Issue installing Collabora following official guide

rolandixor · August 10, 2016, 7:00am

I remain stumped. Unless I am missing something… this didn’t make any difference (adding the localhost entries you mentioned and enabling with a2ensite).

Is there something more to the first part of your reply? “redirect all the ressources on the environment where the CODE docker is deployed”

Or do you just mean what you mentioned in the second part of your reply?

rolandixor · August 10, 2016, 7:06am

Are you on digitalocean by any chance and did you try this path?

remidebette · August 10, 2016, 7:31am

I just followed the instructions previously mentioned: Nextcloud Office - Self-hosted online office suite
Their full

Install the Apache reverse proxy

worked fine for me (after merging them with my own Letsencrypt SSL conf).
At some point I had the 404 error on /hosting/discovery because I forgot the mentioned lines.

Make sure you have thoroughly followed all the steps.
I am not expert enough in apache to troubleshoot specific errors. Any chance with the logs?

remidebette · August 10, 2016, 8:20am

To add some input on this, I am now also stuck with the

ClientRequestHandler::handleRequest: BadRequestException: Invalid URI or access denied.

The reasons advanced here in this topic for this issue seem to be that separating the nextcloud and CODE environments to different subdomains through apache reverse proxying blocks some information transmission (socket?) between the two. A local build of CODE seems to work fine.

(The following does not work, this is just for the sake of the discussion)
I actually don’t like the idea to expose the whole CODE only for this purpose when I could directly contact the docker on the local network. Furthermore using this self-signed certificate system.

This said, fully deploying on local causes issues: Problem with Collabora Online nginx setup - #17 by lukas
For my test purpose I have deployed everything on my local but the way docker handles the “-p 127.0.0.1:9980:9980” seems to mess up with the https communication with nextcloud/owncloud if you configure the CODE address at “https://localhost:9980”

A solution I could think about is to use dsndock (https://github.com/tonistiigi/dnsdock)
This allows you to consider all your dockers as machines in your domain with names in your dns.
After succesfully doing this I changed all my “https://localhost:9980” to “https://code.docker:9980” (default configuration)
The apache reverse proxy way still gives the same error.
Now if I try “https://code.docker:9980” for CODE address in nextcloud itself I have the wonderful:

Collabora Online unknown error: cURL error 51: SSL: certificate subject name ‘localhost’ does not match target host name ‘code.docker’

The Self-signed certificate provided in the docker seems unsafe to me and is even blocking in my case.
Any idea how to work around this?

rolandixor · August 10, 2016, 1:39pm

I’ll have to try merging with my letsencrypt SSL configuration and digging through the logs - but that won’t be able to happen too soon (full day).

I wish the setup was bit more straightforward.

remidebette · August 10, 2016, 2:35pm

@rolandixor:
FYI Here is what my <domain>-le-ssl.conf looks like after Letsencrypt + CODE: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04

(if you do it, please replace the code.docker by localhosts in the ProxyPasses)
(But remember that eventually after that, there is still this BadRequestException error happening)

<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin <admin-mail>
        ServerName <domain>
        ServerAlias <subdomain>
        DocumentRoot /var/www/<domain>/public_html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

        # Encoded slashes need to be allowed
        AllowEncodedSlashes On

        # Container uses a unique non-signed certificate
        SSLProxyEngine On
        SSLProxyVerify None
        SSLProxyCheckPeerCN Off
        SSLProxyCheckPeerName Off

        # keep the host
        ProxyPreserveHost On

        # static html, js, images, etc. served from loolwsd
        # loleaflet is the client part of LibreOffice Online
        ProxyPass           /loleaflet https://code.docker:9980/loleaflet retry=0
        ProxyPassReverse    /loleaflet https://code.docker:9980/loleaflet

        # WOPI discovery URL
        ProxyPass           /hosting/discovery https://code.docker:9980/hosting/discovery retry=0
        ProxyPassReverse    /hosting/discovery https://code.docker:9980/hosting/discovery

        # Main websocket
        ProxyPass   /lool/ws      wss://code.docker:9980/lool/ws

        # Admin Console websocket
        ProxyPass   /lool/adminws wss://code.docker:9980/lool/adminws

        # Download as, Fullscreen presentation and Image upload operations
        ProxyPass           /lool https://code.docker:9980/lool
        ProxyPassReverse    /lool https://code.docker:9980/lool

SSLCertificateFile /etc/letsencrypt/live/<domain>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<domain>/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>

laoistom · August 10, 2016, 10:52pm

No I have everything entirely self hosted. I’ve almost got everything working correctly. I’m just coming across a few really weird issues. Collabora is able to open some documents. All types, ODF, DOC, DOCX, XLS, etc… but it seems to decide all on its own to just stop working again. It’s totally random.

rolandixor · August 11, 2016, 8:23pm

That’s the only thing I didn’t have before. Still getting a 404 error, nothing in the logs seems to indicate any issue.
Still getting a 404… https://office.sptmin.com/hosting/discovery

