Collabora Set-up - guidance

  • Nextcloud Server version (e.g., 29.x.x):
    • 30.0.4
  • Operating system and version (e.g., Ubuntu 24.04):
  • When did this problem seem to first start?
    • After installation of collabora container
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • Linuxserver.io nextcloud docker image + mariadb + swag
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • no

Summary of the issue you are facing:

I am not sure if I have set-up collabora correctly. It works but I have frequent errors in the logs. I am concerned that this is causing performance issues.

This error appears in batches of about 5 when I use collabora, and then stops for a while:(see log section)

Steps to replicate it:

  1. Install collabora docker-compose
  2. Open file
  3. See log

Log entries

[richdocuments] Info: Failed to convert preview: cURL error 28: Resolving timed out after 5002 milliseconds (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://collabora.xxxxxxxxxxxxxxxxx/cool/convert-to/png GET /core/preview?fileId=1710799&x=128&y=128&mimeFallback=true&v=9d6f1d&a=0 from 192.168.1.1 by xxxxxxx at Jan 7, 2025, 2:27:34 PM

[richdocuments] Error: Failed to convert preview: cURL error 28: Resolving timed out after 5002 milliseconds (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://collabora.xxxxxxxxxxxxxxxxxxx/cool/convert-to/png GET /core/preview?fileId=1710799&x=128&y=128&mimeFallback=true&v=9d6f1d&a=0 from 192.168.1.1 by xxxxxxx at Jan 7, 2025, 2:27:34 PM

Nextcloud RAW Log

{"reqId":"SyMKjOaNl0RPVoGbW4ji","level":1,"time":"2025-01-07T14:27:34+00:00","remoteAddr":"192.168.1.1","user":"rowan","app":"richdocuments","method":"GET","url":"/core/preview?fileId=1710799&x=128&y=128&mimeFallback=true&v=9d6f1d&a=0","message":"Failed to convert preview: cURL error 28: Resolving timed out after 5002 milliseconds (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://collabora.nc28.duckdns.org/cool/convert-to/png","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36","version":"30.0.4.1","exception":{"Exception":"GuzzleHttp\\Exception\\ConnectException","Message":"cURL error 28: Resolving timed out after 5002 milliseconds (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://collabora.nc28.duckdns.org/cool/convert-to/png","Code":0,"Trace":[{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","line":158,"function":"createRejection","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","line":110,"function":"finishError","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::"},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php","line":47,"function":"finish","class":"GuzzleHttp\\Handler\\CurlFactory","type":"::"},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":142,"function":"__invoke","class":"GuzzleHttp\\Handler\\CurlHandler","type":"->"},{"file":"/app/www/public/lib/private/Http/Client/DnsPinMiddleware.php","line":109,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php","line":64,"function":"OC\\Http\\Client\\{closure}","class":"OC\\Http\\Client\\DnsPinMiddleware","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":31,"function":"__invoke","class":"GuzzleHttp\\PrepareBodyMiddleware","type":"->"},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php","line":71,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":66,"function":"__invoke","class":"GuzzleHttp\\RedirectMiddleware","type":"->"},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/HandlerStack.php","line":75,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Client.php","line":333,"function":"__invoke","class":"GuzzleHttp\\HandlerStack","type":"->"},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Client.php","line":169,"function":"transfer","class":"GuzzleHttp\\Client","type":"->"},{"file":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Client.php","line":189,"function":"requestAsync","class":"GuzzleHttp\\Client","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/lib/private/Http/Client/Client.php","line":276,"function":"request","class":"GuzzleHttp\\Client","type":"->"},{"file":"/config/www/nextcloud/apps/richdocuments/lib/Service/RemoteService.php","line":92,"function":"post","class":"OC\\Http\\Client\\Client","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/config/www/nextcloud/apps/richdocuments/lib/Service/RemoteService.php","line":72,"function":"convertTo","class":"OCA\\Richdocuments\\Service\\RemoteService","type":"->"},{"file":"/config/www/nextcloud/apps/richdocuments/lib/Preview/Office.php","line":41,"function":"convertFileTo","class":"OCA\\Richdocuments\\Service\\RemoteService","type":"->"},{"file":"/app/www/public/lib/private/Preview/GeneratorHelper.php","line":44,"function":"getThumbnail","class":"OCA\\Richdocuments\\Preview\\Office","type":"->"},{"file":"/app/www/public/lib/private/Preview/Generator.php","line":337,"function":"getThumbnail","class":"OC\\Preview\\GeneratorHelper","type":"->"},{"file":"/app/www/public/lib/private/Preview/Generator.php","line":313,"function":"generateProviderPreview","class":"OC\\Preview\\Generator","type":"->"},{"file":"/app/www/public/lib/private/Preview/Generator.php","line":119,"function":"getMaxPreview","class":"OC\\Preview\\Generator","type":"->"},{"file":"/app/www/public/lib/private/Preview/Generator.php","line":86,"function":"generatePreviews","class":"OC\\Preview\\Generator","type":"->"},{"file":"/app/www/public/lib/private/PreviewManager.php","line":167,"function":"getPreview","class":"OC\\Preview\\Generator","type":"->"},{"file":"/app/www/public/core/Controller/PreviewController.php","line":159,"function":"getPreview","class":"OC\\PreviewManager","type":"->"},{"file":"/app/www/public/core/Controller/PreviewController.php","line":123,"function":"fetchPreview","class":"OC\\Core\\Controller\\PreviewController","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/Http/Dispatcher.php","line":208,"function":"getPreviewByFileId","class":"OC\\Core\\Controller\\PreviewController","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/Http/Dispatcher.php","line":114,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/app/www/public/lib/private/Route/Router.php","line":302,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/app/www/public/lib/base.php","line":1003,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/app/www/public/index.php","line":24,"function":"handleRequest","class":"OC","type":"::"}],"File":"/app/www/public/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php","Line":210,"message":"Failed to convert preview: cURL error 28: Resolving timed out after 5002 milliseconds (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://collabora.nc28.duckdns.org/cool/convert-to/png","exception":[],"CustomMessage":"Failed to convert preview: cURL error 28: Resolving timed out after 5002 milliseconds (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://collabora.nc28.duckdns.org/cool/convert-to/png"},"id":"677d3eea4cda8"}

