Libreoffice Nextcloud - Access Forbidden Issue

Only with v11.0.0 the below issue encountered
Ubuntu 14.04 x64, MariaDB v10 and PHP v7

Screenshot from 2016-12-17 17-28-01X.png1600×900 478 KB

The same in both scenarios, fresh install and upgrade from v10.0.2
Data directory is set to /home/nextcloud/data with the appropriate permissions
The above directoy where included in apache settings
<Directory /home/nextcloud/data/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted

and yet issue exist, please advice on error source

Same issue here. Did you find a fix?

Same thing for me, updated to NC11 it was working alright, then updated “Collabora Online” app and I have Access forbidden.
Clean install didn’t help.
I guess don’t touch something that’s not broken rule applies here XD, JK

blob.jpg1597×831 253 KB

I have the same Setup, but i don’t have problems, here is my collabora version : 1.1.24
I don’t have update to do for this app, what about you ?

Hmm, same version. Collabora Online 1.1.24
Here is what I did and still see the same problem:

1. removed NC web files (not external data folder)
2. removed database
3. downloaded latest NC11 files and unpacked them (applying permissions and what not)
4. created the fresh database
5. installed NC using default configuration, during initial information I pointed to my external data folder
6. went to Apps and got latest collabora app

even though it’s enabled, it’s missing from the apps (but still can be configured in Admin section)

Pasted image965×436 39.7 KB

It’s Normal that the app : DESKTOP (bureau in french) is not visible anymore.

I don’t know what they do, but for the moment, it won’t be visible, the app lunch automaticly when you click on an office document.
For creating a new Doc - Spredsheet - Presentation you have to click on the + near the folder name.

Can you get the apache (or nginx) error log when you try to reach your page ?

nothing in the apache2 logs as well as NC11 logs, everything works as it should be… let me try not using external data folder.

–update: even with the official data folder I still get the same thing…(even after applying official permissions from the guideline)
–update2: I rolled back to NC10 and everything works fine
–update3: I think I have an idea why it happens:
I got this Loading documents when I clicked on the “office” in Apps in previous app. Then I updated collabora connector app, and in the new version I suspect that “Office” from apps is removed so I get access forbidden now.

This is how I see it in the previous Office connector app:

Pasted image939×361 27 KB

Tripple facepalm.

Okay, I rolled back to NC10, updated it to 10.0.2 then, I updated it NC11 and it worked! Magically!

I think it was some caching issue and I should have cleared my cache. But now I will never know.

It could be true, i didn’t have it because i never installed yet Collabora on a brand new Nextcloud 11.

I started mine with a brand new Nextcloud 9 then updated at every new version.
@vCentre : Could you try to install Nextcloud 10.0.2 first then upgrade it, and tell us if it works for you ?

On the Collabora Online config page make sure you aren’t specifying a port.

I have my setup as https://office.mydomain.com

When i had a port configured I was getting accessed denied. And obviously make sure you added a firewall rule if you have a firewall in the mix (which hopefully you do).

My config is similar to yours.

Fresh NextCloud 11 install
Ubuntu 16.04
PHP 7
MariaDB

It wasn’t that in my case =(
It was something else

I have the same issue as mentioned above. This is my first cloud installation and I am working the warnings/errors out.

The system is: i686
OS Ubuntu 16.04.1 Xenial Xerus
kernel 4.4.0.57-generic
Nextcloud 11.0.0 (stable)
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2016-07-14T12:32:26
PHP 7.0.8-0ubuntu0.16.04.3 (cli) ( NTS )
Zend Engine v3.0.0, Copyright © 1998-2016 Zend Technologies
with Zend OPcache v7.0.8-0ubuntu0.16.04.3, Copyright © 1999-2016, by Zend Technologies
mysql Ver 15.1 Distrib 10.0.28-MariaDB, for debian-linux-gnu (i686) using readline 5.2

both run on the same computer having there own subdomain office.domain.nl and cloud.domain.nl

