NextCloud Integration error: 502 Bad Gateway for healthcheck

[farewarr]

Nextcloud integration with OnlyOffice fails due to the following nextcloud errror:

###Error from Nextcloud:

Error	onlyoffice	ServerExceptionServer error: GET https://onlyoffice.nonooculusnas.com/healthcheck resulted in a 502 Bad Gateway response: <title>502 Bad Gateway</title> 502 Bad Gateway ngin (truncated...)healthcheckRequest on check error

• Error is seen when clicking save on the integration settings and in the nextcloud logs page.

###NGINX logs from onlyoffice:
nginx logs again: 2024/11/13 05:52:13 [error] 755#755: *2 connect() failed (111: Unknown error) while connecting to upstream, client: 172.25.0.1, server: , request: "GET /healthcheck HTTP/1.1", upstream: "http://127.0.0.1:8000/healthcheck", host: "onlyoffice.nonooculusnas.com" 2024/11/13 05:52:13 [error] 755#755: *2 connect() failed (111: Unknown error) while connecting to upstream, client: 172.25.0.1, server: , request: "GET /healthcheck HTTP/1.1", upstream: "http://127.0.0.1:8000/healthcheck", host: "onlyoffice.nonooculusnas.com" 2024/11/13 05:52:25 [error] 755#755: *5 connect() failed (111: Unknown error) while connecting to upstream, client: 172.25.0.1, server: , request: "GET /healthcheck HTTP/1.1", upstream: "http://127.0.0.1:8000/healthcheck", host: "onlyoffice.nonooculusnas.com" 2024/11/13 05:52:25 [error] 755#755: *5 connect() failed (111: Unknown error) while connecting to upstream, client: 172.25.0.1, server: , request: "GET /healthcheck HTTP/1.1", upstream: "http://127.0.0.1:8000/healthcheck", host: "onlyoffice.nonooculusnas.com" 2024/11/13 05:52:52 [error] 755#755: *8 connect() failed (111: Unknown error) while connecting to upstream, client: 172.25.0.1, server: , request: "GET /healthcheck HTTP/1.1", upstream: "http://127.0.0.1:8000/healthcheck", host: "onlyoffice.nonooculusnas.com" 2024/11/13 05:52:52 [error] 755#755: *8 connect() failed (111: Unknown error) while connecting to upstream, client: 172.25.0.1, server: , request: "GET /healthcheck HTTP/1.1", upstream: "http://127.0.0.1:8000/healthcheck", host: "onlyoffice.nonooculusnas.com" 2024/11/13 05:53:42 [error] 755#755: *13 connect() failed (111: Unknown error) while connecting to upstream, client: 172.25.0.1, server: , request: "POST /ConvertService.ashx HTTP/1.1", upstream: "http://127.0.0.1:8000/ConvertService.ashx", host: "onlyoffice.nonooculusnas.com" 2024/11/13 05:53:42 [error] 755#755: *13 connect() failed (111: Unknown error) while connecting to upstream, client: 172.25.0.1, server: , request: "POST /ConvertService.ashx HTTP/1.1", upstream: "http://127.0.0.1:8000/ConvertService.ashx", host: "onlyoffice.nonooculusnas.com" 2024/11/13 05:53:45 [error] 755#755: *16 connect() failed (111: Unknown error) while connecting to upstream, client: 172.25.0.1, server: , request: "POST /ConvertService.ashx HTTP/1.1", upstream: "http://127.0.0.1:8000/ConvertService.ashx", host: "onlyoffice.nonooculusnas.com" 2024/11/13 05:53:45 [error] 755#755: *16 connect() failed (111: Unknown error) while connecting to upstream, client: 172.25.0.1, server: , request: "POST /ConvertService.ashx HTTP/1.1", upstream: "http://127.0.0.1:8000/ConvertService.ashx", host: "onlyoffice.nonooculusnas.com" 2024/11/13 05:54:23 [error] 755#755: *21 connect() failed (111: Unknown error) while connecting to upstream, client: 172.25.0.1, server: , request: "HEAD /healthcheck HTTP/1.1", upstream: "http://127.0.0.1:8000/healthcheck", host: "onlyoffice.nonooculusnas.com" 2024/11/13 05:54:23 [error] 755#755: *21 connect() failed (111: Unknown error) while connecting to upstream, client: 172.25.0.1, server: , request: "HEAD /healthcheck HTTP/1.1", upstream: "http://127.0.0.1:8000/healthcheck", host: "onlyoffice.nonooculusnas.com" 2024/11/13 05:59:54 [error] 1552#1552: *34 connect() failed (111: Unknown error) while connecting to upstream, client: 127.0.0.1, server: , request: "HEAD /healthcheck HTTP/1.1", upstream: "http://127.0.0.1:8000/healthcheck", host: "localhost" 2024/11/13 05:59:54 [error] 1552#1552: *34 connect() failed (111: Unknown error) while connecting to upstream, client: 127.0.0.1, server: , request: "HEAD /healthcheck HTTP/1.1", upstream: "http://127.0.0.1:8000/healthcheck", host: "localhost" 2024/11/13 06:02:01 [error] 1552#1552: *41 connect() failed (111: Unknown error) while connecting to upstream, client: 127.0.0.1, server: , request: "HEAD /healthcheck HTTP/1.1", upstream: "http://127.0.0.1:8000/healthcheck", host: "127.0.0.1" 2024/11/13 06:02:01 [error] 1552#1552: *41 connect() failed (111: Unknown error) while connecting to upstream, client: 127.0.0.1, server: , request: "HEAD /healthcheck HTTP/1.1", upstream: "http://127.0.0.1:8000/healthcheck", host: "127.0.0.1"

