Nextcloud with Onlyoffice Docker behind a Sophos WAF

[Rick26L]

Steps to reproduce
Install Nextcloud with Onlyoffice Docker
Activate WAF on Sophos for the Webservers
Try to open a Document
Expected behaviour
Onlyoffice should open the document to be able to edit/view it

Actual behaviour
Onlyoffice App opens, but after a short time you get "Unknown Error. Press OK to return to document list"

Information
With DNAT, Onlyoffice is working
Communication between Onlyoffice Docker and Nextcloud is ok.
Server configuration
Operating system:Ubuntu Linux 16.04.1

Web server: Apache version 2.4.18

Nextcloud version: 14.0.3

Where did you install Nextcloud from: Tech and Me

Signing status: No errors have been found.

Nextcloud configuration:

"system": {
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"localhost",
"192.168.146.11",
"cloud..de",
"office..de"
],
"datadirectory": "REMOVED SENSITIVE VALUE",
"overwrite.cli.url": "https://cloud.**********.de/",
"dbtype": "mysql",
"version": "14.0.3.0",
"dbname": "REMOVED SENSITIVE VALUE",
"dbhost": "REMOVED SENSITIVE VALUE",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"installed": true,
"instanceid": "REMOVED SENSITIVE VALUE",
"maintenance": false,
"mail_smtpmode": "smtp",
"memcache.local": "\OC\Memcache\Redis",
"filelocking.enabled": true,
"memcache.distributed": "\OC\Memcache\Redis",
"memcache.locking": "\OC\Memcache\Redis",
"redis": {
"host": "REMOVED SENSITIVE VALUE",
"port": 0,
"timeout": 0,
"dbindex": 0,
"password": "REMOVED SENSITIVE VALUE"
},
"htaccess.RewriteBase": "/",
"loglevel": "2",
"log_type": "file",
"logfile": "/var/ncdata/nextcloud.log",
"logtimezone": "Europe/Berlin",
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "\OCA\User_LDAP\LDAPProviderFactory",
"auth.bruteforce.protection.enabled": false,
"mail_smtphost": "REMOVED SENSITIVE VALUE",
"mail_smtpauthtype": "LOGIN",
"mail_smtpport": "25",
"mail_from_address": "REMOVED SENSITIVE VALUE",
"mail_domain": "REMOVED SENSITIVE VALUE",
"theme": "",
"updater.release.channel": "stable"
}

Are you using external storage, if yes which one: smb

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory

Client configuration
Browser: Chrome/Firefox/IE

Operating system: W10

[ShockwaveNN]

Hello, we do not test any of our application with Sophos WAF and currently have no resources (or experience) to figure it out. If someone can help with it - please do.

[johnczer]

I have a similar scenario with Nextcloud/OnlyOffice running on an Ubuntu VM behind Sophos WAF. The solution that I came up with which works perfectly is to change the port in Apache for the OnlyOffice to something other that 443 (i.e. 4443) and create a DNAT in Sophos for Any/Port 4443/Ext WAN/IP of Server where OnlyOffice is. This works inside and outside with no issues.

[Rick26L]

Hi @johnczer ,

thank's for your reply!
Did you only changed the Port in the Apache for the Onlyoffice?
Or did you changed the port for the docker container too?

[johnczer]

Hi Rick, Yes, I changed the OnlyOffice to another port other than 443 in Apache but left the Docker side as is. When I changed the port for OnlyOffice in Apache I did this in the config file but it can be changed in either place.