Collabora Code Struggle

hanswerneralbrecht · April 11, 2025, 7:17pm

Hey everybody,

I spend days in the last half year to get my collabora code integration running again (it was working for some time already) but I have no idea anymore what I could change/try to make it work again. I read and tried everything available here in the forum and to find elsewhere but did not find a similar issue so far. My setup is docker based and I use ngnix as proxy. Has anybody an idea what I could consider changing / playing around with to get it work? Thanks a lot in advance!

In the NC admin setting I have the following settings and get a green status message.

Allow list for WOPI requests: 172.20.208.3
URL (and Port) of Collabora Online-server: https://office.domain.de

This is the error message I get then opening a file:

wsd-00001-00032 2025-04-11 17:36:39.970453 +0000 [ websrv_poll ] DBG  #30: Handling request: /browser/b7ba9a23ba/cool.html?WOPISrc=https%3A%2F%2Fcloud.domain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F3277690_oco9egkqd5jp&lang=en&closebutton=1&revisionhistory=1, closeConnection true| wsd/ClientRequestDispatcher.cpp:700
wsd-00001-00032 2025-04-11 17:36:39.970533 +0000 [ websrv_poll ] ERR  #30: #30 Exception while processing incoming request: [POST /browser/b7ba9a23ba/cool.html?WOPISrc=https%3A%2F%2Fcl...]: Not found| wsd/ClientRequestDispatcher.cpp:959wopi%2Ffiles%2F3277690_oco9egkqd5jp&lang=en&closebutton=1&revisionhistory=1 HTTP/1.0

This is my docker-compose setting:

nextcloud-app:
    image: nextcloud:30-apache
    container_name: nextcloud-app
    restart: unless-stopped
    depends_on:
      - nextcloud-db
      - nextcloud-redis
    extra_hosts:
      - "office.domain.de=172.21.0.2"
    volumes:
      - ${PATH_DOCKERCOMPOSE}/app:/var/www/html
      - ${PATH_DOCKERCOMPOSE}/app-data:/var/www/html/data
      - ${PATH_DOCKERCOMPOSE}/php.ini:/usr/local/etc/php/conf.d/zzz-custom.ini
    networks:
      nextcloud_ngnix:
        aliases:
          - nextcloudapp
        ipv4_address: 172.21.0.3
      redis_nextcloud:
        ipv4_address: 172.20.0.4
      nextcloud:
        ipv4_address: 172.20.32.2
      nextcloud_postgres:
        ipv4_address: 172.20.96.3
      nextcloud_collabora:
        ipv4_address: 172.25.128.3
        
  collabora:
    image: collabora/code:latest
    container_name: nextcloud-collabora
    restart: unless-stopped
    networks:
      collabora_ngnix:
      nextcloud_collabora:
        ipv4_address: 172.25.128.2
    extra_hosts:
      - "cloud.domain.de:127.20.208.3"
    security_opt:
      - seccomp:unconfined
    cap_add:
      - MKNOD
      - SYS_CHROOT
      - FOWNER
    environment:
      - 'extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=debug --o:net.proto IPv4 --o:net.listen 127.0.0.1'
      - 'domain=domain.de'
      - 'dictionaries=en de'
      - 'server_name=office.domain.de'
      - 'username=${COLLABORA_USERNAME}'
      - 'password=${COLLABORA_PASSWORD}'
      - 'aliasgroup1=https://cloud.domain.de:443,https://cloud\\.domain\\.de:443'

And this is my ngnix setting:

server {
    listen 443 quic;
    listen [::]:443 quic;

    listen 443  ssl;
    listen [::]:443 ssl;
    server_name                     office.domain.de;

    ssl_certificate                 /etc/acme.sh/office.domain.de/fullchain.cer; 
    ssl_certificate_key             /etc/acme.sh/office.domain.de/office.domain.de.key;
    ssl_trusted_certificate	    /etc/acme.sh/office.domain.de/office.domain.de.cer;

    # Include global SSL settings
    include /etc/nginx/ssl.conf;

 # static files
 location ^~ /browser {
   proxy_pass http://nextcloud-collabora:9980;
   proxy_set_header Host $http_host;
 }


 # WOPI discovery URL
 location ^~ /hosting/discovery {
   proxy_pass http://nextcloud-collabora:9980;
   proxy_set_header Host $http_host;
 }


 # Capabilities
 location ^~ /hosting/capabilities {
   proxy_pass http://nextcloud-collabora:9980;
   proxy_set_header Host $http_host;
 }


 # main websocket
 location ~ ^/cool/(.*)/ws$ {
   proxy_pass http://nextcloud-collabora:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }


 # download, presentation and image upload
 location ~ ^/(c|l)ool {
   proxy_pass http://nextcloud-collabora:9980;
   proxy_set_header Host $http_host;
 }


 # Admin Console websocket
 location ^~ /cool/adminws {
   proxy_pass http://nextcloud-collabora:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }

    location / {
        proxy_pass http://nextcloud-collabora:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

}

wwe · April 11, 2025, 7:41pm

Hello @hanswerneralbrecht, welcome to the Nextcloud community!

