@Stuart_Naylor
Check for the updates at https://www.collaboraoffice.com/community-en/code-2-0-updates-2/
The proxy setting has been changed.
Cheers.
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:13:02 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 3841 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:13:11 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:13:42 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:13:47 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:15:37 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 503 775 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:17:00 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D6XzoeoutRvRlxqY9nL3wP6MTnZEGSh6Y%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:17:07 +0000] "POST /loleaflet/2.0.1/loleaflet.html?WOPISrc=https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx&title=About.odt&lang=en_GB&closebutton=1&revisionhistory=1 HTTP/1.1" 200 1753 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:17:07 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D9qiigYkl2xwRQop2n3tclSEqdJobD4Gi%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 200 508 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:21:28 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3D9qiigYkl2xwRQop2n3tclSEqdJobD4Gi%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 200 3469 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:21:42 +0000] "POST /loleaflet/2.0.1/loleaflet.html?WOPISrc=https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx&title=About.odt&lang=en_GB&closebutton=1&revisionhistory=1 HTTP/1.1" 200 1755 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
office.thursbygarden.org:443 192.168.0.67 - - [13/Jan/2017:09:21:42 +0000] "GET /lool/https%3A%2F%2Fnextcloud.thursbygarden.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F8_ocm854z19ekx%3Faccess_token%3DUKYzdZxCd2Z7I1p02fBRdLvwErSv02yc%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1" 200 508 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
No sorry still the same and I am not sure why it pops out in the other_vhosts log
@Stuart_Naylor
Letās meet at IRC maybe we can troubleshoot this out.
Itās not that hard after all.
Iām self hosting too and everything works.
Maybe at nextcloud on freenode.
Tell me when
I will be here onsite all day, so very early yet but if you are around give us a shout.
I will open some ports up, as that is an extremely generous offer.
My email is stuartiannaylor@thursbygarden.org I will open up 22 and 10,000 as have webmin running and that should make it real easy and minimise any of your time.
I will send the passwords by email 
It will be interesting to see what I have done so we can publish a donāt do this in the forums.
yep, im also having the mentioned issues since NC 11.
so if anyone has a solutionā¦ ill pray for you the next time
As i mention on the email, the issue was related to the Debian kernel.
You might wanna use Ubuntu (16.04) or a kernel with AUFS support next time, you can see more info on that issue here.
Cheers and enjoy!
Thanks @Ark74 as problem no longer, really good of you to remote access and have a look like that. do you have a paypal or anything so I can send you a couple of beers?
Collabora is also really fast and the presentation is much better than the old document viewer.
Iām glad i was of use.
CODE works great and is very well designed (Libre Office based), personally i prefer to use my local LibreOffice copy than an online one, for mobile devices it should rock though.
Cheers!
Thanks Ark74 for your support, but it doesnāt work for meā¦(Debian 8) I think thats a ādomainā problem in my case.
My Nextcloud domain is https://example.com:51111 and Iām using a LetsEncrypt certificate for this domain. The Nginx config file for CODE using ācollabora.example.comā and Port 51111 (LetsEncrypt certificate, too). The Nextcloud app āCollabora Onlineā using āhttps://collabora.example.com:51111ā.
Is it correct?
I dont get it.
CODE and Nextcloud should be running on the same host (unless you have a complicated configuration).
- CODE proxy port A=9980
- Nextcloud server port B=443
If you use the same port for both applications CODE proxy and Nextcloud SSL
A=B
how are they gonna talk to each other?
Wherever port you use it should be another port than the one you use to serve the https nextcloud server traffic, since they are on the same host/ip.
I would suggest, try the default ports, check everything works, then set them to the desired ones.
Is it not why they have it set up that way as basically they are not using the same port as the proxy redirection sorts that but for some reason are just using SNI to differentiate on the same port?
Now you mention it, it doesnāt really make a lot of sense and just using a different port rather than SNI would make the whole thing less prone to error?
Ah okay, I see. Sorry
Nginx config file: (webserver user: āwww-dataā
server {
listen 51111 ssl http2;
server_name example.com;
[ā¦] here are more nextcloud parts [ā¦]
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
docker (run as user: āwww-dataā)
docker run -t -d -p 9980:9980 -e "domain=example.com:51111" --cap-add MKNOD collabora/code
Nextcloud app:
https://localhost:9980
Is it correct? Because, I get still the same error message āaccess deniedā.
dont you have to exit the dots with backslashes?
