Libreoffice Nextcloud - Access Forbidden Issue

#12

I have the same issue as mentioned above. This is my first cloud installation and I am working the warnings/errors out.

The system is: i686
OS Ubuntu 16.04.1 Xenial Xerus
kernel 4.4.0.57-generic
Nextcloud 11.0.0 (stable)
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2016-07-14T12:32:26
PHP 7.0.8-0ubuntu0.16.04.3 (cli) ( NTS )
Zend Engine v3.0.0, Copyright © 1998-2016 Zend Technologies
with Zend OPcache v7.0.8-0ubuntu0.16.04.3, Copyright © 1999-2016, by Zend Technologies
mysql Ver 15.1 Distrib 10.0.28-MariaDB, for debian-linux-gnu (i686) using readline 5.2

both run on the same computer having there own subdomain office.domain.nl and cloud.domain.nl

apache access.log

my.public.ip - - [28/Dec/2016:13:32:19 +0100] "POST /index.php/heartbeat HTTP/1.1" 200 4111 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:44:20 +0100] "POST /index.php/heartbeat HTTP/1.1" 200 4111 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:25 +0100] "POST /index.php/login HTTP/1.1" 303 1230 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:26 +0100] "GET /index.php/apps/files/ HTTP/1.1" 200 8068 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:30 +0100] "GET /index.php/apps/theming/styles?v=1 HTTP/1.1" 200 1054 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
::1 - - [28/Dec/2016:13:47:31 +0100] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [28/Dec/2016:13:47:32 +0100] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [28/Dec/2016:13:47:36 +0100] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
my.public.ip - - [28/Dec/2016:13:47:48 +0100] "GET /index.php/apps/theming/js/theming?v=1 HTTP/1.1" 200 1366 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:49 +0100] "GET /cron.php HTTP/1.1" 200 983 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:50 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:50 +0100] "GET /index.php/apps/gallery/config?extramediatypes=1 HTTP/1.1" 200 1227 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:50 +0100] "PROPFIND /remote.php/webdav/ HTTP/1.1" 207 4305 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:53 +0100] "GET /index.php/apps/files/ajax/getstoragestats.php?dir=%2F HTTP/1.1" 200 1166 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:55 +0100] "GET /index.php/apps/systemtags/lastused HTTP/1.1" 200 972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:59 +0100] "PROPFIND /remote.php/webdav/Documents HTTP/1.1" 207 3515 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:47:59 +0100] "GET /index.php/apps/files/ajax/getstoragestats.php?dir=%2FDocuments HTTP/1.1" 200 1166 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:48:19 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:48:49 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:19 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:21 +0100] "GET /index.php/apps/richdocuments/index?fileId=14_%2FDocuments&requesttoken=cdzq4q9chlugR7so5BV2uH6U%2B9wzFhZL3aIFmlrTgpA%3D%3AFKTTs81twCracvRysXoM%2FiT3go5QYCMaqsFk1giStOE%3D HTTP/1.1" 200 3994 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:21 +0100] "GET /index.php/apps/richdocuments/index?fileId=14_%2FDocuments&requesttoken=cdzq4q9chlugR7so5BV2uH6U%2B9wzFhZL3aIFmlrTgpA%3D%3AFKTTs81twCracvRysXoM%2FiT3go5QYCMaqsFk1giStOE%3D HTTP/1.1" 200 7182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:26 +0100] "GET /cron.php HTTP/1.1" 200 983 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:26 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:49 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:49:56 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:50:19 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:50:26 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:50:49 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:50:56 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:51:20 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:51:26 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:51:49 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:51:56 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:52:19 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:52:26 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:52:49 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:52:56 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:53:19 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:53:26 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:53:49 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:53:56 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"
my.public.ip - - [28/Dec/2016:13:54:19 +0100] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2182 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:50.0) Gecko/20100101 Firefox/50.0"

apache error.log

[Wed Dec 28 08:28:06.567050 2016] [authz_core:error] [pid 8400] [client my.public.ip:53238] AH01630: client denied by server configuration: /var/www/nextcloud/data/.ocdata
[Wed Dec 28 08:28:30.848958 2016] [authz_core:error] [pid 8400] [client my.public.ip:53254] AH01630: client denied by server configuration: /var/www/nextcloud/data/.ocdata
[Wed Dec 28 08:36:06.087290 2016] [proxy_http:error] [pid 8399] (103)Software caused connection abort: [client my.public.ip:53328] AH01102: error reading status line from remote server 127.0.0.1:9980
[Wed Dec 28 08:36:06.087442 2016] [proxy:error] [pid 8399] [client my.public.ip:53328] AH00898: Error reading from remote server returned by /hosting/discovery
[Wed Dec 28 13:49:22.466616 2016] [proxy_http:error] [pid 8398] (103)Software caused connection abort: [client my.public.ip:54330] AH01102: error reading status line from remote server 127.0.0.1:9980
[Wed Dec 28 13:49:22.480593 2016] [proxy:error] [pid 8398] [client my.public.ip:54330] AH00898: Error reading from remote server returned by /hosting/discovery
[Wed Dec 28 13:49:22.574914 2016] [proxy_http:error] [pid 8468] (103)Software caused connection abort: [client my.public.ip:54332] AH01102: error reading status line from remote server 127.0.0.1:9980
[Wed Dec 28 13:49:22.575053 2016] [proxy:error] [pid 8468] [client my.public.ip:54332] AH00898: Error reading from remote server returned by /hosting/discovery

