Collabora: open document fails with 404 Not Found (while CheckFileInfo header succeeds)

chaos_prevails · October 26, 2016, 6:07pm

Dear nextcloud community,

(note: I cannot add more than two links, therefore all https are replaced by XXXXS)

With a fresh install of nextcloud (on ubuntu 16.04 server 64bit) and following the guide at XXXXS://nextcloud.com/collaboraonline/, I get a 404 Not Found error in the docker logs (opening the URL in my browser gives back “false”) and a “Well, this is embarrassing, we cannot connect to your document. Please try again.” in the nextcloud interface.

My configuration:

Nextcloud + collabora on the same server with different subdomains (nc.domain.org
and co.domain.org)
valid wildcard certificate (*.domain.org) for both
behind a firewall but server and testing-client have host entries (so nc.domain.org and co.domain.org resolve to internal IP)

apache nextcloud config:

<VirtualHost *:80>
   ServerName nc.DOMAIN.org
   DocumentRoot /var/www/nextcloud
   RedirectPermanent / XXXXs://nc.DOMAIN.org
#       ErrorLog logs/nextcloud/error_log
#       TransferLog logs/nextcloud/access_log
</VirtualHost>

<VirtualHost *:443>
 DocumentRoot "/var/www/nextcloud"

 SSLEngine on
 SSLCertificateFile /etc/apache2/ssl/wildcard.DOMAIN.org.pem
 SSLCertificateKeyFile /etc/apache2/ssl/wildcard.DOMAIN.org.key
 SSLCACertificateFile /etc/apache2/ssl/alphassl-intermediate-sha256.crt
 ServerName nc.DOMAIN.org
 Header always add Strict-Transport-Security "max-age=15768000; includeSubdomains; preload"

 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory /var/www/nextcloud/>
 Options +FollowSymlinks
 AllowOverride All

 <IfModule mod_dav.c>
 Dav off
 </IfModule>

 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud
 Satisfy Any

</Directory>

</VirtualHost>

apache collabora config

<VirtualHost *:80>
   ServerName co.DOMAIN.org
   RedirectPermanent / XXXXS://co.DOMAIN.org
#       ErrorLog logs/collabora/error_log
#       TransferLog logs/collabora/access_log
</VirtualHost>

<VirtualHost *:443>
  ServerName co.DOMAIN.org:443

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/wildcard.DOMAIN.org.pem
  SSLCertificateKeyFile /etc/apache2/ssl/wildcard.DOMAIN.org.key
  SSLCertificateChainFile /etc/apache2/ssl/alphassl-intermediate-sha256.crt
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes On

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet XXXXS://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet XXXXS://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery XXXXS://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery XXXXS://127.0.0.1:9980/hosting/discovery

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool XXXXS://127.0.0.1:9980/lool
  ProxyPassReverse    /lool XXXXS://127.0.0.1:9980/lool
</VirtualHost>

docker version:
Client:
Version: 1.12.1
API version: 1.24
Go version: go1.6.2
Git commit: 23cf638
Built: Tue, 27 Sep 2016 12:25:38 +1300
OS/Arch: linux/amd64

Server:
 Version:      1.12.1
 API version:  1.24
 Go version:   go1.6.2
 Git commit:   23cf638
 Built:        Tue, 27 Sep 2016 12:25:38 +1300
 OS/Arch:      linux/amd64

docker output:

