Iframes rocket chat and nextcloud

Hello to all,

I come to see you because I have various problems that do not seem very serious but which indicate that something is misconfigured.

All the basic functionalities seem to work (I can access my domain correctly, the chat is working etc…)

However, I want to connect my rocket chat with nextcloud, so I have except that during the integration itself inside nextcloud Firefox refuses to open the page and it tells me this:

Firefox can’t open this page

To protect your security, my_chat.com will not allow Firefox to display the page if it is integrated by another site. To view this page, you must open it in a new window.

The other problem is the webdav link, this one seems to work unstable because when I want to retrieve a file on the server and I select it, the loading does not take place (the files of nextcloud are however visible from the rocket server)

note that a message from rocket appeared several times telling me that I was trying to connect to localhost and offered to redirect everything to my domain name which is secure, perhaps I should not have accepted.

Here is what the apache logs say:

[Fri Apr 08 12:09:17.803453 2022] [proxy:error] [pid 345590] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (*) failed
[Fri Apr 08 12:09:17.803658 2022] [proxy_http:error] [pid 345590] [client xx.xx.xx.xx.xx:46098] AH01114: HTTP: failed to make connection to backend: localhost, referer: my_chat.com/admin/cloud

My vhost file :

<VirtualHost *:80>

ServerName my_chat.com
RewriteEngine on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{SERVER_PORT} !^443$

<VirtualHost *:443>
ServerAdmin admin@localhost.fr
ServerName my_chat.com

LogLevel info
ErrorLog /var/log/chat.domain.com_error.log
TransferLog /var/log/chat.domain.com_access.log

SSLEngine On

SSLCertificateFile /etc/letsencrypt/live/my_chat.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my_chat.com/privkey.pem

Require all granted

RewriteEngine On
RewriteCond %{HTTP:CONNECTION} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*)           ws://localhost:3000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*)           http://localhost:3000/$1 [P,L]

ProxyPassReverse /          http://localhost:3000/

I’m using debian 11 and installed rocket via snap, If you need any other information, don’t hesitate.

I thank you all in advance

Sincerely

PS :
I saw that this video was available https://www.youtube.com/watch?v=AshE2uG87GE

So I followed what had to be deactivated to allow me the integration there Unfortunately it doesn’t work even though I followed this video to the letter

I thought I understood while doing research that firefox or chrome refuse the page because I don’t have the right header in my vhost.

So I’m trying to find out which header would be succeptible to match so that the integration works. Assuming of course that the problem comes from there (yes if we believe anyway the help page of firefox)

So far even something permissive and not recommended like this header Header always set X-Frame-Options “ALLOWALL” didn’t change anything. So I’m continuing my research and waiting for someone with more experience to answer

Up please Last clarification if it can help I have a snap install but I don’t think it has anything to do with it if I believe the number of similar problems I saw on the github account

No one has any answers? I still haven’t figured out how to solve this problem. If you need more information, I’ll be happy to help.

On the other hand, yes you’re right, it’s a shame but I went on the forum and not on their chat! I will see that with them hoping that they answer. I will post the solution here if I find it so that it is useful to others.

Thanks again for answering I was starting to despair of getting an answer

Try verifying your SSL Certificate. Looks like a security thingy.
As specified in the documentation, https://docs.rocket.chat/guides/administration/admin-panel/integrations/nextcloud-rocket.chat-app

Connecting Nextcloud with Rocket.Chat requires your Rocket.Chat sever to be on an SSL-protected domain. This is strictly for security reasons.

You need to make the following changes to your Rocket.Chat settings

  • Have two-factor Authentication disabled on your Rocket.Chat settings Administration > Settings > Accounts > Two Factor Authentication

  • Disable Restrict access inside any Iframe Administration > Settings > General > Restrict access inside any Iframe

  • Enable to send and receive data inside an iframe Administration > Settings > General > Iframe Integration

Thank you for your answer. @fongang.rodrique

The certificate seems to be ok delivered by let’s encrypt after it’s a simple certificate, maybe I should have used a wildcard certificate since it’s a subdomain ?

In any case the connection seems to me correctly encrypted by the certificate and the http redirection in https too. I have never encountered any problem on this side until now.

And of course I have done everything that is asked because I have watched your video on YouTube and also your documentation where it was mentioned these changes but nothing Firefox and chrome blocks the iframe.

I got the maximum score on Sslab which in theory proves that the configuration is good I have the right ones in mind to fight against the Xss and I added Csp in my vhost to be sure that it is taken into account, but still the same

I don’t know if this is related but I regularly get this message. I specify if I did not do it yet that I use the snap installation so I do not know if it is possible to go directly modify the installation files as in a classic installation and where are stored these files if it is the case

The URL setting of the site is configured for http://localhost:3000 and you access from https://rocket.my_chat.com !

Do you want to change to https://rocket.my_chat.com ?

I see…
Can you try forwarding :3000 with ngrok and using the https?
If it still persists, then we can look at the setup method, which is funny.

After thinking about it I totally deleted the snap configuration I had set up to switch to docker. So far the error message has reappeared but under the right domain name and I just had to remove “:3000” from the URL_ROOT line in the docker conf file. I guess it’s a redundant information and it was only necessary to put the domain name, since the port number is already indicated in the file.

For the moment the error has not reappeared, I have not tried yet if the integration via nextcloud works with this new configuration. For the moment I have MongoDB(4.0.2.8) which is obsolete, so I’m trying to see how to update all this without breaking the whole configuration. I thought I saw that before upgrading mongoDB I had to change my database support to WiredTiger. I’m trying to do all this even if for the moment I don’t find it very easy, I’m going to try to do all this without breaking the whole configuration.

Once all this is done I’ll see if the integration works (without forgetting of course to activate the internal iframe, to deactivate the double authentication etc… )

EDIT: It’s ok, I managed to install wireTiger, I just need to manage the consecutive mongodb maj and then I can check if the integration works