first of of all I recommend working through Collabora Integration guide and you will isolate and often solve 99% of integration issues.

from your config I’m wondering about all the ip addresses - I would recommend not doing so - all Docker Containers connected to a network can reach each other using DNS which is usually much easier. it looks you place postgres and redis in a separate network? this not related with the office error but adds complexity without a reason, I would recommend all services like redis, DB and notify_push run in the same “default” network.

maybe this one is not right:

for me one DNS record per aliasgroup works without quotes like - aliasgroup1=${NEXTCLOUD1} which is filled from .env file (but should wok directly as well.

depending on your setup your public IP might appear - I would recommend starting with “allow all” and monitor your logs. see topics tagged wopi_allowlist

hanswerneralbrecht · April 13, 2025, 6:25am

Thanks a lot! Yes, I already went through your guide and did not find anything not functioning as expected. I guess I have to set up a parallel testing stack to see whats going on.

I just changed to the testing/demo collabora servers - no success as well.

Setting to “allow all” and the change to the alias group did not make it work sadly.

scubamuc · April 13, 2025, 11:05am

@hanswerneralbrecht you seem to have “coolswd” certified? so in the case your ‘environments’ should enable collabora SSL and disable reverse proxy termination…

extra_params=
–o:ssl.enable=true # enable collabora/coolswd ssl termination
–o:ssl.termination=false # disable reverse proxy ssl termination

hanswerneralbrecht · April 13, 2025, 3:27pm

Mh, actually I guess no if you mean that I provide TLS certificates/keys to collabora itself. The TLS is handled by nginx and terminates there. Plain http behind the nginx proxy to collabora.

tony-engineering · April 16, 2025, 9:30pm

hello, there is indeed an issue when you use a reverse proxy / a load balancer, the error message you get in vague, if you somehow verify that your issue is the same it would be nice. If so, please add comment to the issue to raise priority. Cheers