Does anyone have any idea what to do? (something that will actually work )…

rolandixor · August 11, 2016, 8:24pm

<VirtualHost *:443>
  Include /etc/letsencrypt/options-ssl-apache.conf
  ServerName office.sptmin.com:443

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/office.sptmin.com/cert.pem
  SSLCertificateChainFile /etc/letsencrypt/live/office.sptmin.com/chain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/office.sptmin.com/privkey.pem
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes On

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery
  ProxyPass           /hosting/discovery https://localhost:9980/hosting/discovery
  ProxyPassReverse    /hosting/discovery https://localhost:9980/hosting/discovery

  # Main websocket
  ProxyPass   /lool/ws      wss://127.0.0.1:9980/lool/ws

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>

Tell me if I missed anything… (I’m beginning to feel like this is a well crafted practical joke).

husky · August 11, 2016, 8:44pm

Installed both NC 9.0.53 and NC 10beta following the instructions and tried to get Collabora working - to no avail.
I followed instructions for Collabora exactly: fired up the docker image (on a different host, but adjusted the docker commandline accordingly), configured Apache to proxy to the different host and had NC save the domain for the Collabora host.
Now, when I open the Office App in NC it displays the available ODT files as really large icons. Once I click one of them I get the rotating circle - but that’s it No content, no buttons I could push, … - plain nothing After a while the rotating circle vanishes, then I just have the NC bar at the top and a grey screen otherwise

How can I find out what the problem is?

lebernd · August 11, 2016, 9:57pm

Anyone has experience in setting this up with different SSL Port? Nextcloud and collaboraonline have the same portnumber.

Do I have to escape the :portnumber in step 1?

Still having [post 98] (Issue installing Collabora following official guide) errors.

Spiers85 · August 13, 2016, 2:12pm

Hi.
I have my Nextcloud installed on a local server and it is and will be only available in local network, therefore I don’t have a domain name and I can’t get SSL certificate. Is this somehow possible to install Collabora with that configuration?

X4LD1M0 · August 13, 2016, 7:35pm

Has anybody the problem that the top left menu doesn’t show when using Collabora?

bomo · August 14, 2016, 9:33am

Hello, I followed the official install guide as far as possible, but now I’m facing the following issue when trying to open a document:
“We are sorry, this is an unexpected connection error. Please try again.”

Here an error I found in the docker container while running:
# docker logs 01ace1d79076

kit-00071-00 00:00:38.006606 [ loolkit ] Process started.
kit-00071-00 00:00:38.006707 [ loolkit ] Jail path: /opt/lool/child-roots/71/
kit-00071-00 00:00:38.006973 [ loolkit ] symlink("../lo","/opt/lool/child-roots/71/opt/collaboraoffice5.1")
kit-00071-00 00:00:38.052013 [ loolkit ] link("/opt/collaboraoffice5.1/program/libCbcSolver.so.3","/opt/lool/child-roots/71/lo/program/libCbcSolver.so.3") failed. Exiting. (errno: Operation not permitted)
frk-00031-00 00:00:39.007313 [ loolforkit ] Child 71 has exited, removing its jail '/opt/lool/child-roots/71'

I’m running docker on debian jessie, it is possible that I’m also suffering from missing AUFS support or could this be a different error?

# grep  XATTR /boot/config-$(uname -r)   
CONFIG_REISERFS_FS_XATTR=y
CONFIG_TMPFS_XATTR=y
CONFIG_JFFS2_FS_XATTR=y
CONFIG_SQUASHFS_XATTR=y
CONFIG_F2FS_FS_XATTR=y
CONFIG_CIFS_XATTR=y

LEDfan · August 14, 2016, 9:57am

I have tried running the docker image on Debian Jessie too, and got the same problem. I was able to install it under Centos 7 without any problems.

I was facing the link(xx) not permitted problem too.

lebernd · August 14, 2016, 3:53pm

I have this issue on the same system, debian jessie.

bomo · August 14, 2016, 4:21pm

My current guess is that its an AUFS issue. But as I’m running it on a production server, I currently don’t dare to switch to debian testing which has a more recent kernel with built-in overlayfs support (part of mainline linux kernel which is not the case for AUFS. Many references also prefer overlayfs over AUFS). Anyone willing to give it a try?

Edit:
maybe its also possible to just install the new kernel with following this procedure: http://serverfault.com/questions/22414/how-can-i-run-debian-stable-but-install-some-packages-from-testing
and then trying to select the new storage driver: https://docs.docker.com/engine/userguide/storagedriver/selectadriver/

X4LD1M0 · August 14, 2016, 9:27pm

I tried using overlayFS but got permission errors. When I switched back to AUFS it worked. I am running Debian 8.5.

lebernd · August 14, 2016, 10:02pm

Any idea about the initial problem and why it worked afterwards?

bomo · August 15, 2016, 8:14pm

@X4LD1M0 did you switch completely to debian testing to try overlayfs ?