'domain' refused to connect - Collabora

ℹ️ Support
1
Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 18.0.2): 19.02
Operating system and version (eg, Ubuntu 20.04): Ubuntu 20.04 Server
Apache or nginx version (eg, Apache 2.4.25): Apache
PHP version (eg, 7.1): 7.4

The issue you are facing:

I had a previous Nexcloud install that was working well until I had a disk issue on the remote VM.
Instead of spending days trying to resolve it I decided to cut my losses and do a clean install using the scripts linked below. While most of the install seem to be working, whenever I try to open any office document that should work with Collabora, I receive the error ‘mydomain.co.uk refused to connect’.

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Install Nextcloud and Collabora using the scripts from https://github.com/nextcloud/vm
  2. Try to open an office document
  3. Grumble when it consistently fails

The output of your Nextcloud log in Admin > Logging:

Fresh install and the only two entries appear unrelated to the issue:

"Error	PHP	Module 'smbclient' already loaded at Unknown#0		2020-09-02T20:40:52+0100"

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'passwordsalt' => 'vogon',
  'secret' => 'pangalacticgargleblaster',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => '123.456.789.0',
    2 => 'nextcloud.mydomain.co.uk',
    3 => 'office.mydomain.co.uk',
  ),
  'datadirectory' => '/mnt/ncdata',
  'dbtype' => 'pgsql',
  'version' => '19.0.2.2',
  'overwrite.cli.url' => 'https://nextcloud.mydomain.co.uk/',
  'dbname' => 'nextcloud_db',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'trillian',
  'dbpassword' => 'arthur',
  'installed' => true,
  'instanceid' => 'slartibartfast',
  'upgrade.disable-web' => 'true',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'loglevel' => '2',
  'log.condition' => 
  array (
    'apps' => 
    array (
      0 => 'admin_audit',
    ),
  ),
  'mail_smtpmode' => 'smtp',
  'remember_login_cookie_lifetime' => '1800',
  'log_rotate_size' => '0',
  'trashbin_retention_obligation' => 'auto, 180',
  'versions_retention_obligation' => 'auto, 365',
  'simpleSignUpLink.shown' => false,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => true,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 0.5,
    'dbindex' => 0,
    'password' => '42',
  ),
  'logtimezone' => 'Etc/UTC',
  'htaccess.RewriteBase' => '/',
  'share_folder' => '/Shared',
  'enable_previews' => true,
  'enabledPreviewProviders' => 
  array (
    11 => 'OC\\Preview\\PNG',
    12 => 'OC\\Preview\\JPEG',
    13 => 'OC\\Preview\\GIF',
    14 => 'OC\\Preview\\BMP',
    15 => 'OC\\Preview\\MarkDown',
    16 => 'OC\\Preview\\MP3',
    17 => 'OC\\Preview\\TXT',
    18 => 'OC\\Preview\\Movie',
  ),
  'preview_max_x' => '2048',
  'preview_max_y' => '2048',
  'jpeg_quality' => '60',
  'maintenance' => false,
  'mail_smtpsecure' => 'tls',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'fordprefect',
  'mail_domain' => 'mydomain.co.uk',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'marvin.mydomain.co.uk',
  'mail_smtpport' => '587',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpname' => 'fordprefect@mydomain.co.uk',
  'mail_smtppassword' => 'zaphod',

The output of your Apache/nginx/system log in /var/log/____:

https://pastebin.com/R1i6xp3T
2

I’m guessing due to the lack of responses over the last two weeks that nobody has any ideas why this isn’t working.

3

Hi Infidelus,
Is the app “documentserver” installed and testet with the testserver ?
sambila

4

Hi @sambilanet,

As far as I can see, the app Document Server is for OnlyOffice and I’m using Collabora.

Collabora does show as reachable and I haven’t changed any port settings since I reinstalled.

Screenshot from 2020-09-15 18-17-50
Screenshot from 2020-09-15 18-17-50491×554 32.4 KB

5

This is not your smpt password public ? :sweat_smile:

6

I’ll check with you tomorrow… :sleeping:

7

The log or screen output of the script would be interesting.

Meanwhile you may try: GitHub - ReinerNippes/nextcloud: Ansible playbook to install nextcloud, php, nginx or apache, mariadb or postgres, redis-server, onlyoffice or collabora office but use the nextcloud-reloaded branch.

8

No, but you may notice a theme with the other entries I changed :wink:

There was very little of note for the script. The only message/error I saw was:

Notice: Trying to access array offset on value of type bool in PEAR/REST.php on line 187

I’d rather not reinstall again if I can avoid it, but it may come to that if there’s no other way of getting Collabora working.

9

what is the error message and is there anything in the nextcloud.log or apache2.log?

and may be @enoch85 can help. it’s his script.

10

I’ve been testing the scripts all day, and afaik there are no errors with any of the scripts at all.

You could try to reinstall Collabora by running the menu script: sudo bash /var/scripts/menu.sh then choose Additional Apps --> Documentserver.

Since this issue was posted some time ago, it might be worth to give it another try.