......
    e[37mwsd-00024-04 00:01:01.034374 [ client_ws_0002 ] WOPI::CheckFileInfo header for URI [XXXXS://nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/227?access_token=4TgYY4r6RGTVA8IVGY9RMQirI2dAVo9m]: 
        Date: Wed, 26 Oct 2016 17:29:09 GMT /     Server: Apache/2.4.7 (Ubuntu) /     Content-Length: 337 /     Connection: close /     Content-Type: text/html; charset=iso-8859-1 / e[0m 
    e[37mwsd-00024-04 00:01:01.034456 [ client_ws_0002 ] WOPI::CheckFileInfo returned: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 
    <html><head> 
    <title>404 Not Found</title> 
    </head><body> 
    <h1>Not Found</h1> 
    <p>The requested URL /index.php/apps/richdocuments/wopi/files/227 was not found on this server.</p> 
    <hr> 
    <address>Apache/2.4.7 (Ubuntu) Server at nc.DOMAIN.org Port 443</address> 
    </body></html> 
    e[0m 
    e[1me[31mwsd-00024-04 00:01:01.034491 [ client_ws_0002 ] WOPI::CheckFileInfo is missing JSON payloade[0m 
    e[39mwsd-00024-04 00:01:01.034683 [ client_ws_0002 ] After checkfileinfo: e[0m 
    e[39mwsd-00024-04 00:01:01.034903 [ client_ws_0002 ] ~DocumentBroker [XXXXS://nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/227?access_token=4TgYY4r6RGTVA8IVGY9RMQirI2dAVo9m] destroyed with 0 sessions left.e[0m 
    e[39mwsd-00024-04 00:01:01.034950 [ client_ws_0002 ] ~ChildProcess dtor [42].e[0m 
    e[1me[33mkit-00042-00 00:01:01.009222 [ loolkit ] Connection closed.e[0m 
    e[39mkit-00042-00 00:01:01.009284 [ loolkit ] SocketProcessor finishing. TerminationFlag: 0, n: 2, payload size: 2, flags: 88e[0m 
    e[39mkit-00042-00 00:01:01.009316 [ loolkit ] SocketProcessor finished.e[0m 
    e[39mkit-00042-00 00:01:01.009339 [ loolkit ] Removing '/lo'e[0m 
    e[39mkit-00042-00 00:01:01.273096 [ loolkit ] Removing '/user/docs/'e[0m 
    e[1me[33mwsd-00024-00 00:01:01.299134 [ prison_ws ] Connection closed.e[0m 
    e[39mwsd-00024-00 00:01:01.299187 [ prison_ws ] SocketProcessor finishing. TerminationFlag: 0, n: 0, payload size: 0, flags: 0e[0m 
    e[39mwsd-00024-00 00:01:01.299232 [ prison_ws ] SocketProcessor finished.e[0m 
    e[39mwsd-00024-04 00:01:01.299341 [ client_ws_0002 ] Closing child [42].e[0m 
    e[1me[31mwsd-00024-04 00:01:01.299382 [ client_ws_0002 ] ClientRequestHandler::handleRequest: BadRequestException: Invalid URI or access denied.e[0m 
    e[37mwsd-00024-04 00:01:01.299405 [ client_ws_0002 ] Already sent response!?e[0m 
    e[37mwsd-00024-04 00:01:01.299421 [ client_ws_0002 ] Thread finished.e[0m 
    e[39mkit-00042-00 00:01:02.273870 [ loolkit ] Process finished.e[0m 
    e[39mfrk-00033-00 00:01:03.059539 [ loolforkit ] Child 42 has exited, removing its jail '/opt/lool/child-roots/42'e[0m 
    e[37mwsd-00024-10 00:01:05.149681 [ loolwsd ] Total memory used: 167060e[0m 
    e[39mwsd-00024-02 00:01:15.445543 [ client_req_hdl ] Request from 172.17.0.1:41466: GET /hosting/discovery HTTP/1.1 / Host: co.DOMAIN.org / User-Agent: ownCloud Server Crawler / X-Forwarded-For: 10.11.1.29 / X-Forwarded-Host: co.DOMAIN.org / X-Forwarded-Server: co.DOMAIN.org / Connection: closee[0m 
    e[37mwsd-00024-02 00:01:15.445653 [ client_req_hdl ] Handling GET: /hosting/discoverye[0m 
    e[37mwsd-00024-02 00:01:15.445717 [ client_ws_0003 ] Thread started.e[0m 
    e[37mwsd-00024-02 00:01:15.451501 [ client_ws_0003 ] Sent discovery.xml successfully.e[0m 
    e[37mwsd-00024-02 00:01:15.451894 [ client_ws_0003 ] Already sent response!?e[0m 
    e[37mwsd-00024-02 00:01:15.452259 [ client_ws_0003 ] Thread finished.e[0m 