apache access.log

my.public.ip - - [28/Dec/2016:13:32:19 +0100] "POST /index.php/heartbeat HTTP/1.1" 200 4111 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:44:20 +0100] "POST /index.php/heartbeat HTTP/1.1" 200 4111 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:25 +0100] "POST /index.php/login HTTP/1.1" 303 1230 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:26 +0100] "GET /index.php/apps/files/ HTTP/1.1" 200 8068 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:30 +0100] "GET /index.php/apps/theming/styles?v=1 HTTP/1.1" 200 1054 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
::1 - - [28/Dec/2016:13:47:31 +0100] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [28/Dec/2016:13:47:32 +0100] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [28/Dec/2016:13:47:36 +0100] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
my.public.ip - - [28/Dec/2016:13:47:48 +0100] "GET /index.php/apps/theming/js/theming?v=1 HTTP/1.1" 200 1366 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:49 +0100] "GET /cron.php HTTP/1.1" 200 983 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:50 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:50 +0100] "GET /index.php/apps/gallery/config?extramediatypes=1 HTTP/1.1" 200 1227 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:50 +0100] "PROPFIND /remote.php/webdav/ HTTP/1.1" 207 4305 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:53 +0100] "GET /index.php/apps/files/ajax/getstoragestats.php?dir=%2F HTTP/1.1" 200 1166 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:55 +0100] "GET /index.php/apps/systemtags/lastused HTTP/1.1" 200 972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:59 +0100] "PROPFIND /remote.php/webdav/Documents HTTP/1.1" 207 3515 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:59 +0100] "GET /index.php/apps/files/ajax/getstoragestats.php?dir=%2FDocuments HTTP/1.1" 200 1166 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:48:19 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:48:49 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:19 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:21 +0100] "GET /index.php/apps/richdocuments/index?fileId=14_%2FDocuments&requesttoken=cdzq4q9chlugR7so5BV2uH6U%2B9wzFhZL3aIFmlrTgpA%3D%3AFKTTs81twCracvRysXoM%2FiT3go5QYCMaqsFk1giStOE%3D HTTP/1.1" 200 3994 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:21 +0100] "GET /index.php/apps/richdocuments/index?fileId=14_%2FDocuments&requesttoken=cdzq4q9chlugR7so5BV2uH6U%2B9wzFhZL3aIFmlrTgpA%3D%3AFKTTs81twCracvRysXoM%2FiT3go5QYCMaqsFk1giStOE%3D HTTP/1.1" 200 7182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:26 +0100] "GET /cron.php HTTP/1.1" 200 983 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:26 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:49 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:56 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:50:19 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:50:26 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:50:49 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:50:56 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:51:20 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:51:26 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:51:49 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:51:56 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:52:19 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:52:26 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:52:49 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:52:56 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:53:19 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:53:26 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:53:49 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:53:56 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:54:19 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"

apache error.log

[Wed Dec 28 08:28:06.567050 2016] [authz_core:error] [pid 8400] [client my.public.ip:53238] AH01630: client denied by server configuration: /var/www/nextcloud/data/.ocdata
[Wed Dec 28 08:28:30.848958 2016] [authz_core:error] [pid 8400] [client my.public.ip:53254] AH01630: client denied by server configuration: /var/www/nextcloud/data/.ocdata
[Wed Dec 28 08:36:06.087290 2016] [proxy_http:error] [pid 8399] (103)Software caused connection abort: [client my.public.ip:53328] AH01102: error reading status line from remote server 127.0.0.1:9980
[Wed Dec 28 08:36:06.087442 2016] [proxy:error] [pid 8399] [client my.public.ip:53328] AH00898: Error reading from remote server returned by /hosting/discovery
[Wed Dec 28 13:49:22.466616 2016] [proxy_http:error] [pid 8398] (103)Software caused connection abort: [client my.public.ip:54330] AH01102: error reading status line from remote server 127.0.0.1:9980
[Wed Dec 28 13:49:22.480593 2016] [proxy:error] [pid 8398] [client my.public.ip:54330] AH00898: Error reading from remote server returned by /hosting/discovery
[Wed Dec 28 13:49:22.574914 2016] [proxy_http:error] [pid 8468] (103)Software caused connection abort: [client my.public.ip:54332] AH01102: error reading status line from remote server 127.0.0.1:9980
[Wed Dec 28 13:49:22.575053 2016] [proxy:error] [pid 8468] [client my.public.ip:54332] AH00898: Error reading from remote server returned by /hosting/discovery

docker status

● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since wo 2016-12-28 08:02:17 CET; 6h ago
     Docs: https://docs.docker.com
 Main PID: 1090 (dockerd)
    Tasks: 27
   Memory: 51.6M
      CPU: 36.578s
   CGroup: /system.slice/docker.service
           ├─1090 /usr/bin/dockerd -H fd://
           ├─1504 containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim containerd-shim --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --runtime runc
           └─1826 /usr/bin/docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 9980 -container-ip 172.17.0.2 -container-port 9980

