Restict Access to OnlyOffice Document Server to Nextcloud Users Only

ONLYOFFICE Document Server can use a token generated using the JSON Web Tokens (JWT) standard in order to secure the connection and restrict access the the OnlyOffice Document server which by default is accessible to everyone.

• Edit the /etc/onlyoffice/documentserver/local.json filefile:

and find

sudo vi /etc/onlyoffice/documentserver/local.json

Find the following section:

"token": {

        "enable": {

          "request": {

            "inbox": false,

            "outbox": false

          },

          "browser": false

Set all the settings from “false” to “true” so it looks like below:

"token": {

        "enable": {

          "request": {

            "inbox": true,

            "outbox": true

          },

          "browser": true

Locate the following section:

"secret": {

        "inbox": {

          "string": "secret"

        },

        "outbox": {

          "string": "secret"

        },

        "session": {

          "string": "secret"

Substitute “secret” with a secret token of your choosing (ex: ThisisTheSecret) so it looks like below:

"secret": {

        "inbox": {

          "string": "ThisisTheSecret"

        },

        "outbox": {

          "string": "ThisisTheSecret"

        },

        "session": {

          "string": "ThisisTheSecret"

• Save the file and restart the services:

sudo supervisorctl restart all

 

• Go in Nextcloud under Settings --> ONLYOFFICE  and click on Advanced server settings. In the Secret key field enter the THESECRET token you created earlier and click the Save button (Figure 1).

Figure 1

• Click the “Save” button, you should get the following message on top of the Nextcloud window (Figure 2):

Figure 2