Collabora and Nextcloud 11

Hey folks!
Merry Christmas :wink:

I’m using nextcloud 11 on my Debian8 server with Nginx.
I installed collabora docker with this tutorial: https://icewind.nl/entry/collabora-online

If I would like to edit a document, I get an “not available” error. :open_mouth:

root@debian:/# docker ps    
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                      NAMES
9ac778b39717        collabora/code      "/bin/sh -c 'bash sta"   About a minute ago   Up 39 seconds       127.0.0.1:9980->9980/tcp   cocky_lamport
Nginx config file
server {
    listen 12345 ssl http2; 
    server_name domain.com;

[…] here are more nextcloud parts […]

# static files
location ^~ /loleaflet {
    proxy_pass https://localhost:9980;
    proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
    proxy_pass https://localhost:9980;
    proxy_set_header Host $http_host;
}

# websockets, download, presentation and image upload
location ^~ /lool {
    proxy_pass https://localhost:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
}

[details=ufw status]ufw status

Status: active
To                         Action      From
--                         ------      ----
...
9980/tcp                   ALLOW       Anywhere
9980/tcp                   ALLOW       Anywhere (v6)
...

[/details]

[details=netstat -lnpt] netstat -lnpt
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:9980 0.0.0.0:* LISTEN 591/docker-proxy
[/details]

Anybody an idea to solve this problem? Thanks for your support!

EDIT#1: more informations:
docker started with user “web2"
“web2” is the owner of the web root and nextcloud instance
"web2” is member of the groupe “docker”

EDIT#2:
If I open the URL https://domain.com:12345/hosting/discovery, I get the XML file

[details=XML-File]

























































































































































































































































































[/details]

EDIT#3:
Ok, from now on I got a new error message: “access forbidden”.

1 Like

I got the same ‘Access denied’ error, and could not solve it until now …
NC 11 on Ubuntu 16.04 LTS + Apache + SSL

1 Like

the same issue here.

Are you using some hosting software on your cloud?
I’m having the same (Acess Forbiden) issue with an ISPConfig-Apache based instance.

My guess is that is related with the open_basedir or maybe the docker permissions, who knows.
Does anyone has a clue where to check logs on docker/collabora?
I’m pretty new to it.

Thanks.

I using Pleak Onyx. With NC 10 collabora works,but not with NC11

Same here (and commenting in hope for useful hints :wink: ).
Ubuntu 16.04 with ISPconfig3.1
fresh Nextcloud11 installation
Collabora is enabled in NC, I can create files but I can’t edit them.

Things to check:

  • Docker runs the container with the nextcloud instance url (ssl required) - my\\.nc\\.com
  • The collabora domain is a proxy and should have ssl enabled - editor.nc.com
  • They both point to the same IP
  • docker can be run with web user (?!)
  • ufw is properly configured / or not enabled
  • the collabora app is enabled
  • The collabora url app format is: https://editor.nc.com/

The info at: https://nextcloud.com/collaboraonline/ it’s been updated and works.
My error was using the incorrect url format: (https://editor.domain.com:9980)
Cheers!

Hi all !

Feedback time : ever since the COllabora app was updated (a few days ago), it’s working !

So good news,

THanks all

Apols was looking in the wrong place for Collaboro and posted in Apps.

I am getting the same error and in the logs I am getting the below.

Trusted domain error. “192.168.1.7” tried to access using “192.168.1.9” as host.

I had quite a long day yesterday of trying to do sysadmin in docker with sysadmin so my whole Nextcloud install got very much extended.

I used the same source tutorial as GLLM but I have a hunch its because I opted to use the sankeoil certs of ubuntu.
I have the right URL as we connect by straight https and the proxy connects on 9980.

I am not sure how many of you are running valid certs and have your domain dns correct, but I will be onsite tomoz and rather than demo testing I will get the certs and DNS right.

Currently I am not running on localhost have created windows hosts ammendments that should override DNS but get the same error.

I feel happier now I found the right category as felt slightly alone and was thinking it was just me.

Its great GLLM says its working, so we know it does, what certs and DNS method did you guys use?

Collabora and Nextcloud 11 like GLL says

I think that one is because you have specified the container port in the colabora settings whilst the proxy redirects to the container so it should be straight https.

Noticed a lot of you guys are on I guess shared hosting and just wondered if you had created a seperate subdomain fot the collabora server so the DNS is right.

After that I am thinking we are looking a cert error or maybe the trusted domain section of config.php, which I have edited to included office.mydomain.com.

You can get inside of the container by docker exec -it ‘containerid’ /bin/bash

I did a domain ping from the container ping office.mydomain.com and now totally confused as who are Catalyst2 Services Ltd?
I did another check as well and in my client browser typed https://office.mydomain.com and ended up on the NextCloud page so the proxy isn’t working correct.

.

Now had limited success and it would seem to of been DNS and certs.

