Collabora problem after upgrade to 3.6.0

Adding those lines to apache’s config file works perfect.

It doesn’t seem to be a bug, but an improvement.

As a suggestion, the warning message telling that collabora is not well configured could be more accurate, or address a link with an explanation.

Anyway, thank you for improving the app!!! I find it one of the most usefull ones for nextcloud platform.

Hello,
Thanks, it works for me with the nginx configuration. I added the following lines :
# Capabilities

    location ^~ /hosting/capabilities {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

But I had a bad gateway Nginx webpage. I tried to update collabora with docker pull collabora/code. You can find all command lines at this webpage :

After update, everything was ok.

1 Like

Thank you!
I added Capabilities and now everything works fine for Nginx/FPM as well.

Thanks, that worked for me too. Using nginx as proxy :wink:

The only thing i had to do on top of changing the nginx config i had to click the “save” button on Collaboras settings page.

1 Like

The problem remains. I updated the application, made changes to the host configuration and restarted Apache.
I even compared character configuration of the host with the configuration on the site, the differences are only in the address of the site and the path to the certificates.
In the settings of the Collabora Online I enter the server address I click save it shows that everything is fine but it costs to refresh the page or re-enter the settings everything stops working.
Returned to version 3.5.3 :frowning_face:

Maybe you intermixed http and https in the prox config?

No, here is the host configuration for connecting Collabora
I indicate in the application settings https://office.domain.com:443

<VirtualHost *:443>
ServerName office.domain.com:443

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder     on
AllowEncodedSlashes NoDecode

SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
ProxyPreserveHost On

ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

ProxyPass           /lool https://127.0.0.1:9980/lool
ProxyPassReverse    /lool https://127.0.0.1:9980/lool

ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
</VirtualHost>
1 Like

Would the self-signed certificate be the problem?

I am using self-signed certificate for both cloud and office server. And those works fine just before update to 3.6.0, or after downgrade to 3.5.3.

The missing of "ProxyPass /hosting/capabilities " should not be the only reason.
In my system, those "ProxyPass /hosting/capabilities " always exist, and the docker Collabora Online server is the new installed one. The 2.5.3 works fine, however not for 3.6.0.

I should change from

ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0

To

ProxyPass           /loleaflet https://server.domain.com:9980/loleaflet retry=0

And add to the hosts the line
127.0.0.1 server.domain.com

These change was due to the certificate that fails when use directly 127.0.0.1 because the certificate was registered for server.domain.com

Hi,
I run a nextcloud installation via the same script.
What exactly did you do to get it working?
I tried appending the 2 lines at the end of office.mydomain.com.conf but that didn’t work for me.

My config file:
<VirtualHost *:443>
ServerName office.mydomain.com:443

  <Directory /var/www>
  Options -Indexes
  </Directory>

  # TLS configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateChainFile /etc/letsencrypt/live/office.mydomain.com/chain.pem
  SSLCertificateFile /etc/letsencrypt/live/office.mydomain.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/office.mydomain.com/privkey.pem
  SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/office.mydomain.com/dhparam.pem
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA38>
  SSLHonorCipherOrder     on
  SSLCompression off

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool

  # Endpoint with information about availability of various features
  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
</VirtualHost>

Hi alivansheikh,

These are the only things I do :

  • edit the /etc/apache2/sites-available/collabora.my-domain.net.conf with the content below.
  • then restart apache2.

The only differences seems to be the position of the 2 lines, not at the end for me, and the content of the SSLCipherSuite variable (yours seems to be cut at position 189 and end with >) :

<VirtualHost *:443>
  ServerName collabora.my-domain.net:443

  <Directory /var/www>
  Options -Indexes
  </Directory>

  # TLS configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateChainFile /etc/letsencrypt/live/collabora.my-domain.net/chain.pem
  SSLCertificateFile /etc/letsencrypt/live/collabora.my-domain.net/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/collabora.my-domain.net/privkey.pem
  SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/collabora.my-domain.net/dhparam.pem
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on
  SSLCompression off

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Endpoint with information about availability of various features
  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>

I have found the right reason of why can’t connect to my Collabora Online server, however don’t know how to solve it.

