Collabora works fine first instance but fails for the second

sptcguy · March 26, 2022, 9:45pm

I have two NC instances running under apache vhosts. The application server they live on sits behind an HAProxy load balancer. These two instances were deployed at the same time and differ only by domain name and branding. The fist instance “Instance A” is able to load documents in collabora CODE just fine. The second instance “Instance B” is unable and just times out despite getting the green connection check.

I also have a second nextcloud instillation I manage that uses a slightly older version of Collabora/CODE. If I configure “instance B” to use this older Collabora host (different datacenter), I am able to load documents no problem. This would lead me to believe the problem lies within Collabora.

[/details]

Nextcloud version 23.0.3
RockyLinux 8 (LXC)
Apache 2.4.37
PHP 8

The issue you are facing:

Collabora CODE only allows a single instance to edit documents but not a second.

Steps to replicate it:

Go to “settings” and configure “Instance A” with https://office.mydomain.tld:4443
Replicate in “Instance B”
Attempt to open/create document

The output of your Nextcloud log in Admin > Logging:

Error	core	OC_Image::fixOrientation(): No image loaded	
2022-03-26T17:00:57-0400
Error	core	OC_Image::fixOrientation(): No image loaded	
2022-03-26T17:00:18-0400
Error	core	OC_Image::fixOrientation(): No image loaded	
2022-03-26T16:58:49-0400
Error	core	OC_Image::fixOrientation(): No image loaded	
2022-03-26T16:46:38-0400

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'ocbt575pucrx',
  'passwordsalt' => 'redacted',
  'secret' => 'redacted',
  'trusted_domains' =>
  array (
    0 => 'my.cloud.com',
  ),
  'datadirectory' => '/mnt/net_sto/my.cloud.com',
  'dbtype' => 'mysql',
  'version' => '23.0.2.1',
  'overwrite.cli.url' => 'http://my.cloud.com',
  'dbname' => 'user',
  'dbhost' => '0.0.0.0',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'redacted',
  'dbpassword' => 'redacted',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'redis.myenv.tld',
    'port' => 6379,
  ),
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'trusted_proxies' =>
   array (
    0 => '0.0.0.0',
  ),
  'default_phone_region' => 'US',
  'mail_from_address' => 'cloud',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'my.cloud.com',
  'mail_smtphost' => 'redacted',
  'mail_smtpport' => '465',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'redacted',
  'mail_smtppassword' => 'redacted',
  'mail_smtpsecure' => 'ssl',
  'maintenance' => false,
  'allow_local_remote_servers' => true
);

Collabora docker logs:

wsd-00001-00056 2022-03-26 20:46:42.780329 +0000 [ docbroker_002 ] ERR  Only allowed host is: team.assetdepot.net| wsd/Storage.cpp:330
wsd-00001-00056 2022-03-26 20:46:42.784041 +0000 [ docbroker_002 ] ERR  No acceptable WOPI hosts found matching the target host [second.cloud.com] in config.| wsd/Storage.cpp:436
wsd-00001-00056 2022-03-26 20:46:42.784774 +0000 [ docbroker_002 ] ERR  loading document exception: No acceptable WOPI hosts found matching the target host [second.cloud.com] in config.| wsd/DocumentBroker.cpp:2124
wsd-00001-00056 2022-03-26 20:46:42.784902 +0000 [ docbroker_002 ] ERR  Failed to add session to [https://second.cloud.com:443/index.php/apps/richdocuments/wopi/files/2443_ocbt575pucrx] with URI [https://second.cloud.com/index.php/apps/richdocuments/wopi/files/2443_ocbt575pucrx?access_token=Jt4R3ubUnaml43mJSqU1oyjXEl5d1AcT&access_token_ttl=0]: No acceptable WOPI hosts found matching the target host [second.cloud.com] in config.| wsd/DocumentBroker.cpp:2086
wsd-00001-00056 2022-03-26 20:46:42.785087 +0000 [ docbroker_002 ] ERR  Unauthorized Request while starting session on https://second.cloud.com:443/index.php/apps/richdocuments/wopi/files/2443_ocbt575pucrx for socket #22. Terminating connection. Error: No acceptable WOPI hosts found matching the target host [second.cloud.com] in config.| wsd/COOLWSD.cpp:4080
wsd-00001-00056 2022-03-26 20:46:42.785517 +0000 [ docbroker_002 ] WRN  Ignoring attempted read from 22| ./net/Socket.hpp:1102
wsd-00001-00056 2022-03-26 20:46:42.785646 +0000 [ docbroker_002 ] ERR  #22: Socket write returned -1 (ENOENT: No such file or directory)| ./net/Socket.hpp:1401
wsd-00001-00056 2022-03-26 20:46:42.786606 +0000 [ docbroker_002 ] ERR  Invalid or unknown session [00b] to remove.| wsd/DocumentBroker.cpp:2169
wsd-00001-00034 2022-03-26 20:46:43.341340 +0000 [ websrv_poll ] WRN  DocBroker with docKey [https://second.cloud.com:443/index.php/apps/richdocuments/wopi/files/2443_ocbt575pucrx] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:2677
wsd-00001-00034 2022-03-26 20:46:43.341803 +0000 [ websrv_poll ] ERR  Error while handling Client WS Request: Failed to create DocBroker with docKey [https://second.cloud.com:443/index.php/apps/richdocuments/wopi/files/2443_ocbt575pucrx].| wsd/COOLWSD.cpp:4120
wsd-00001-00034 2022-03-26 20:46:43.341965 +0000 [ websrv_poll ] ERR  #28: Socket write returned -1 (ENOENT: No such file or directory)| ./net/Socket.hpp:1401
wsd-00001-00034 2022-03-26 20:46:43.342032 +0000 [ websrv_poll ] ERR  #28: Socket write returned -1 (ENOENT: No such file or directory)| ./net/Socket.hpp:1401
wsd-00001-00034 2022-03-26 20:46:43.342094 +0000 [ websrv_poll ] WRN  #28 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| ./net/WebSocketHandler.hpp:795
wsd-00001-00034 2022-03-26 20:46:43.342159 +0000 [ websrv_poll ] ERR  #28: attempted to remove: 1022 which is > size: 0 clamped to 0| ./net/Socket.hpp:1223
wsd-00001-00034 2022-03-26 20:46:43.342215 +0000 [ websrv_poll ] WRN  Ignoring attempted read from 28| ./net/Socket.hpp:1102
wsd-00001-00034 2022-03-26 20:46:43.344608 +0000 [ websrv_poll ] ERR  #28 Error while handling poll at 0 in websrv_poll: #28BIO error: 337690831, rc: -1: error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown:
139857707063040:error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown:../ssl/ssl_lib.c:1917:
| net/Socket.cpp:467
wsd-00001-00034 2022-03-26 20:46:44.154902 +0000 [ websrv_poll ] WRN  DocBroker with docKey [https://second.cloud.com:443/index.php/apps/richdocuments/wopi/files/2443_ocbt575pucrx] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:2677
wsd-00001-00034 2022-03-26 20:46:44.155291 +0000 [ websrv_poll ] ERR  Error while handling Client WS Request: Failed to create DocBroker with docKey [https://second.cloud.com:443/index.php/apps/richdocuments/wopi/files/2443_ocbt575pucrx].| wsd/COOLWSD.cpp:4120
wsd-00001-00034 2022-03-26 20:46:44.155406 +0000 [ websrv_poll ] ERR  #28: Socket write returned -1 (ENOENT: No such file or directory)| ./net/Socket.hpp:1401
wsd-00001-00034 2022-03-26 20:46:44.155519 +0000 [ websrv_poll ] ERR  #28: Socket write returned -1 (ENOENT: No such file or directory)| ./net/Socket.hpp:1401
wsd-00001-00034 2022-03-26 20:46:44.155630 +0000 [ websrv_poll ] WRN  #28 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| ./net/WebSocketHandler.hpp:795
wsd-00001-00034 2022-03-26 20:46:44.155729 +0000 [ websrv_poll ] ERR  #28: attempted to remove: 1022 which is > size: 0 clamped to 0| ./net/Socket.hpp:1223
wsd-00001-00034 2022-03-26 20:46:44.155842 +0000 [ websrv_poll ] WRN  Ignoring attempted read from 28| ./net/Socket.hpp:1102
wsd-00001-00034 2022-03-26 20:46:44.155990 +0000 [ websrv_poll ] ERR  #28 Error while handling poll at 0 in websrv_poll: #28BIO error: 337690831, rc: -1: error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown:
139857707063040:error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown:../ssl/ssl_lib.c:1917:
| net/Socket.cpp:467
wsd-00001-00029 2022-03-26 20:46:44.785944 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:2762
wsd-00001-00029 2022-03-26 20:46:44.786039 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:2762
sh: 1: /usr/bin/coolmount: Operation not permitted
frk-00030-00030 2022-03-26 20:46:45.810030 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/h6wfQDUlWgueEi2Q/tmp]| common/JailUtil.cpp:70
sh: 1: /usr/bin/coolmount: Operation not permitted
frk-00030-00030 2022-03-26 20:46:45.821329 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/h6wfQDUlWgueEi2Q/lo]| common/JailUtil.cpp:70
sh: 1: /usr/bin/coolmount: Operation not permitted
frk-00030-00030 2022-03-26 20:46:45.832765 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/h6wfQDUlWgueEi2Q]| common/JailUtil.cpp:70
wsd-00001-00064 2022-03-26 20:46:46.410649 +0000 [ docbroker_003 ] ERR  Only allowed host is: team.assetdepot.net| wsd/Storage.cpp:330
wsd-00001-00064 2022-03-26 20:46:46.415804 +0000 [ docbroker_003 ] ERR  No acceptable WOPI hosts found matching the target host [second.cloud.com] in config.| wsd/Storage.cpp:436
wsd-00001-00064 2022-03-26 20:46:46.416019 +0000 [ docbroker_003 ] ERR  loading document exception: No acceptable WOPI hosts found matching the target host [second.cloud.com] in config.| wsd/DocumentBroker.cpp:2124
wsd-00001-00064 2022-03-26 20:46:46.416110 +0000 [ docbroker_003 ] ERR  Failed to add session to [https://second.cloud.com:443/index.php/apps/richdocuments/wopi/files/2443_ocbt575pucrx] with URI [https://second.cloud.com/index.php/apps/richdocuments/wopi/files/2443_ocbt575pucrx?access_token=Jt4R3ubUnaml43mJSqU1oyjXEl5d1AcT&access_token_ttl=0&permission=edit]: No acceptable WOPI hosts found matching the target host [second.cloud.com] in config.| wsd/DocumentBroker.cpp:2086
wsd-00001-00064 2022-03-26 20:46:46.416230 +0000 [ docbroker_003 ] ERR  Unauthorized Request while starting session on https://second.cloud.com:443/index.php/apps/richdocuments/wopi/files/2443_ocbt575pucrx for socket #23. Terminating connection. Error: No acceptable WOPI hosts found matching the target host [second.cloud.com] in config.| wsd/COOLWSD.cpp:4080
wsd-00001-00064 2022-03-26 20:46:46.416533 +0000 [ docbroker_003 ] WRN  Ignoring attempted read from 23| ./net/Socket.hpp:1102
wsd-00001-00064 2022-03-26 20:46:46.416662 +0000 [ docbroker_003 ] ERR  #23: Socket write returned -1 (ENOENT: No such file or directory)| ./net/Socket.hpp:1401
wsd-00001-00064 2022-03-26 20:46:46.416750 +0000 [ docbroker_003 ] ERR  Invalid or unknown session [00e] to remove.| wsd/DocumentBroker.cpp:2169
sh: 1: /usr/bin/coolmount: Operation not permitted
frk-00030-00030 2022-03-26 20:46:49.440413 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/mT9MIeM0klJMG9Lm/tmp]| common/JailUtil.cpp:70
sh: 1: /usr/bin/coolmount: Operation not permitted
frk-00030-00030 2022-03-26 20:46:49.452019 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/mT9MIeM0klJMG9Lm/lo]| common/JailUtil.cpp:70
sh: 1: /usr/bin/coolmount: Operation not permitted
frk-00030-00030 2022-03-26 20:46:49.463931 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/mT9MIeM0klJMG9Lm]| common/JailUtil.cpp:70
wsd-00001-00029 2022-03-26 20:46:55.792449 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:2762
wsd-00001-00029 2022-03-26 20:46:55.792579 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:2762