It seems that https:///healthcheck is being checked on port 8000 even though the port config in compose file uses port 80

###Compose File:

version: "3.9"
services:
onlyoffice:
image: onlyoffice/documentserver:latest
container_name: onlyoffice-server
hostname: OnlyOfficeServer
networks:
- nextcloud_network
ports:
- 8467:80
volumes:
- /volume1/docker/onlyoffice/logs:/var/log/onlyoffice:rw
- /volume1/docker/onlyoffice/data:/var/www/onlyoffice/Data:rw
- /volume1/docker/onlyoffice/config:/etc/onlyoffice/documentserver/:rw
environment:
JWT_ENABLED: true
JWT_SECRET: secret
rejectUnauthorized: false
restart: always
labels:
- com.centurylinklabs.watchtower.enable=true

networks:
nextcloud_network:
external: true

###from default.json we see coauthoring port is 8000
"services": {
"CoAuthoring": {
"server": {
"port": 8000,
"workerpercpu": 1,
"mode": "development",
"limits_tempfile_upload": 104857600,
"limits_image_size": 26214400,
"limits_image_download_timeout": {
"connectionAndInactivity": "2m",
"wholeCycle": "2m"
},

###Curl Command:
ash-4.4# curl -I http://:80/healthcheck
HTTP/1.1 502 Bad Gateway
Server: nginx
Date: Wed, 13 Nov 2024 06:18:43 GMT
Content-Type: text/html
Content-Length: 150
Connection: keep-alive

###curl command ran from inside container:
ash-4.4# docker exec -it onlyoffice-server curl -I http://127.0.0.1:80/healthcheck
HTTP/1.1 502 Bad Gateway
Server: nginx
Date: Wed, 13 Nov 2024 06:18:43 GMT
Content-Type: text/html
Content-Length: 150
Connection: keep-alive

Downgrading to onlyoffice/documentserver:8.2.0 resolved the issue. As of this post the 'latest' tag was updated 16 hours ago.

###Curl command ran after downgrading:
ash-4.4# curl -I http://onlyoffice.nonooculusnas.com:80/healthcheck
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 13 Nov 2024 06:51:37 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Accept-Encoding

I did not know to check this before the issue started and even though its coming back 404 not found, the integration in nextcloud is now working.

Also, I am not sure if the coauthoring port is correct or not, but the main issue here is the healthceck url is coming back as 502 bad gateway.