    e[39mwsd-00024-04 00:01:15.820141 [ client_req_hdl ] Request from 172.17.0.1:41470: POST /loleaflet/1.8.5/loleaflet.html?WOPISrc=XXXXS%3A%2F%2Fnc.DOMAIN.org%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F4&title=About.odt&lang=en&closebutton=1&revisionhistory=1 HTTP/1.1 / Host: co.DOMAIN.org / Cache-Control: max-age=0 / Origin: null / Upgrade-Insecure-Requests: 1 / User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/53.0.2785.143 Chrome/53.0.2785.143 Safari/537.36 / Content-Type: application/x-www-form-urlencoded / Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 / Accept-Encoding: gzip, deflate, br / Accept-Language: en-US,en;q=0.8 / Cookie: __utma=67340112.1145797696.1470734957.1470734957.1470734957.1; __utmz=67340112.1470734957.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) / X-Forwarded-For: 10.11.1.30 / X-Forwarded-Host: co.DOMAIN.org / X-Forwarded-Server: co.DOMAIN.org / Connection: close / Content-Length: 45e[0m 
    e[37mwsd-00024-04 00:01:15.820397 [ client_req_hdl ] Preprocessing file: /usr/share/loolwsd//loleaflet/dist/loleaflet.htmle[0m 
    e[39mwsd-00024-02 00:01:16.371985 [ client_req_hdl ] Request from 172.17.0.1:41474: GET /lool/XXXXS%253A%252F%252Fnc.DOMAIN.org%252Findex.php%252Fapps%252Frichdocuments%252Fwopi%252Ffiles%252F4%3Faccess_token=6lybwD4G8KJplVvCbkhAru6JX0XMtPV4/ws HTTP/1.1 / Host: co.DOMAIN.org / Pragma: no-cache / Cache-Control: no-cache / Origin: XXXXS://co.DOMAIN.org / Sec-WebSocket-Version: 13 / User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/53.0.2785.143 Chrome/53.0.2785.143 Safari/537.36 / Accept-Encoding: gzip, deflate, sdch, br / Accept-Language: en-US,en;q=0.8 / Cookie: __utma=67340112.1145797696.1470734957.1470734957.1470734957.1; __utmz=67340112.1470734957.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) / Sec-WebSocket-Key: Ku3rAnOzlkEizyFblK/85g== / Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits / X-Forwarded-For: 10.11.1.30 / X-Forwarded-Host: co.DOMAIN.org / X-Forwarded-Server: co.DOMAIN.org / Upgrade: WebSocket / Connection: Upgradee[0m 
    e[37mwsd-00024-02 00:01:16.372402 [ client_req_hdl ] Handling GET: /lool/XXXXS%253A%252F%252Fnc.DOMAIN.org%252Findex.php%252Fapps%252Frichdocuments%252Fwopi%252Ffiles%252F4%3Faccess_token=6lybwD4G8KJplVvCbkhAru6JX0XMtPV4/wse[0m 
    e[37mwsd-00024-02 00:01:16.372449 [ client_ws_0004 ] Thread started.e[0m 
    e[39mwsd-00024-02 00:01:16.372777 [ client_ws_0004 ] Starting GET request handler for session [0004].e[0m 
    e[37mwsd-00024-02 00:01:16.372812 [ client_ws_0004 ] Sending to Client [statusindicator: find].e[0m 
    e[37mwsd-00024-02 00:01:16.372960 [ client_ws_0004 ] getNewChild: Have 3 children, forking 0e[0m 
    e[37mwsd-00024-02 00:01:16.373026 [ client_ws_0004 ] getNewChild: Returning new child [43].e[0m 
    e[37mwsd-00024-02 00:01:16.373052 [ client_ws_0004 ] New DocumentBroker for docKey [nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/4].e[0m 
    e[39mwsd-00024-02 00:01:16.373087 [ client_ws_0004 ] DocumentBroker [XXXXS://nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/4?access_token=6lybwD4G8KJplVvCbkhAru6JX0XMtPV4] created. DocKey: [nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/4]e[0m 
    e[39mwsd-00024-02 00:01:16.373151 [ client_ws_0004 ] Validating: XXXXS://nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/4?access_token=6lybwD4G8KJplVvCbkhAru6JX0XMtPV4e[0m 
    e[39mwsd-00024-02 00:01:16.373175 [ client_ws_0004 ] Public URI [XXXXS://nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/4?access_token=6lybwD4G8KJplVvCbkhAru6JX0XMtPV4] considered WOPI.e[0m 
    e[37mwsd-00024-02 00:01:16.373260 [ client_ws_0004 ] Storage ctor: XXXXS://nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/4?access_token=6lybwD4G8KJplVvCbkhAru6JX0XMtPV4e[0m 
    e[39mwsd-00024-02 00:01:16.373286 [ client_ws_0004 ] WopiStorage ctor with localStorePath: [], jailPath: [], uri: [XXXXS://nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/4?access_token=6lybwD4G8KJplVvCbkhAru6JX0XMtPV4].e[0m 
