Collabora: Invalid or unknown request


#1

Hello,

I run cloud.domain.nl with nginx reverse prox and apache2. I have Collabora docker on office.domain.nl where i’ve disabled apache2 for and only use nginx with the config below. (note that i only use nginx for office and nginx reverse prox and apache2 for cloud.domain.nl).
I really hope someone could help me.

Expected behaviour

Editor should open when opening a .odt doc.

Actual behaviour

Collabora screen opens, keeps initializing and then times out with no error message

Nginx office.domain config

listen       443 ssl;
server_name  office.domain.nl;

ssl_certificate /usr/local/psa/var/modules/letsencrypt/etc/live/office.domain.nl/fullchain.pem;
ssl_certificate_key /usr/local/psa/var/modules/letsencrypt/etc/live/office.domain.nl/privkey.pem;

# static files
location ^~ /loleaflet {
	proxy_pass https://127.0.0.1:9980;
	proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
	proxy_pass https://127.0.0.1:9980;
	proxy_set_header Host $http_host;
}

# Main websocket
location ~ /lool/(.*)/ws$ {
	proxy_pass https://127.0.0.1:9980;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_set_header Host $http_host;
	proxy_read_timeout 36000s;
}

# Admin Console websocket
location ^~ /lool/adminws {
	proxy_pass https://127.0.0.1:9980;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_set_header Host $http_host;
	proxy_read_timeout 36000s;
}

# download, presentation and image upload
location ^~ /lool {
	proxy_pass https://127.0.0.1:9980;
	proxy_set_header Host $http_host;
}

Docker logs

wsd-00026-00034 19:18:51.987142 [ websrv_poll ] WRN  WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:327
wsd-00026-00034 19:18:52.721646 [ websrv_poll ] ERR  #18 Exception while processing incoming request: [GET /lool/https%3A%2F%2Fcloud.domain.nl%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F81%3Facc...]: Invalid or unknown request.| wsd/LOOLWSD.cpp:1665oken_ttl%3D0%26permission%3Dedit/ws HTTP/1.0
wsd-00026-00034 19:19:52.723134 [ websrv_poll ] ERR  #18 Exception while processing incoming request: [GET /lool/https%3A%2F%2Fcloud.domain.nl%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F81%3Facc...]: Invalid or unknown request.| wsd/LOOLWSD.cpp:1665oken_ttl%3D0%26permission%3Dedit/ws HTTP/1.0
wsd-00026-00034 19:19:52.961294 [ websrv_poll ] ERR  #18 Exception while processing incoming request: [GET /lool/https%3A%2F%2Fcloud.domain.nl%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F81%3Facc...]: Invalid or unknown request.| wsd/LOOLWSD.cpp:1665oken_ttl%3D0%26permission%3Dedit/ws HTTP/1.0
wsd-00026-00034 19:20:52.962154 [ websrv_poll ] ERR  #18 Exception while processing incoming request: [GET /lool/https%3A%2F%2Fcloud.domain.nl%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F81%3Facc...]: Invalid or unknown request.| wsd/LOOLWSD.cpp:1665oken_ttl%3D0%26permission%3Dedit/ws HTTP/1.0

Server configuration

Operating system: Linux domain.nl 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64

Web server: Apache (fpm-fcgi)

Database: mysql 5.7.18

PHP version: 7.1.4
Modules loaded: Core, date, libxml, openssl, pcre, zlib, bz2, calendar, ctype, hash, filter, ftp, gettext, gmp, SPL, iconv, Reflection, session, standard, SimpleXML, sockets, mbstring, tokenizer, xml, cgi-fcgi, mysqlnd, bcmath, curl, dba, dom, enchant, fileinfo, gd, imagick, imap, intl, json, ldap, exif, mcrypt, mysqli, odbc, PDO, pdo_mysql, PDO_ODBC, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, pspell, redis, soap, sqlite3, sysvmsg, sysvsem, sysvshm, tidy, xmlreader, xmlrpc, xmlwriter, xsl, zip, Zend OPcache

Nextcloud version: 11.0.3 (stable) - 11.0.3.2

Updated from an older Nextcloud/ownCloud or fresh install:
Update from 10

Where did you install Nextcloud from:
nextcloud-setup.php web installer

Signing status:

Signing status
[]

List of activated apps:

App list ``` Enabled: - activity: 2.4.1 - activitylog: 0.0.1 - admin_audit: 1.1.0 - admin_notifications: 1.0.0 - announcementcenter: 3.0.0 - audioplayer: 1.5.1 - calendar: 1.5.2 - checksum: 0.3.4 - comments: 1.1.0 - contacts: 1.5.3 - dav: 1.1.1 - deck: 0.1.4 - defaultgroup: 0.2.0 - external: 1 - federatedfilesharing: 1.1.1 - federation: 1.1.1 - files: 1.6.1 - files_accesscontrol: 1.1.2 - files_automatedtagging: 1.1.1 - files_downloadactivity: 1.0.1 - files_external: 1.1.2 - files_markdown: 1.0.1 - files_pdfviewer: 1.0.1 - files_reader: 1.0.4 - files_retention: 1.0.1 - files_sharing: 1.1.1 - files_texteditor: 2.2 - files_trashbin: 1.1.0 - files_versions: 1.4.0 - files_videoplayer: 1.0.0 - firstrunwizard: 2.0 - gallery: 16.0.0 - githubmergetracker: 0.0.15 - issuetemplate: 0.2.1 - logreader: 2.0.0 - lookup_server_connector: 1.0.0 - mail: 0.6.4 - news: 10.2.0 - nextcloud_announcements: 1.0 - notes: 2.2.0 - notifications: 1.0.1 - ojsxc: 3.1.1 - ownbackup: 17.3.0 - password_policy: 1.1.0 - previewgenerator: 1.0.6 - provisioning_api: 1.1.0 - registration: 0.2.3 - richdocuments: 1.1.24 - serverinfo: 1.1.1 - sharebymail: 1.0.1 - spreed: 1.2.0 - survey_client: 0.1.5 - systemtags: 1.1.3 - tasks: 0.9.5 - templateeditor: 0.2 - theming: 1.1.1 - twofactor_backupcodes: 1.0.0 - twofactor_totp: 1.1.0 - twofactor_u2f: 1.2.0 - updatenotification: 1.1.1 - user_external: 0.4 - weather: 1.3.5 - workflowengine: 1.1.1

Disabled:

  • encryption
  • user_ldap
  • user_saml
</details>

**The content of config/config.php:**
<details>
	<summary>Config report</summary>

{
“instanceid”: “REMOVED SENSITIVE VALUE”,
“passwordsalt”: “REMOVED SENSITIVE VALUE”,
“secret”: “REMOVED SENSITIVE VALUE”,
“trusted_domains”: [
cloud.domain.nl
],
“datadirectory”: “/ncdata”,
“overwrite.cli.url”: “https://cloud.domain.nl”,
“dbtype”: “mysql”,
“version”: “11.0.3.2”,
“dbname”: “ncdb”,
“dbhost”: “localhost”,
“dbport”: “”,
“dbtableprefix”: “oc_”,
“dbuser”: “REMOVED SENSITIVE VALUE”,
“dbpassword”: “REMOVED SENSITIVE VALUE”,
“logtimezone”: “UTC”,
“installed”: true,
“mysql.utf8mb4”: true,
“memcache.local”: “\OC\Memcache\Redis”,
“filelocking.enabled”: true,
“memcache.distributed”: “\OC\Memcache\Redis”,
“memcache.locking”: “\OC\Memcache\Redis”,
“redis”: {
“host”: “/var/run/redis/redis.sock”,
“port”: 0,
“timeout”: 0,
“dbindex”: 0,
“password”: “REMOVED SENSITIVE VALUE
},
“updater.release.channel”: “stable”,
“updater.secret”: “REMOVED SENSITIVE VALUE”,
“maintenance”: false,
“theme”: “”,
“loglevel”: 2,
“mail_smtpmode”: “sendmail”,
“mail_smtpsecure”: “ssl”,
“mail_from_address”: “info”,
“mail_domain”: “domain.nl”,
“mail_smtpauthtype”: “LOGIN”,
“mail_smtpauth”: 1,
“mail_smtphost”: “smtp.domain.nl”,
“mail_smtpport”: “587”,
“mail_smtpname”: “REMOVED SENSITIVE VALUE”,
“mail_smtppassword”: “REMOVED SENSITIVE VALUE
}