docker status

● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since wo 2016-12-28 08:02:17 CET; 6h ago
     Docs: https://docs.docker.com
 Main PID: 1090 (dockerd)
    Tasks: 27
   Memory: 51.6M
      CPU: 36.578s
   CGroup: /system.slice/docker.service
           ├─1090 /usr/bin/dockerd -H fd://
           ├─1504 containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim containerd-shim --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --runtime runc
           └─1826 /usr/bin/docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 9980 -container-ip 172.17.0.2 -container-port 9980

dec 28 08:02:03 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:03.311160973+01:00" level=info msg="Loading containers: start."
dec 28 08:02:04 cloud.domain.nl dockerd[1090]: .time="2016-12-28T08:02:04.619026380+01:00" level=info msg="Firewalld running: false"
dec 28 08:02:08 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:08.148302414+01:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
dec 28 08:02:10 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:10.038287796+01:00" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers : [nameserver 8.8.8.8 nameserver 8.8.4.4]"
dec 28 08:02:10 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:10.038470291+01:00" level=info msg="IPv6 enabled; Adding default IPv6 external servers : [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844]"
dec 28 08:02:16 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:16.965128283+01:00" level=info msg="Loading containers: done."
dec 28 08:02:16 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:16.980859543+01:00" level=info msg="Daemon has completed initialization"
dec 28 08:02:16 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:16.982340737+01:00" level=info msg="Docker daemon" commit=23cf638 graphdriver=aufs version=1.12.1
dec 28 08:02:17 cloud.domain.nl systemd[1]: Started Docker Application Container Engine.
dec 28 08:02:17 cloud.domain.nl dockerd[1090]: time="2016-12-28T08:02:17.124154721+01:00" level=info msg="API listen on /var/run/docker.sock"

docker ps

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                       PORTS                      NAMES
45bd544dcdbf        collabora/code      "/bin/sh -c 'bash sta"   7 hours ago         Restarting (1) 2 hours ago   127.0.0.1:9980->9980/tcp   distracted_hamilton

it seems everything is working but I still get access forbidden when I try opening a office document. I have no idea where to look but it seems something is not working right on the apache proxy module

Also is it correct that the modules proxy_http, proxy_wstunnel only have a .load and no .conf

If anyone would like to help me here and need insight of any configuration please do ask.

Thanks in advance,

Vincent

#13

I’m still having the same issue as well… was curious if anyone has figured anything out yet? I removed NC and the Collabora app to start from scratch and I’m still getting the Access Forbidden.

#14

This is what I think happened.

  1. it only accepts port 443, so you link has to be in this format: https://office.foo.com (even though in description it says “URL (and port)” – it’s a lie, it won’t work on a custom port, will throw this " access forbidden" error.
  2. Try entering some other, wrong, address there. For example http://office.nextcloud.com then apply, then fix it back to your, correct, address.

hopefully it’ll help. Other than that I had the same problem on NC11 but I fixed it by rolling back to NC10, then updating to NC10.0.2 then NC11 and it sort of worked.

#15

No dice for me… other than the fact that I didn’t roll back to 10 then back to 11 as backing up my NC takes quite awhile (the data folder specifically, not that you NEED to do this when it’s in a different location than the www HC folder, but I have way too important of stuff in there to not do so). I did however delete the Collabora container and redo all of that, to no avail :frowning: such is life I guess, if I get the energy over the long weekend I may do that, was just really hoping not to, especially since this should really work as-is.

If I do get the energy than more than likely I’ll actually review all of the code to see what’s happening so it can be fixed for good and for everyone, there’s no reason why reverting back then up again should be the answer.

Edit: forgot to say thanks for the info depawlur

Edit 2: is anyone having this trouble that doesn’t have Strict Transport Security enabled? I always have mine on, and I’m now wondering if that’s the issue, which I will also test when I have time to change settings

#16

I had/have my Strict Transport Security ON since day one.

