hi,
i am running nextcloud and collabora with docker behind traefik. Nextcloud is running fine and also collabora seems to be uo an running (i get an ok from the collabora domain and the admin page is available). In nextcloud i installed the nextcloud office package and configured it.
When i try to open an document (e.g. word document) i get the following error “Error loading the document”. In the logs i see the following:
Collabora:
wsd-00001-00043 2024-01-15 19:18:55.789249 +0000 [ docbroker_002 ] ERR WOPI::GetFile [https://nextcloud.DOMAIN.de//index.php/apps/richdocuments/wopi/files/1647060_oc0o1xnu8572/contents?access_token=&access_token_ttl=0&permission=edit] failed with Status Code: 403 (Forbidden)| wsd/Storage.cpp:1149
wsd-00001-00043 2024-01-15 19:18:55.789363 +0000 [ docbroker_002 ] ERR Cannot download document from WOPI storage uri [https://nextcloud.DOMAIN.de//index.php/apps/richdocuments/wopi/files/1647060_oc0o1xnu8572/contents?access_token=&access_token_ttl=0&permission=edit]. Error: WOPI::GetFile [https://nextcloud.DOMAIN.de//index.php/apps/richdocuments/wopi/files/1647060_oc0o1xnu8572/contents?access_token=&access_token_ttl=0&permission=edit] failed: []| wsd/Storage.cpp:1090
wsd-00001-00043 2024-01-15 19:18:55.789403 +0000 [ docbroker_002 ] ERR loading document exception: WOPI::GetFile [https://nextcloud.DOMAIN.de//index.php/apps/richdocuments/wopi/files/1647060_oc0o1xnu8572/contents?access_token=&access_token_ttl=0&permission=edit] failed: []| wsd/DocumentBroker.cpp:2679
wsd-00001-00043 2024-01-15 19:18:55.789417 +0000 [ docbroker_002 ] ERR Failed to add session to [https%3A%2F%2Fnextcloud.DOMAIN.de%3A443%2F%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1647060_oc0o1xnu8572] with URI [https://nextcloud.DOMAIN.de//index.php/apps/richdocuments/wopi/files/1647060_oc0o1xnu8572?access_token=<TOKEN>&access_token_ttl=0&permission=edit]: WOPI::GetFile [https://nextcloud.DOMAIN.de//index.php/apps/richdocuments/wopi/files/1647060_oc0o1xnu8572/contents?access_token=&access_token_ttl=0&permission=edit] failed: []| wsd/DocumentBroker.cpp:2641
wsd-00001-00043 2024-01-15 19:18:55.789435 +0000 [ docbroker_002 ] ERR Storage error while starting session on https%3A%2F%2Fnextcloud.DOMAIN.de%3A443%2F%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1647060_oc0o1xnu8572 for socket #26. Terminating connection. Error: WOPI::GetFile [https://nextcloud.DOMAIN.de//index.php/apps/richdocuments/wopi/files/1647060_oc0o1xnu8572/contents?access_token=&access_token_ttl=0&permission=edit] failed: []| wsd/COOLWSD.cpp:5423
wsd-00001-00043 2024-01-15 19:18:55.794000 +0000 [ docbroker_002 ] ERR #26: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1445
wsd-00001-00043 2024-01-15 19:18:55.826332 +0000 [ docbroker_002 ] ERR #18: Read failed, have 0 buffered bytes (ECONNRESET: Connection reset by peer)| net/Socket.hpp:1137
wsd-00001-00043 2024-01-15 19:18:55.826612 +0000 [ docbroker_002 ] WRN #18: Unassociated Kit (36) disconnected unexpectedly| wsd/COOLWSD.cpp:3840
Nexcloud:
172.16.1.1 - - [15/Jan/2024:19:18:54 +0000] "GET //index.php/apps/richdocuments/wopi/files/1647060_oc0o1xnu8572?access_token=<TOKEN>&access_token_ttl=0 HTTP/1.1" 200 2063 "-" "COOLWSD HTTP Agent 23.05.7.2"