Configuration

Nextcloud Compose

services:
  nextcloud:
    image: ghcr.io/linuxserver/nextcloud:latest
    container_name: nextcloud
    network_mode: swag_default
    environment:
      - PUID=1001
      - PGID=100
      - REDIS_HOST=redis
      - REDIS_PORT=6379
      - REDIS_HOST_PASSWORD=xxxxxxxxxxxxxxxx
    volumes:
      - /srv/dev-disk-by-uuid-c3060981-d75c-4ea9-8285-2333c24522df/nextcloud:/config
      - /srv/dev-disk-by-uuid-c3060981-d75c-4ea9-8285-2333c24522df/nextcloud-data:/data
      - /srv/dev-disk-by-uuid-98804e17-cc15-4de0-bd6d-db601baa8792/ncpreviews:/data/appdata_ocrue0s1tf5r/preview
      - /etc/localtime:/etc/localtime:ro
      
    depends_on:
      - mariadb
    restart: unless-stopped
  mariadb:
    image: ghcr.io/linuxserver/mariadb:latest
    container_name: nextclouddb
    network_mode: swag_default
    environment:
      - PUID=1001
      - PGID=100
      - MYSQL_ROOT_PASSWORD=xxxxxxxxxxx
      - TZ=Etc/GMT
    volumes:
      - /srv/dev-disk-by-uuid-c3060981-d75c-4ea9-8285-2333c24522df/mariadb:/config
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped

  redis:
    image: redis
    container_name: redis
    hostname: redis
    network_mode: swag_default
    environment:
      - PUID=1001
      - PGID=100
      - TZ=Etc/GMT
    command: redis-server --requirepass xxxxxxxxxxxxxxxxx
    restart: unless-stopped

  go-vod:
    image: radialapps/go-vod
    restart: always
    init: true
    depends_on:
      - nextcloud
    environment:
      - NEXTCLOUD_HOST=https://nextcloud.xxxxxxxxxxxxxxx.org
      - NEXTCLOUD_ALLOW_INSECURE=1 # (self-signed certs or no HTTPS)
      - NVIDIA_VISIBLE_DEVICES=all
    network_mode: swag_default
    volumes:
      - /srv/dev-disk-by-uuid-c3060981-d75c-4ea9-8285-2333c24522df/nextcloud-data:/data:ro
    runtime: nvidia # (NVENC)

Collabora Compose

services:
  collabora:
    image: collabora/code
    container_name: collabora
    network_mode: swag_default  #Adjust
    environment:
      - PUID=1001
      - PGID=100
      - domain=nextcloud\.xxxxxxxxxxxx\.org
      - username=admin
      - password=xxxxxxxxxxxxxx
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    cap_add: 
      - MKNOD
    ports:
      - 9980:9980
    restart: unless-stopped
    privileged: true

Would you be able to help identify the issues in the logs and how to resolve them? Could you also help to explain if I have set-up collabora correctly?

