Collabora online error: Requesting address is denied: ***.***.**.**| wsd/LOOLWSD.cpp:2333

ā„¹ļø Support šŸ“„ Collabora
1

Hi,

I am new to nextcloud, just installed it on Ubuntu and somehow successfully integrated with Collabora Online via docker image 2 days ago. It was working fine.

Today, Collabora gives an error and I canā€™t open LibreOffice documents any more.

The error I found is in Docker log:

wsd-00006-00042 2020-12-20 14:25:26.917499 [ websrv_poll ] WRN  convert-to: Requesting address is denied: ***.***.**.**| wsd/LOOLWSD.cpp:2333

where ***.***.**.** is my Nextcloud IP address.

docker run command I used is (well, among others) :

docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 \
--sysctl net.ipv6.conf.default.disable_ipv6=1 \
-t -d -p 127.0.0.1:9980:9980 -e 'domain=***\\.***\\.**\\.**|collab\\.my\\.domain' \
--name="jax" -e ā€œusername=***ā€ -e ā€œpassword=***ā€ \
--restart always --cap-add MKNOD \
collabora/code

Generated loolwsd.xml file on the docker container is configured as I intend to :

<host desc="Regex pattern of hostname to allow or deny." allow="true">***\.***\.**\.**|community\.minamirnd\.work</host>

What I do not understand is the error message:

address is denied: ***.***.**.**|

the last character ā€œ|ā€, I donā€™t know if it should be there at all.

(However, what I also found out is that Collabora Demo servers do not work either,
which means that it can be my Nextcloud installation problem.)

Any help will be appreciated.

Thank you in advance.

Installation information:

Nextcloud version : 20.0.4
Operating system and version : Ubuntu 20.04
Collabora : Running on Docker image

  • docker command:
docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 \
--sysctl net.ipv6.conf.default.disable_ipv6=1 \
-t -d -p 127.0.0.1:9980:9980 -e 'domain=my\\.ip\\.address\\.here|my\\.domain\\.name' \
--name="jax" -e ā€œusername=adminā€ -e ā€œpassword=adminā€ \
--restart always --cap-add MKNOD \
collabora/code

Apache : 2.4.41-4ubuntu3.1
PHP version : 7.4

Additional information:

  • Collabora docker image is running behind Apache reverse proxy.
  • Nextcloud and Collabora docker image are on the same Ubuntu server.
  • Before Collabora starts giving me error, I was trying various plugins.

Steps to replicate it:

Installation

  • Configure Nextrcloud behind reverse proxy.
  • Run Collabora via docker.

Steps

  1. Go to Nextcloud -> File
  2. Open any LibreOffice document, or create new one
  3. New window opens, but the document doesnā€™t show.
  4. Flash message ā€œFailed to load Office Online - please try laterā€ appears.
  5. docker logs [jax] shows above error
    *[jax] is my container name.
3

Iā€™m running docker-compose since its a lot easier for me to just see the configuration. It might be something you want to look into.

In terms of your error ā€“ honestly Iā€™m not sure. Loolwsd in my personal opinion is a royal pain the ass to setup ā€“ very tempormental.

Here is what my docker-compose stanza for nextcloud looks like:

  collabora:
    restart: unless-stopped
    image: collabora/code:latest
    container_name: collabora
    networks:
      - net
    ports:
#      - 127.0.0.1:9980:9980
      - 9980:9980
    cap_add:
      - MKNOD
    environment:
      - TZ=America/Chicago
      - username=admin
      - password=***PASS***
      - domain=nextcloud\.domain\.com|test\.domain\.com|nc\.domain\.com
      - DONT_GEN_SSL_CERT=1
      - server_name=loolwsd.domain.com
      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.collabora.rule=Host(`loolwsd.domain.com`)"
      - "traefik.http.routers.collabora.entrypoints=web,websecure"
      - "traefik.http.routers.collabora.tls=true"
      - "traefik.http.routers.collabora.tls.options=intermediate@file"
      - "traefik.http.routers.collabora.tls.certresolver=le"
      - "traefik.http.routers.collabora.tls.domains[0].main=loolwsd.domain.com"
      - "traefik.http.routers.collabora.tls.domains[0].sans=loolwsd.domain.com"
      - "traefik.http.routers.collabora.service=collabora"
      - "traefik.http.services.collabora.loadbalancer.server.port=9980"
      - "traefik.docker.network=net"
      - "traefik.http.routers.collabora.middlewares=collabora-headers"
      - "traefik.http.middlewares.collabora-headers.headers.customRequestHeaders.X-Forwarded-Proto=https"
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /etc/letsencrypt/certificates/certs/loolwsd.domain.com/key.pem:/etc/loolwsd/key.pem:ro
      - /etc/letsencrypt/certificates/certs/loolwsd.domain.com/cert.pem:/etc/loolwsd/cert.pem:ro
      - /etc/letsencrypt/certificates/certs/loolwsd.domain.com/cert.pem:/etc/loolwsd/ca-chain.cert.pem:ro

Honestly nothing is sticking out at my with grossly wrong with your setup.
In terms of your domain line ā€“ I believe it needs to be double slashed when using from command line and only single slashed within compose. The domain names are the domain names of any nextcloud instance or reverse proxy this is going to be forwarding to nextcloud. Iā€™m really playing with me setup and reverse proxies ā€“ hence thatā€™s why I have three entries. One is the main nextcloud instance, test and nc refer to either a nginx or traefik reverse proxy. (If you donā€™t have a reverse proxy you donā€™t need the references. Itā€™s possible you put an IP address in this field (I think ā€“ I use domain names rather than IP addresses however in theory an IP address should work). If youā€™re not using traefik as a Reverse Proxy ā€“ you need nothing in the labels section (in fact you donā€™t need a labels section at all

4

Thank you for sharing your info.