github.com/nextcloud/richdocuments

Network issue Nextcloud <> Collabora when SSL terminated on load balancer

ouvert 12:01PM - 20 Mar 25 UTC

tony-engineering

**Describe the bug** Hello, I have the following setup: - Digital Ocean load ba…lancer - Digital Ocean Kubernetes cluster - Nextcloud and Collabora installed on it - SSL terminated on load balancer (HTTP protocol is using in the internal network) After investigating on the collabora side: https://github.com/CollaboraOnline/online/issues/11294 , I'm asking if it could be an issue with the richdocuments app. Indeed, my investigation shows that I can make Collabora communicate with Nextcloud using the HTTP protocol, but by default collabora uses the HTTPS protocol, and in the Richdocuments app settings I can't configure which protocol / url collabora uses for callback. I see a variable here but I can't configure it: https://github.com/nextcloud/richdocuments/blob/3f6106e40539b36e2be2ee3952b41fe507d3cc2d/lib/AppConfig.php#L21-L22 The " Nextcloud URL used by Collabora: https://cloud2.rougeot-ant.one (Determined from the browser URL)" is automatically determined, and the WOPI_CALLBACK_URL "defaults to the users browser host" ![Image](https://github.com/user-attachments/assets/b7f7c160-d4e4-4fc9-bd2c-07df52551a69) Am I missing something ? I'd be very grateful for any help. I will copy the most important information in this issue, but for full details you can check [HERE](https://github.com/CollaboraOnline/online/issues/11294). ![Image](https://github.com/user-attachments/assets/2da65968-e39f-4185-9ff0-45716a92a46e) Collabora error in logs ``` wsd-00001-00035 2025-03-12 18:22:28.173479 +0000 [ websrv_poll ] ERR #32: Invalid URI or access denied to [https://cloud2.rougeot-ant.one/index.php/apps/richdocuments/wopi/files/106_ocl53d5n2uqw?access_token=Qd3mUAHOA8fh1tGxqwgJyerCA85wUucv&access_token_ttl=0&permission=edit]| wsd/wopi/CheckFileInfo.cpp:12 ``` I guess it's coming from the `* OpenSSL/3.0.15: error:0A00010B:SSL routines::wrong version number` error I could reproduce with curl below. Proof that Collabora could communicate back if it was using http: ``` cool@collabora-online-658bb6fbbc-fm8jn:/$ curl -vL https://cloud2.rougeot-ant.one/index.php/apps/richdocuments/wopi/files/106_ocl53d5n2uqw?access_token=1X6D9LJu6Q5EqAISWfRgi7HYEvG3goYI * Trying 146.190.207.91:443... * Connected to cloud2.rougeot-ant.one (146.190.207.91) port 443 (#0) * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * OpenSSL/3.0.15: error:0A00010B:SSL routines::wrong version number * Closing connection 0 curl: (35) OpenSSL/3.0.15: error:0A00010B:SSL routines::wrong version number cool@collabora-online-658bb6fbbc-fm8jn:/$ curl -vL http://cloud2.rougeot-ant.one/index.php/apps/richdocuments/wopi/files/106_ocl53d5n2uqw?access_token=1X6D9LJu6Q5EqAISWfRgi7HYEvG3goYI * Trying 146.190.207.91:80... * Connected to cloud2.rougeot-ant.one (146.190.207.91) port 80 (#0) > GET /index.php/apps/richdocuments/wopi/files/106_ocl53d5n2uqw?access_token=1X6D9LJu6Q5EqAISWfRgi7HYEvG3goYI HTTP/1.1 > Host: cloud2.rougeot-ant.one > User-Agent: curl/7.88.1 > Accept: */* > < HTTP/1.1 200 OK < Date: Fri, 14 Mar 2025 12:43:21 GMT < Content-Type: application/json; charset=utf-8 < Content-Length: 946 < Connection: keep-alive < Referrer-Policy: no-referrer < X-Content-Type-Options: nosniff < X-Frame-Options: SAMEORIGIN < X-Permitted-Cross-Domain-Policies: none < X-Robots-Tag: noindex, nofollow < X-XSS-Protection: 1; mode=block < X-Powered-By: PHP/8.2.27 < Set-Cookie: ocl53d5n2uqw=36daf8f4466302248ca133bad6372f1d; path=/; HttpOnly; SameSite=Lax < Set-Cookie: oc_sessionPassphrase=XkRISmR%2F0s%2Buub6RbLlCp7odfL2%2BC4E7iQTSoRDPIEWiL6KhJUf8eHajqaLQ1%2B7Ff8h8xy1ljONrSlg7YijafoQo4bz%2F8Cs%2FBSXIgxV9xoidhEZoMam1TB4mnuKu%2BBPx; path=/; HttpOnly; SameSite=Lax < Set-Cookie: ocl53d5n2uqw=36daf8f4466302248ca133bad6372f1d; path=/; HttpOnly; SameSite=Lax < Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none' < Set-Cookie: nc_sameSiteCookielax=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax < Set-Cookie: nc_sameSiteCookiestrict=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict < Set-Cookie: ocl53d5n2uqw=36daf8f4466302248ca133bad6372f1d; path=/; HttpOnly; SameSite=Lax < X-Request-Id: wtRaFgXPJBpdmkfrnu8r < Cache-Control: no-cache, no-store, must-revalidate < Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' < * Connection #0 to host cloud2.rougeot-ant.one left intact {"BaseFileName":"Welcome to Nextcloud Hub.docx","Size":24295,"Version":"0","UserId":"joJoC7DH","OwnerId":"joJoC7DH","UserFriendlyName":"joJoC7DH","UserExtraInfo":{"avatar":"http:\/\/cloud2.rougeot-ant.one\/avatar\/joJoC7DH\/64","is_admin":true},"UserPrivateInfo":{"ZoteroAPIKey":"","SignatureCert":"","SignatureKey":"","SignatureCa":""},"UserCanWrite":true,"UserCanNotWriteRelative":false,"PostMessageOrigin":"http:\/\/cloud2.rougeot-ant.one\/","LastModifiedTime":"2025-02-28T16:04:23.000000Z","SupportsRename":true,"UserCanRename":true,"EnableInsertRemoteImage":true,"EnableInsertRemoteFile":true,"EnableShare":true,"HideUserList":"","EnableOwnerTermination":true,"DisablePrint":false,"DisableExport":false,"DisableCopy":false,"HideExportOption":false,"HidePrintOption":false,"DownloadAsPostMessage":false,"SupportsLocks":false,"IsUserLocked":false,"EnableRemoteLinkPicker":true,"HasContentRange":true,"IsAdminUser":true,"IsAnonymousUser": ``` **To Reproduce** Try to open a .docx document **Expected behavior** I can open documents **Screenshots** ![Image](https://github.com/user-attachments/assets/7b3c26a6-bc48-449e-846d-28f6ec6a26bd) **Client details:** - OS: Debian - Browser Safari ## Server details **Operating system**: Nextcloud and Collabora deployed with helm (see [here](https://github.com/CollaboraOnline/online/issues/11294)) **Nextcloud version:** [Nextcloud Hub 9](https://nextcloud.com/) (30.0.6) **Version of the richdocuments app** 8.5.4 **Version of Collabora Online** 24.04.12.2.1 (helm chart version 1.1.32) **Configuration of the richdocuments app** ``` $ /var/www/html/occ config:list richdocuments { "apps": { "richdocuments": { "wopi_url": "http:\/\/collabora.cloud2.rougeot-ant.one", "public_wopi_url": "https:\/\/collabora.cloud2.rougeot-ant.one", "wopi_allowlist": "0.0.0.0\/0", "installed_version": "8.5.4", "types": "prevent_group_restriction", "enabled": "yes", "disable_certificate_verification": "" } } } ``` #### Nextcloud log (data/nextcloud.log) ``` I can't see logs related to richdocuments / collabora ``` #### Browser log ![Image](https://github.com/user-attachments/assets/ead24579-bae9-4f2d-9ecb-550415e945f5)

hanswerneralbrecht · April 24, 2025, 2:39pm

Thanks a lot for pointing to this setting. However, it did not resolve my issue.

system · July 10, 2025, 7:17pm

This topic was automatically closed after 90 days. New replies are no longer allowed.