1 Like
Prob not as every time I got āaccess deniedā it was due to wrong config, as I found out later.
I had either the wrong domain names, apache conf files or DNS errors.
It was Aufs that stumped me in the end but you will prob find the errors are going into other_vhosts.log if the SNI & DNS is not correct.
I also split the log config into nextcloud.log and collaboro.log just to make things a little more easier to distinguish.
Also does your client and server have the correct DNS for the IP running example.com?
example.com should be your standard nextcloud domain.
The second domain often āofficeā is just using apache (Server Name Indication) to proxy to 9980
Somewhere along the line your config isnāt right, but without seeing whats going on in the logs its hard to say.
ps the original docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=cloud\\.nextcloud\\.com' --restart always --cap-add MKNOD collabora/code
with docker run -t -d -p 9980:9980 -e "domain=example.com:51111" --cap-add MKNOD collabora/code
should look like docker run -t -d -p 9980:9980 -e "domain=example\\.com:51111" --cap-add MKNOD collabora/code
But like I say you should be getting log info to back this up.
I would go back to https://nextcloud.com/collaboraonline/ as there have been a few apache.conf and docker changes that are only slight but might well be the prob.
Hmmā¦ IĀ“ve still the same result: āaccess deniedā.
I updated docker image and changed the command into this (https://nextcloud.com/collaboraonline/#update")
docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=example\\.com' --restart always --cap-add MKNOD collabora/code
If I run ādocker psā and ādocker logs IDā, I get this:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
19c53dfae22c collabora/code "/bin/sh -c 'bash sta" 11 minutes ago Up 11 minutes 127.0.0.1:9980->9980/tcp dreamy_boyd
$ docker logs 19c53dfae22c
Generating RSA private key, 2048 bit long modulus
..........................................................................................................+++
.................................................................................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
...................................................................+++
...........+++
e is 65537 (0x10001)
Signature ok
subject=/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost
Getting CA Private Key
loolforkit version details: 2.0.1 - 2.0.1
office version details: { "ProductName": "Collabora Office", "ProductVersion": "5.1", "ProductExtension": ".10.15", "BuildId": "345fa14e85e6e36ad0280f4e549c70f6b9af1a18" }
I tried also to enable/disable the firewall (ufw)ā¦ Port 9980 is open
EDIT: Are the backslashes necessary for each special character or only for the dots? Because my real domain have a dash (e.g. https://domain-example.com:51111)
If you are now using the default 9980 port for docker.
At the app configuration try with https://your-domain.com, do not specify any port.
Last time that was an issue for me.
Its just a bash regular expression and to be honest they are anything but regular as I am rubbish at regular expressions.
Think the only gotchaās are \ for a . and I think its just one for a forward slash such as /
That should cover the domain name or if you are using a directory from root.
Presuming you did the docker ps, docker rm , then run another container.
I think underscore and dash need no escape character.
Set it up again and see if you can post the last lines of your apache logs if its complaining about not being able to connect.
well, iāve tried to reproduce it and as it seems its still the same problem even with correct collabora-parameters set in NC or OC.
selfsigned or public-signed certificates, same result, also with adding the certificates to the ca-bundle still the same result.
anyone got a workaround for this or a functioning method with the following dependencies?