</details>

**Are you using external storage, if yes which one:** Array
(
    [0] => \OC\Files\Storage\Local
    [1] => \OCA\Files_External\Lib\Storage\FTP
    [2] => \OC\Files\Storage\DAV
    [3] => \OCA\Files_External\Lib\Storage\OwnCloud
    [4] => \OCA\Files_External\Lib\Storage\SFTP
    [5] => \OCA\Files_External\Lib\Storage\AmazonS3
    [6] => \OCA\Files_External\Lib\Storage\Dropbox
    [7] => \OCA\Files_External\Lib\Storage\Google
    [8] => \OCA\Files_External\Lib\Storage\Swift
    [9] => \OCA\Files_External\Lib\Storage\SFTP
)


**Are you using encryption:** no

**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...

### Client configuration
**Browser:** Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36

**Operating system:**
Ubuntu 16.04.02
Plesk Onyx

### Logs
#### Web server error log
<details>
	<summary>Web server error log</summary>
	```
[Sun May 07 21:12:37.027862 2017] [:notice] [pid 1176] ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/) configured.
[Sun May 07 21:12:37.027867 2017] [:notice] [pid 1176] ModSecurity: APR compiled version="1.5.2"; loaded version="1.5.2"
[Sun May 07 21:12:37.027870 2017] [:notice] [pid 1176] ModSecurity: PCRE compiled version="8.38 "; loaded version="8.38 2015-11-23"
[Sun May 07 21:12:37.027873 2017] [:notice] [pid 1176] ModSecurity: LUA compiled version="Lua 5.1"
[Sun May 07 21:12:37.027875 2017] [:notice] [pid 1176] ModSecurity: LIBXML compiled version="2.9.3"
[Sun May 07 21:12:37.027876 2017] [:notice] [pid 1176] ModSecurity: Original server signature: Apache
[Sun May 07 21:12:37.027878 2017] [:notice] [pid 1176] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[ 2017-05-07 21:12:37.0493 1177/7fe5a3558780 age/Wat/WatchdogMain.cpp:1291 ]: Starting Passenger watchdog...
[ 2017-05-07 21:12:37.0707 1180/7f6d32994780 age/Cor/CoreMain.cpp:982 ]: Starting Passenger core...
[ 2017-05-07 21:12:37.0709 1180/7f6d32994780 age/Cor/CoreMain.cpp:235 ]: Passenger core running in multi-application mode.
[ 2017-05-07 21:12:37.0927 1180/7f6d32994780 age/Cor/CoreMain.cpp:732 ]: Passenger core online, PID 1180
[ 2017-05-07 21:12:37.1156 1187/7f6fc8b07780 age/Ust/UstRouterMain.cpp:529 ]: Starting Passenger UstRouter...
[ 2017-05-07 21:12:37.1165 1187/7f6fc8b07780 age/Ust/UstRouterMain.cpp:342 ]: Passenger UstRouter online, PID 1187
[Sun May 07 21:12:37.117100 2017] [suexec:notice] [pid 1176] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)

[ 2017-05-07 21:12:37.1356 1180/7f6d277fe700 age/Cor/CoreMain.cpp:532 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown)

[ 2017-05-07 21:12:37.1357 1187/7f6fc1ed2700 age/Ust/UstRouterMain.cpp:422 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown)
[ 2017-05-07 21:12:37.1368 1187/7f6fc8b07780 age/Ust/UstRouterMain.cpp:492 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected...
[ 2017-05-07 21:12:37.1369 1187/7f6fc1ed2700 Ser/Server.h:464 ]: [UstRouter] Shutdown finished
[ 2017-05-07 21:12:37.1369 1187/7f6fc16d1700 Ser/Server.h:817 ]: [UstRouterApiServer] Freed 0 spare client objects
[ 2017-05-07 21:12:37.1369 1187/7f6fc16d1700 Ser/Server.h:464 ]: [UstRouterApiServer] Shutdown finished
[ 2017-05-07 21:12:37.1385 1180/7f6d32994780 age/Cor/CoreMain.cpp:901 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected...
[ 2017-05-07 21:12:37.1388 1180/7f6d25ffb700 Ser/Server.h:817 ]: [ServerThr.4] Freed 128 spare client objects
[ 2017-05-07 21:12:37.1388 1180/7f6d25ffb700 Ser/Server.h:464 ]: [ServerThr.4] Shutdown finished
[ 2017-05-07 21:12:37.1389 1180/7f6d267fc700 Ser/Server.h:817 ]: [ServerThr.3] Freed 128 spare client objects
