Access Forbidden

choward · March 16, 2017, 2:08pm

Fresh 1TB OVA appliance installed. Followed the instructions on nextcloud’s website to get Collabora installed and integrated. When I try to launch a document, I get access forbidden. I’ve read that people are reverting to 10 and then upgrading to 11 and this fixes the issue…

I’ve tail’d every log I can think of.

Below is the output of the following three commands:
docker ps -a
journalctl -u docker
sudo systemctl status docker

root@nextcloud:/home/nunya# clear
root@nextcloud:/home/nunya# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                      NAMES
d8c0309d16c7        collabora/code      "/bin/sh -c 'bash sta"   7 days ago          Up 19 hours         127.0.0.1:9980->9980/tcp   condescending_bohr
root@nextcloud:/home/nunya# journalctl -u docker
-- Logs begin at Wed 2017-03-15 14:01:59 CDT, end at Thu 2017-03-16 09:05:18 CDT. --
Mar 15 14:02:13 nextcloud systemd[1]: Starting Docker Application Container Engine...
Mar 15 14:02:32 nextcloud dockerd[1199]: time="2017-03-15T14:02:32.352371564-05:00" level=info msg="libcontainerd: new containerd process, pid: 1403"
Mar 15 14:02:37 nextcloud dockerd[1199]: time="2017-03-15T14:02:37.875600641-05:00" level=info msg="[graphdriver] using prior storage driver \"aufs\""
Mar 15 14:02:40 nextcloud dockerd[1199]: time="2017-03-15T14:02:40.484974843-05:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Mar 15 14:02:40 nextcloud dockerd[1199]: time="2017-03-15T14:02:40.487766172-05:00" level=warning msg="Your kernel does not support swap memory limit."
Mar 15 14:02:40 nextcloud dockerd[1199]: time="2017-03-15T14:02:40.488304715-05:00" level=info msg="Loading containers: start."
Mar 15 14:02:41 nextcloud dockerd[1199]: .time="2017-03-15T14:02:41.275857011-05:00" level=info msg="Firewalld running: false"
Mar 15 14:02:42 nextcloud dockerd[1199]: time="2017-03-15T14:02:42.168309287-05:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Mar 15 14:02:42 nextcloud dockerd[1199]: time="2017-03-15T14:02:42.513245850-05:00" level=info msg="Loading containers: done."
Mar 15 14:02:42 nextcloud dockerd[1199]: time="2017-03-15T14:02:42.532631208-05:00" level=info msg="Daemon has completed initialization"
Mar 15 14:02:42 nextcloud dockerd[1199]: time="2017-03-15T14:02:42.532857905-05:00" level=info msg="Docker daemon" commit=78d1802 graphdriver=aufs version=1.12.6
Mar 15 14:02:42 nextcloud dockerd[1199]: time="2017-03-15T14:02:42.555450251-05:00" level=info msg="API listen on /var/run/docker.sock"
Mar 15 14:02:42 nextcloud systemd[1]: Started Docker Application Container Engine.
root@nextcloud:/home/nunya#
root@nextcloud:/home/nunya# sudo systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2017-03-15 14:02:42 CDT; 19h ago
     Docs: https://docs.docker.com
 Main PID: 1199 (dockerd)
    Tasks: 35
   Memory: 67.5M
      CPU: 24.185s
   CGroup: /system.slice/docker.service
           ├─1199 /usr/bin/dockerd -H fd://
           ├─1403 containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim containerd-shim --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --runtime runc
           ├─1676 /usr/bin/docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 9980 -container-ip 172.17.0.2 -container-port 9980
           └─1682 containerd-shim d8c0309d16c7dc66ced209c0c0e2ad1e3f105ed60a734511590fadf0d427ff6e /var/run/docker/libcontainerd/d8c0309d16c7dc66ced209c0c0e2ad1e3f105ed60a734511590fadf0d427ff6e runc

Mar 15 14:02:40 nextcloud dockerd[1199]: time="2017-03-15T14:02:40.484974843-05:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Mar 15 14:02:40 nextcloud dockerd[1199]: time="2017-03-15T14:02:40.487766172-05:00" level=warning msg="Your kernel does not support swap memory limit."
Mar 15 14:02:40 nextcloud dockerd[1199]: time="2017-03-15T14:02:40.488304715-05:00" level=info msg="Loading containers: start."
Mar 15 14:02:41 nextcloud dockerd[1199]: .time="2017-03-15T14:02:41.275857011-05:00" level=info msg="Firewalld running: false"
Mar 15 14:02:42 nextcloud dockerd[1199]: time="2017-03-15T14:02:42.168309287-05:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Mar 15 14:02:42 nextcloud dockerd[1199]: time="2017-03-15T14:02:42.513245850-05:00" level=info msg="Loading containers: done."
Mar 15 14:02:42 nextcloud dockerd[1199]: time="2017-03-15T14:02:42.532631208-05:00" level=info msg="Daemon has completed initialization"
Mar 15 14:02:42 nextcloud dockerd[1199]: time="2017-03-15T14:02:42.532857905-05:00" level=info msg="Docker daemon" commit=78d1802 graphdriver=aufs version=1.12.6
Mar 15 14:02:42 nextcloud dockerd[1199]: time="2017-03-15T14:02:42.555450251-05:00" level=info msg="API listen on /var/run/docker.sock"
Mar 15 14:02:42 nextcloud systemd[1]: Started Docker Application Container Engine.
root@nextcloud:/home/nunya#

There aren’t any errors other than that. Can someone at least point me in the right direction to begin troubleshooting?

Thanks!!
-Chris

Ark74 · March 16, 2017, 9:12pm

Access Forbiden is a very generic error.
I’m starting to think that it’s the only error it shows for any error.

You need to give more info about your system.
What OS are you using.
Do you have aufs support for docker?
Are you using valid SSL certs for both domains?
Are you using Apache or Nginx?

Please expose your case.
Since Access Forbidden is equals to This doesn’t work.
Cheers!

choward · March 16, 2017, 10:09pm

I’m using the stock 1TB ova. (Ubuntu 16.04 with nginx)

I saw aufs errors so I installed the aufs-tools package. Not sure if that answers your question.

I am using a valid certificate for my nextcloud instance. I created an office_ssl_domain.conf for my office.domain.com (collabora url) and added the lines that include my wildcard certificate.

Nginx.

Thanks!!

Ark74 · March 16, 2017, 10:27pm

To discard aufs issues let’s know if you box has support:

grep aufs /proc/filesystems

Also, i’ve read some guys having everything right but nginx configuration.
I would suggest using Apache, or check against your nginx configuration to

Even with that i’ve heard nginx isn’t working.

choward · March 17, 2017, 5:59pm

root@nextcloud:/homenynunya# grep aufs /proc/filesystems
nodev aufs
root@nextcloud:/home/nunya#

choward · March 17, 2017, 6:00pm

And my bad, it’s apache2… I don’t know why I insisted on calling it nginx.

Ark74 · March 17, 2017, 6:31pm

Please follow up with

sudo docker info

Then
cat /etc/apache2/sites-available/office.domain.com.conf

where office.domain.com is domain you use for CODE