Most common issue is that users forget to setup proper DNS, or open ports.

The errors you posted are unrelated.

Hope it helps!

11

The only error I can see in the apache error log is:

[Wed Sep 16 07:35:18.691976 2020] [access_compat:error] [pid 18031:tid 140583290259200] [client x.x.x.x:58716] AH01797: client denied by server configuration: /var/www/nextcloud/config

But I can’t see anything obvious wrong in config.php and I haven’t modified that file. Whatever’s in it is what was configured by the script.

<?php
$CONFIG = array (
  'passwordsalt' => 'digitalwatch',
  'secret' => 'don'tpanic',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => '192.168.x.x',
    2 => 'nextcloud.domain.co.uk',
    3 => 'office.domain.co.uk',
  ),
  'datadirectory' => '/mnt/ncdata',
  'dbtype' => 'pgsql',
  'version' => '19.0.3.1',
  'overwrite.cli.url' => 'https://nextcloud.domain.co.uk/',
  'dbname' => 'nextcloud_db',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'ncadmin',
  'dbpassword' => 'dolphins',
  'installed' => true,
  'instanceid' => 'spaceisbig',
  'upgrade.disable-web' => 'true',
  'log_type' => 'file',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'loglevel' => '2',
  'log.condition' => 
  array (
    'apps' => 
    array (
      0 => 'admin_audit',
    ),
  ),
  'mail_smtpmode' => 'smtp',
  'remember_login_cookie_lifetime' => '1800',
  'log_rotate_size' => '0',
  'trashbin_retention_obligation' => 'auto, 180',
  'versions_retention_obligation' => 'auto, 365',
  'simpleSignUpLink.shown' => false,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => true,
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 0.5,
    'dbindex' => 0,
    'password' => 'betelgeuse',
  ),
  'logtimezone' => 'Etc/UTC',
  'htaccess.RewriteBase' => '/',
  'share_folder' => '/Shared',
  'enable_previews' => true,
  'enabledPreviewProviders' => 
  array (
    11 => 'OC\\Preview\\PNG',
    12 => 'OC\\Preview\\JPEG',
    13 => 'OC\\Preview\\GIF',
    14 => 'OC\\Preview\\BMP',
    15 => 'OC\\Preview\\MarkDown',
    16 => 'OC\\Preview\\MP3',
    17 => 'OC\\Preview\\TXT',
    18 => 'OC\\Preview\\Movie',
  ),
  'preview_max_x' => '2048',
  'preview_max_y' => '2048',
  'jpeg_quality' => '60',
  'maintenance' => false,
  'mail_smtpsecure' => 'tls',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'nextcloud',
  'mail_domain' => 'domain.co.uk',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.domain.co.uk',
  'mail_smtpport' => '587',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpname' => 'nextcloud@domain.co.uk',
  'mail_smtppassword' => 'towel',

I did this the other day but I’ve just tried again and the result is unfortunately the same.

The ports are all open and DNS is set and neither have changed since I reinstalled. I am using a non-standard port as I have other web services running on 80 + 443 but I have no problem connecting to my Nextcloud instance on the custom port, just Collabora. The DNS challenge also works fine for Lets Encrypt.

12

Ok, that’s likley the issue. All my tests are on standard ports. I didn’t even kniw Let’s Encrypt was working on different ports tbh.

You should really consider getting yourself an Nginx Reverse Proxy.

13

Just to make sure, try on a VPS, does it work there?

It most likley will, and if not - please let me know and I’ll fix it. :+1:t2:

14

I should be clear about the port. The internal port is standard 443. The router is directing the non-standard external port to the internal standard port.

Lets Encrypt fails the standard authentication as I’m running another webserver on 80 & 443, so I use the DNS challenge and have to create a DNS TXT record to authenticate. Other than that there is no issue with Lets Encrypt.

Additionally, if it’s the port that’s the problem, I’m curious why it worked before I reinstalled … on exactly the same port?

The only difference for me is I’m now using Focal and I was running Bionic on the previous install until I had a catastrophic failure and couldn’t connect to the shell to fix it. Everything else was just using your script.

Unfortunately I’m not in a position to spend money on a reverse proxy, so can’t test that.

15

What I wonder is did you change the script to make this configuration possible?

16

I didn’t change the script at all. I followed it and just opened a couple of ports on the router. My webserver is hosted on a different VM to Nextcloud so it wasn’t particularly complicated.

17

Okay then you could try to delete that line inside /etc/apache2/sites-available/office.mydomain.co.uk.conf in the Nextcloud VM.
And don’t forget to restart apache afterwards!
E.g. systemctl restart apache2
Hope it helps!

2 Likes
18

We have a winner!

Commenting out:

Header set Content-Security-Policy “frame-ancestors ‘self’ $NCDOMAIN”

and restarting apache fixed it.

Thanks for that. :slight_smile:

19

@szaimen CSP, remember? :wink:

20

Yes, but this is a not-normal configuration and doesn’t work because of that. Not an issue with this CSP setting in general, imo.