Au passage, si on installe Moodle sur YNH et qu’on veut le connecter avec OnlyOffice, il faut penser à enlever 127.0.0.0/8 de la curlsecurityblockedhosts (in Site Administration / Security / HTTP Security) sinon il est impossible de connecter Moodle et OnlyOffice et on trouve dans les logs de Moodle :
Blocked https://onlyoffice.domain.tld/healthcheck: The URL is blocked.
I installed the YNH edition of overleaf a couple of days ago. No idea why it has permissions in the onlyoffice folder.
So I did
chown -R onlyoffice:onlyoffice /home/yunohost.app/onlyoffice/cache/files/data
systemctl restart onlyoffice
I also did ps aux | grep onlyoffice, which gave me
onlyoff+ 2300450 0.0 0.2 602748 21604 ? Ssl 07:09 0:00 /var/www/onlyoffice/documentserver/server/Metrics/metrics ./config/config.js
onlyoff+ 2300451 0.0 1.0 11179276 86528 ? Ssl 07:09 0:01 /var/www/onlyoffice/documentserver/server/FileConverter/converter
onlyoff+ 2300452 0.0 0.9 11515916 79132 ? Ssl 07:09 0:04 /var/www/onlyoffice/documentserver/server/DocService/docservice
onlyoff+ 2300577 0.0 1.7 11478360 140068 ? Sl 07:09 0:02 /var/www/onlyoffice/documentserver/server/FileConverter/converter /snapshot/src/FileConverter/sources/convertermaster.js
root 2330081 0.0 0.0 6412 2156 pts/0 S+ 10:59 0:00 grep onlyoffice
And then again
root@cloud:/home/guido# tail -f /var/log/onlyoffice/converter.log
[2025-09-24T07:09:04.649] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2025-09-24T07:09:04.659] [WARN] [localhost] [docId] [userId] nodeJS - worker 2300577 started.
[2025-09-24T08:20:38.099] [ERROR] [localhost] [check_520795659] [userId] nodeJS - receiveTask Error: EACCES: permission denied, mkdir '/home/yunohost.app/onlyoffice/cache/files/data/conv_check_520795659_65'
[2025-09-24T09:02:06.934] [ERROR] [localhost] [check_124619529] [userId] nodeJS - receiveTask Error: EACCES: permission denied, mkdir '/home/yunohost.app/onlyoffice/cache/files/data/conv_check_124619529_65'
[2025-09-24T09:02:37.027] [ERROR] [localhost] [check_70369955] [userId] nodeJS - receiveTask Error: EACCES: permission denied, mkdir '/home/yunohost.app/onlyoffice/cache/files/data/conv_check_70369955_65'
[2025-09-24T09:10:34.409] [ERROR] [localhost] [check_151982938] [userId] nodeJS - receiveTask Error: EACCES: permission denied, mkdir '/home/yunohost.app/onlyoffice/cache/files/data/conv_check_151982938_65'
[2025-09-24T10:58:19.127] [ERROR] [localhost] [check_1533594932] [userId] nodeJS - receiveTask Error: EACCES: permission denied, lstat '/home/yunohost.app/onlyoffice/cache/files/data/conv_check_1533594932_65/output.docx'
[2025-09-24T11:05:07.691] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 4; availableParallelism: 4
[2025-09-24T11:05:07.726] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2025-09-24T11:05:07.760] [WARN] [localhost] [docId] [userId] nodeJS - worker 2330518 started.
[2025-09-24T11:09:05.726] [ERROR] [localhost] [check_1449426090] [userId] nodeJS - receiveTask Error: EACCES: permission denied, lstat '/home/yunohost.app/onlyoffice/cache/files/data/conv_check_1449426090_65/output.docx'
Well… you could try chown onlyoffice:www-data /home/yunohost.app/onlyoffice/cache/ but I’m not sure… cache is meant to belong to root If I go by what I see on my servers…
Sorry, I accidentally changed the ownership of cache, too. I undid that, and now I have this:
namei -l /home/yunohost.app/onlyoffice/cache/files/data
f: /home/yunohost.app/onlyoffice/cache/files/data
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-xr-x root root yunohost.app
drwxr-x--- onlyoffice www-data onlyoffice
drwxr-x--- root root cache
drwxr-x--- onlyoffice www-data files
drwxr-x--- onlyoffice onlyoffice data
and this:
tail -f /var/log/onlyoffice/converter.log
[2025-09-24T11:38:00.255] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 4; availableParallelism: 4
[2025-09-24T11:38:00.260] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2025-09-24T11:38:00.271] [WARN] [localhost] [docId] [userId] nodeJS - worker 2333112 started.
[2025-09-24T11:38:43.791] [ERROR] [localhost] [check_402679045] [userId] nodeJS - receiveTask Error: EACCES: permission denied, lstat '/home/yunohost.app/onlyoffice/cache/files/data/conv_check_402679045_65/output.docx'
[2025-09-24T11:47:39.767] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 4; availableParallelism: 4
[2025-09-24T11:47:39.773] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2025-09-24T11:47:39.785] [WARN] [localhost] [docId] [userId] nodeJS - worker 2334034 started.