[ 2017-05-07 21:12:37.1389 1180/7f6d26ffd700 Ser/Server.h:817 ]: [ServerThr.2] Freed 128 spare client objects
[ 2017-05-07 21:12:37.1389 1180/7f6d267fc700 Ser/Server.h:464 ]: [ServerThr.3] Shutdown finished
[ 2017-05-07 21:12:37.1389 1180/7f6d26ffd700 Ser/Server.h:464 ]: [ServerThr.2] Shutdown finished
[ 2017-05-07 21:12:37.1391 1180/7f6cebfff700 Ser/Server.h:817 ]: [ServerThr.7] Freed 128 spare client objects
[ 2017-05-07 21:12:37.1391 1180/7f6cebfff700 Ser/Server.h:464 ]: [ServerThr.7] Shutdown finished
[ 2017-05-07 21:12:37.1391 1180/7f6d24ff9700 Ser/Server.h:817 ]: [ServerThr.6] Freed 128 spare client objects
[ 2017-05-07 21:12:37.1392 1180/7f6d24ff9700 Ser/Server.h:464 ]: [ServerThr.6] Shutdown finished
[ 2017-05-07 21:12:37.1393 1180/7f6d277fe700 Ser/Server.h:817 ]: [ServerThr.1] Freed 128 spare client objects
[ 2017-05-07 21:12:37.1393 1180/7f6d277fe700 Ser/Server.h:464 ]: [ServerThr.1] Shutdown finished
[ 2017-05-07 21:12:37.1393 1180/7f6d257fa700 Ser/Server.h:817 ]: [ServerThr.5] Freed 128 spare client objects
[ 2017-05-07 21:12:37.1393 1180/7f6d257fa700 Ser/Server.h:464 ]: [ServerThr.5] Shutdown finished
[ 2017-05-07 21:12:37.1394 1180/7f6ceb7fe700 Ser/Server.h:817 ]: [ServerThr.8] Freed 128 spare client objects
[ 2017-05-07 21:12:37.1394 1180/7f6ceb7fe700 Ser/Server.h:464 ]: [ServerThr.8] Shutdown finished
[ 2017-05-07 21:12:37.1395 1180/7f6ceaffd700 Ser/Server.h:817 ]: [ApiServer] Freed 0 spare client objects
[ 2017-05-07 21:12:37.1395 1180/7f6ceaffd700 Ser/Server.h:464 ]: [ApiServer] Shutdown finished
[ 2017-05-07 21:12:37.1490 1187/7f6fc8b07780 age/Ust/UstRouterMain.cpp:523 ]: Passenger UstRouter shutdown finished
[ 2017-05-07 21:12:37.3156 1180/7f6d32994780 age/Cor/CoreMain.cpp:967 ]: Passenger core shutdown finished
[Sun May 07 21:12:37.346918 2017] [auth_digest:notice] [pid 1216] AH01757: generating secret for digest authentication ...
[Sun May 07 21:12:37.347154 2017] [:notice] [pid 1216] mod_bw : Memory Allocated 0 bytes (each conf takes 48 bytes)
[Sun May 07 21:12:37.347166 2017] [:notice] [pid 1216] mod_bw : Version 0.92 - Initialized [0 Confs]
	 2017-05-07 21:12:38.0743 1228/7f7eda9b8780 age/Cor/CoreMain.cpp:982 ]: Starting Passenger core...
[ 2017-05-07 21:12:38.0745 1228/7f7eda9b8780 age/Cor/CoreMain.cpp:235 ]: Passenger core running in multi-application mode.
[ 2017-05-07 21:12:38.0882 1228/7f7eda9b8780 age/Cor/CoreMain.cpp:732 ]: Passenger core online, PID 1228
[ 2017-05-07 21:12:38.1246 1235/7f89c85a0780 age/Ust/UstRouterMain.cpp:529 ]: Starting Passenger UstRouter...
[ 2017-05-07 21:12:38.1255 1235/7f89c85a0780 age/Ust/UstRouterMain.cpp:342 ]: Passenger UstRouter online, PID 1235
PHP Warning:  Module 'redis' already loaded in Unknown on line 0
[Sun May 07 21:12:38.178882 2017] [:error] [pid 1216] python_init: Python version mismatch, expected '2.7.6', found '2.7.12'.
[Sun May 07 21:12:38.179050 2017] [:error] [pid 1216] python_init: Python executable found '/usr/bin/python'.
[Sun May 07 21:12:38.179062 2017] [:error] [pid 1216] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.
[Sun May 07 21:12:38.179091 2017] [:notice] [pid 1216] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
[Sun May 07 21:12:38.179099 2017] [:notice] [pid 1216] mod_python: using mutex_directory /tmp 
[Sun May 07 21:12:38.248488 2017] [mpm_prefork:notice] [pid 1216] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g Apache mod_fcgid/2.3.9 mod_jk/1.2.41 Phusion_Passenger/5.0.30 mod_python/3.3.1 Python/2.7.12 mod_perl/2.0.9 Perl/v5.22.1 configured -- resuming normal operations
[Sun May 07 21:12:38.248577 2017] [core:notice] [pid 1216] AH00094: Command line: '/usr/sbin/apache2'
	```
</details>

