Help! Unauthorized WOPI host. Please try again later and report to your administrator if the issue persists

I feel like I have read every post regarding this and even tried using chatGPT but I have yet to figure this one out.
I am using Open Media Vault on my server and am using Docker container. I have duckdns, collabora, nextcloud, mysql, and swag containers. I have it all set up so I can use nextcloud office to view and edit documents. I get the following warning though,

You have not configured the allow-list for WOPI requests.
Without this setting users may download restricted files via WOPI requests to the Nextcloud server.

I have tried everything I can think of for iP’s in the allow list, but nothing has worked so far.

I have tried:

  • just using the IP for the collabora container
  • doing docker network inspect bridge (the network that the collabora container is using) and getting the subnet
  • docker inspect collabora (the container name) to get the subnet
  • inspect [docker container ID] | grep IPAddress
  • DNS lookup

So far none of the IP’s I have tried have worked. If it isn’t apparent from my post, I am new to this type of stuff. Any help to me, a newbie, would be much appreciated.

take a look at this similar topic: WOPI endpoint security question usually the request to Nextcloud comes from reverseproxy and this is the IP you have to allow. you find more references in Collabora integration guide

1 Like

I had same issue, resolved by adding a big subnet of IP, because the network changes from time to time.
First lookup the IP range of your nextcloud containers, probably something like (/16 goes from till
Then login as Nextcloud admin, go to Administration Settings.
Under Administration, click on Office. Not the one under Personal.
Scroll down to ‘Allow list for WOPI requests’ and add the range you found.
My list looks like this:,,,,,fd00::/8,::1
I had to add my docker host specifically, not sure why. I am using Traefik as proxy.

I hope this helps.

Edit: above allow list is indeed very big, and there are some few risks. See below.
Edit: removed typo, accidentally included on non-private address.
Edit: Yes, is the IP of docker host.

1 Like

your config is pretty huge and complicated. usually there is no harm to add rfc1918 addresses:,, as this addresses are not routeable in internet so attack vector remains internal. …but you still have some duplicates I would remove for the sake of clarity:

  • you definitely don’t need as this translates to localhost which is never the case for communication between different docker containers
  • likely you don’t need
  • you should explain what is - your Docker host IP? depending on the setup you might need it… but in your case this one is covered by as well

If you want to concise wopi allowlist and and make both system talking to each other through internal Docker networks look at this post:

The approach shows you generic config it might differ if you have no reverseproxy in place.

1 Like

Thank you both for your help! With your comments (and the help of chatGPT) I was able to narrow it down to a single IP. Apparently, I needed to give it the IP of my wifi router in order to work. I’m just glad it is working!

I’m using an nginx reverse proxy along with tailscale to forward ports for my nextcloud server. I added the public ip of my server and the various subnets of the docker containers and it didn’t work.

I had to specify the tailscale ips in order to get this to work.