dec 28 08:02:03 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:03.311160973+01:00" level=info msg="Loading containers: start."
dec 28 08:02:04 cloud.domain.nl dockerd[1090]: .time="2016-12-28T08:02:04.619026380+01:00" level=info msg="Firewalld running: false"
dec 28 08:02:08 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:08.148302414+01:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
dec 28 08:02:10 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:10.038287796+01:00" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers : [nameserver 8.8.8.8 nameserver 8.8.4.4]"
dec 28 08:02:10 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:10.038470291+01:00" level=info msg="IPv6 enabled; Adding default IPv6 external servers : [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844]"
dec 28 08:02:16 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:16.965128283+01:00" level=info msg="Loading containers: done."
dec 28 08:02:16 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:16.980859543+01:00" level=info msg="Daemon has completed initialization"
dec 28 08:02:16 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:16.982340737+01:00" level=info msg="Docker daemon" commit=23cf638 graphdriver=aufs version=1.12.1
dec 28 08:02:17 cloud.domain.nl systemd[1]: Started Docker Application Container Engine.
dec 28 08:02:17 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:17.124154721+01:00" level=info msg="API listen on /var/run/docker.sock"

docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                       PORTS                      NAMES
45bd544dcdbf        collabora/code      "/bin/sh -c 'bash sta"   7 hours ago         Restarting (1) 2 hours ago   127.0.0.1:9980->9980/tcp   distracted_hamilton

it seems everything is working but I still get access forbidden when I try opening a office document. I have no idea where to look but it seems something is not working right on the apache proxy module

Also is it correct that the modules proxy_http, proxy_wstunnel only have a .load and no .conf

If anyone would like to help me here and need insight of any configuration please do ask.

Thanks in advance,

Vincent

I’m still having the same issue as well… was curious if anyone has figured anything out yet? I removed NC and the Collabora app to start from scratch and I’m still getting the Access Forbidden.

This is what I think happened.

1. it only accepts port 443, so you link has to be in this format: https://office.foo.com (even though in description it says “URL (and port)” – it’s a lie, it won’t work on a custom port, will throw this " access forbidden" error.
2. Try entering some other, wrong, address there. For example http://office.nextcloud.com then apply, then fix it back to your, correct, address.

hopefully it’ll help. Other than that I had the same problem on NC11 but I fixed it by rolling back to NC10, then updating to NC10.0.2 then NC11 and it sort of worked.

No dice for me… other than the fact that I didn’t roll back to 10 then back to 11 as backing up my NC takes quite awhile (the data folder specifically, not that you NEED to do this when it’s in a different location than the www HC folder, but I have way too important of stuff in there to not do so). I did however delete the Collabora container and redo all of that, to no avail such is life I guess, if I get the energy over the long weekend I may do that, was just really hoping not to, especially since this should really work as-is.

If I do get the energy than more than likely I’ll actually review all of the code to see what’s happening so it can be fixed for good and for everyone, there’s no reason why reverting back then up again should be the answer.

Edit: forgot to say thanks for the info depawlur

Edit 2: is anyone having this trouble that doesn’t have Strict Transport Security enabled? I always have mine on, and I’m now wondering if that’s the issue, which I will also test when I have time to change settings

I had/have my Strict Transport Security ON since day one.

Below is the log of when I had access forbidden, office.nextcloud.com was my correct address though.