Below is the log of when I had access forbidden, office.nextcloud.com was my correct address though.

/var/www/files.nexcloud.com/3rdparty/guzzlehttp/guzzle/src/RequestFsm.php - line 103: GuzzleHttp\Exception\RequestException wrapException(Object(GuzzleHttp\Message\Request), Object(GuzzleHttp\Ring\Exception\ConnectException))
/var/www/files.nexcloud.com/3rdparty/guzzlehttp/guzzle/src/RequestFsm.php - line 132: GuzzleHttp\RequestFsm->__invoke(Object(GuzzleHttp\Transaction))
/var/www/files.nexcloud.com/3rdparty/react/promise/src/FulfilledPromise.php - line 25: GuzzleHttp\RequestFsm->GuzzleHttp\{closure}(Array)
/var/www/files.nexcloud.com/3rdparty/guzzlehttp/ringphp/src/Future/CompletedFutureValue.php - line 55: React\Promise\FulfilledPromise->then(Object(Closure), NULL, NULL)
/var/www/files.nexcloud.com/3rdparty/guzzlehttp/guzzle/src/Message/FutureResponse.php - line 43: GuzzleHttp\Ring\Future\CompletedFutureValue->then(Object(Closure), NULL, NULL)
/var/www/files.nexcloud.com/3rdparty/guzzlehttp/guzzle/src/RequestFsm.php - line 134: GuzzleHttp\Message\FutureResponse proxy(Object(GuzzleHttp\Ring\Future\CompletedFutureArray), Object(Closure))
/var/www/files.nexcloud.com/3rdparty/guzzlehttp/guzzle/src/Client.php - line 165: GuzzleHttp\RequestFsm->__invoke(Object(GuzzleHttp\Transaction))
/var/www/files.nexcloud.com/3rdparty/guzzlehttp/guzzle/src/Client.php - line 125: GuzzleHttp\Client->send(Object(GuzzleHttp\Message\Request))
/var/www/files.nexcloud.com/lib/private/Http/Client/Client.php - line 137: GuzzleHttp\Client->get('https //office....', Array)
/var/www/files.nexcloud.com/apps/richdocuments/lib/WOPI/DiscoveryManager.php - line 84: OC\Http\Client\Client->get('https //office....')
/var/www/files.nexcloud.com/apps/richdocuments/lib/WOPI/Parser.php - line 41: OCA\Richdocuments\WOPI\DiscoveryManager->get()
/var/www/files.nexcloud.com/apps/richdocuments/lib/Controller/DocumentController.php - line 233: OCA\Richdocuments\WOPI\Parser->getUrlSrc('application/vnd...')
[internal function] OCA\Richdocuments\Controller\DocumentController->create('application/vnd...', '\xD0\xB2\xD1\x84\xD1\x8B\xD0\xB2\xD1\x8B\xD1\x84\xD0\xB2\xD1...', '/')
/var/www/files.nexcloud.com/lib/private/AppFramework/Http/Dispatcher.php - line 160: call_user_func_array(Array, Array)
/var/www/files.nexcloud.com/lib/private/AppFramework/Http/Dispatcher.php - line 90: OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\Richdocuments\Controller\DocumentController), 'create')
/var/www/files.nexcloud.com/lib/private/AppFramework/App.php - line 114: OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\Richdocuments\Controller\DocumentController), 'create')
/var/www/files.nexcloud.com/lib/private/AppFramework/Routing/RouteActionHandler.php - line 47: OC\AppFramework\App main('OCA\\Richdocumen...', 'create', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
[internal function] OC\AppFramework\Routing\RouteActionHandler->__invoke(Array)
/var/www/files.nexcloud.com/lib/private/Route/Router.php - line 299: call_user_func(Object(OC\AppFramework\Routing\RouteActionHandler), Array)
/var/www/files.nexcloud.com/lib/base.php - line 1010: OC\Route\Router->match('/apps/richdocum...')
/var/www/files.nexcloud.com/index.php - line 40: OC handleRequest()
{main}
#17

What is the

output of sudo docker ps -a

Output of sudo journalctl -u docker

Output of sudo systemctl status docker
Or sudo service docker status

#18

I am using my own CA certificates and was having the same problem with the “Access Forbidden” message. I was able to get it working by adding my root CA certificate to the following file:

nextcloud/resources/config/ca-bundle.crt

You have to add the CA cert manually to ownCloud trusted cert storage:

cat ca-chain.cert.pem >> owncloud/resources/config/ca-bundle.crt

Reference: https://github.com/owncloud/richdocuments

I hope this fix works for others.

2 Likes
#19

WOW!! For me the Access Forbidden is SOLVED!

