Hey everyone,
i am having trouble configuring collabora to work with nextcloud office.
I can configure my collabora server in nextcloud office and it will show me the green checkmark but when i try to open a document i get the Unauthorised WOPI host. Please try again later and report to your administrator if the issue persists.
My docker setup is:
- Nextcloud V29.0.5
- Collabora: V24.04.6.2.1 (the latest V24.04.7.1.1 will not start up completley complaining about partitions being mounted with the nosuid option)
- NGINX Proxy Manager: V2.11.1
All services are in their own docker compose and connected via a docker bridge network and nginx proxy manager is used to generate lets encrypt certificates for the subdomains.
All containers are vanilla, and nextcloud was only modified via the environment variables as listed below and by installing nextcloud office.
Following @wwe’s integration guide i did the following connectivity checks which all went through except the last one:
- From the client, verify access to the Nextcloud UI using a browser or run:
curl https://cloud.mydomain/status.php
- From the client, verify access to Collabora using a browser or run:
curl https://office.mydomain/hosting/discovery
- Ensure the result is an XML document describing the capabilities of the WOPI client.
- Verify that the content of the XML document reflects the correct public hostname.
- Ensure the content of the document uses the correct https:// URL scheme.
- From Nextcloud, verify access to Collabora:
curl https://office.mydomain/hosting/discovery
- From Collabora, verify access to the Nextcloud UI:
curl https://cloud.mydomain/status.php
Fails with:
The same works though with http://cloud.mydomain/status.php* connect to 172.21.0.8 port 443 failed: Connection refused. * Failed to connect to cloud.mydomain port 443 after 1 ms: Couldn't connect to server
Here are some compose snippets that might help to troubleshoot:
nextcloud compose:
services:
nc_app:
image: nextcloud:29.0.5
container_name: nc_app
restart: always
hostname: ${OVERWRITEHOST}
depends_on:
- nc_db
- nc_redis
expose:
- 80
- 443
volumes:
- ./nc/html:/var/www/html
- ./nc/custom_apps:/var/www/html/custom_apps
- ./nc/config:/var/www/html/config
- ./nc/data:/var/www/html/data
env_file:
- .env
networks:
backend:
frontend:
ipv4_address: 172.21.0.8
nextcloud .env:
PUID=1000
PGID=1000
NEXTCLOUD_TRUSTED_DOMAINS=cloud.mydomain.com
NEXTCLOUD_ADMIN_USER=nc_admin
NEXTCLOUD_ADMIN_PASSWORD="password"
TRUSTED_PROXIES=172.21.0.2
OVERWRITEPROTOCOL=https
OVERWRITEHOST=cloud.mydomain.com
APACHE_DISABLE_REWRITE_IP=1
PHP_MEMORY_LIMIT=16G
PHP_UPLOAD_LIMIT=16G
NEXTCLOUD_UPLOAD_LIMIT=16G
collabora compose:
services:
collabora:
image: collabora/code:24.04.6.2.1
restart: always
expose:
- 9980
cap_add:
- MKNOD
environment:
- domain=cloud\\.mydomain\\.de
- username=${COLABORA_USER}
- password=${COLABORA_USER}
- PUID=1000 # Should be the same as the other containers
- PGID=1000
networks:
frontend:
ipv4_address: 172.21.0.4
nginx proxy manager compose:
services:
# https://nginxproxymanager.com/setup/#running-the-app
npm_proxy:
image: 'jc21/nginx-proxy-manager:2.11.1'
container_name: npm_proxy
restart: always
ports:
- '80:80'
- '443:443'
- '81:81' # Admin Web Port. This line can be commented after setting this up as a proxy host in NPM
environment:
# Uncomment this if IPv6 is not enabled on your host
- DISABLE_IPV6=true
- TZ=Europe/Berlin
- PUID=1000 # Should be the same as the other containers
- PGID=1000
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
- ./snippets:/snippets
networks:
frontend:
ipv4_address: 172.21.0.2
NGINX Configuration:
- collabora (I adapted the one from the official documentation):
# static files
location ^~ /browser {
proxy_pass $forward_scheme://$server:$port;
proxy_set_header Host $host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass $forward_scheme://$server:$port;
proxy_set_header Host $host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass $forward_scheme://$server:$port;
proxy_set_header Host $host;
}
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass $forward_scheme://$server:$port;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
}
# download, presentation, and image upload
location ~ ^/(c|l)ool {
proxy_pass $forward_scheme://$server:$port;
proxy_set_header Host $host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass $forward_scheme://$server:$port;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
}
- nextcloud
location /.well-known/carddav {
return 301 $forward_scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $forward_scheme://$host/remote.php/dav;
}
Logs
- Nextcloud (installation of richdocuments and me trying to create and open an new .odt document)
[...]
nc_app | Nextcloud was successfully installed
nc_app | Setting trusted domains…
nc_app | System config value trusted_domains => 1 set to string cloud.mydomain.de
nc_app | => Searching for scripts (*.sh) to run, located in the folder: /docker-entrypoint-hooks.d/post-installation
nc_app | ==> Running the script (cwd: /var/www/html): "/docker-entrypoint-hooks.d/post-installation/richdocuments.sh"
nc_app | Initializing nextcloud setup...
