ONLYOFFICE cannot be reached. Please contact admin

[sjkhsl]

NextCloud and ONLYOFFICE can be used in the intranet behind a proxy, but cannot be connected to the Internet after a proxy.

I have two instances of Nextcloud on the same machine. I configured the connector of both cases to use the same settings. The configuring was successful - I saw the message with the green label:

Settings have been successfully updated (version 7.4.1.36)

However, one instance of Nextcloud opens files with ONLYOFFICE successfully whereas the other instance does not:

ONLYOFFICE cannot be reached. Please contact admin

NextCloud and ONLYOFFICE host ip:192.168.2.3
nginx ip:192.168.2.1

nextcloud config.php:

  array (
     "jwt_secret" => "xxxxxxx",
     "jwt_header" => "AuthorizationJwt",
     //'verify_peer_off' => TRUE,
  )

nginx:

upstream docservice {
  server xxx.xxx:9980;
}

map $http_host $this_host {
    "" $host;
    default $http_host;
}

map $http_x_forwarded_proto $the_scheme {
     default $http_x_forwarded_proto;
     "" $scheme;
}

map $http_x_forwarded_host $the_host {
    default $http_x_forwarded_host;
    "" $this_host;
}

map $http_upgrade $proxy_connection {
  default upgrade;
  "" close;
}

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $the_host;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

server {
  listen 9980 ssl;
  server_name xxx.xxx;

  ssl_certificate /etc/nginx/conf.d/xxx.xxx.crt;
  ssl_certificate_key /etc/nginx/conf.d/xxx.xxx.key;

  ssl_verify_client off;

  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  #ssl_session_cache  builtin:1000  shared:SSL:10m;

  ssl_prefer_server_ciphers   on;

  ## [Optional] Before enabling Strict-Transport-Security headers, ensure your server is properly configured for SSL.
  ## This directive informs the browser to always use HTTPS. For more info see:
  ## - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
  # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  # add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
  ## Replace with your ssl_trusted_certificate. For more info see:
  ## - https://medium.com/devops-programming/4445f4862461
  ## - https://www.ruby-forum.com/topic/4419319
  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  # resolver_timeout 10s;

  ## [Optional] Generate a stronger DHE parameter:
  ##   cd /etc/ssl/certs
  ##   sudo openssl dhparam -out dhparam.pem 4096
  ##
  # ssl_dhparam /etc/ssl/certs/dhparam.pem;

  location / {
       proxy_pass http://192.168.2.3:9980;
       proxy_http_version 1.1;

  }
}