I am just wondering, since I have a Apache proxy in front of NC and Colabora, would I need to setup websocket proxy for the NC config (on the Apache proxy) so Colabora can use it to connect to NC?
In the docker output I can see a reference to websock back to NC:
Hey folks, Quick update on my research and testing around my Collobora / Nextcloud issues.
I had installed my NextCloud on Ubuntu 14.04 which it turns out ships with Curl 7.35 by default which doesnāt support SSL. This causes my installation at least to fail as it canāt read the return from the Collobora docker image. I dread the thought but Iām looking at a dist-upgrade of my nextcloud server to 16.04 to hopefully fix my problems.
Wish me luck. Iāll report back regardless of success.
@guidtz and @julio1501 - did you manage to fix your problems with āInvalid URI or access deniedā. I have the same problem and cannot find the solution.
As an aside, I ran the docker container under Mac OS X using Docker for Mac and it worked flawlessly on the first try. I wasnāt able to upgrade a linux machine to a new enough kernel to get it working on linux.
The thread is kind of long, so I donāt know if I missed somethingā¦
Someone got an āOperation not permittedā link-error like the following fixed? kit-03388-00 00:57:44.355999 [ loolkit ] link("/opt/collaboraoffice5.1/EULA.odt","/opt/lool/child-roots/3388/lo/EULA.odt") failed. Exiting. (errno: Operation not permitted)
Bernd
I hope this is not a stupid question:
I think I got ahead very far with the installation already. At least when I open https://office.mydomain.com/hosting/discovery I get a nice XML file with SSL working properly.
However, when I use the office app in nextcloud, I get the following error:
āCollabora Online: SSL certificate is not installed.
Please ask your administrator to add ca-chain.cert.pem to the ownCloudās ca-bundle.crt, for example ācat /etc/loolwsd/ca-chain.cert.pem >> owncloud/resources/config/ca-bundle.crtā . The exact error message was: cURL error 60: SSL certificate problem: unable to get local issuer certificateā
I have already tried to add all kinds of certificates to the file owncloud/resources/config/ca-bundle.crt, e.g. the ca-chain.cert.pem from GitHub or the SSL certificate I got from StartSSL. However, I cannot get rid of that error message.
In the docker log I donāt see anyting specific for that error.
Any help is highly appreciated!
Kind Regards,
Hans
@hans: If you installed CODE by docker container on a linux environment you must get the self signed certificate generated inside the docker:
check what is your docker id ( inside the list you should find the collabora/code)
sudo docker ps
run a bash in your docker ( I guess other methods are possible but this should do)
sudo docker exec -i -t /bin/bash
You can find the key here:
cat /etc/loolwsd/ca-chain.cert.pem file
then copy this key using a safe method on your nextcloud and add it at the very end of the nextcloud trusted keys file:
for ubuntu-like: /var/www//resources/config/ca-bundle.crt
@rolandixor: I had the same issue than you, I forgot the part where I had to redirect all the ressources on the environment where the CODE docker is deployed
Double check your nginx/apache settings,
for apache: in your /etc/apache2/sites-enabled your -ssl.conf should contain:
I am having the same issue with the certificate error. I have although copied the correct CA as per your instructions already but still perl error 60 for certificate.
I am hosting the environment on a seperate box , so seperate box for nextcloud and seperate for docket collabora online
/hosting/disovery works , I can open the lool plugin manually defined within the xml but from the app its error
I remain stumped. Unless I am missing somethingā¦ this didnāt make any difference (adding the localhost entries you mentioned and enabling with a2ensite).
Is there something more to the first part of your reply? āredirect all the ressources on the environment where the CODE docker is deployedā
Or do you just mean what you mentioned in the second part of your reply?
worked fine for me (after merging them with my own Letsencrypt SSL conf).
At some point I had the 404 error on /hosting/discovery because I forgot the mentioned lines.
Make sure you have thoroughly followed all the steps.
I am not expert enough in apache to troubleshoot specific errors. Any chance with the logs?
To add some input on this, I am now also stuck with the
ClientRequestHandler::handleRequest: BadRequestException: Invalid URI or access denied.
