Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/onlyoffice: Fails to Activate Only Office #384842

Open
wjjunyor opened this issue Feb 24, 2025 · 0 comments
Open

nixos/onlyoffice: Fails to Activate Only Office #384842

wjjunyor opened this issue Feb 24, 2025 · 0 comments
Labels
0.kind: bug Something is broken 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS

Comments

@wjjunyor
Copy link
Contributor

Nixpkgs version

  • Stable (24.11)

Describe the bug

Error while building OnlyOffice via modules.

Steps to reproduce

Via Modules:

  1. Add to configuration.nix:
enable = true;
hostname = "office.wcbrpar.com";
port = 8000;
};
  1. nixos-rebuild switch --upgrade --show-trace

Expected behaviour

To build without error

Screenshots

No response

Relevant log output

'/nix/store/md46syw9ci229wkl8g5ckw9r1rcvlhkp-onlyoffice-wrapper-fhsenv-rootfs.drv'...
structuredAttrs is enabled

==================== Results ===================

>> Problem: [add_header_redefinition] Nested "add_header" drops parent headers.
Description: "add_header" replaces ALL parent headers. See documentation: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md
Reason: Parent headers "x-frame-options", "x-content-type-options" was dropped in current level
Pseudo config:

server {
server_name office.wcbrpar.com;

location ~* ^(\/cache\/files.*)(\/.*) {
add_header Content-Disposition attachment; filename*=UTF-8$arg_filename;
}
}
add_header Strict-Transport-Security $hsts_header;
add_header Referrer-Policy origin-when-cross-origin;
add_header X-Frame-Options DENY;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

==================== Summary ===================
Total issues:
Unspecified: 0
Low: 0
Medium: 1
High: 0

Additional context

cat /etc/nixos/modules/nginx/default.nix 


{

# Nginx webserver
services.nginx = {
enable = true;
logError = "stderr info";

# Use recommended settings
recommendedBrotliSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedZstdSettings = true;

# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";

# Log real IPs behind CDNs
commonHttpConfig =

let

realIpsFromList = lib.strings.concatMapStringsSep "\n" (x: "set_real_ip_from  ${x};");
fileToList = x: lib.strings.splitString "\n" (builtins.readFile x);
cfipv4 = fileToList (pkgs.fetchurl {
url = "https://www.cloudflare.com/ips-v4";
sha256 = "0ywy9sg7spafi3gm9q5wb59lbiq0swvf0q3iazl0maq1pj1nsb7h";
});
cfipv6 = fileToList (pkgs.fetchurl {
url = "https://www.cloudflare.com/ips-v6";
sha256 = "1ad09hijignj6zlqvdjxv7rjj8567z357zfavv201b9vx3ikk7cy";
});

in

''
${realIpsFromList cfipv4}
${realIpsFromList cfipv6}
real_ip_header CF-Connecting-IP;
'';
appendHttpConfig = ''
# Add HSTS header with preloading to HTTPS requests.
# Adding this header to HTTP requests is discouraged
map $scheme $hsts_header {
https   "max-age=31536000; includeSubdomains; preload";
}```
add_header Strict-Transport-Security $hsts_header;
# Enable CSP for your services.
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;

# Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin';

# Disable embedding as a frame
add_header X-Frame-Options DENY;

# Disable embedding as a frame
add_header X-Frame-Options DENY;

# Prevent injection of code in other mime types (XSS Attacks)
add_header X-Content-Type-Options nosniff;

# This might create errors
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';

clientMaxBodySize = "20M";

};

}



### System metadata
  • system: "x86_64-linux"
  • host os: Linux 6.11.8.2, NixOS, 24.11 (Vicuna), 24.11.714826.04ef94c4c158
  • multi-user?: yes
  • sandbox: yes
  • version: nix-env (Nix) 2.24.12
  • channels(root): "agenix, home-manager-24.11.tar.gz, nixos-24.11"
  • nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos

### Notify maintainers

@SuperSandro2000 
---

**Note for maintainers:** Please tag this issue in your pull request description. (i.e. `Resolves #ISSUE`.)


### I assert that this issue is relevant for Nixpkgs

- [x] I assert that this is a bug and not a support request.
- [x] I assert that this is not a [duplicate of an existing issue](https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aissue+label%3A%220.kind%3A+bug%22+label%3A%226.topic%3A+nixos%22). 
- [x] I assert that I have read the [NixOS Code of Conduct](https://github.com/NixOS/.github/blob/master/CODE_OF_CONDUCT.md) and agree to abide by it.

### Is this issue important to you?

Add a :+1: [reaction] to [issues you find important].

[reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/
[issues you find important]: https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc
@wjjunyor wjjunyor added 0.kind: bug Something is broken 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS labels Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0.kind: bug Something is broken 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wjjunyor