Nextcloud OnlyOffice document security token error

I am running Nextcloud and OnlyOffice Document server in different Portainer stacks. They are behind a Traefik docker container used as a reverse proxy.

When updating Nextcloud from one version to another i sometimes get the error below, when trying to open DOCX / XLSX files:

Nextcloud OpenOffice document security error

"The document security token is not correctly formatted. Please contact your Document Server Administrator. Press OK to return to document list"

The OnlyOffice container exposes it’s HTTP port (HTTPS is unused since Traefik takes care of that, with Let’s Encrypt certificates) on a custom port 8082. My Docker host runs on

Opening in my browser we can see the following page:

So running the command on my Docker host will output the random secret.

docker exec f0d065978594 /var/www/onlyoffice/documentserver/npm/json -f /etc/onlyoffice/documentserver/local.json 'services.CoAuthoring.secret.session.string'

Output example : 879x4eLw2sZES3cY4waB

This string needs to be copied in Nextcloud -> Administration Settings -> ONLYOFFICE -> Secret key field.

Then don’t forget to press the SAVE button, located right below.

UPDATE : to use a fixed token, under environment, set JWT_SECRET as your token.

JWT_SECRET nextcloud onlyoffice
docker-compose.yml for OnlyOffice documentserver container

ONLYOFFICE Docs address / ONLYOFFICE Docs address for internal requests from the server is the address that’s set in DNS for your OnlyOffice instance.

Server address for internal requests from ONLYOFFICE Docs is the DNS name for your Nextcloud server.


Skip to comment form

    • HenneC on January 8, 2023 at 11:23 pm
    • Reply


    I got it working because of you. But i have a problem. Every time i restart my onlyoffice server, my token is re-generated. This way every time my server shutsdown or updates i need to re-enter the token in Nextcloud, there must be a better way to do this. Do you know how? Thanks in advance

  1. Hi, it seems you can use a custom token :

    • HenneC on January 10, 2023 at 8:08 pm
    • Reply

    Hello, thank you for your response. The link you send, I already found. Sadly enough even changing the local.json did not work for me. I change it to a random string, but when I restart my server this file keeps regenerating a new string in its place. I reckon you never had this issue before? I’ll search on, if you by any chance find or think of something else I could try please let me now.

    1. Do you run docker / docker-compose?
      I had the same problem – a new token everytime the container restarts.

      I added the JWT_SECRET environment variable to my yml -> now the token is “mysuperdupersecret”

      container_name: onlyoffice-document-server
      image: onlyoffice/documentserver:latest
      – JWT_SECRET=mysuperdupersecret
      stdin_open: true
      tty: true
      restart: always
      – ’80’
      – ‘443’
      – ./document_data:/var/www/onlyoffice/Data
      – ./document_log:/var/log/onlyoffice

      1. You are right, Manuel.
        Indeed in the sceenshot it says : “You can replace the default secret with a custom key using Docker env.”

        • HenneC on February 3, 2023 at 8:32 pm
        • Reply

        Thank you for this information. Yes i use docker and i will try this later this week.

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.