Thanks a lot!

the error indicates DNS resolution didn’t succeed within 5 sec… I had an issue earlier look at Probably DNS help with NC Docker + Collabora + Wireguard tunnel for my solution to improve DNS and implement splitbraindns inside Docker

@Rowan_Roddick, welcome back

there may be an issue with:

the first (and only) client domain connecting does not need \ so you can use format cloud.mydomain.tld, BUT collabora will require WOPI clients!

suggest something like this instead:

     #  - domain=cloud.mydomain.tld  # Replace with your actual domain # disable when using aliasgroups
     - aliasgroup1=https://cloud.mydomain.tld:443,https://cloud\\.mydomain\\.tld:443 # enable for aliasgroup1

maybe that will do the trick

note also, ensure that collabora port 9980 is internet facing in your router/firewall…

Create a DNS for subdomain like office.mydomain.xyz. Create a proxy host for https on port 9980 on reverse proxy pointing to that host and get the domain name encrypted.

Thanks, it’s been a while since I had any issues, so no news is good news!

As for my port forwarding, I am using swag to have a subdomain for collabora and nextcloud and I have forwarded 443. Is forwarding 9980 still necessary? As for my overall set-up, it does work, it lets me open, create, edit files, would you be able to help me understand why?

Thanks!

nope, that should be fine

but… be sure that you’re forwarding https to 443.

1 Like

Hi,

That makes sense, I have both nextcloud and collabora using swag, with their respective proxy-confs set up. I can access each individually at nextcloud.mydomain.org and collabora.mydomain.org.

I am not behind a VPN, or using one. I simply forward port 443 in my router settings, allowing me to reach all my subdomains through subdomain.mydomain.org.

Can I simply add:

      proxy:
        aliases:
          - collabora.mydomain.org
          - nextcloud.mydomain.org

after

network_mode: swag_default

And then add my swag network IP to WOPI? 172.19.0.0/16?

Or do these conflict somehow?

Thanks for the support!

I am indeed. Both nextcloud.mydomain.org and collabora.mydomain.org are only accessible over https.

so when you hit that subdomain using a browser, what result do you get?

you should see a simple OK in the browser. if not, then you`re forwarding http instead of https in which case you should check “swag” settings.

I get “ok”. My collabora seems to work, I can access files, create and edit them etc through nextcloud. But I get these DNS errors in the logs.

yeah, sounds good

did you try my first suggestion? may be a simple formatting issue… so use aliasgroup instead, the you don’t need to configure WOPI.

I’ll give it a shot now. Do I need the 443 if I’m including the subdomain?

Thanks!

No luck:


Route not found seems to be a new error.

this line in compose.yaml should either be formatted:

      - domain=nextcloud.xxxxxxxxxxxx.org

or

      - domain=nextcloud\\.xxxxxxxxxxxx\\.org

or better still

     - aliasgroup1=https://nextcloud.xxxxxxxx.org:443,https://nextcloud\\.xxxxxxxx\\.org:443 

Gotcha, I can’t use -domain AND -aliasgroup1?

yeah, you got it, well done!

you do understand why aliasgroup is preferred right?

I don’t. I understand the escaping of . but otherwise not sure I understand the use of :443. Not having to use WOPI is an advantage of course.

For the record, with only aliasgroup, collabora is still working as before, but still have a lot of the errors from my original post. A lot of these come through when I create a file. It also seems to happen when I refresh a files page, I think its triggered by creating the file preview.

that’s because your collabora stack is expecting TLS

yeah, and when the client IP changes due to ISP reconnect or the client is using IPv6 it won’t make a difference because you’re using DNS :nerd_face:

gee, sorry about that…

Well thanks for the information and advice, I’m at least a bit more confident in the set-up now.

Do you happen ton know how to resolve this issue I see in logs:

kit-00051-00051 2025-01-07 15:59:10.557324 +0000 [ kitbroker_003 ] WRN  Failed to reap child process 77 (0: Success)| common/SigUtil.cpp:185

kit-00051-00051 2025-01-07 15:59:10.557356 +0000 [ kitbroker_003 ] WRN  #29: Background save process disconnected but not terminated 77| kit/KitWebSocket.cpp:334

frk-00024-00024 2025-01-07 16:01:50.616183 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to clone dynamic elements of systemplate to the jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:587

frk-00024-00024 2025-01-07 16:01:51.034003 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to clone dynamic elements of systemplate to the jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:587

frk-00024-00024 2025-01-07 16:01:53.554069 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to clone dynamic elements of systemplate to the jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:587

are you using some kind of local DNS like Pihole or something?

I am yes, with upstream DNS configured too. I have my PiHole on a macVlan on the same machine