- Nextcloud 11+
- MySQL
- Docker
- Apache2
- Apache2 reverse-proxy
- Ubuntu 16.04 LTS
- Docker Image (collabora/code)
What Ive got so far from the NC-logs:
OCP\AppFramework\QueryException: Could not resolve OCA\Richdocuments\Settings\Section! Class OCA\Richdocuments\Settings\Section does not exist
/var/www/html/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php - line 117: OC\AppFramework\Utility\SimpleContainer->resolve(āOCA\Richdocumenā¦ā)
/var/www/html/nextcloud/lib/private/ServerContainer.php - line 89: OC\AppFramework\Utility\SimpleContainer->query(āOCA\Richdocumenā¦ā)
/var/www/html/nextcloud/lib/private/Settings/Manager.php - line 319: OC\ServerContainer->query(āOCA\Richdocumenā¦ā)
/var/www/html/nextcloud/lib/private/Settings/Manager.php - line 353: OC\Settings\Manager->query(āOCA\Richdocumenā¦ā)
/var/www/html/nextcloud/settings/Controller/AdminSettingsController.php - line 131: OC\Settings\Manager->getAdminSections()
/var/www/html/nextcloud/settings/Controller/AdminSettingsController.php - line 70: OC\Settings\Controller\AdminSettingsController->getNavigationParameters(āserverā)
[internal function] OC\Settings\Controller\AdminSettingsController->index(āserverā)
/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 160: call_user_func_array(Array, Array)
/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 90: OC\AppFramework\Http\Dispatcher->executeController(Object(OC\Settings\Controller\AdminSettingsController), āindexā)
/var/www/html/nextcloud/lib/private/AppFramework/App.php - line 114: OC\AppFramework\Http\Dispatcher->dispatch(Object(OC\Settings\Controller\AdminSettingsController), āindexā)
/var/www/html/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php - line 47: OC\AppFramework\App main(āOC\Settings\Conā¦ā, āindexā, Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
[internal function] OC\AppFramework\Routing\RouteActionHandler->__invoke(Array)
/var/www/html/nextcloud/lib/private/Route/Router.php - line 299: call_user_func(Object(OC\AppFramework\Routing\RouteActionHandler), Array)
/var/www/html/nextcloud/lib/base.php - line 1010: OC\Route\Router->match(ā/settings/adminā)
/var/www/html/nextcloud/index.php - line 40: OC handleRequest()
{main}
can anyone proove me wrong please? 
Could do with your Apache logs because Apache is being used as a reverse proxy and connecting on 9980 and not NC there will be some good info there on any config error.
You have what is probably the most compatible setup for NC & Collabora, I made a few bad installs, but actually I clicked with the settings and could get Collabora to work, but couldnāt get collabora to open a document.
Ark74 kindly fixed that for me because Aufs isnāt part of the default kernel setup in Debian which I am presuming is in Ubuntu.
That is not your problem though as you seem to be getting the error I was getting where you donāt see Openoffice and just get an āaccess deniedā error.
That with me was just getting things a little mixed with domain names, dns and the apache.conf virtual domains.
I followed the excellent tutorials by xiao guoan on linuxbabe he has three from lamp install with php7.0, Nextcloud and finally Nextcloud and collabora.
You have to update with the slight changes on https://nextcloud.com/collaboraonline/ as there have been a few little tweaks to the .conf scripts.
Apols but maybe start back a scratch with collabora and certs with NC with those tutorials and see how things go and post what it says in both the virtualhost error log and other_vhosts (if it is missing SNI as they will end up there)
You self hosting or cloud/vps?
Okay, I checked everthing (with the settings from linuxbabe.com) now and here the different ways and the results:
And yes, Iām self hosting nextcloud
NC-App:
https://my-example.net -> access denied
https://my-example.net:51111 -> Unauthorized WOPI host
Docker:
docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=my-example\\.net:51111' --restart always --cap-add MKNOD collabora/code
But the docker reverse proxy is working
tcp 0 0 127.0.0.1:9980 0.0.0.0:* LISTEN 24023/docker-proxy
EDIT: The docker logs
$ docker logs a9d839d49179
Generating RSA private key, 2048 bit long modulus
.....+++
...........+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
..+++
...........+++
e is 65537 (0x10001)
Signature ok
subject=/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost
Getting CA Private Key
loolforkit version details: 2.0.1 - 2.0.1
wsd-00026-0027 0:00:22.625848 [ client_req_hdl ] WRN WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:255
wsd-00026-0028 0:00:23.353490 [ client_ws_0002 ] WRN getNewChild: No available child. Sending spawn request to forkit and failing.| wsd/LOOLWSD.cpp:411
wsd-00026-0028 0:00:28.355706 [ client_ws_0002 ] WRN getNewChild: No available child. Sending spawn request to forkit and failing.| wsd/LOOLWSD.cpp:411
wsd-00026-0028 0:00:31.648620 [ client_ws_0002 ] ERR Error in client request handler: No acceptable WOPI hosts found matching the target host [my-example.net] in config.| wsd/LOOLWSD.cpp:1012
office version details: { "ProductName": "Collabora Office", "ProductVersion": "5.1", "ProductExtension": ".10.15", "BuildId": "345fa14e85e6e36ad0280f4e549c70f6b9af1a18" }