Reason: in richdocument 3.6.0, can’t set ports to others instead of 443 ?

In my wan network, port 443 is shielded. So that I set a port forwarding rule in my router.

External port: 54321, Internal Port: 443, Protocol: tcp , Ip: Ip of my centos server

and then using the External port ( https://office.domain.name:54321 ) to vist my Collabora Online server form internet. It works fine in richdocument 3.5.3.

I just tested it in the lan network under my router. And set the “URL (and Port) of Collabora Online-server” to https://office.domain.name:443 or https://office.domain.name, then it says: Collabora Online server is reachable. However, Unreachable for https://office.domain.name:54321, and at the same time in my a nother nextcloud test server installed with richdocument 3.5.3, the https://office.domain.name:54321 still works fine.

So I think I have found this bug.

Any suggestion to solve this?

I have opened anoter Post on this issue: Can't set to other ports instead of 443 in richdocument 3.6.0?

I’m running Collabora Office not in a container and I’m getting this issue with the 3.6.0 app.

My reverse proxy conf is nearly identical (aside from some letsencrypt settings) to c.caterina’s and one_player’s settings.

I’m not sure if it’s relevant, but I’m also getting

May 26 09:15:15 myhost loolwsd[27300]: wsd-27300-27417 2020-05-26 13:15:15.625710 [ websrv_poll ] ERR  Socket #22 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:291
May 26 09:15:15 myhost loolwsd[27300]: wsd-27300-27417 2020-05-26 13:15:15.625799 [ websrv_poll ] ERR  Error while handling poll for socket #22 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| net/Socket.cpp:308
May 26 09:15:15 myhost loolwsd[27300]: wsd-27300-27417 2020-05-26 13:15:15.699817 [ websrv_poll ] ERR  Socket #22 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:291

From loolwsd (journalctl | grep loolwsd).

I’m debating keeping Collabora Online running given the issues I get updating loolwsd every time and having to watch the Nextcloud App version so closely.

@C.Catarina perhaps the version of collabora is an issue.
I also did the changes by the above users.
The most frustrating thing is , it forces to update the collabora package to 3.6.0 after detecting more than 100 users in setup.
The logs suggests the reverse proxy is getting 403 --> Access denied.

I’ll wait for the next version of collabora.

After snap was updated to the last version, Collabora stop work.
Get error - Could not establish a connection to the Collabora Online server.
No firewall. All worked fine before the update.

OK, I figured out my own issue with this. In my reverse proxy I had

  # Capabilities
  ProxyPass           /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities

When I needed

  # Capabilities
  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

I discovered this by going to my Collabora site

https://office.mysite.net//hosting/capabilities

And getting a proxy error.

I also tested the discovery proxy path redirects:

https://office.mysite.net//hosting/discovery

If you can’t get to those proxys from your browser, your Nextcloud wont be able to get to them either.

Of course after I fixed this issue, I went back to not being able to save my documents, apparently due to user keys.

I found two another thread that mentions that

Back to 3.5.0 for now.

Worked for me too!

1 Like

Thanks everyone! This is now fixed in the Nextcloud VM as well.

1 Like

Actions that helped me.

  1. Update docker img
  • grab new docker image:
    docker pull collabora/code

  • List docker images:
    docker ps
    stop and remove the Collabora Online docker image (id = output from command docker ps):
    docker stop ID
    docker rm ID

  1. Fix the host configuration file
  • Added and verified on the manual page [collaboraonline](https://nextcloud.com/collaboraonline/) Scroll to point 3
  1. Update the application
  • Log in to your admin panel ‘Nextcloud’ and update the application ‘Collabora Online’
  1. Restart Apache
  • My OS CentOS7 and i use
    systemctl restart httpd
  1. Launch docker container
  • start the new image:
    docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=office\\.my-domain\\.com' --restart always --cap-add MKNOD collabora/code
  1. Restart the docker service
  • My OS CentOS7 ana i use
    systemctl restart docker

After these steps my system worked with a new application. Edit and save doc work.