Docker Collabora Server Problem with Nextcloud

Hi there, I want to setup a standallone collabora code server. allthough im trying to follow documentation as good as possible, I dont get it to work.

I have two nextcloud Servers

One is with own IP and NAT (cloud.mydomain.com)
One is running behind an Nginx Proxy Manager (privatecloud.mydomain.com)

both run with NC27.0.1

all machines are full VMs, no LXC Containers!

both Nextclouds beside of this problem are working fine. Both work with integrated code server app without problems.

now i have another server running the Docker version of Cool to be my Office Server
this one is also behind Nginx Proxy Manager

Nginx Proxy Manager is set with https://internalip:9980
NPM does the SSL Termination
websocket activated
cert from Letsencrypt

Nginx Advanced Settings according to newest documentation are:

# static files
 location ^~ /browser {
 proxy_pass $forward_scheme://$server:$port;
 proxy_set_header Host $http_host;
 }

 # WOPI discovery URL
 location ^~ /hosting/discovery {
 proxy_pass $forward_scheme://$server:$port;
 proxy_set_header Host $http_host;
 }

 # Capabilities
 location ^~ /hosting/capabilities {
 proxy_pass $forward_scheme://$server:$port;
 proxy_set_header Host $http_host;
 }

 # main websocket
 location ~ ^/cool/(.*)/ws$ {
 proxy_pass $forward_scheme://$server:$port;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "Upgrade";
 proxy_set_header Host $http_host;
 proxy_read_timeout 36000s;
 }

 # download, presentation and image upload
 location ~ ^/(c|l)ool {
 proxy_pass $forward_scheme://$server:$port;
 proxy_set_header Host $http_host;
 }

 # Admin Console websocket
 location ^~ /cool/adminws {
 proxy_pass $forward_scheme://$server:$port;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "Upgrade";
 proxy_set_header Host $http_host;
 proxy_read_timeout 36000s;
 }

I installed docker.io and run

docker run -t -d -p 9980:9980 -e "aliasgroup1=https://cloud.mydomain.com:443" -e "aliasgroup2=https://privatecloud.mydomain.com:443" -e "server_name=office.mydomain.com:443" --name=COLLABORAOFFICE  --restart always --privileged collabora/code

office.mydomain.com states OK
internally from LAN and also externally from WAN
Both nextclouds are giving a green hook saying the server is reachable

docker logs officeserver says absolute nothing:

frk-00033-00033 2023-08-10 12:20:07.283533 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:524
frk-00033-00033 2023-08-10 12:20:07.828614 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:524
frk-00033-00033 2023-08-10 12:20:08.571945 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:524
wsd-00001-00038 2023-08-10 12:26:46.654639 +0000 [ websrv_poll ] ERR  unknown UI default's component UITheme| wsd/FileServerUtil.cpp:99
frk-00033-00033 2023-08-10 12:26:46.950289 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:524
frk-00033-00033 2023-08-10 12:26:47.379342 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:524
frk-00033-00033 2023-08-10 12:26:47.915089 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:524
root@office:~# 

nextcloudlogs also say nothing which points me out to the problem:

xt","method":"POST","url":"/index.php","message":"Could not detect any host in https:///data/htaccesstest.txt","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","version":"","data":[]}
{"reqId":"7hHuOap0WHQVSu4CoBhQ","level":3,"time":"2022-11-29T19:03:18+00:00","remoteAddr":"192.168.1.84","user":"--","app":"no app in context","method":"POST","url":"/index.php","message":"Table \"oc_photos_collaborators\" has no primary key and therefor will not behave sane in clustered setups. This will throw an exception and not be installable in a future version of Nextcloud.","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","version":"25.0.1.1","data":[]}

my firewall logs all traffic. i dont see anything thats blocks anything. Every machine can connect each other properly.

When trying to open document browser network analysis also doesnt gimme a clue:

netzwerkanalyse3827×1298 453 KB

i dont have any clue anymore where to look at or what to do. I installed mutliple times and always run into the same problem. Always Nextcloud office cannot be opend, pls try again later.

maybe some of you experts got a hint for me?

Sometimes i get this error in docker logs:

frk-00033-00033 2023-08-10 14:09:36.028956 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:524
wsd-00001-00854 2023-08-10 14:09:36.088190 +0000 [ docbroker_04e ] ERR  WOPI::CheckFileInfo failed for URI [https://cloud.mydomain.com/index.php/apps/richdocuments/wopi/files/534_ocju45yde690?access_token=5td8rYzpySVYkpu5JAzrmBCb05YEiImg&access_token_ttl=1691712571000&permission=edit]: 403 (Forbidden) Forbidden. Headers:         Date: Thu, 10 Aug 2023 14:09:36 GMT /   Server: Apache/2.4.52 (Ubuntu) /   Expires: Thu, 19 Nov 1981 08:52:00 GMT /         Pragma: no-cache /      Cache-Control: no-cache, no-store, must-revalidate /    X-Request-Id: 8yhBFbgJjhJbBZz8nsKL /    Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none' /    Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' /   X-Robots-Tag: noindex, nofollow /   Set-Cookie: ocju45yde690=qnva5verdujrnfhtev9puod9a3; path=/; secure; HttpOnly; SameSite=Lax /   Strict-Transport-Security: max-age=15552000; includeSubDomains /        Referrer-Policy: no-referrer /      X-Content-Type-Options: nosniff /       X-Frame-Options: SAMEORIGIN /   X-Permitted-Cross-Domain-Policies: none /       X-XSS-Protection: 1; mode=block /       Upgrade: h2 /   Connection: Upgrade /       Content-Length: 2 /     Content-Type: application/json; charset=utf-8 /         Body: [[]]| wsd/Storage.cpp:710
wsd-00001-00854 2023-08-10 14:09:36.088286 +0000 [ docbroker_04e ] ERR  loading document exception: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.mydomain.com/index.php/apps/richdocuments/wopi/files/534_ocju45yde690?access_token=5td8rYzpySVYkpu5JAzrmBCb05YEiImg&access_token_ttl=1691712571000&permission=edit| wsd/DocumentBroker.cpp:2611
wsd-00001-00854 2023-08-10 14:09:36.088315 +0000 [ docbroker_04e ] ERR  Failed to add session to [https%3A%2F%2Fcloud.mydomain.com%3A443%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F534_ocju45yde690] with URI [https://cloud.mydomain.com/index.php/apps/richdocuments/wopi/files/534_ocju45yde690?access_token=5td8rYzpySVYkpu5JAzrmBCb05YEiImg&access_token_ttl=1691712571000&permission=edit]: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.mydomain.com/index.php/apps/richdocuments/wopi/files/534_ocju45yde690?access_token=5td8rYzpySVYkpu5JAzrmBCb05YEiImg&access_token_ttl=1691712571000&permission=edit| wsd/DocumentBroker.cpp:2573
wsd-00001-00854 2023-08-10 14:09:36.088342 +0000 [ docbroker_04e ] ERR  Unauthorized Request while starting session on https%3A%2F%2Fcloud.mydomain.com%3A443%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F534_ocju45yde690 for socket #24. Terminating connection. Error: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.mydomain.com/index.php/apps/richdocuments/wopi/files/534_ocju45yde690?access_token=5td8rYzpySVYkpu5JAzrmBCb05YEiImg&access_token_ttl=1691712571000&permission=edit| wsd/COOLWSD.cpp:5047
wsd-00001-00854 2023-08-10 14:09:36.091600 +0000 [ docbroker_04e ] ERR  #18: Read failed, have 0 buffered bytes (ECONNRESET: Connection reset by peer)| net/Socket.hpp:1122
wsd-00001-00854 2023-08-10 14:09:36.091626 +0000 [ docbroker_04e ] WRN  #18: Unassociated Kit (847) disconnected unexpectedly| wsd/COOLWSD.cpp:3497
frk-00033-00033 2023-08-10 14:13:05.445291 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:524
frk-00033-00033 2023-08-10 14:13:06.275696 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:524
root@office:~# 

i dont know where this comes from,
they domains are inserted properly:

coolwsd.xml

<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="grou>
                <group>
                    <host desc="hostname to allow or deny." allow="true">https://cloud.mydomain.com:443</host>
                </group>
                <group>
                    <host desc="hostname to allow or deny." allow="true">https://privatecloud.mydomain.com:443</host>
                </group>
            </alias_groups>

more info:

from the office machine:
curl https://nextcloud.example.com/status.php
works

from the nextcloud machines
curl https://office.example.com/hosting/capabilities
and
curl https://office.example.com/hosting/discovery
works on both machines too

wopi access in nextcloud GUI is currently set to 0.0.0.0/0 for debugging

anyone?

next steps I did:

nginx proxy SSL Termination and sending over https
→ Collabora sll.enable=false

Nginx proxy SSL Termination and sending over http
→ Collabora ssl.enable=false and ssl.termination=true (also tried false)

nothing works. am trying everything here

I experience the same.
Nextcloud and Collabora both with docker containers in the same docker network.

Setting my code server direct within the docker network as Collabora Online-Servers does give me green OK sign. When doing this I see network traffic between the two containers.
Opening /hosting/capabilities and /hosting/discovery with curl from the nextcloud container is also fine.

Trying to edit or create a file gives me an error:
“Laden des Dokuments fehlgeschlagen
Nextcloud Office konnte nicht geladen werden - Bitte versuche es später noch einmal”
which means
“Failed to load document
Nextcloud Office could not be loaded - Please try again later”

There is no network traffic between the two docker containers. It seems that nextcloud doesn’t try to contact the code server within the docker network. The logs don’t say anything after trying to open a file.

It worked once - but I don’t use office regularly. I am not sure when this behavior appeared.

not using docker for nextcloud, all my NCs are manual deployments. Collabora ist the only docker deployed service I use and its on a seperate server

I agree with collabora doesn’t for docker. after i prepared another server to deploy it, it works

hi @wario sorry I missed the thread till now.

from your posts I have the feeling you already follow this guide, if not please double check Nextcloud Collabora integration

for me it sounds this is the culprit:

CODE fails to access the file stored in NC. If you still have this issue focus on it - could be something silly like TLS issue… (but if curl https://nextcloud.example.com/status.php works this should not be the case…)…

I have the feeling you are close to the solution - please double and triple check all steps and likely it starts working! if not post all the configs and fresh logs (NC, CODE and client)

I’m sorry you are fundamentally wrong - the guide I referenced above was created from docker-only install (one CODE and two NC instances run good since 3 years and 6-7 major updates).