Can't edit documents with CODE


I can create documents and open them, but I can’t edit them using CODE. The “Collabora Online server is reachable”…but I don’t think it’s running properly. Thank you.

More info

Firstly, massive kudos to everyone involved in Nextcloud, the awesomeness of which has been slowly revealing itself to me over the past few weeks :slight_smile: It works really well…but I think I need some help with CODE, please.

Initially, I followed the docker instructions here. When I realised that was slightly different, I stopped the container, purged docker entirely (don’t need it yet), and followed these (much simpler) instructions. (I didn’t understand the relationship between Nextcloud and Collabora to begin with; sorry).

…But it doesn’t work, and I don’t know why (yet).

I can create .odt .ods and .odp files in Nextcloud, and I can open them :slight_smile: But I can’t edit them :frowning:

I see “Document name”(?) flash up very briefly, then I see menus (File, Edit, View, Insert, Tools…which are highlighted as I mouse-over them but otherwise do nothing), plus an X in the top right-hand corner (which works: it returns me to my Documents folder); see screenshot:

But other than this it’s just a blank empty window(?)

I uploaded an .odt file I created on my laptop in LibreOffice; same behaviour.

The Collabora Online AppImage is running (nominally, anyway); see

sudo ps a | grep [A]ppImage
sudo -u www-data /path/to/nextcloud/apps/richdocumentscode/collabora/Collabora_Online.AppImage

…but it doesn’t seem to start properly: syslog says

Collabora_Online.AppImage[104109]: LibreOffice - dialog 'loolforkit - Fatal Error': 'The application cannot be started.
Collabora_Online.AppImage[104109]: User installation could not be completed. 'loolforkit - Fatal Error: The application cannot be started.
Collabora_Online.AppImage[104109]: User installation could not be completed.
Collabora_Online.AppImage[104112]: sh: 1: /tmp/.mount_Collabg5ogiE/usr/bin/loolmount: not found

Things I’ve tried:

  1. Reloading apache, restarting apache, rebooting the server (“low-hanging fruit” but worth a try)
  2. Temporarily disabling the “breeze dark” theme (ditto)
  3. Checking app perms: both /path/to/nextcloud/apps/richdocuments{,code} are 755 for www-data:www-data

I’m always loth to disable security stuff, but I’ve also tried:

  1. Disabling open_basedir in {apache2,cli}/php.ini
  2. Remounting /tmp more permissively (it’s normally nodev, noexec, nosuid)
  3. Remounting ncroot (the Logical Volume Nextcloud lives in) more permissively

A couple of things about /tmp:

/tmp/loolwsd.<random string>/

jails/ is empty…but that log file is pretty full; the entries that leap out are:

WRN  No live Kits exist, and we are not terminating yet
WRN  Security warning: running without chroot jails is insecure 
WRN  Prisoner connection disconnected but without valid socket
WRN  Removing dead spare child 

(I don’t know what #1 means; #2 sounds vaguely alarming; #3 and #4 suggest some horrific dystopian nightmare)

There’s also this (many times):

ERR  Failed to unmount [/tmp/loolwsd.mxj4cgSaPB/jails/5KZGGhqlLtxnq5h0/tmp]
  1. There are lots of empty folders owned by www-data in /tmp, named “lu3383s8w???.tmp” (where ??? is alphanumeric). Is this normal? Should they be persistent? (Obviously they’ll get wiped on reboot, but…).

I’m not sure what to try next. Any help gratefully received!

Thanks for reading, and sorry for a long post.


Bare-metal install (i.e. not a container or a VM)
Ubuntu 20.04
Apache 2.4.41
postgres 12.5
php 7.4
Nextcloud 20.0.1
Collabora Online 3.7.9
CODE 6.4.14

Administration > Overview > Security & setup warnings
…says “All checks passed”

Administration > Collabora Online Development Edition
…says “Collabora Online server is reachable”

Administration > Logging
…says “Error: Undefined offset: 3 at /var/www/ncroot/nextcloud/lib/private/legacy/OC_Helper.php#548”
…but that may be unrelated(?)

Got it: it’s an SSL issue.

(This is why one should always ask for help: either someone will tell you the answer, or the act of formulating the question leads you to it anyway…)

I had another look in loolwsd.log, and found ERRs referring to SSL/TLS versions.

I’m using the “Modern” vhost config generated by Mozilla’s SSL Configuration Generator, which disallows TLS v1, 1.1 & 1.2. If I switch to the “Intermediate” config - which allows TLS v1.2 - CODE works :slight_smile:

…Though I still get:

[ loolwsd ] WRN  SSL support: SSL is disabled.

…which suggests it shouldn’t make a difference(?)

I also get:

WRN  File not found: Private key file: /etc/loolwsd/proof_key
No proof-key will be present in discovery.
If you need to use WOPI security, generate an RSA key using this command:
or if your config dir is not /etc, you can run ssh-keygen manually:
    ssh-keygen -t rsa -N "" -m PEM -f "/etc/loolwsd/proof_key"
Note: the proof_key file must be readable by the loolwsd process.| wsd/ProofKey.cpp:157

I tried:

sudo mkdir /etc/loolwsd/ # 'cos it didn't exist
sudo ssh-keygen -t rsa -N "" -m PEM -f "/etc/loolwsd/proof_key"
sudo chown www-data:www-data /etc/loolwsd/proof_key
sudo reboot

…but it didn’t make any difference, presumably because the config dir it’s referring to is the one in a jail in /tmp(?)

I also get:

WRN  Security warning: running without chroot jails is insecure.
ERR  Security: Running without the capability to enter a chroot jail is ill advised.
ERR  Security: Running without the ability to filter system calls is ill advised.

…but I’m not sure what I can do about that(?)

I still get all those folders in /tmp, all but two of which are empty…

Re: random folders in system/global /tmp

I don’t think they’re a problem, but a quick experiment shows you can add


to the [Service] section of the systemd file. Then do (e.g.)

d /path/to/some_dir/collabora_tmp 0700 www-data www-data

as /etc/tmpfiles.d/collabora_tmp.conf (assuming /path/to/somewhere exists, obvs) if you don’t want them in /tmp.

CODE is running really well - looks like a great app :slight_smile: