Issue installing Collabora following official guide

šŸš§ Installation
93

I am just wondering, since I have a Apache proxy in front of NC and Colabora, would I need to setup websocket proxy for the NC config (on the Apache proxy) so Colabora can use it to connect to NC?

In the docker output I can see a reference to websock back to NC:

wsd-00021-02 00:36:32.028148 [ client_req_hdl ] Request from 192.168.7.241:40259: GET /lool/ws/https://cloud.<mydomain.com>/apps/richdocuments/wopi/files/288560?access_token=NPMKOWnAO5lG5a97vJC8sKPcd1qqDV7Q HTTP/1.1 / Host: office.<mydomain.com> / Pragma: no-cache / Cache-Control: no-cache / Origin: https://office.<mydomain.com> / Sec-WebSocket-Version: 13 / DNT: 1 / User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36 / Accept-Encoding: gzip, deflate, sdch, br / Accept-Language: en-GB,en-US;q=0.8,en;q=0.6,nl;q=0.4 / Sec-WebSocket-Key: SSrqq5P/ZpDkYinxO6+RxA== / Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits / X-Forwarded-For: 192.168.7.1 / X-Forwarded-Host: office.<mydomain.com> / X-Forwarded-Server: office.<mydomain.com> / Upgrade: WebSocket / Connection: Upgrade

94

Hey folks, Quick update on my research and testing around my Collobora / Nextcloud issues.

I had installed my NextCloud on Ubuntu 14.04 which it turns out ships with Curl 7.35 by default which doesnā€™t support SSL. This causes my installation at least to fail as it canā€™t read the return from the Collobora docker image. I dread the thought but Iā€™m looking at a dist-upgrade of my nextcloud server to 16.04 to hopefully fix my problems.

Wish me luck. Iā€™ll report back regardless of success.

95

@guidtz and @julio1501 - did you manage to fix your problems with ā€œInvalid URI or access deniedā€. I have the same problem and cannot find the solution.

96

OMG DUDE YOU SAVED MY LIFE!!! I LOVE YOU!

So best way is to compile it and everything will work!

97

As an aside, I ran the docker container under Mac OS X using Docker for Mac and it worked flawlessly on the first try. I wasnā€™t able to upgrade a linux machine to a new enough kernel to get it working on linux.

98

The thread is kind of long, so I donā€™t know if I missed somethingā€¦
Someone got an ā€œOperation not permittedā€ link-error like the following fixed?
kit-03388-00 00:57:44.355999 [ loolkit ] link("/opt/collaboraoffice5.1/EULA.odt","/opt/lool/child-roots/3388/lo/EULA.odt") failed. Exiting. (errno: Operation not permitted)
Bernd

99

Hello there,

I hope this is not a stupid question:
I think I got ahead very far with the installation already. At least when I open
https://office.mydomain.com/hosting/discovery I get a nice XML file with SSL working properly.
However, when I use the office app in nextcloud, I get the following error:
ā€œCollabora Online: SSL certificate is not installed.
Please ask your administrator to add ca-chain.cert.pem to the ownCloudā€™s ca-bundle.crt, for example ā€œcat /etc/loolwsd/ca-chain.cert.pem >> owncloud/resources/config/ca-bundle.crtā€ . The exact error message was: cURL error 60: SSL certificate problem: unable to get local issuer certificateā€

I have already tried to add all kinds of certificates to the file owncloud/resources/config/ca-bundle.crt, e.g. the ca-chain.cert.pem from GitHub or the SSL certificate I got from StartSSL. However, I cannot get rid of that error message.
In the docker log I donā€™t see anyting specific for that error.

Any help is highly appreciated!
Kind Regards,
Hans

100

Hi, Iā€™m having an issue where I get a 404 on https://office.sptmin.com/hosting/discovery

I followed the guide precisely, tried both Ubuntu 16.04 and 14.04, and I canā€™t seem to locate the error. Any ideas?

101

@hans: If you installed CODE by docker container on a linux environment you must get the self signed certificate generated inside the docker:

  1. check what is your docker id ( inside the list you should find the collabora/code)
    sudo docker ps

  2. run a bash in your docker ( I guess other methods are possible but this should do)
    sudo docker exec -i -t /bin/bash

  3. You can find the key here:
    cat /etc/loolwsd/ca-chain.cert.pem file

then copy this key using a safe method on your nextcloud and add it at the very end of the nextcloud trusted keys file:
for ubuntu-like: /var/www//resources/config/ca-bundle.crt

@rolandixor: I had the same issue than you, I forgot the part where I had to redirect all the ressources on the environment where the CODE docker is deployed
Double check your nginx/apache settings,
for apache: in your /etc/apache2/sites-enabled your -ssl.conf should contain:

WOPI discovery URL

    ProxyPass           /hosting/discovery https://localhost:9980/hosting/discovery
    ProxyPassReverse    /hosting/discovery https://localhost:9980/hosting/discovery

Donā€™t forget to enable the conf with a2ensite and service apache restart

Hope this helps

102

@remidebette

I am having the same issue with the certificate error. I have although copied the correct CA as per your instructions already but still perl error 60 for certificate.

I am hosting the environment on a seperate box , so seperate box for nextcloud and seperate for docket collabora online
/hosting/disovery works , I can open the lool plugin manually defined within the xml but from the app its error

103

I remain stumped. Unless I am missing somethingā€¦ this didnā€™t make any difference (adding the localhost entries you mentioned and enabling with a2ensite).

Is there something more to the first part of your reply? ā€œredirect all the ressources on the environment where the CODE docker is deployedā€

Or do you just mean what you mentioned in the second part of your reply?

104

Are you on digitalocean by any chance and did you try this path?