    e[37mwsd-00024-02 00:01:16.373309 [ client_ws_0004 ] Getting info for wopi uri [XXXXS://nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/4?access_token=6lybwD4G8KJplVvCbkhAru6JX0XMtPV4].e[0m 
    e[37mwsd-00024-02 00:01:16.384594 [ client_ws_0004 ] WOPI::CheckFileInfo header for URI [XXXXS://nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/4?access_token=6lybwD4G8KJplVvCbkhAru6JX0XMtPV4]: 
        Date: Wed, 26 Oct 2016 17:29:24 GMT /     Server: Apache/2.4.7 (Ubuntu) /     Content-Length: 335 /     Connection: close /     Content-Type: text/html; charset=iso-8859-1 / e[0m 
    e[37mwsd-00024-02 00:01:16.384700 [ client_ws_0004 ] WOPI::CheckFileInfo returned: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 
    <html><head> 
    <title>404 Not Found</title> 
    </head><body> 
    <h1>Not Found</h1> 
    <p>The requested URL /index.php/apps/richdocuments/wopi/files/4 was not found on this server.</p> 
    <hr> 
    <address>Apache/2.4.7 (Ubuntu) Server at nc.DOMAIN.org Port 443</address> 
    </body></html> 
    e[0m 
    e[1me[31mwsd-00024-02 00:01:16.384742 [ client_ws_0004 ] WOPI::CheckFileInfo is missing JSON payloade[0m 
    e[39mwsd-00024-02 00:01:16.384947 [ client_ws_0004 ] After checkfileinfo: e[0m 
    e[39mwsd-00024-02 00:01:16.385163 [ client_ws_0004 ] ~DocumentBroker [XXXXS://nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/4?access_token=6lybwD4G8KJplVvCbkhAru6JX0XMtPV4] destroyed with 0 sessions left.e[0m 
    e[39mwsd-00024-02 00:01:16.385195 [ client_ws_0004 ] ~ChildProcess dtor [43].e[0m 
    e[1me[33mkit-00043-00 00:01:16.359456 [ loolkit ] Connection closed.e[0m 
    e[39mkit-00043-00 00:01:16.359523 [ loolkit ] SocketProcessor finishing. TerminationFlag: 0, n: 2, payload size: 2, flags: 88e[0m 
    e[39mkit-00043-00 00:01:16.359553 [ loolkit ] SocketProcessor finished.e[0m 
    e[39mkit-00043-00 00:01:16.359574 [ loolkit ] Removing '/lo'e[0m 
    e[39mkit-00043-00 00:01:16.638123 [ loolkit ] Removing '/user/docs/'e[0m 
    e[1me[33mwsd-00024-00 00:01:16.664154 [ prison_ws ] Connection closed.e[0m 
    e[39mwsd-00024-00 00:01:16.664198 [ prison_ws ] SocketProcessor finishing. TerminationFlag: 0, n: 0, payload size: 0, flags: 0e[0m 
    e[39mwsd-00024-00 00:01:16.664240 [ prison_ws ] SocketProcessor finished.e[0m 
    e[39mwsd-00024-02 00:01:16.664519 [ client_ws_0004 ] Closing child [43].e[0m 
    e[1me[31mwsd-00024-02 00:01:16.664617 [ client_ws_0004 ] ClientRequestHandler::handleRequest: BadRequestException: Invalid URI or access denied.e[0m 
    e[37mwsd-00024-02 00:01:16.664819 [ client_ws_0004 ] Already sent response!?e[0m 
    e[37mwsd-00024-02 00:01:16.664916 [ client_ws_0004 ] Thread finished.e[0m 
    e[39mkit-00043-00 00:01:17.638763 [ loolkit ] Process finished.e[0m 
    e[39mfrk-00033-00 00:01:18.165925 [ loolforkit ] Child 43 has exited, removing its jail '/opt/lool/child-roots/43'e[0m ......

OC_appconfig:

('richdocuments', 'doc_format', 'odf'),
('richdocuments', 'edit_groups', ''),
('richdocuments', 'enabled', 'yes'),
('richdocuments', 'installed_version', '1.1.9'),
('richdocuments', 'ocsid', '174727'),
('richdocuments', 'types', ''),
('richdocuments', 'wopi_url', 'XXXXS://co.DOMAIN.org:443'),

The row wopi_url didn’t exist and I added it manually

the infoheader URI (e.g. XXXXS://nc.DOMAIN.org/index.php/apps/richdocuments/wopi/files/4?access_token=6lybwD4G8KJplVvCbkhAru6JX0XMtPV4 ) finds information about the file (e.g. filename)

http://co.DOMAIN.org is redirected to XXXXS, http://nc.DOMAIN.org is redirected to XXXXS (see apache config).

I already found the thread about the

ClientRequestHandler::handleRequest: BadRequestException: Invalid URI or access denied.

error, but I have a 404 even before. So hopefully there is a solution to this?

thank you and kind regards,
Tim