Collabora online error: Requesting address is denied: ***.***.**.**| wsd/LOOLWSD.cpp:2333

Hi,

I am new to nextcloud, just installed it on Ubuntu and somehow successfully integrated with Collabora Online via docker image 2 days ago. It was working fine.

Today, Collabora gives an error and I can’t open LibreOffice documents any more.

The error I found is in Docker log:

wsd-00006-00042 2020-12-20 14:25:26.917499 [ websrv_poll ] WRN  convert-to: Requesting address is denied: ***.***.**.**| wsd/LOOLWSD.cpp:2333

where ***.***.**.** is my Nextcloud IP address.

docker run command I used is (well, among others) :

docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 \
--sysctl net.ipv6.conf.default.disable_ipv6=1 \
-t -d -p 127.0.0.1:9980:9980 -e 'domain=***\\.***\\.**\\.**|collab\\.my\\.domain' \
--name="jax" -e “username=***” -e “password=***” \
--restart always --cap-add MKNOD \
collabora/code

Generated loolwsd.xml file on the docker container is configured as I intend to :

<host desc="Regex pattern of hostname to allow or deny." allow="true">***\.***\.**\.**|community\.minamirnd\.work</host>

What I do not understand is the error message:

address is denied: ***.***.**.**| 

the last character “|”, I don’t know if it should be there at all.

(However, what I also found out is that Collabora Demo servers do not work either,
which means that it can be my Nextcloud installation problem.)

Any help will be appreciated.

Thank you in advance.


Installation information:

Nextcloud version : 20.0.4
Operating system and version : Ubuntu 20.04
Collabora : Running on Docker image

  • docker command:
docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 \
--sysctl net.ipv6.conf.default.disable_ipv6=1 \
-t -d -p 127.0.0.1:9980:9980 -e 'domain=my\\.ip\\.address\\.here|my\\.domain\\.name' \
--name="jax" -e “username=admin” -e “password=admin” \
--restart always --cap-add MKNOD \
collabora/code

Apache : 2.4.41-4ubuntu3.1
PHP version : 7.4

Additional information:

  • Collabora docker image is running behind Apache reverse proxy.
  • Nextcloud and Collabora docker image are on the same Ubuntu server.
  • Before Collabora starts giving me error, I was trying various plugins.

Steps to replicate it:

Installation

  • Configure Nextrcloud behind reverse proxy.
  • Run Collabora via docker.

Steps

  1. Go to Nextcloud -> File
  2. Open any LibreOffice document, or create new one
  3. New window opens, but the document doesn’t show.
  4. Flash message “Failed to load Office Online - please try later” appears.
  5. docker logs [jax] shows above error
    *[jax] is my container name.
1 Like

I’m running docker-compose since its a lot easier for me to just see the configuration. It might be something you want to look into.

In terms of your error – honestly I’m not sure. Loolwsd in my personal opinion is a royal pain the ass to setup – very tempormental.

Here is what my docker-compose stanza for nextcloud looks like:

  collabora:
    restart: unless-stopped
    image: collabora/code:latest
    container_name: collabora
    networks:
      - net
    ports:
#      - 127.0.0.1:9980:9980
      - 9980:9980
    cap_add:
      - MKNOD
    environment:
      - TZ=America/Chicago
      - username=admin
      - password=***PASS***
      - domain=nextcloud\.domain\.com|test\.domain\.com|nc\.domain\.com
      - DONT_GEN_SSL_CERT=1
      - server_name=loolwsd.domain.com
      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.collabora.rule=Host(`loolwsd.domain.com`)"
      - "traefik.http.routers.collabora.entrypoints=web,websecure"
      - "traefik.http.routers.collabora.tls=true"
      - "traefik.http.routers.collabora.tls.options=intermediate@file"
      - "traefik.http.routers.collabora.tls.certresolver=le"
      - "traefik.http.routers.collabora.tls.domains[0].main=loolwsd.domain.com"
      - "traefik.http.routers.collabora.tls.domains[0].sans=loolwsd.domain.com"
      - "traefik.http.routers.collabora.service=collabora"
      - "traefik.http.services.collabora.loadbalancer.server.port=9980"
      - "traefik.docker.network=net"
      - "traefik.http.routers.collabora.middlewares=collabora-headers"
      - "traefik.http.middlewares.collabora-headers.headers.customRequestHeaders.X-Forwarded-Proto=https"
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /etc/letsencrypt/certificates/certs/loolwsd.domain.com/key.pem:/etc/loolwsd/key.pem:ro
      - /etc/letsencrypt/certificates/certs/loolwsd.domain.com/cert.pem:/etc/loolwsd/cert.pem:ro
      - /etc/letsencrypt/certificates/certs/loolwsd.domain.com/cert.pem:/etc/loolwsd/ca-chain.cert.pem:ro

Honestly nothing is sticking out at my with grossly wrong with your setup.
In terms of your domain line – I believe it needs to be double slashed when using from command line and only single slashed within compose. The domain names are the domain names of any nextcloud instance or reverse proxy this is going to be forwarding to nextcloud. I’m really playing with me setup and reverse proxies – hence that’s why I have three entries. One is the main nextcloud instance, test and nc refer to either a nginx or traefik reverse proxy. (If you don’t have a reverse proxy you don’t need the references. It’s possible you put an IP address in this field (I think – I use domain names rather than IP addresses however in theory an IP address should work). If you’re not using traefik as a Reverse Proxy – you need nothing in the labels section (in fact you don’t need a labels section at all

Thank you for sharing your info.

One thing to correct in my original post:

the last character “|”, I don’t know if it should be there at all.

I didn’t realize that it is simply a part of log format… It’s not the case that Collabora is
checking IP address with additional ‘|’ character there.

So, this ‘|’ has nothing to do with the error.

I will try different config later and share if anything works for my docker config.

Thanks!

P.S.
As of now, I stopped docker container and switched back to packaged Collabora, which I had difficult time making it work 3 days ago, and although there are different problems I need to solve, now LibreOffice is working again.

During the struggle I noticed one more thing.
In Nextcloud File app, when I click on the “+” button to make a new file, I see 2
pairs of LibreOffice icons. The chances are that my Nextcloud is messed up with 2 different configs and giving me problems… Will try to see this problem too.

I had same problems. I could create a working instance by setting extra_params. Nothing additional.

The important param that works around the error message is: --o:net.proto=IPv4

docker-compose extract:

 collabora-nc:
    container_name: 'collabora'    
    environment:
     - username=admin 
     - password=***
     - extra_params=--o:server_name=collabora\.domain\.de --o:ssl.enable=false --o:ssl.termination=true --o:net.post_allow.host=::ffff:172\.29\.0\.[0-9]+ --o:net.post_allow.host=172\.29\.0\.[0-9]+ --o:net.proto=IPv4
     - domain=domain\.de
    image: collabora/code:latest
    restart: unless-stopped        
    networks:
      - myNetwork

Same here : this collabora is very painfull solution … update then it’s broken ! :face_with_symbols_over_mouth:

coolwsd[2657]: wsd-02657-02677 2022-02-24 00:50:59.412422 +0100 [ websrv_poll ] WRN  convert-to: Requesting address is denied: 10.110.110.125| wsd/COOLWSD.cpp:2600

But in : /etc/loolwsd/loolwsd.xml

     <post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
        <host desc="The IPv4 private 10.110.110.0/24 subnet (RPROXY1).">10\.110\.110\.125</host>
        <host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>

      </post_allow>

I don’t feel so, my Collabora works pretty good, maybe little slow…

but even if you have issues what are you looking for?

If you feel there is some issue with Collabora - please file a bug in their forum… blaiming the solution without necessary details is useless.

nobody use those tool (collabora) in big environnement : now i know why.
/var/log/coolwsd.log … don’t work , those buggy apps. only work for script kiddies … under docker blackbox.
Nothing with “trace” debug for for collabora, nothing for nextcloud …
this is really sad.

and what value did you add with you last post?

I apologize if you hit any issues but nobody wants to spend their valuable time on our useless blaming.