docker invoke:

docker run -t -d -p 9980:9980 -e 'domain=my\\.cloud\\.net\|second\\.cloud\\.com' -e 'dictionaries=en' --restart always --cap-add MKNOD collabora/code

The NC instance under my.cloud.net is able to load docs no problem. The one under second.cloud.com is getting unauthorized host errors.

HOWEVER second.cloud.com can connect to an older collabora container for a different install. Super stumped…

wanneut · April 7, 2022, 12:40pm

Same here. Seems to be a problem with the new “cool” Versions.

wwe · April 7, 2022, 8:12pm

maybe you should switch from double backslash to the single one?

using single quote might not require backslash at all (because single quotes take the string “as is”)

I recommend to take a look inside of the container with docker inspect in my installation which work perfect with two Docker Nextcloud 23 instances with fresh Collabora (“collabora/code:21.11.2.4.1”) I see

            "Env": [
                "domain=first.cloud.com|second.cloud.com",

I can’t share the right docker run syntax as my system utilizes docker-compose and .env files (highly recommend this approach over plain docker run)

wanneut · April 8, 2022, 8:59am

The domain-name is a regex. So first.cloud.com would work. But it would match also for first-cloud.com. The second \ he used was the escape for the bash. Since he was running the command from a shell instead of a config file \ has to be escaped with . So it was totally right.

mlazzarotto · August 3, 2022, 6:24am

I’m having a hard time with Collabora on Docker, would you mind to share your docker-compose?

wwe · August 3, 2022, 7:16pm

@mlazzarotto please don’t hijack topic with unrelated topics. always open new thread until you are confident you hit exactly the issue. follow this thread regarding general advice

Darksoul_Machine · December 28, 2022, 3:21pm

maybe it’s easier add to yml file of collabora:
extra_hosts:
- nextcloud.exemple:192.168.x.x

wwe · December 28, 2022, 4:03pm

Pleas don’t hijack old thread (especially with unrelated comments) - pleas open new thread and describe any issue you hit.
This topic is completely outdated as CODE/COOL uses another mechanism now

I close this topic now.