[igwyd]

Also, I am not sure if the coauthoring port is correct or not, but the main issue here is the healthceck url is coming back as 502 bad gateway.

I get your docker compose file, by the way, it has mistakes:

1. Forbidden to create volume /volume1/docker/onlyoffice/config:/etc/onlyoffice/documentserver/:rw
2. We havent variable rejectUnauthorized: false, use instead USE_UNAUTHORIZED_STORAGE, all configuration parameters here https://github.com/ONLYOFFICE/Docker-DocumentServer?tab=readme-ov-file#available-configuration-parameters

Ran curl inside container:
root@OnlyOfficeServer:/# curl -I http://127.0.0.1:80/healthcheck
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Nov 2024 06:12:29 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 4
Connection: keep-alive
ETag: W/"4-X/5TO4MPCKAyY0ipFgr6/IraRNs"

And outside (Port 8467 because you map it 8467:80)
root@oods:~/NC-test# curl -I http://ip-address:8467/healthcheck
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 29 Nov 2024 06:15:10 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 4
Connection: keep-alive
ETag: W/"4-X/5TO4MPCKAyY0ipFgr6/IraRNs"

Everything is ok as you see.

I see you are using an external DNS for request https://onlyoffice.nonooculusnas.com/healthcheck. Is there some proxy before onlyoffice? I think the issue should be there.

[maltokyo]

Did anyone solve this, in terms of how to update the reverse proxy to get a clean return from /healthcheck url?

[igwyd]

Hello @maltokyo we have the proxy examples for onlyoffice documentserver https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx

[maltokyo]

Thank you. But this doesn't have a /healthcheck entry at all. This issue for me is that /welcome works fine, but this integration relies on /healthcheck

[igwyd]

It is not there because it is an internal check of the document server, the proxy will redirect it to our internal service. I just checked this config with my docker installation and external nginx - healthcheck shows true as expected.

[TheDoDoo]

Hello @igwyd, and everyone else,

I wanted to set up the OnlyOffice Document Server via Docker to use it with my Nextcloud.
However, I get the following message when I try to connect it to Nextcloud.

Fehler beim Anschließen (Server error: `GET https://xxx.com/healthcheck` resulted in a `502 Bad Gateway` response:

502 Bad Gateway

502 Bad Gateway
ngin (truncated...)
)

root@nextcloud:/docker/onlyoffice-documentserver# curl -I http://127.0.0.1:7080/welcome/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 28 Jan 2025 18:52:32 GMT
Content-Type: text/html
Content-Length: 4948
Last-Modified: Tue, 28 Jan 2025 18:48:07 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "67992667-1354"
Expires: Wed, 28 Jan 2026 18:52:32 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes

root@nextcloud:/docker/onlyoffice-documentserver# curl -I http://127.0.0.1:7080/healthcheck/
HTTP/1.1 502 Bad Gateway
Server: nginx
Date: Tue, 28 Jan 2025 18:52:38 GMT
Content-Type: text/html
Content-Length: 150
Connection: keep-alive

This is my configuration. Did I make any mistakes?
(I am using Nginx Proxy Manager as a reverse proxy.)

docker-compose.yml

services:
  onlyoffice-documentserver:
    image: onlyoffice/documentserver
    container_name: onlyoffice-documentserver
    depends_on:
      - onlyoffice-postgresql
      - onlyoffice-rabbitmq
    environment:
      - DB_TYPE=${DB_TYPE}
      - DB_HOST=${DB_HOST}
      - DB_PORT=${DB_PORT}
      - DB_NAME=${POSTGRES_DB}
      - DB_USER=${POSTGRES_USER}
      - DB_PASSWORD=${POSTGRES_PASSWORD}
      - AMQP_URI=${AMQP_URI}
      # Uncomment strings below to enable the JSON Web Token validation.
      - JWT_ENABLED=true
      - JWT_SECRET=${JWT_SECRET}
      #- JWT_HEADER=Authorization
      #- JWT_IN_BODY=true
    ports:
      - '7080:80'
      - '7443:443'
    stdin_open: true
    restart: always
    stop_grace_period: 60s
    volumes:
      - ./onlyoffice/Data:/var/www/onlyoffice/Data
      - ./onlyoffice/log:/var/log/onlyoffice
      - ./onlyoffice/cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files
      - ./onlyoffice/example_files:/var/www/onlyoffice/documentserver-example/public/files
      - ./onlyoffice/fonts:/usr/share/fonts

