018/09/04 15:43:49 [debug] 28338#28338: *7 http close request
2018/09/04 15:43:49 [debug] 28338#28338: *7 http log handler
2018/09/04 15:43:49 [debug] 28338#28338: *7 free: 0000558264D05CE0
2018/09/04 15:43:49 [debug] 28338#28338: *7 free: 0000558264C72F70, unused: 0
2018/09/04 15:43:49 [debug] 28338#28338: *7 free: 0000558264C7BFA0, unused: 40
2018/09/04 15:43:49 [debug] 28338#28338: *7 free: 0000558264C63FA0, unused: 1423
2018/09/04 15:43:49 [debug] 28338#28338: *7 free: 0000558264C5B030
2018/09/04 15:43:49 [debug] 28338#28338: *7 hc free: 0000000000000000 0
2018/09/04 15:43:49 [debug] 28338#28338: *7 hc busy: 0000558264C5B7D0 1
2018/09/04 15:43:49 [debug] 28338#28338: *7 free: 0000558264CF5A30
2018/09/04 15:43:49 [debug] 28338#28338: *7 reusable connection: 1
2018/09/04 15:43:49 [debug] 28338#28338: *7 event timer add: 21: 65000:1536075894457
2018/09/04 15:43:49 [debug] 28338#28338: *7 post event 0000558264CD1CB0
2018/09/04 15:43:49 [debug] 28338#28338: *7 delete posted event 0000558264CD1CB0
2018/09/04 15:43:49 [debug] 28338#28338: *7 http keepalive handler
2018/09/04 15:43:49 [debug] 28338#28338: *7 malloc: 0000558264C5B030:1024
2018/09/04 15:43:49 [debug] 28338#28338: *7 recv: fd:21 -1 of 1024
2018/09/04 15:43:49 [debug] 28338#28338: *7 recv() not ready (11: Resource temporarily unavailable)
2018/09/04 15:43:49 [debug] 28338#28338: *7 free: 0000558264C5B030


Let me know if you need anything else.

Re: Community Server restore issue and 403 error

PostPosted: Thu Sep 06, 2018 1:26 pm
by Maxim
Hello!
Restoring the tables from a non-profit backup, and using a custom script to import the data into the respective tables.

Did you restore using mysqldump command?

Re: Community Server restore issue and 403 error

PostPosted: Thu Sep 06, 2018 8:34 pm
by atsenoc
XML Dumps were provided from the backup process (The backup process in OnlyOffice doesn't have another option that I could see) so mysqldump was not directly used, and can't be used for importing or restoring XML. Followed the instructions on the following page in order to figure out how to import XML into SQL directly:
https://dev.mysql.com/doc/refman/5.5/en/load-xml.html

The exported files were easy to parse though (filename the same as the DB table, same as individual elements, etc), so this is what I wrote to automate the database import:

Code: Select all
import os
import pymysql.cursors

# Define our database path
dbPath = '/root/code/databases'
dbName = '<redacted>'

# Open DB Connection
db = pymysql.connect(host="localhost",
                     user="<redacted>",
                     password="<redacted>",
                     db=dbName,
                     local_infile=True,
                     )

try:
    with db.cursor() as cursor:
        for root, dirs, files in os.walk(dbPath):
            for filename in files:
                rootAndFile = (f"{root}/{filename}")
                print(f"Importing: {rootAndFile}.. into database: {filename}")
                cursor.execute(f"load xml local infile '{rootAndFile}' into table {filename} rows identified by '<{filename}>'")
                db.commit()

finally:
    db.close()


OnlyOffice automatically creates the database tables, so the only thing left for me to do at that point is to import the older data into it. Logged into the database after import, and then did a select statement on a table to see what data was present after import.

Re: Community Server restore issue and 403 error

PostPosted: Wed Sep 12, 2018 8:12 am
by Maxim
Hello atsenoc!
I suppose that problem is connected with restoring MySQL database.

Re: Community Server restore issue and 403 error

PostPosted: Thu Sep 13, 2018 10:15 pm
by atsenoc
Maxim wrote:I suppose that problem is connected with restoring MySQL database.


Here's the Backup process we used:

1. Followed these instructions: https://helpcenter.onlyoffice.com/tipst ... store.aspx
2. Clicked "Temporary" and then had OnlyOffice generate a backup.
3. Clicked "Make Copy" and downloaded the file provided.
4. Moved the zip file to our server, and then restored it.

This zip file contained several folders, with XML data in them. Those are the files we used to restore.

As far as I know, mysqldump is used to dump databases not restore them. The mysql command is used to restore files made by mysqldump, except neither of these programs accept the XML format that OnlyOffice created for us.

Let me know if that helps.