#### Nextcloud log (data/nextcloud.log)
<details>
	<summary>Nextcloud log</summary>
	```
	{"reqId":"WQ9Ya1Eenn4AABOK45cAAAAI","remoteAddr":"212.92.117.35","app":"PHP","message":"fopen(\/ncdata\/user\/files\/sdfrg\/.ods): failed to open stream: No such file or directory at \/var\/www\/vhosts\/domain.nl\/cloud.domain.nl\/lib\/private\/Files\/Storage\/Local.php#287","level":3,"time":"2017-05-07T17:26:53+00:00","method":"POST","url":"\/index.php\/apps\/richdocuments\/ajax\/documents\/create","user":"user","version":"11.0.3.2"}

	```
</details>

#### Browser log
<details>
	<summary>Browser log</summary>
	```
JQMIGRATE: Migrate is installed, version 1.4.0
jsxc.js:185 State changed to INITIATING
jsxc.js:185 State changed to SUSPEND
5jsxc.js:185 [WARN] Unable to create user prefix
jquery-migrate.min.js:2 JQMIGRATE: Migrate is installed, version 1.4.0
js.js:2139 Deprecation warning: tipsy is deprecated. Use tooltip instead.
jQuery.fn.tipsy @ js.js:2139
documents.js:301 Waiting for page to render ...
bundle.js:49266 Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
request_JSON @ bundle.js:49266

-------------------------

ws	(pending)	websocket	bundle.js:756	0 B	Pending	
notifications	200	xhr	jquery.js:8630	506 B	496 ms	
notifications	200	xhr	jquery.js:8630	506 B	531 ms	
notifications	200	xhr	jquery.js:8630	506 B	523 ms	
notifications	200	xhr	jquery.js:8630	506 B	485 ms	

	```
</details>

#2

i have the same exact issue. the difference in my setup is that i am not running nginx proxying apache for NC itself but nginx directly proxying the collabora running in docker and serving NC - and i am on Debian 8.

Since i thought that debian might be the culprit, i installed ubuntu core in a KVM, in that the docker with collabora: same exact issue.

i added the certificate like this
docker exec [containerID] cat /etc/loolwsd/ca-chain.cert.pem >> /var/www/html/nextcloud/resources/config/ca-bundle.crt

I couldnt really figure out yet:

  • Is it a Nginx Problem?
  • Is it a bug of Collabora?

The Nginx error log shows this, but i guess its just nginx way to say collabora didnt respond to its request:

2017/05/09 11:05:07 [error] 27651#27651: *226 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.1.5, server: office.domain.de, request: "GET /lool/https%3A%2F%2Fcloud.domain.de%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F...35_526.....457%3Faccess_token%3De8ojgA...h7M9xi%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.1", upstream: "https://[::1]:9980/lool/https%3A%2F%2Fcloud.domain.de%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F3..5_526....57%3Faccess_token%3De8ojgAMW..oqw4Ksqh7M9xi%26access_token_ttl%3D0%26permission%3Dedit/ws", host: "office.domain.de"

i found that the Timezone in the docker is not set correctly so i added that in the docker startup but didnt change anything: docker run -t -d -p 9980:9980 -e "domain=cloud\\.domain\\.de" -e "username=admin" -e "password" -e "TZ=Europe/Berlin" --restart always --cap-add MKNOD collabora/code

  • i tried to run the docker as root and non-root, no difference.
  • tried installing the 1.1.26-nc11 (Unstable) version of richdocuments, no help.

#3

i wonder if the encoded URL is the problem or if its supposed / ok to look like that.


#4

Most likely it is the encoded URL indeed. Iv’e tried chunked_transfer_encoding off; in Nginx vhost config, this reduces the 4 to 5 errors in docker logs to 1. Other than that still no go… I’m quite desperate right now.


#5

I never read about the chunking parameter in relation to url encoding. If you search for nginx upstream / proxy url encoding there are plenty of posts and config parameters that seem to changes nginx behaviour in terms of encoding. None of these worked for me. As you can see in the nginx logs I posted, what is weird is that basically only the request is encoded, the /lool/ part is unencoded…


#6

I can’t find any more info on the chunking part, was so desperate to just test it… do you know of any options to just turn it off? Indeed the lool part isn’t but is is correct the /lool/ part is before the URL?


#7

Trailing slashes in the proxy_pass directive seem to change the encoding behaviour​ (from what I read) … Also I think the location qualifier in combination with the upstream URI (that form the final url)… Haven’t figured out yet how to make it work though. In theory, location / with proxy_pass x.x.x.x/lool/ Instead of location /lool/ with proxypass x.x.x.x


#8

Yeah indeed, iv’e tried adding trailing slashes but it returns an error in the nginx conf test… I’m just lost right now, my webserver knowledge is failing me. Searched and searched google over and over but nothing…


#9

Same for me and what is strange is that so little other people seem to have this problem as we both seem to have followed the install instructions pretty closely as I can see. Either they all gave up or the amount of people running nginx in front of collabora is surprisingly small - or and that would be the weirdest part - they didn’t run into the same problem.


#10

Yes not that many people use Nginx. Problem is that i can’t use it in combination with apache2 because when i leave the Nginx config empty in Nginx and use the Apache Vhost config it gives 502 on all my domains exept cloud.domain.nl (Nginx bad gateway). I made an issue on Github, hopefully in the right repo… https://github.com/nextcloud/richdocuments/issues/47


#11

man, you wont believe it. i was thinking about the nginx config i had and thought maybe its just a typo or whatever. so i just replaced the entire config with the one mentioned here … https://icewind.nl/entry/collabora-online/

and suddenly it worked. no idea why as i HAD this config at some point before. the only major thing i did in the meanwhile was updating NC to 12 Beta 2 to see if THAT is the problem…


#12

Thats just weird. I’ve started with that config but I thought it was outdated so I’ve updated the config with the one provided by Collabora. Going to try it out right now just a sec.


#13

this is my entire config now, actually the upstream part which is not used and could / should be deleted. just to make it complete:

upstream collabora {
	server localhost:9980;
	}

server {
    listen       443 ssl http2;
    server_name  office.domain.de;
    
   ssl_certificate /etc/letsencrypt/live/www.domain.de/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/www.domain.de/privkey.pem;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
   ssl_prefer_server_ciphers on;
	
   location ^~ /loleaflet {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # websockets, download, presentation and image upload
    location ^~ /lool {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
    }

}

#14

and one other thing which might or might not be significant, i put the collabora url in the NC settings like this: https://office.domain.de:443

i somehwere read that explicitly putting the https port again helped some people with similar problems.


#15

I love you! It just works… Weird that these extra config blocks ( https://www.collaboraoffice.com/code/ ) render it unusable.
Going to do some more testing! Thanks a bunch mate

edit: I’m just using https://office.domain.nl indeed before in previous versions that was a requirement.


#16

like i said it must be something else, as you, i HAD exactly that (icewind) config before and it DIDNT work. so at the end i have no clue … anyway glad it works for both of us now!


#17

Very very weird, I’m backing up the entire system now, just in case! If I find any clue’s I’ll report back.


#18

Also what is slightly annoying is that the collabora people dont seem to test their own install instructions. I know, its an open source project and all but instead of putting the wrong instructions as the official ones, it would be better not to put any at all.


#19

been testing to open a couple of documents, xls files don’t work … but thats something for another thread i guess.


#20

Think I am getting the same error:
wsd-00028-00036 20:46:15.605236 [ websrv_poll ] ERR #20 Exception while processing incoming request: [GET /lool/https%3A%2F%2Fnextcloud..com%2Findex
…]: Invalid or unknown request.| wsd/LOOLWSD.cpp:1665cess_token%%26access_token_ttl%3D0%26permission%3Dedit/ws HTTP/1.0

Docker Run:

docker run -t -d --restart always --name=Collabora
-e “domain=nextcloud\.XXXX\.com”
-e username=“XXXX” -e password=“XXXX”
–cap-add MKNOD
-p 9980:9980
collabora/code

I tried your config but still no luck :confused:

Additionally, I get to the ‘Initializing’ screen and it spins for a few seconds then stops and stays blank

using https://collabora.domain.com:443 in nextcloud collabora server settings, and collabora returns the “OK” page when just accessing the collabora url from web