collabora server security Alerts

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can.

The Basics

• Nextcloud Server version (e.g., 29.x.x):
  • replace me
• Operating system and version (e.g., Ubuntu 24.04):
  • replace me
• Web server and version (e.g, Apache 2.4.25):
  • replace me
• Reverse proxy and version _(e.g. nginx 1.27.2)
  • replace me
• PHP version (e.g, 8.3):
  • replace me
• Is this the first time you’ve seen this error? (Yes / No):
  • replace me
• When did this problem seem to first start?
  • replace me
• Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
  • replace me
• Are you using CloudfIare, mod_security, or similar? (Yes / No)
  • replace me

Summary of the issue you are facing:

[…]

Steps to replicate it (hint: details matter!):

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

PASTE HERE

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

PASTE

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

PASTE HERE

Apps

The output of occ app:list (if possible).

Tips for increasing the likelihood of a response

• Use the preformatted text formatting option in the editor for all log entries and configuration output.
• If screenshots are useful, feel free to include them.
  • If possible, also include key error output in text form so it can be searched for.
• Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.

Hi

I have updated Nextcloud AIO to the latest version yesterday but when i try to open a document these 2 alerts shows. 1- Documents are not effectively contained: missing capabilities or namespaces 2- slow kit jail setup with copying, cannot bind-mount

Hello @reza_fathi,
welcome to the community of Nextcloud

You started a topic in support category. Unfortunately you ignored the template and a lot of information to help you is missing. Please edit your original post and add all required details like Nextcloud version, webserver type and version, os version, related log file content. Use the support template.

Without additional information the community members cannot help you.

Regards,
wwe

The Basics

• Nextcloud Server version (e.g., 29.x.x):

  • Nextcloud Hub 10 (31.0.10)

• Operating system and version (e.g., Ubuntu 24.04):

  • Ubuntu 24.04.3 LTS (GNU/Linux 6.8.0-87-generic x86_64)

• Web server and version (e.g, Apache 2.4.25):

  • 2.4.65
    

• Reverse proxy and version _(e.g. nginx 1.27.2)

  • nginx reverse proxy manager version: openresty/1.25.3.2

• PHP version (e.g, 8.3):

  • 8.3.26

• Is this the first time you’ve seen this error? (Yes / No):

  • Yes

• When did this problem seem to first start?

  • After my last AIO (Docker) update

• Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)

  • Docker AIO

• Are you using CloudfIare, mod_security, or similar? (Yes / No)

  • No. Internal use only (home lab).

Summary of the issue you are facing:

I’m having the same problem as @reza_fathi. When I try to open a document (managed by Collabora), on my main computer or my phone Android app, these 2 alerts shows.

1- Documents are not effectively contained: missing capabilities or namespaces

2- Slow Kit jail setup with copying, cannot bind-mount

Steps to replicate it (hint: details matter!):

1. Navigate to any file handled by Collabora.

2. Open it.

3. See the Alert message.

Log entries

Error | webdav | ServiceUnavailable Sabre\DAV\Exception\NotFound:
	
Error | no app in context | NotFound Exception thrown: Sabre\DAV\Exception\NotFound | Exception thrown: Sabre\DAV\Exception\NotFound

No older log entries available

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

PASTE

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

PASTE HERE

Apps

Enabled:

• activity: 4.0.0
• admin_audit: 1.21.0
• bruteforcesettings: 4.0.0
• calendar: 5.5.9
• circles: 31.0.0
• comments: 1.21.0
• contacts: 7.3.6
• contactsinteraction: 1.12.1
• dashboard: 7.11.0
• deck: 1.15.4
• dicomviewer: 2.3.1
• drawio: 3.1.2
• external: 6.0.2
• federation: 1.21.0
• files_3dmodelviewer: 0.0.16
• files_downloadlimit: 4.0.0
• files_pdfviewer: 4.0.0
• files_reminders: 1.4.0
• files_sharing: 1.23.1
• files_trashbin: 1.21.0
• files_versions: 1.24.0
• firstrunwizard: 4.0.0
• logreader: 4.0.0
• memories: 7.7.0
• nextcloud-aio: 0.8.0
• nextcloud_announcements: 3.0.0
• notes: 4.12.3
• notifications: 4.0.0
• notify_push: 1.2.1
• password_policy: 3.0.0
• photos: 4.0.0
• previewgenerator: 5.10.0
• privacy: 3.0.0
• recommendations: 4.0.0
• related_resources: 2.0.0
• richdocuments: 8.7.6
• serverinfo: 3.0.0
• sharebymail: 1.21.0
• support: 3.0.0
• survey_client: 3.0.0
• systemtags: 1.21.1
• tasks: 0.17.1
• text: 5.0.2
• twofactor_totp: 13.0.0-dev.0
• updatenotification: 1.21.0
• user_status: 1.11.0
• weather_status: 1.11.0
• webhook_listeners: 1.2.0
  Disabled:
• app_api: 4.0.5
• encryption
• files_external
• suspicious_login
• twofactor_nextcloud_notification
• user_ldap

Tips for increasing the likelihood of a response

• Use the preformatted text formatting option in the editor for all log entries and configuration output.

• If screenshots are useful, feel free to include them.

  • If possible, also include key error output in text form so it can be searched for.

• Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.

Hello,

I’m having the same problem as @reza_fathi. When I try to open a document (managed by Collabora), on my main computer or my phone Android app, these 2 alerts shows.

1- Documents are not effectively contained: missing capabilities or namespaces

2- Slow Kit jail setup with copying, cannot bind-mount

since we have no idea how you’ve set up collabora, you can disable server audits to hide the messages. but that’s a workaround and not a solution!

workaround and not a solution!

-- logging.disable_server_audit=true # enable disable server audit 

I am having the same issue.

image624×494 12.1 KB

I am using Caddy as a reverse proxy (if it matters).
This is a new install (today) of Nextcloud AIO. Using the built in Collabora container.

My Caddy block is (again, if it matters):

SubDomain.MyDomain.com {
        import logging nextcloud-aio
        reverse_proxy 10.3.0.249:11000 {
          header_up Host {http.reverse_proxy.upstream.hostport}
          header_up X-Forwarded-Host {host}
    }
        # Handle WebDAV redirects for CardDAV and CalDAV
        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301
        header {
        #Strict-Transport-Security max-age=15552000;
    }
}

Hey everyone,