Nextcloud version 19.0.0
Debian 9
Apache 2.4.43, also tried Nginx 1.18
PHP version 7.4
I have Nextcloud 19.0.0 server version installed successfully. Everything is working except Collabora. After installing CODE 4.2.3 on an independent server when I try to access a document it renders a blank page in Nextcloud. I’ve tried both Apache and Nginx to no avail and receiving different errors in each upon debug. Included below are the configurations in place and errors received. This is the first I have seen the problem as it is a new install.
Steps to replicate it:
- Attempt to open document or create new
- Blank page is rendered
- Verify logs
I can provide the Nextcloud admin and PHP logs if they will help. I didn’t see any related errors in there.
Here the errors received in Apache log
[Thu Jun 04 21:30:04.405396 2020] [proxy_ajp:debug] [pid 2469:tid 140302622914304] mod_proxy_ajp.c(738): [client ipaddress:43206] AH00894: declining URL http://127.0.0.1:9980/hosting/discovery
[Thu Jun 04 21:30:04.405419 2020] [proxy_fcgi:debug] [pid 2469:tid 140302622914304] mod_proxy_fcgi.c(916): [client ipaddress:43206] AH01077: declining URL http://127.0.0.1:9980/hosting/discovery
[Thu Jun 04 21:50:02.651861 2020] [proxy_ajp:debug] [pid 2470:tid 140302580950784] mod_proxy_ajp.c(738): [client ipaddress43286] AH00894: declining URL http://127.0.0.1:9980/hosting/capabilities
[Thu Jun 04 21:50:02.651887 2020] [proxy_fcgi:debug] [pid 2470:tid 140302580950784] mod_proxy_fcgi.c(916): [client ipaddress:43286] AH01077: declining URL
Both of the below sites were accessible during testing however I am still receiving the errors above after attempting to access a document.
[https://collabora.domain.com/hosting/discovery]
[https://collabora.domain.com/lool/adminws]
Here is the apache configuration used
<VirtualHost *:443>
ServerName collabora.domain.com:443
Options -Indexes
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/collabora.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/collabora.domain.com/privkey.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
# Endpoint with information about availability of various features
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
</VirtualHost>
Nextcloud Collabora online setting was configured to point to the https://collabora.domain.com server in our solution.
The blank document problem persisted so I disabled Apache and installed Nginx according to the available instructions. Included below is that configuration.
Below is the Nginx error received immediately after a document is opened and shows blank.
020/06/06 23:43:18 [error] 23294#23294: *5 client intended to send too large body: 6988581 bytes, client: ipaddress, server: collabora.domain.com, request: "POST /lool/convert-to/png HTTP/1.1", host: "collabora.domain.com"
server {
listen 80;
server_name collabora.domain.com;
# You can also set a dedicated domain instead:
# server_name office.example.com;
#ssl_certificate /etc/ssl/certs/domain.com.pem;
#ssl_certificate_key /etc/ssl/private/domain.com.key;
# [...]
# Static files
location ^~ /loleaflet {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# Main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# Download, presentation and image upload
location ~ ^/lool {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
Host files have been added on each server for resolution. No additional errors are available when we set the proxy logs to debug or in other logs. I am still receiving the blank document screen when trying to open an existing or create a new document.
I can provide additional information if needed. Has anyone seen this issue or have suggestions on how to resolve?
Thank you!