Collabora and Nextcloud 11

Collabora and Nextcloud 11 like GLL says

I think that one is because you have specified the container port in the colabora settings whilst the proxy redirects to the container so it should be straight https.

Noticed a lot of you guys are on I guess shared hosting and just wondered if you had created a seperate subdomain fot the collabora server so the DNS is right.

After that I am thinking we are looking a cert error or maybe the trusted domain section of config.php, which I have edited to included office.mydomain.com.

You can get inside of the container by docker exec -it ‘containerid’ /bin/bash

I did a domain ping from the container ping office.mydomain.com and now totally confused as who are Catalyst2 Services Ltd?
I did another check as well and in my client browser typed https://office.mydomain.com and ended up on the NextCloud page so the proxy isn’t working correct.

.

Now had limited success and it would seem to of been DNS and certs.

I have been running the excellent howto by Jason Bayton https://bayton.org/2016/07/installing-nextcloud-on-ubuntu-16-04-lts-with-redis-apcu-apache/

I am self hosting so the router is set up to port forward https http and (dns? dunno added it anyway)
Internally unless I edit the client hosts file to set nc.mydomain.com & office.mydomain the external DNS route internally will end you up on the router(public ip) rather than 192.168.1.9.
Externally it would work fine.

So my domain control panel has the nc.mydomain,com and office.mydomain.com ip of my public IP (router ip)
In windows edited the C:\Windows\System32\drivers\etc\hosts file to include.

192.168.1.9 nc.mydomain.com
192.168.1.9 office.mydomain.com

The free cert setup by https://letsencrypt.org/getting-started/ is just brilliant with or without shell access.
All certs catered for.

Now when I click on a document collabora launches but gives me a message “Well, this is embarrassing, we cannot connect to your document. Please try again.”

So maybe this is just trusted domains? Off to check the logs in that docker container.

No… Think its prob to do with this line in Apache error log but not sure why or what permission is being denied.
[authz_core:error] [pid 9003] [client 192.168.1.7:54881] AH01630: client denied by server configuration: /var/www/html/data/.ocdata

No need to forward DNS (53) to your internal server.
Are you saying before you edited the hosts file the URLs internally landed you on your router admin page?

Does your router rupport DNS override? I’ve switched my dumb router out for a PFsense box and will never go back due to the advanced features for my network, but many normal routers will at least offer DNS overrides.

Yeah dunno why I did DNS but hey, yeah my public IP is the router address and the port forwarding only works one way.
So yeah it would take me to the Talk Talk internal config page.
I haven’t worked for a long time but usually with internal subnets you would run off a split DNS but hacking the hosts files for a single computer is no prob.
Its so long can not even remember if that is normal port forwarding behaviour I think so lol.

I have been doing quite a bit with Next Cloud over the last couple of days and really should of took a hint with your article but it took me till last night to install NC 9

The only reason 9 is referenced is because that’s the version available when I wrote it - I’m all for latest and greatest! I should edit it.

NAT loopback (accessing your internal services via external hostname) is disabled for talktalk routers. Annoying.

Doesn’t matter really I could prob set up bind or DNS masq and set the router DNS to the owncloud box and still use it for dhcp.
Its virgin at the community Jason are they still static IP’s? They say they are DHCP but from experience they never change, but again I don’t do this stuff regular.

Its me who has plumed for 9, the Collaboro probs are a game breaker, just need to install 9 for what is little more than a 1 man show. In fact 10 as the missing email function isn’t really a bother either.
11 is still hot off the press and yeah I will be eventually employing it.
Eventually I will work out Collabora but I can install 9 tomoz and get to grips with 11 at my leisure.

Its been three days second day I just had one of those days where I ass hatted everything but the last install, I am pretty sure should of worked and it didn’t. I can’t install something that says “Well this is embarising…”

If you have any input as I am stumped and just going to install 9 short term.

@Stuart_Naylor
Check for the updates at https://www.collaboraoffice.com/community-en/code-2-0-updates-2/
The proxy setting has been changed.

Cheers.

office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:13:02 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 3841 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:13:11 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:13:42 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:13:47 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:15:37 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:17:00 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:17:07 +0000] "POST /loleaflet/2.0.1/loleaflet.html?WOPISrc=https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx&title=About.odt&lang=en_GB&closebutton=1&revisionhistory=1 HTTP/1.1" 200 1753 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:17:07 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D9qiigYkl2xwRQop2n3tclSEqdJobD4Gi%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 200 508 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:21:28 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D9qiigYkl2xwRQop2n3tclSEqdJobD4Gi%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 200 3469 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:21:42 +0000] "POST /loleaflet/2.0.1/loleaflet.html?WOPISrc=https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx&title=About.odt&lang=en_GB&closebutton=1&revisionhistory=1 HTTP/1.1" 200 1755 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:21:42 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3DUKYzdZxCd2Z7I1p02fBRdLvwErSv02yc%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 200 508 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"

No sorry still the same and I am not sure why it pops out in the other_vhosts log

@Stuart_Naylor
Let’s meet at IRC maybe we can troubleshoot this out.
It’s not that hard after all.
I’m self hosting too and everything works.