172.16.1.1 - - [15/Jan/2024:19:18:54 +0000] "GET //index.php/apps/richdocuments/wopi/files/1647060_oc0o1xnu8572/contents?access_token=<TOKEN>&access_token_ttl=0 HTTP/1.1" 403 1618 "-" "COOLWSD HTTP Agent 23.05.7.2"
172.16.1.1 - - [15/Jan/2024:19:18:55 +0000] "GET //index.php/apps/richdocuments/wopi/files/1647060_oc0o1xnu8572?access_token=<TOKEN>&access_token_ttl=0&permission=edit HTTP/1.1" 200 2057 "-" "COOLWSD HTTP Agent 23.05.7.2"
Ansible/Docker:
name: Configure collabora container
community.general.docker_container:
name: collabora
image: collabora/code
restart: yes
restart_policy: always
labels:
com.centurylinklabs.watchtower.enable: 'true'
# May be unnecessary depending on Traefik config, but can't hurt
traefik.enable: 'true'
# The container will receive traffic from these subdomains
traefik.http.routers.collabora.rule: 'Host(`collabora.DOMAIN.de`)'
# address the entrypoint used in traefik config
traefik.http.routers.collabora.entrypoints: 'https'
# (The 'default' certificate resolver must be defined in Traefik config)
traefik.http.routers.collabora.tls.certResolver: 'letsencrypt'
traefik.http.routers.collabora.tls.options: 'intermediate@file'
traefik.http.routers.collabora.middlewares: hsts-header@file,xssfilter-header@file
# address the internal destionation
traefik.http.services.collabora.loadbalancer.server.port: '9980'
state: started
capabilities:
- MKNOD
env:
aliasgroup1: "https://nextcloud.DOMAIN.de:443"
username: "{{ vault_collabora_user }}"
password: "{{ vault_collabora_passwd }}"
extra_params: "--o:ssl.enable=false --o:ssl.termination=true"
networks:
- name: nextcloud
- name: traefik_proxy
- name: Configure nextcloud
community.general.docker_container:
name: nextcloud
image: nextcloud
restart: yes
restart_policy: always
labels:
com.centurylinklabs.watchtower.enable: 'true'
# May be unnecessary depending on Traefik config, but can't hurt
traefik.enable: 'true'
# The container will receive traffic from these subdomains
traefik.http.routers.nextcloud.rule: 'Host(`nextcloud.DOMAIN.de`)'
# address the entrypoint used in traefik config
traefik.http.routers.nextcloud.entrypoints: 'https'
# (The 'default' certificate resolver must be defined in Traefik config)
traefik.http.routers.nextcloud.tls.certResolver: 'letsencrypt'
traefik.http.routers.nextcloud.tls.options: 'intermediate@file'
traefik.http.routers.nextcloud.middlewares: hsts-header@file,xssfilter-header@file,nextcloud-dav@docker
# address the internal destionation
traefik.http.services.nextcloud.loadbalancer.server.port: '80'
traefik.http.middlewares.nextcloud-dav.replacepathregex.regex: '^/.well-known/ca(l|rd)dav'
traefik.http.middlewares.nextcloud-dav.replacepathregex.replacement: '/remote.php/dav/'
state: started
volumes:
- /srv/docker/nextcloud/nextcloud/var/www/html:/var/www/html
env:
MYSQL_HOST: 'mariadb-nextcloud'
MYSQL_DATABASE: '{{ vault_vmd38354_mariadb_nextcloud_MYSQL_DATABASE }}'
MYSQL_USER: '{{ vault_vmd38354_mariadb_nextcloud_MYSQL_USER }}'
MYSQL_PASSWORD: '{{ vault_vmd38354_mariadb_nextcloud_MYSQL_PASSWORD }}'
REDIS_HOST_PASSWORD: '{{ vault_vmd38354_redis_nextcloud_PASSWORD }}'
REDIS_HOST: redis-nextcloud
networks_cli_compatible: yes
networks:
- name: nextcloud
- name: traefik_proxy
Does one of you has any idea why nextcloud returns an 403 error?