The reasons advanced here in this topic for this issue seem to be that separating the nextcloud and CODE environments to different subdomains through apache reverse proxying blocks some information transmission (socket?) between the two. A local build of CODE seems to work fine.
(The following does not work, this is just for the sake of the discussion)
I actually donāt like the idea to expose the whole CODE only for this purpose when I could directly contact the docker on the local network. Furthermore using this self-signed certificate system.
This said, fully deploying on local causes issues: Problem with Collabora Online nginx setup - #17 by lukas
For my test purpose I have deployed everything on my local but the way docker handles the ā-p 127.0.0.1:9980:9980ā seems to mess up with the https communication with nextcloud/owncloud if you configure the CODE address at āhttps://localhost:9980ā
A solution I could think about is to use dsndock (https://github.com/tonistiigi/dnsdock)
This allows you to consider all your dockers as machines in your domain with names in your dns.
After succesfully doing this I changed all my āhttps://localhost:9980ā to āhttps://code.docker:9980ā (default configuration)
The apache reverse proxy way still gives the same error.
Now if I try āhttps://code.docker:9980ā for CODE address in nextcloud itself I have the wonderful:
Collabora Online unknown error: cURL error 51: SSL: certificate subject name ālocalhostā does not match target host name ācode.dockerā
The Self-signed certificate provided in the docker seems unsafe to me and is even blocking in my case.
Any idea how to work around this?
Iāll have to try merging with my letsencrypt SSL configuration and digging through the logs - but that wonāt be able to happen too soon (full day).
(if you do it, please replace the code.docker by localhosts in the ProxyPasses)
(But remember that eventually after that, there is still this BadRequestException error happening)
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin <admin-mail>
ServerName <domain>
ServerAlias <subdomain>
DocumentRoot /var/www/<domain>/public_html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# Encoded slashes need to be allowed
AllowEncodedSlashes On
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://code.docker:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://code.docker:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://code.docker:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://code.docker:9980/hosting/discovery
# Main websocket
ProxyPass /lool/ws wss://code.docker:9980/lool/ws
# Admin Console websocket
ProxyPass /lool/adminws wss://code.docker:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://code.docker:9980/lool
ProxyPassReverse /lool https://code.docker:9980/lool
SSLCertificateFile /etc/letsencrypt/live/<domain>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
No I have everything entirely self hosted. Iāve almost got everything working correctly. Iām just coming across a few really weird issues. Collabora is able to open some documents. All types, ODF, DOC, DOCX, XLS, etcā¦ but it seems to decide all on its own to just stop working again. Itās totally random.
Thatās the only thing I didnāt have before. Still getting a 404 error, nothing in the logs seems to indicate any issue.
Still getting a 404ā¦ https://office.sptmin.com/hosting/discovery
Does anyone have any idea what to do? (something that will actually work )ā¦
<VirtualHost *:443>
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName office.sptmin.com:443
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/office.sptmin.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/office.sptmin.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/office.sptmin.com/privkey.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
# Encoded slashes need to be allowed
AllowEncodedSlashes On
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
ProxyPass /hosting/discovery https://localhost:9980/hosting/discovery
ProxyPassReverse /hosting/discovery https://localhost:9980/hosting/discovery
# Main websocket
ProxyPass /lool/ws wss://127.0.0.1:9980/lool/ws
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
</VirtualHost>
Tell me if I missed anythingā¦ (Iām beginning to feel like this is a well crafted practical joke).
Installed both NC 9.0.53 and NC 10beta following the instructions and tried to get Collabora working - to no avail.
I followed instructions for Collabora exactly: fired up the docker image (on a different host, but adjusted the docker commandline accordingly), configured Apache to proxy to the different host and had NC save the domain for the Collabora host.
Now, when I open the Office App in NC it displays the available ODT files as really large icons. Once I click one of them I get the rotating circle - but thatās it No content, no buttons I could push, ā¦ - plain nothing After a while the rotating circle vanishes, then I just have the NC bar at the top and a grey screen otherwise