@pmyork you are a great man! Your post has definitively solved my problem!!
I look for a solution from 1 week :slight_smile:

  1. I have installed nextcloud 11 into my home server openmediavault
  2. I follow the official installation tutorial and a nginx conf guide
  3. I use differents ports for my server, not standard ports 80 and 443 (port forward from my home router)
  4. the collabora docker seems to be ok, it responds correctly from a browser, example: https://mynextcloud.exampl.com//hosting/discovery
  5. installed and configured collabora plugin with my non standard https port
  6. the collabora plugin it’s ok, I created a .odt file from button menu +
  7. when I start to open the .odt document from nextcloud, I have an Access Forbidden (Accesso Negato) message, nothing appears into docker logs or nginx logs or nextcloud logs, apparently no errors…
  8. now adding my selfsigned opemediavault.crt into nextcloud/resources/config/ca-bundle.crt I’m able to edit the .odt doc from nextcloud

@pmyork Thanx a lot for have shared your solution!

1 Like
#20

You’re welcome! I’m so glad to hear it worked for you. I hope the post helps many others as well.

#21

Hi there !
It seems I had the same problem about “forbidden access”… But i can’t make it work :frowning: .

About this file you put in the nextcloud/resources/config/ , i tried to put all the files i’ve created with let’sencrypt, but neither of them work. (cert.pem, chain.pem, fullchain.pem, privkey.pem).

Or maybe it’s the nextcloud’s certificat i have to put here ?

Finally, all i can see now is an apache server error :
Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request.

Am I wrong somewhere ?

ho… and I can see my nextcloud apache logs :
[Sat Jan 07 20:35:29.011442 2017] [fastcgi:error] [pid 11693] [client x.x.x.x:51948] FastCGI: incomplete headers (0 bytes) received from server "/usr/lib/cgi-bin/php5-fcgi"

and this in my collaboraonline apache logs :
[Sat Jan 07 20:29:52.164186 2017] [proxy_http:error] [pid 10403] (103)Software caused connection abort: [client 5.196.95.235:58851] AH01102: error reading status line from remote server 127.0.0.1:9980 [Sat Jan 07 20:29:52.164499 2017] [proxy:error] [pid 10403] [client 5.196.95.235:58851] AH00898: Error reading from remote server returned by /hosting/discovery

#22

Edit: sorry, I forgot to speak english :stuck_out_tongue:

Hi,

I had the same problem next to update from Nextcloud 11 to 11.0.1. I solved it like that:

  1. Kill the docker container of collabora
  2. Restart it with the command from the official doc
  3. Restart apache (service apache2 restart)
  4. Login and logout from Nextcloud

And then all works for me :slight_smile:

Hope I have help someones !

Floréal

#23

Awesome solution. I totally understood everything!

#24

Hi,

I use a selfsigned crt and for me is not sufficient.
The nextcloud update has installed a new file nextcloud/resources/config/ca-bundle.crt.
I solved re-adding my selfsigned opemediavault.crt into nextcloud/resources/config/ca-bundle.crt

I hope this help someone :slight_smile:

Ciao

#25

I just got the trouble,too.Have you sovle it?

#26

for me, this is the solution:
solution :slight_smile:

#27

I had the same issue and solution was adding “127.0.0.1 office.mydomain.com” to hosts file.
Then i had problem with "Well, this is embarrassing, we cannot connect to your document. Please try again."
And i changed docker start command to this “docker run --add-host=“cloud.mydomain.com:172.20.20.3” -t -d -p 127.0.0.1:9980:9980 -e ‘domain=cloud\.mydomain\.com’ --restart always --cap-add MKNOD collabora/code”.
And all my troubles has gone =)

#28

I have tried all of the solutions here and cannot get this working. I am using a Let’s Encrypt cert.
I imported the cert into the ca-bundle.crt for Nextcloud. I even tried to import using occ:
sudo -u apache php occ security:certificates:import /usr/share/nextcloud/resources/config/ca-bundle.crt (just in case?) and I also tried @Brabus solution. No joy. Still Access Denied. Any chance there is something else that changed in recent releases?

#29

Hello,
I’m having the same issue, and tried all solutions without success.
As @metalcated, I’m using Let’s Encrypt certificated and I tried
cat /etc/letsencrypt/live/cert.pem >> /nextcloud/resources/config/ca-bundle.crt, with no luck.

Any advice? I really don’t know where to look now.

Thanks

#30

I have tried everything I can think of. I even tried replacing the certs in the container with the ones I generated for the office.domain.com link that is used in Apache. Same issue.

#31

I had the same problem after updating to collabora 2.1. For me the solution was:

sudo docker exec Container-ID sed -i ‘s/collaboraoffice5.1/collaboraoffice5.3/’ start-libreoffice.sh

cheers