One thing to correct in my original post:

the last character ā€œ|ā€, I donā€™t know if it should be there at all.

I didnā€™t realize that it is simply a part of log formatā€¦ Itā€™s not the case that Collabora is
checking IP address with additional ā€˜|ā€™ character there.

So, this ā€˜|ā€™ has nothing to do with the error.

I will try different config later and share if anything works for my docker config.

Thanks!

P.S.
As of now, I stopped docker container and switched back to packaged Collabora, which I had difficult time making it work 3 days ago, and although there are different problems I need to solve, now LibreOffice is working again.

During the struggle I noticed one more thing.
In Nextcloud File app, when I click on the ā€œ+ā€ button to make a new file, I see 2
pairs of LibreOffice icons. The chances are that my Nextcloud is messed up with 2 different configs and giving me problemsā€¦ Will try to see this problem too.

5

I had same problems. I could create a working instance by setting extra_params. Nothing additional.

The important param that works around the error message is: --o:net.proto=IPv4

docker-compose extract:

 collabora-nc:
    container_name: 'collabora'    
    environment:
     - username=admin 
     - password=***
     - extra_params=--o:server_name=collabora\.domain\.de --o:ssl.enable=false --o:ssl.termination=true --o:net.post_allow.host=::ffff:172\.29\.0\.[0-9]+ --o:net.post_allow.host=172\.29\.0\.[0-9]+ --o:net.proto=IPv4
     - domain=domain\.de
    image: collabora/code:latest
    restart: unless-stopped        
    networks:
      - myNetwork
6

Same here : this collabora is very painfull solution ā€¦ update then itā€™s broken ! :face_with_symbols_over_mouth:

coolwsd[2657]: wsd-02657-02677 2022-02-24 00:50:59.412422 +0100 [ websrv_poll ] WRN  convert-to: Requesting address is denied: 10.110.110.125| wsd/COOLWSD.cpp:2600

But in : /etc/loolwsd/loolwsd.xml

     <post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
        <host desc="The IPv4 private 10.110.110.0/24 subnet (RPROXY1).">10\.110\.110\.125</host>
        <host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>

      </post_allow>
7

I donā€™t feel so, my Collabora works pretty good, maybe little slowā€¦

but even if you have issues what are you looking for?

If you feel there is some issue with Collabora - please file a bug in their forumā€¦ blaiming the solution without necessary details is useless.

8

nobody use those tool (collabora) in big environnement : now i know why.
/var/log/coolwsd.log ā€¦ donā€™t work , those buggy apps. only work for script kiddies ā€¦ under docker blackbox.
Nothing with ā€œtraceā€ debug for for collabora, nothing for nextcloud ā€¦
this is really sad.

9

and what value did you add with you last post?

I apologize if you hit any issues but nobody wants to spend their valuable time on our useless blaming.

11

I have downloaded a newer docker image after a lot of time and its dead too, with the exact same error message then the Thread Creator.

However I am getting an external IP Address which is Denied.
Anyway I was wise enough to keep the OLD docker image, as it its still working.
The Version that works is: 6.4.7

The Version that is not working, I donā€™t know because I just pulled it with docker.

The expectation is: just replace the image and everything is fine, just with the new version.

As I am not used with docker-compse yet, I cobbled the following start line together:

docker run -t -d -p 127.0.0.1:9980:9980 -e 'username=<user>' -e 'password=<PASS>' -e "extra_params=--o:server_name=collabora\.DOMAIN\.TLD --o:ssl.enable=false --o:ssl.termination=true --o:net.post_allow.host=::ffff:172\.29\.0\.[0-9]+ --o:net.post_allow.host=172\.29\.0\.[0-9]+ --o:net.postallow.host=xxx\.xxx\.xxx\.xxx --o:net.proto=IPv4" -e "domain=owncloud\.DOMAIN.TLD|cloud\.DOMAIN.TLD|cloud\DOMAIN.TLD|onlycloud\.DOMAIN.TLD" -v /etc/ssl/certs:/usr/share/ca-certificates/mozilla --restart always --cap-add MKNOD collabora/code

  • the xxx.xxx.xxx.xxx was the IP it complained and it was always the same.

the old parameter is the same without the now added extra_params stuff that doesnā€™t work either. Is there something else to dig up?

12

once you choose the way to self-host you must be prepared to review changes and adopt new parametersā€¦ so as in this case domain parameter was changed in version 21-11 of collabora suite, which well documented on collabora site and within this forum as well:

be aware to adopt your reverse proxy from /loolwsd to /coolwsd for newer versions as well:

this thread with provides references which helps you to understand the integration and collect the skills to run you system for long time, and this one summarizes troubleshooting technicsā€¦

1 Like
13

Hi,
thanks, it looks like I used the wrong search queries, if you refer in your inital sentence about the expectation part, that is stated somewhere in the template and I want to avoid that other people are searching for mistakes in the inital setup, like it would have never worked. So Iā€™ll go through them, I see that is more a weekend task than a quick implementation.

14

docker run -t -d -p 8880:9980 -e "aliasgroup1=https://ncloud.mydomain.com" -e "aliasgroup2=https://ncloud.mydomain.com" -e "extra_params=--o:ssl.enable=false --o:ssl.termination=true" -e "username=admin" -e "password=123456" --restart always collabora/code
I also got this frustrating log from docker.