I have been running the excellent howto by Jason Bayton https://bayton.org/2016/07/installing-nextcloud-on-ubuntu-16-04-lts-with-redis-apcu-apache/

I am self hosting so the router is set up to port forward https http and (dns? dunno added it anyway)
Internally unless I edit the client hosts file to set nc.mydomain.com & office.mydomain the external DNS route internally will end you up on the router(public ip) rather than 192.168.1.9.
Externally it would work fine.

So my domain control panel has the nc.mydomain,com and office.mydomain.com ip of my public IP (router ip)
In windows edited the C:\Windows\System32\drivers\etc\hosts file to include.

192.168.1.9 nc.mydomain.com
192.168.1.9 office.mydomain.com

The free cert setup by https://letsencrypt.org/getting-started/ is just brilliant with or without shell access.
All certs catered for.

Now when I click on a document collabora launches but gives me a message “Well, this is embarrassing, we cannot connect to your document. Please try again.”

So maybe this is just trusted domains? Off to check the logs in that docker container.

No… :slight_smile: Think its prob to do with this line in Apache error log but not sure why or what permission is being denied.
[authz_core:error] [pid 9003] [client 192.168.1.7:54881] AH01630: client denied by server configuration: /var/www/html/data/.ocdata

No need to forward DNS (53) to your internal server.
Are you saying before you edited the hosts file the URLs internally landed you on your router admin page?

Does your router rupport DNS override? I’ve switched my dumb router out for a PFsense box and will never go back due to the advanced features for my network, but many normal routers will at least offer DNS overrides.

Yeah dunno why I did DNS but hey, yeah my public IP is the router address and the port forwarding only works one way.
So yeah it would take me to the Talk Talk internal config page.
I haven’t worked for a long time but usually with internal subnets you would run off a split DNS but hacking the hosts files for a single computer is no prob.
Its so long can not even remember if that is normal port forwarding behaviour I think so lol.

I have been doing quite a bit with Next Cloud over the last couple of days and really should of took a hint with your article but it took me till last night to install NC 9 :slight_smile:

The only reason 9 is referenced is because that’s the version available when I wrote it - I’m all for latest and greatest! I should edit it.

NAT loopback (accessing your internal services via external hostname) is disabled for talktalk routers. Annoying.

Doesn’t matter really I could prob set up bind or DNS masq and set the router DNS to the owncloud box and still use it for dhcp.
Its virgin at the community Jason are they still static IP’s? They say they are DHCP but from experience they never change, but again I don’t do this stuff regular.

Its me who has plumed for 9, the Collaboro probs are a game breaker, just need to install 9 for what is little more than a 1 man show. In fact 10 as the missing email function isn’t really a bother either.
11 is still hot off the press and yeah I will be eventually employing it.
Eventually I will work out Collabora but I can install 9 tomoz and get to grips with 11 at my leisure.

Its been three days second day I just had one of those days where I ass hatted everything but the last install, I am pretty sure should of worked and it didn’t. I can’t install something that says “Well this is embarising…” :slight_smile:

If you have any input as I am stumped and just going to install 9 short term.

@Stuart_Naylor
Check for the updates at https://www.collaboraoffice.com/community-en/code-2-0-updates-2/
The proxy setting has been changed.

Cheers.

office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:13:02 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 3841 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:13:11 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:13:42 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:13:47 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:15:37 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:17:00 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:17:07 +0000] "POST /loleaflet/2.0.1/loleaflet.html?WOPISrc=https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx&title=About.odt&lang=en_GB&closebutton=1&revisionhistory=1 HTTP/1.1" 200 1753 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:17:07 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D9qiigYkl2xwRQop2n3tclSEqdJobD4Gi%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 200 508 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:21:28 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D9qiigYkl2xwRQop2n3tclSEqdJobD4Gi%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 200 3469 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:21:42 +0000] "POST /loleaflet/2.0.1/loleaflet.html?WOPISrc=https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx&title=About.odt&lang=en_GB&closebutton=1&revisionhistory=1 HTTP/1.1" 200 1755 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:21:42 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3DUKYzdZxCd2Z7I1p02fBRdLvwErSv02yc%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 200 508 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"

No sorry still the same and I am not sure why it pops out in the other_vhosts log

@Stuart_Naylor
Let’s meet at IRC maybe we can troubleshoot this out.
It’s not that hard after all.
I’m self hosting too and everything works.

Maybe at nextcloud on freenode.
Tell me when

I will be here onsite all day, so very early yet but if you are around give us a shout.

I will open some ports up, as that is an extremely generous offer.

My email is stuartiannaylor@thursbygarden.org I will open up 22 and 10,000 as have webmin running and that should make it real easy and minimise any of your time.
I will send the passwords by email :slight_smile:

It will be interesting to see what I have done so we can publish a don’t do this in the forums.

yep, im also having the mentioned issues since NC 11.

so if anyone has a solution… ill pray for you the next time :slight_smile: