Collabora: Access Forbidden

I installed Collabora and NC using these guides.

I am running NC and Collabora on the same box. I have full functionality of NC without the Collabora. When I click on a Collabora document, I get redirected to “Access Forbidden”.

Ubuntu 16.04. Apache. Certificates from letsencrypt.

I have tried ufw disable, and nothing changes.

Please share,

docker info

Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 1
Server Version: 1.12.6
Storage Driver: devicemapper
Pool Name: docker-252:0-8652653-pool
Pool Blocksize: 65.54 kB
Base Device Size: 10.74 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 1.74 GB
Data Space Total: 107.4 GB
Data Space Available: 105.6 GB
Metadata Space Used: 1.614 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.146 GB
Thin Pool Minimum Free Space: 10.74 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Use --storage-opt dm.thinpooldev to specify a custom block storage device.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.110 (2015-10-30)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: host overlay bridge null
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: apparmor seccomp
Kernel Version: 4.4.0-64-generic
Operating System: Ubuntu 16.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 992.3 MiB
Name: rangelcloud
ID: DYFA:LPJW:RCFL:PMKD:CZH7:SBCJ:NIYK:PCM7:N3Y7:ILU6:M2FW:4CE2
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Insecure Registries:
127.0.0.0/8

@oguruma do you have data already, or are you testing?

All I have is a few .txt files for testing purposes.

Do you mind test this script.
It should have CODE working.

Sure! I’d love to try it. How do I go about importing this?

I download the install-production script and run it with sudo or root permissions.

I’m looking at an issue that I had to download and run the collabora.sh script manually.
But it works :slight_smile:

Sorry, generally a Linux noob. How do I do this via CLI?

First you need a clean VM or VPS.

Then download the scrip on it.
wget https://raw.githubusercontent.com/nextcloud/vm/master/nextcloud_install_production.sh

Then run the script with sudo,

sudo bash nextcloud_install_production.sh

Follow the installer after it finish download collabora.sh and run it.

You’ll need a domain for nextcloud and code.

Press any key to start the script. Press CTRL+C to abort.
Checking server OS and version…
Nextcloud repo OK
Checking if it’s a clean server…
MySQL is installed, it must be a clean server.
user:~$

… Nothing happens after this. Am I missing something?

What we mean with a clean server, VM, or VPS it is an OS that just got installed.

You can get that mainly by two different meanings:

  1. Using a virtual machine.
    Download the 16.04 iso and then follow the installer. When you get to select the packages you are going to install you only mark the ones on the image.

  2. You get an Ubuntu 16.04 VPS from Digital Ocean, AWS, etc.

Then you run the script, because if it finds preinstalled packages it will stop and exit.

I seem to be having issues with the letsencrypt script.

After running sudo bash /var/scripts/activate-ssl.sh

and entering my domain, I get: Checking if ‘my.nextcloud.com’ exists and is reachable…
Nope, it’s not there. You have to create ‘my.nextcloud.com’ and point
it to this server before you can run this script.

I have 443 forwarded and can access it from outside my network with that domain.

Quick questions,

If you wanna use something simple to test, check here.

Yes, of course I used the real domain, not my.nextcloud.com.

I verified lets encrypt works, by adding a virtual host file and running lets encrypt via sudo letsencrypt --apache --agree-tos --email your-email-address -d nextcloud.your-domain.com

The NAT/Port Forward configuration (PFsense box) is the same I used on the old VM I was using, and I successfully set up https with that VM, I just changed the port forward config to reflect the internal IP of the new VM.

It needs to be reachable from outside your network.
So if anyone hits your public ip, let’s say ->123.456.789.012:443

They should be able to hit that VM on your system, so your VM needs a bridge network or really crafty port redirections.
I’ve tested the script several times, it works with VMs and VPS.

You might have missing configuration on the box, vm, or maybe the router.

Hmmmm bridged adapter is enabled on the VM.

It is reachable from outside the network, I just tried it on my work PC.

Also, lets encrypt found it when I ran the standard lets encrypt command, doesn’t that indicate that it’s reachable?

The script should take care everything, setting domains, setting SSL, installing server, apps.
It may be a little quirky but should complete.

Anyhow, if you find what seems to be a bug please fill and issue here.

I’m not sure what the deal is. I just re-ran the entire script. I am looking at my SSL Labs report (A-) on that domain, and I still get

It seems like Nextcloud is not installed or that you don’t use https on: example.mycloud.com
Please install Nextcloud and make sure your domain is reachable, or activate SSL on your domain to be able to run this script.

I can also log into to the nextcloud server from outside the network (IE my work computer).