Try the fastest and simplest way to install ONLYOFFICE

Enforce Security - Nextcloud and Onlyoffice

Enforce Security - Nextcloud and Onlyoffice

Postby lorenzoform » Wed Oct 31, 2018 8:57 am

I'm using onlyoffice with nextcloud. In nextcloud I simply typed the url of onlyoffice and saved the configuration and after that I started using them togheter.

How can I sure that onlyoffice is secure and nobody can use it in an unwanted way? In fact I don't think it's an exclusive relationship between nextcloud and onlyoffice, is it there a way to limit the usage of onlyoffice only with our nextcloud, or any way to improve security?


Regards.
lorenzoform
 
Posts: 7
Joined: Wed Oct 24, 2018 7:23 am

Re: Enforce Security - Nextcloud and Onlyoffice

Postby Carl » Wed Oct 31, 2018 12:56 pm

Hello,

You can enable JSON Web Token in Document Server config for more security:
https://api.onlyoffice.com/editors/security
https://api.onlyoffice.com/editors/signature/

Note: starting from Document Server version 5.2, JWT is enabled in local.json config.
You also need to indicate the exact secret value in ONLYOFFICE integration app settings in Nextcloud for connection to work.
Carl
 
Posts: 92
Joined: Thu Apr 12, 2018 10:00 am

Re: Enforce Security - Nextcloud and Onlyoffice

Postby lorenzoform » Thu Nov 01, 2018 4:33 pm

Hi,

in default.json I defined and enabled secret as in the documentation and restarted the onlyoffice server:


"secret": {
"browser": {"string": "secret", "file": "", "tenants": {}},
"inbox": {"string": "Secret_TEST", "file": "", "tenants": {}},
"outbox": {"string": "Secret_TEST", "file": ""},
"session": {"string": "secret", "file": ""}
},
"token": {
"enable": {
"browser": true,
"request": {
"inbox": true,
"outbox": true
}
},

but the nextcloud continue to work with onlyoffice without problem, as no secret defined. Is it normal?
Where do I need to define the secret in nextcloud?
lorenzoform
 
Posts: 7
Joined: Wed Oct 24, 2018 7:23 am

Re: Enforce Security - Nextcloud and Onlyoffice

Postby Carl » Fri Nov 02, 2018 1:08 pm

Please specify the version of document server you are using.
Carl
 
Posts: 92
Joined: Thu Apr 12, 2018 10:00 am

Re: Enforce Security - Nextcloud and Onlyoffice

Postby lorenzoform » Mon Nov 05, 2018 8:45 am

Onlyoffice 5.2.2-2 and if you need Nextcloud 14.0.3.

Regards.
lorenzoform
 
Posts: 7
Joined: Wed Oct 24, 2018 7:23 am

Re: Enforce Security - Nextcloud and Onlyoffice

Postby Carl » Tue Nov 06, 2018 6:36 am

Hello,
Carl wrote:Note: starting from Document Server version 5.2, JWT is enabled in local.json config.


Please open /etc/onlyoffice/documentserver/local.json and enable JWT and secret there. Don't forget to restart DS services after changing the config: supervisorctl restart all
Carl
 
Posts: 92
Joined: Thu Apr 12, 2018 10:00 am

Re: Enforce Security - Nextcloud and Onlyoffice

Postby lorenzoform » Tue Nov 06, 2018 8:26 pm

lorenzoform wrote:Hi,

in default.json I defined and enabled secret as in the documentation and restarted the onlyoffice server:


"secret": {
"browser": {"string": "secret", "file": "", "tenants": {}},
"inbox": {"string": "Secret_TEST", "file": "", "tenants": {}},
"outbox": {"string": "Secret_TEST", "file": ""},
"session": {"string": "secret", "file": ""}
},
"token": {
"enable": {
"browser": true,
"request": {
"inbox": true,
"outbox": true
}
},

but the nextcloud continue to work with onlyoffice without problem, as no secret defined. Is it normal?
Where do I need to define the secret in nextcloud?


I confirm that I made these changes to /etc/onlyoffice/documentserver/local.json , after that I restarted the entire server.
lorenzoform
 
Posts: 7
Joined: Wed Oct 24, 2018 7:23 am

Re: Enforce Security - Nextcloud and Onlyoffice

Postby Carl » Wed Nov 07, 2018 7:14 am

Restarting the container reverts the changed parameters of document server config to default values (set via environment variable). Please open the local.json file and check if JWT is enabled. You need to restart only document server services after changing the config.
Carl
 
Posts: 92
Joined: Thu Apr 12, 2018 10:00 am


Return to Miscellaneous

Who is online

Users browsing this forum: No registered users and 1 guest