Maybe at nextcloud on freenode.
Tell me when

I will be here onsite all day, so very early yet but if you are around give us a shout.

I will open some ports up, as that is an extremely generous offer.

My email is stuartiannaylor@thursbygarden.org I will open up 22 and 10,000 as have webmin running and that should make it real easy and minimise any of your time.
I will send the passwords by email

It will be interesting to see what I have done so we can publish a don’t do this in the forums.

yep, im also having the mentioned issues since NC 11.

so if anyone has a solution… ill pray for you the next time

As i mention on the email, the issue was related to the Debian kernel.
You might wanna use Ubuntu (16.04) or a kernel with AUFS support next time, you can see more info on that issue here.

Cheers and enjoy!

Thanks @Ark74 as problem no longer, really good of you to remote access and have a look like that. do you have a paypal or anything so I can send you a couple of beers?

Collabora is also really fast and the presentation is much better than the old document viewer.

I’m glad i was of use.

CODE works great and is very well designed (Libre Office based), personally i prefer to use my local LibreOffice copy than an online one, for mobile devices it should rock though.

Cheers!

Thanks Ark74 for your support, but it doesn’t work for me…(Debian 8) I think thats a “domain” problem in my case.

My Nextcloud domain is https://example.com:51111 and I’m using a LetsEncrypt certificate for this domain. The Nginx config file for CODE using “collabora.example.com” and Port 51111 (LetsEncrypt certificate, too). The Nextcloud app “Collabora Online” using “https://collabora.example.com:51111”.

Is it correct?

I dont get it.
CODE and Nextcloud should be running on the same host (unless you have a complicated configuration).

• CODE proxy port A=9980
• Nextcloud server port B=443

If you use the same port for both applications CODE proxy and Nextcloud SSL
A=B
how are they gonna talk to each other?

Wherever port you use it should be another port than the one you use to serve the https nextcloud server traffic, since they are on the same host/ip.

I would suggest, try the default ports, check everything works, then set them to the desired ones.

Is it not why they have it set up that way as basically they are not using the same port as the proxy redirection sorts that but for some reason are just using SNI to differentiate on the same port?

Now you mention it, it doesn’t really make a lot of sense and just using a different port rather than SNI would make the whole thing less prone to error?

Ah okay, I see. Sorry

Nginx config file: (webserver user: “www-data”

server {
    listen 51111 ssl http2; 
    server_name example.com;

[…] here are more nextcloud parts […]

 # static files
location ^~ /loleaflet {
    proxy_pass https://localhost:9980;
    proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
    proxy_pass https://localhost:9980;
    proxy_set_header Host $http_host;
}

# websockets, download, presentation and image upload
location ^~ /lool {
    proxy_pass https://localhost:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
}

docker (run as user: “www-data”)

docker run -t -d -p 9980:9980 -e "domain=example.com:51111" --cap-add MKNOD collabora/code

Nextcloud app:

https://localhost:9980

Is it correct? Because, I get still the same error message “access denied”.

dont you have to exit the dots with backslashes?

Prob not as every time I got ‘access denied’ it was due to wrong config, as I found out later.
I had either the wrong domain names, apache conf files or DNS errors.

It was Aufs that stumped me in the end but you will prob find the errors are going into other_vhosts.log if the SNI & DNS is not correct.
I also split the log config into nextcloud.log and collaboro.log just to make things a little more easier to distinguish.

Also does your client and server have the correct DNS for the IP running example.com?
example.com should be your standard nextcloud domain.

The second domain often ‘office’ is just using apache (Server Name Indication) to proxy to 9980

Somewhere along the line your config isn’t right, but without seeing whats going on in the logs its hard to say.

ps the original docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=cloud\\.nextcloud\\.com' --restart always --cap-add MKNOD collabora/code

with docker run -t -d -p 9980:9980 -e "domain=example.com:51111" --cap-add MKNOD collabora/code

should look like docker run -t -d -p 9980:9980 -e "domain=example\\.com:51111" --cap-add MKNOD collabora/code

But like I say you should be getting log info to back this up.

I would go back to https://nextcloud.com/collaboraonline/ as there have been a few apache.conf and docker changes that are only slight but might well be the prob.