  onlyoffice-rabbitmq:
    container_name: onlyoffice-rabbitmq
    image: rabbitmq
    restart: always
    expose:
      - '5672'

  onlyoffice-postgresql:
    container_name: onlyoffice-postgresql
    image: postgres:12
    environment:
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
    restart: always
    expose:
      - '5432'
    volumes:
      - ./pgsql_data:/var/lib/postgresql

.env

DB_TYPE=postgres
DB_HOST=onlyoffice-postgresql
DB_PORT=5432

POSTGRES_DB=onlyoffice
POSTGRES_USER=onlyoffice
POSTGRES_PASSWORD=<PASSWORD>

AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq

JWT_SECRET=<SECRET>

[maltokyo]

Hi @igwyd thank you for your reply:

Below is the nginx config that comes pre-configured with SWAG

It looks like it should work, but doesn't return a 200 for /healthcheck - would you have any comments or advice what I should change to make it work?

Thank you

## Version 2024/07/16
# make sure that your onlyoffice documentserver container is named documentserver
# make sure that your dns has a cname set for documentserver

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name documentserver.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # enable for ldap auth (requires ldap-location.conf in the location block)
    #include /config/nginx/ldap-server.conf;

    # enable for Authelia (requires authelia-location.conf in the location block)
    #include /config/nginx/authelia-server.conf;

    # enable for Authentik (requires authentik-location.conf in the location block)
    #include /config/nginx/authentik-server.conf;

    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable for ldap auth (requires ldap-server.conf in the server block)
        #include /config/nginx/ldap-location.conf;

        # enable for Authelia (requires authelia-server.conf in the server block)
        #include /config/nginx/authelia-location.conf;

        # enable for Authentik (requires authentik-server.conf in the server block)
        #include /config/nginx/authentik-location.conf;

        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app documentserver;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

    }
}

[maltokyo]

I got all this working perfectly... what was needed was a different set of volumes in the docker compose file and a new nginx config file. can post if anyone is interested.

[DRCBR1]

I got all this working perfectly... what was needed was a different set of volumes in the docker compose file and a new nginx config file. can post if anyone is interested.

hi, i am interested. can you share your compose and nginx config plz.

[maltokyo]

sure, whats the best way to share?

…

On Sat, Feb 22, 2025 at 1:55 AM DRCBR1 ***@***.***> wrote: I got all this working perfectly... what was needed was a different set of volumes in the docker compose file and a new nginx config file. can post if anyone is interested. hi, i am interested. can you share your compose and nginx config plz. — Reply to this email directly, view it on GitHub <#1039 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKS7W64KL4V5UYOCP22IFT2Q7DJHAVCNFSM6AAAAABRVYX62OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNZVHA4TIMBQHE> . You are receiving this because you were mentioned.Message ID: ***@***.***> [image: DRCBR1]*DRCBR1* left a comment (ONLYOFFICE/onlyoffice-nextcloud#1039) <#1039 (comment)> I got all this working perfectly... what was needed was a different set of volumes in the docker compose file and a new nginx config file. can post if anyone is interested. hi, i am interested. can you share your compose and nginx config plz. — Reply to this email directly, view it on GitHub <#1039 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAKS7W64KL4V5UYOCP22IFT2Q7DJHAVCNFSM6AAAAABRVYX62OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNZVHA4TIMBQHE> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[sushost]

hi! also interested. best way to share is most certainly "not at all" ;) so.. maybe a pastebin link? google "pastebin" and choose any, paste in the text there, copy the link and paste it into your answer. thanks, cheers!