I have Collabora installed and integrated with Nextcloud on the same server, both installed natively, not via docker or similar. In the Nextcloud interface, there is a setting “Allow list for WOPI requests”. I assume this can improve security, but what should I set it to on my setup, e.g. localhost?
I have a similar setup: NGINX/PHP-FPM (with NC) running natively, COOL as docker (with native NGINX doing the URL parsing and NAT magic, so web-facing it looks like native). So, all one host, one IP.
In /settings/admin/richdocuments I get the notification that I might want to improve security by restricting NC WOPI endpoints setting the IP of the WOPI Client (=COOL) in “Allow list for WOPI requests”.
To me, it seemed logical to set the web-facing IP in the above NC setting. After doing so, office documents I click on in /apps/files try to load the online editor view but stall (white). Removing any IP from that setting, and documents do load.
The solution in my (docker/proxy) setup: It was sufficient to add the docker network range. Ttypically something like “172.17.0.1/16”, or the corresponding IPv6 in case your server uses that, see ip a and look out for your docker network.
Praise and thanks go to bb77 who posted this hint. After that, I also found an excellent Nextcloud/Collabora office debug HowTo.
However, this seems to be an NGINX proxy issue in terms of proxy_set_header or sorts. I’d love to set it in a way that doesn’t require internal IPs to be in any config since otherwise only host names are required on both sides to configure Nextcloud Office. Unfortunately, I have not found a solution for that yet.