nc_app | richdocuments 8.4.5 enabled
nc_app | Config value 'wopi_url' for app 'richdocuments' is now set to 'https://office.mydomain.de', stored as mixed in fast cache
nc_app | ✓ Reset callback url autodetect
nc_app | Checking configuration
nc_app | 🛈 Configured WOPI URL: https://office.mydomain.de
nc_app | 🛈 Configured public WOPI URL: https://office.mydomain.de
nc_app | 🛈 Configured callback URL:
nc_app |
nc_app | ✓ Fetched /hosting/discovery endpoint
nc_app | ✓ Valid mimetype response
nc_app | ✓ Valid capabilities entry
nc_app | ✓ Fetched /hosting/capabilities endpoint
nc_app | ✓ Detected WOPI server: Collabora Online Development Edition 24.04.6.2
nc_app |
nc_app | Collabora URL (used for Nextcloud to contact the Collabora server):
nc_app | https://office.mydomain.de
nc_app | Collabora public URL (used in the browser to open Collabora):
nc_app | https://office.mydomain.de
nc_app | Callback URL (used by Collabora to connect back to Nextcloud):
nc_app | autodetected (will use the same URL as your user for browsing Nextcloud)
nc_app | ==> Finished the script: "/docker-entrypoint-hooks.d/post-installation/richdocuments.sh"
nc_app | Initializing finished
[...]
nc_app | 111.222.333.444 - - [03/Sep/2024:14:37:05 +0000] "POST /apps/text/session/48/sync HTTP/1.1" 200 1358 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
nc_app | 111.222.333.444 - - [03/Sep/2024:14:37:05 +0000] "PROPFIND /remote.php/dav/files/myuser_admin/New%20document.odt HTTP/1.1" 207 1442 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
nc_app | 111.222.333.444 - - [03/Sep/2024:14:37:05 +0000] "GET /apps/files/api/v1/views HTTP/1.1" 200 759 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
nc_app | 111.222.333.444 - - [03/Sep/2024:14:37:05 +0000] "POST /apps/richdocuments/token HTTP/1.1" 200 1021 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
nc_app | 111.222.333.444 - - [03/Sep/2024:14:37:05 +0000] "PROPFIND /remote.php/dav/files/myuser_admin//New%20document.odt/ HTTP/1.1" 207 1434 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
nc_app | 111.222.333.444 - - [03/Sep/2024:14:37:05 +0000] "GET /core/preview?fileId=249&x=32&y=32&mimeFallback=true&a=0 HTTP/1.1" 200 1083 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
nc_app | 111.222.333.444 - - [03/Sep/2024:14:37:05 +0000] "POST /apps/text/session/48/sync HTTP/1.1" 200 1065 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
- collabora logs showing some warnings after collabora started and the logs created when trying to open a document in nextcloud office
[...]
collabora-1 | Ready to accept connections on port 9980.
collabora-1 |
collabora-1 | wsd-00001-00001 2024-09-03 14:46:42.670895 +0000 [ coolwsd ] TRC Have 1 new children.| wsd/COOLWSD.cpp:4413
collabora-1 | wsd-00001-00001 2024-09-03 14:46:42.670909 +0000 [ coolwsd ] INF WSD initialization complete: setting log-level to [warning] as configured.| wsd/COOLWSD.cpp:4428
collabora-1 | wsd-00001-00001 2024-09-03 14:46:42.671952 +0000 [ coolwsd ] WRN Waking up dead poll thread [main], started: false, finished: false| net/Socket.hpp:727
collabora-1 | frk-00026-00026 2024-09-03 14:46:42.672481 +0000 [ forkit ] WRN The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:557
collabora-1 | frk-00026-00026 2024-09-03 14:46:42.683596 +0000 [ forkit ] WRN The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:557
collabora-1 | frk-00026-00026 2024-09-03 14:46:42.695491 +0000 [ forkit ] WRN The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:557
collabora-1 | WOPI::CheckFileInfo failed for URI [https://cloud.seesselberg.fyi/index.php/apps/richdocuments/wopi/files/249_oc343uzvjni7?access_token=YHyk68yiYIshKRcdpik7fPRq4842dWtd&access_token_ttl=0]: 0 (Unknown) . Headers: Body: []| wsd/wopi/CheckFileInfo.cpp:95
collabora-1 | wsd-00001-00034 2024-09-03 14:46:52.031774 +0000 [ websrv_poll ] ERR #31: Invalid URI or access denied to [https://cloud.mydomain.de/index.php/apps/richdocuments/wopi/files/249_oc343uzvjni7?access_token=YHyk68yiYIshKRcdpik7fPRq4842dWtd&access_token_ttl=0]| wsd/wopi/CheckFileInfo.cpp:109
collabora-1 | wsd-00001-00034 2024-09-03 14:46:52.212450 +0000 [ websrv_poll ] ERR #30: CheckFileInfo failed for [https%3A%2F%2Fcloud.mydomain.de%3A443%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F249_oc343uzvjni7], State::Fail| wsd/RequestVettingStation.cpp:281
I would very greatful if anyone could point me somewhere, where i can figure out what the issue is here.