/var/www/files.nexcloud.com/3rdparty/guzzlehttp/guzzle/src/RequestFsm.php - line 103: GuzzleHttp\Exception\RequestException wrapException(Object(GuzzleHttp\Message\Request), Object(GuzzleHttp\Ring\Exception\ConnectException))
/var/www/files.nexcloud.com/3rdparty/guzzlehttp/guzzle/src/RequestFsm.php - line 132: GuzzleHttp\RequestFsm->__invoke(Object(GuzzleHttp\Transaction))
/var/www/files.nexcloud.com/3rdparty/react/promise/src/FulfilledPromise.php - line 25: GuzzleHttp\RequestFsm->GuzzleHttp\{closure}(Array)
/var/www/files.nexcloud.com/3rdparty/guzzlehttp/ringphp/src/Future/CompletedFutureValue.php - line 55: React\Promise\FulfilledPromise->then(Object(Closure), NULL, NULL)
/var/www/files.nexcloud.com/3rdparty/guzzlehttp/guzzle/src/Message/FutureResponse.php - line 43: GuzzleHttp\Ring\Future\CompletedFutureValue->then(Object(Closure), NULL, NULL)
/var/www/files.nexcloud.com/3rdparty/guzzlehttp/guzzle/src/RequestFsm.php - line 134: GuzzleHttp\Message\FutureResponse proxy(Object(GuzzleHttp\Ring\Future\CompletedFutureArray), Object(Closure))
/var/www/files.nexcloud.com/3rdparty/guzzlehttp/guzzle/src/Client.php - line 165: GuzzleHttp\RequestFsm->__invoke(Object(GuzzleHttp\Transaction))
/var/www/files.nexcloud.com/3rdparty/guzzlehttp/guzzle/src/Client.php - line 125: GuzzleHttp\Client->send(Object(GuzzleHttp\Message\Request))
/var/www/files.nexcloud.com/lib/private/Http/Client/Client.php - line 137: GuzzleHttp\Client->get('https //office....', Array)
/var/www/files.nexcloud.com/apps/richdocuments/lib/WOPI/DiscoveryManager.php - line 84: OC\Http\Client\Client->get('https //office....')
/var/www/files.nexcloud.com/apps/richdocuments/lib/WOPI/Parser.php - line 41: OCA\Richdocuments\WOPI\DiscoveryManager->get()
/var/www/files.nexcloud.com/apps/richdocuments/lib/Controller/DocumentController.php - line 233: OCA\Richdocuments\WOPI\Parser->getUrlSrc('application/vnd...')
[internal function] OCA\Richdocuments\Controller\DocumentController->create('application/vnd...', '\xD0\xB2\xD1\x84\xD1\x8B\xD0\xB2\xD1\x8B\xD1\x84\xD0\xB2\xD1...', '/')
/var/www/files.nexcloud.com/lib/private/AppFramework/Http/Dispatcher.php - line 160: call_user_func_array(Array, Array)
/var/www/files.nexcloud.com/lib/private/AppFramework/Http/Dispatcher.php - line 90: OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\Richdocuments\Controller\DocumentController), 'create')
/var/www/files.nexcloud.com/lib/private/AppFramework/App.php - line 114: OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\Richdocuments\Controller\DocumentController), 'create')
/var/www/files.nexcloud.com/lib/private/AppFramework/Routing/RouteActionHandler.php - line 47: OC\AppFramework\App main('OCA\\Richdocumen...', 'create', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
[internal function] OC\AppFramework\Routing\RouteActionHandler->__invoke(Array)
/var/www/files.nexcloud.com/lib/private/Route/Router.php - line 299: call_user_func(Object(OC\AppFramework\Routing\RouteActionHandler), Array)
/var/www/files.nexcloud.com/lib/base.php - line 1010: OC\Route\Router->match('/apps/richdocum...')
/var/www/files.nexcloud.com/index.php - line 40: OC handleRequest()
{main}

What is the

output of sudo docker ps -a

Output of sudo journalctl -u docker

Output of sudo systemctl status docker
Or sudo service docker status

I am using my own CA certificates and was having the same problem with the “Access Forbidden” message. I was able to get it working by adding my root CA certificate to the following file:

nextcloud/resources/config/ca-bundle.crt

You have to add the CA cert manually to ownCloud trusted cert storage:

cat ca-chain.cert.pem >> owncloud/resources/config/ca-bundle.crt

Reference: https://github.com/owncloud/richdocuments

I hope this fix works for others.

WOW!! For me the Access Forbidden is SOLVED!

@pmyork you are a great man! Your post has definitively solved my problem!!
I look for a solution from 1 week

1. I have installed nextcloud 11 into my home server openmediavault
2. I follow the official installation tutorial and a nginx conf guide
3. I use differents ports for my server, not standard ports 80 and 443 (port forward from my home router)
4. the collabora docker seems to be ok, it responds correctly from a browser, example: https://mynextcloud.exampl.com//hosting/discovery
5. installed and configured collabora plugin with my non standard https port
6. the collabora plugin it’s ok, I created a .odt file from button menu +
7. when I start to open the .odt document from nextcloud, I have an Access Forbidden (Accesso Negato) message, nothing appears into docker logs or nginx logs or nextcloud logs, apparently no errors…
8. now adding my selfsigned opemediavault.crt into nextcloud/resources/config/ca-bundle.crt I’m able to edit the .odt doc from nextcloud

@pmyork Thanx a lot for have shared your solution!

You’re welcome! I’m so glad to hear it worked for you. I hope the post helps many others as well.