105

I just followed the instructions previously mentioned: Nextcloud Office - Self-hosted online office suite
Their full

  1. Install the Apache reverse proxy

worked fine for me (after merging them with my own Letsencrypt SSL conf).
At some point I had the 404 error on /hosting/discovery because I forgot the mentioned lines.

Make sure you have thoroughly followed all the steps.
I am not expert enough in apache to troubleshoot specific errors. Any chance with the logs?

106

To add some input on this, I am now also stuck with the

ClientRequestHandler::handleRequest: BadRequestException: Invalid URI or access denied.

The reasons advanced here in this topic for this issue seem to be that separating the nextcloud and CODE environments to different subdomains through apache reverse proxying blocks some information transmission (socket?) between the two. A local build of CODE seems to work fine.

(The following does not work, this is just for the sake of the discussion)
I actually donā€™t like the idea to expose the whole CODE only for this purpose when I could directly contact the docker on the local network. Furthermore using this self-signed certificate system.

This said, fully deploying on local causes issues: Problem with Collabora Online nginx setup - #17 by lukas
For my test purpose I have deployed everything on my local but the way docker handles the ā€œ-p 127.0.0.1:9980:9980ā€ seems to mess up with the https communication with nextcloud/owncloud if you configure the CODE address at ā€œhttps://localhost:9980ā€

A solution I could think about is to use dsndock (https://github.com/tonistiigi/dnsdock)
This allows you to consider all your dockers as machines in your domain with names in your dns.
After succesfully doing this I changed all my ā€œhttps://localhost:9980ā€ to ā€œhttps://code.docker:9980ā€ (default configuration)
The apache reverse proxy way still gives the same error.
Now if I try ā€œhttps://code.docker:9980ā€ for CODE address in nextcloud itself I have the wonderful:

Collabora Online unknown error: cURL error 51: SSL: certificate subject name ā€˜localhostā€™ does not match target host name ā€˜code.dockerā€™

The Self-signed certificate provided in the docker seems unsafe to me and is even blocking in my case.
Any idea how to work around this?

107

Iā€™ll have to try merging with my letsencrypt SSL configuration and digging through the logs - but that wonā€™t be able to happen too soon (full day).

I wish the setup was bit more straightforward.

108

@rolandixor:
FYI Here is what my <domain>-le-ssl.conf looks like after Letsencrypt + CODE: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04

(if you do it, please replace the code.docker by localhosts in the ProxyPasses)
(But remember that eventually after that, there is still this BadRequestException error happening)

<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin <admin-mail>
        ServerName <domain>
        ServerAlias <subdomain>
        DocumentRoot /var/www/<domain>/public_html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

        # Encoded slashes need to be allowed
        AllowEncodedSlashes On

        # Container uses a unique non-signed certificate
        SSLProxyEngine On
        SSLProxyVerify None
        SSLProxyCheckPeerCN Off
        SSLProxyCheckPeerName Off

        # keep the host
        ProxyPreserveHost On

        # static html, js, images, etc. served from loolwsd
        # loleaflet is the client part of LibreOffice Online
        ProxyPass           /loleaflet https://code.docker:9980/loleaflet retry=0
        ProxyPassReverse    /loleaflet https://code.docker:9980/loleaflet

        # WOPI discovery URL
        ProxyPass           /hosting/discovery https://code.docker:9980/hosting/discovery retry=0
        ProxyPassReverse    /hosting/discovery https://code.docker:9980/hosting/discovery

        # Main websocket
        ProxyPass   /lool/ws      wss://code.docker:9980/lool/ws

        # Admin Console websocket
        ProxyPass   /lool/adminws wss://code.docker:9980/lool/adminws

        # Download as, Fullscreen presentation and Image upload operations
        ProxyPass           /lool https://code.docker:9980/lool
        ProxyPassReverse    /lool https://code.docker:9980/lool

SSLCertificateFile /etc/letsencrypt/live/<domain>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
109

No I have everything entirely self hosted. Iā€™ve almost got everything working correctly. Iā€™m just coming across a few really weird issues. Collabora is able to open some documents. All types, ODF, DOC, DOCX, XLS, etcā€¦ but it seems to decide all on its own to just stop working again. Itā€™s totally random.

110

Thatā€™s the only thing I didnā€™t have before. Still getting a 404 error, nothing in the logs seems to indicate any issue.
Still getting a 404ā€¦ https://office.sptmin.com/hosting/discovery

Does anyone have any idea what to do? (something that will actually work :slight_smile:)ā€¦

111 
<VirtualHost *:443>
  Include /etc/letsencrypt/options-ssl-apache.conf
  ServerName office.sptmin.com:443

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/office.sptmin.com/cert.pem
  SSLCertificateChainFile /etc/letsencrypt/live/office.sptmin.com/chain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/office.sptmin.com/privkey.pem
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes On

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery
  ProxyPass           /hosting/discovery https://localhost:9980/hosting/discovery
  ProxyPassReverse    /hosting/discovery https://localhost:9980/hosting/discovery

  # Main websocket
  ProxyPass   /lool/ws      wss://127.0.0.1:9980/lool/ws

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>

Tell me if I missed anythingā€¦ (Iā€™m beginning to feel like this is a well crafted practical joke).

112

Installed both NC 9.0.53 and NC 10beta following the instructions and tried to get Collabora working - to no avail.
I followed instructions for Collabora exactly: fired up the docker image (on a different host, but adjusted the docker commandline accordingly), configured Apache to proxy to the different host and had NC save the domain for the Collabora host.
Now, when I open the Office App in NC it displays the available ODT files as really large icons. Once I click one of them I get the rotating circle - but thatā€™s it :frowning: No content, no buttons I could push, ā€¦ - plain nothing :unamused: After a while the rotating circle vanishes, then I just have the NC bar at the top and a grey screen otherwise :angry:

How can I find out what the problem is?