[2025-09-24T11:51:55.039] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 4; availableParallelism: 4
[2025-09-24T11:51:55.043] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2025-09-24T11:51:55.068] [WARN] [localhost] [docId] [userId] nodeJS - worker 2334395 started.
Ok. It seems to be working: the last error was several minutes ago. It looks like the permissions still need some adjustment. Here is an example of a working configuration:
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-xr-x root root yunohost.app
drwxr-x--- onlyoffice www-data onlyoffice
drwxrwxrwx root root cache
drwxr-x--- onlyoffice www-data files
drwxr-xr-x onlyoffice onlyoffice data
I made the changes and now have:
namei -l /home/yunohost.app/onlyoffice/cache/files/data
f: /home/yunohost.app/onlyoffice/cache/files/data
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-xr-x root root yunohost.app
drwxr-x--- onlyoffice www-data onlyoffice
drwxrwxrwx root root cache
drwxr-x--- onlyoffice www-data files
drwxr-xr-x onlyoffice onlyoffice data
which looks identical to the working configuration. But there is still an error:
tail -f /var/log/onlyoffice/converter.log
[2025-09-24T11:38:43.791] [ERROR] [localhost] [check_402679045] [userId] nodeJS - receiveTask Error: EACCES: permission denied, lstat '/home/yunohost.app/onlyoffice/cache/files/data/conv_check_402679045_65/output.docx'
[2025-09-24T11:47:39.767] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 4; availableParallelism: 4
[2025-09-24T11:47:39.773] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2025-09-24T11:47:39.785] [WARN] [localhost] [docId] [userId] nodeJS - worker 2334034 started.
[2025-09-24T11:51:55.039] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 4; availableParallelism: 4
[2025-09-24T11:51:55.043] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2025-09-24T11:51:55.068] [WARN] [localhost] [docId] [userId] nodeJS - worker 2334395 started.
[2025-09-24T12:07:35.515] [WARN] [localhost] [docId] [userId] nodeJS - num of CPUs: 4; availableParallelism: 4
[2025-09-24T12:07:35.520] [WARN] [localhost] [docId] [userId] nodeJS - update cluster with 1 workers
[2025-09-24T12:07:35.530] [WARN] [localhost] [docId] [userId] nodeJS - worker 2335587 started.
I would rather say that you haven’t had any errors since 11:38 GMT, right?
Sorry, yes, didn’t see that time mark.
So, the good news is that now the NC OnlyOffice app doesn’t throw an error, and allows me to correctly save the configuration.
The bad news is that documents don’t open with OnlyOffice. Via the browser, the page reports “office.mydomain.tld refuses to connect”. If I go via the OO desktop app > clouds > NC, it will open txt and .md files, but no .doc, .docx, .ppt etc files. I just get a NC splash screen and nothing else.
I have added this info into the Admin doc of onlyoffice_ynh
I don’t understand why you had this file owned by overleaf…
If you delete the content of the cache folder?
Edit : Don’t do it
Instead check the ownership and permissions of /home/yunohost.app/onlyoffice/cache/files/data/conv_check_402679045_65/output.docx
WARNING: the cache folders conatins data of all active session, delete it, you could loose change of all the active onlyoffice tabs… BE careful with this.
Does the error persist? If so, are there any errors in the logs, or did you happen to change the JWT token value in local.json?
Here you go:
drwxr-xr-x onlyoffice onlyoffice conv_check_1333590119_65
drwxr-xr-x onlyoffice onlyoffice conv_check_1699210659_65
drwxr-xr-x onlyoffice onlyoffice conv_check_1763753977_65
The directories contain a file output.docxthat contains no data, and these permissions:
-rw-r--r-- onlyoffice onlyoffice output.docx
The error persists. I checked the OO logs that are in the Web Admin > Tools > Services, but I see no errors. I did not change the JWT token in local.json.
Perhaps an error in the overleaf installation script?
I did try to find out why I couldn’t upload a 3.2Mb file into the Overleaf editor, and issued some commands surrounding that (to no effect), but none that changed anything to the existing configuration, as far as I know.
Update: I tried with different browsers (Brave, Safari, Chrome, Firefox). None of them work, except for one: Firefox, which does not give the error “domain.tld refuses to connect”, but instead opens the document and lets me edit it.
Desktop app also fails.
Using Brave I checked the website console for errors, and found this:
Refused to frame 'https://office.mydomain.tld/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://mydomain.tld/nextcloud".
So I changed /etc/nginx/conf.d/office.mydomain.tld.d/onlyoffice.conf, adding this line
more_set_headers "Content-Security-Policy: frame-ancestors 'self' https://mydomain.tld https://office.mydomain.tld";
reloaded nginx, cleared the browser cache, et voilà, ça marche!
curieux vu qu’il y a déjà ‘self’ dans la directive CSP !
Il y avait seulement more_set_headers "Content-Security-Policy: frame-ancestors 'self' https://mydomain.tld/nextcloud"; j’ai dû rajouter https://office.mydomain.tld
Ce que je veux dire c’est que logiquement le 'self' signifie https://office.mydomain.tld , mais il y a sans doute une subtilité…