I’m running Nextcloud Hub 6 27.1.11 with Nextcloud office (8.2.12) as a docker install.
I’m trying to setup the WOPI allow list. I’ve been trying to do this on-and-off for a while. It seems a desirable - although not necessary - step to get things running secure.
Steps so far.
Find docker details:
root@stanworth:/home/james# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b7a2fccc4f26 collabora/code "/start-collabora-on…" 9 minutes ago Up 34 seconds 127.0.0.1:9980->9980/tcp NEXTCLOUDOFFICE
hi @James_O_Stanworth! this topic is in fact easy and complicated at the same time because there is mix two different concepts. WOPI protocol itself is completely about DNS (consult Collabora integration guide for details) but the WOPI allow list only works with Ip addresses.
Basically speaking this list should cover IP addresses where the request comes from (like in a firewall). To know where it comes from you must understand the whole way of the request from the CODE server to access Nextcloud. usually and as best practice both systems use public DNS names for communication. This make CODE resolving the public DNS name of Nextcloud to its public IP… in turn CODE connects to a public IP of NC often traveling all the way from internal CODE server to the router to the internet and coming back through the router public IP, port forwarding, maybe reverse proxy hitting the NC server… this is the reason why often your public IP must be included in the allow list to make CODE work…
PS: there are technics like splitbraindns addressing the issue and routing the traffic internally but this add complexity and require some understanding of networking basics.