Coolwsd occasional Access denied to apps/richdocuments/wopi/files/

Hi,

I’m using Nextcloud 29.0.0 and collabora office 24.04.3-1, Nextcloud Office (richdocuments) Version 8.4.2. It’s running on separate Debian VM’s

Most editing works just fine, but in the logs we see a number of errors. I’m not sure how this relates to user actions. But sometimes the collabora server seems to freeze up and needs a restart before accepting connections again.

coolwsd[42]: WOPI::CheckFileInfo failed for URI [https://nextcloud.example.com/index.php/apps/richdocuments/wopi/files/547_NtSCOzhnn0SK?access_token=XXXXXXXXXXXXXXXXXXXX&access_token_ttl=0&permission=edit]: 403 (Forbidden) Forbidden. Headers: Date: Tue, 11 Jun 2024 09:47:27 GMT / Server:  / Expires: Thu, 19 Nov 1981 08:52:00 GMT / Pragma: no-cache / X-Request-Id: ZirJMEXXXXXXQJfscS / Cache-Control: no-cache, no-store, must-revalidate / Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none' / Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' / X-Robots-Tag: noindex, nofollow / Set-Cookie: NtSCOXXXXXXXXXXXXXXXXXXXXXXXXX5a5af2tqp; path=/; secure; HttpOnly; SameSite=Lax / Permissions-Policy: interest-cohort=() / Referrer-Policy: no-referrer / Strict-Transport-Security: max-age=31536000; includeSubDomains; preload / X-Content-Type-Options: nosniff / X-Dns-Prefetch-Control: off / X-Download-Options: noopen / X-Frame-Options: SAMEORIGIN / X-Permitted-Cross-Domain-Policies: none / X-XSS-Protection: 1; mode=block / Access-Control-Expose-Headers: date / Transfer-Encoding: chunked / Content-Type: application/json; charset=utf-8        Body: [[]]| wsd/wopi/CheckFileInfo.cpp:95

coolwsd[42]: wsd-266412-266482 2024-06-11 11:47:27.905572 +0200 [ websrv_poll ] ERR  #999: Access denied to [https://nextcloud.example.com/index.php/apps/richdocuments/wopi/files/547_XXXX?access_token=XXXXXXXXXXXXXXXXX&access_token_ttl=0&permission=edit]| wsd/wopi/CheckFileInfo.cpp:105

On the nextcloud server such requests are logd as status ‘403’ with “COOLWSD HTTP Agent” as user agent.

Note that the same server is also doing many similar requests that get a normal status 200 response.

For ‘Allow list for WOPI requests’ we’ve set the collabora server’s IP. And while debugging also added ‘0.0.0.0/0’ to see if that would help to avoid the’Access denied’ errors.

Any idea what is causing this?

And (possibly related) on the collabora server we see zombies…

They show up as [kitbgsv_02a_002] in the processlist as a child of /usr/bin/coolforkit.

Sometimes they disappear, but I’ve also had a few occasions where opening new documents would fail …and a normal restart would hang. kill -9 <pids> seems to be the only fix then.

As the problem seems more related to COOL/CODE I would recommend you ask on Collabora forum.