Restict Access to OnlyOffice Document Server to Nextcloud Users Only

ONLYOFFICE Document Server can use a token generated using the JSON Web Tokens (JWT) standard in order to secure the connection and restrict access the the OnlyOffice Document server which by default is accessible to everyone.

sudo vi /etc/onlyoffice/documentserver/local.json
"token": {

        "enable": {

          "request": {

            "inbox": false,

            "outbox": false

          },

          "browser": false
"token": {

        "enable": {

          "request": {

            "inbox": true,

            "outbox": true

          },

          "browser": true
"secret": {

        "inbox": {

          "string": "secret"

        },

        "outbox": {

          "string": "secret"

        },

        "session": {

          "string": "secret"
"secret": {

        "inbox": {

          "string": "ThisisTheSecret"

        },

        "outbox": {

          "string": "ThisisTheSecret"

        },

        "session": {

          "string": "ThisisTheSecret"
sudo supervisorctl restart all

 

Figure 1

image-1608566322223.png

Figure 2

image-1608566341479.png


Revision #3
Created 21 December 2020 15:55:44 by Dino Edwards
Updated 22 December 2020 11:54:19 by Dino Edwards