System Information
- Nextcloud Server version:
- 31.0.4
- Operating system and version:
- Ubuntu 24.04.2
- Web server and version (e.g, Apache 2.4.25):
- nginx/1.27.5
- Reverse proxy and version _(e.g. nginx 1.27.2)
- Caddy 2.6.2
- PHP version (e.g, 8.3):
- 31.0.4.1
- Is this the first time you’ve seen this error? (Yes / No):
- Yes
- When did this problem seem to first start?
- I am still getting things running for the first time
- I am still getting things running for the first time
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
- Docker compose/docker image
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
- I am using Cloudflare, though I have disabled proxying for now.
Summary of the issue you are facing:
Hi, I messed around with nextcloud many years ago and used it until it broke one year during my finals. I am now embarking on getting it set back up, and after a few bumps, I have it working! Using docker compose, nextcloud and collabora are running and working almost flawlessly. I am new to docker, though, and some of the networking elements which are at play here, so I am having an issue with the collabora WOPI allowlist. Using just my FQDN, I got an error that I am connecting from an unauthorized WOPI client (or something similar).
After some digging, the nextcloud-web container is denying WOPI from 10.0.0.1, which is my LAN gateway. This makes me think that the traffic is bypassing the internal docker network, and instead trying to communicate over Caddy or perhaps leaving altogether and looping back over my LAN. Sure enough, when I add 10.0.0.1 to the allowlist, we are working just fine. Though, creating a new .docx document takes about 30 seconds, and the logs are full of 502: bad gateway. All of my containers are on the nextcloud_network docker network so I assume there is something in my docker compose file, caddy config or otherwise that needs some adjusting. I am sure this is something I am just missing in docker and reverse proxy configuration but I am not 100% sure.
In short:
- Currently the nextcloud-collabora_online container is talking to the nextcloud-web container over 10.0.0.1 (My LAN gateway) or at least that is the IP coming in. How can I properly configure my containers to communicate over the docker network?
- Likely this issue is related, but new collabora documents load for about 30 seconds before the template comes up. If this issue sounds unrelated, have you seen this before?
Thanks!
docker_compose.yml
services:
web:
image: nginx:alpine
container_name: nextcloud-web
ports:
- "8080:80"
networks:
- nextcloud_network
volumes:
- /RAID/nextcloud_data:/var/www/html:z
- ./nginx.conf:/etc/nginx/nginx.conf:ro
restart: unless-stopped
db:
image: mariadb:lts
container_name: mariadb-database
command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
networks:
- nextcloud_network
volumes:
- db_data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_DATABASE
restart: unless-stopped
redis:
image: redis:alpine
container_name: redis-dbcache
networks:
- nextcloud_network
restart: unless-stopped
nextcloud:
image: nextcloud:stable-fpm
container_name: nextcloud-app
networks:
- nextcloud_network
volumes:
- /RAID/nextcloud_data:/var/www/html:z
- ./php-fpm-www.conf:/usr/local/etc/php-fpm.d/www.conf:ro
environment:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_DATABASE
- MYSQL_HOST
- REDIS_HOST
- OVERWRITEPROTOCOL
- OVERWRITEHOST
- TRUSTED_PROXIES
- APACHE_DISABLE_REWRITE_IP
restart: unless-stopped
depends_on:
- db
- redis
collabora_online:
image: collabora/code
networks:
- nextcloud_network
ports:
- "127.0.0.1:9980:9980"
environment:
- aliasgroup1=http://nextcloud-web
- aliasgroup2=https://nc.MYFQDN.COM
- username=admin
- password=MYPASSWORD
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:allowed_languages=en_US
restart: unless-stopped
cron:
image: nextcloud:stable-fpm
container_name: nextcloud-cron
networks:
- nextcloud_network
volumes:
- /RAID/nextcloud_data:/var/www/html:z # Maps Nextcloud data to host for cron job
entrypoint: /cron.sh
restart: unless-stopped
depends_on:
- db
- redis
networks:
nextcloud_network:
external: true
volumes:
db_data: {}
Caddyfile
name.local, nc.MYFQDN.com, 10.0.0.10 {
encode gzip
reverse_proxy localhost:8080
header /* {
Strict-Transport-Security "max-age=15552000;"
}
}
collabora.MYFQDN.com {
reverse_proxy localhost:9980
}
Error when 10.0.0.1 is not in WOPI allowlist
{"reqId":"Vpc5EWcZl9wmz9vXNBKQ","level":2,"time":"2025-05-11T16:25:52+00:00","remoteAddr":"10.0.0.1","user":false,"app":"richdocuments","method":"GET","url":"/index.php/apps/richdocuments/wopi/files/19_ochl6ujj3gev?access_token=access_token&access_token_ttl=0&permission=edit","message":"WOPI request denied from 10.0.0.1 as it does not match the configured ranges: https://collabora.MYFQDN.com, http://nextcloud-collabora_online:9980","userAgent":"COOLWSD HTTP Agent 25.04.1.1","version":"31.0.4.1","data":{"app":"richdocuments"}}
Error when creating a new document and 10.0.0.1 is in WOPI allowlist
{"reqId":"Urb03Aa2nnimyMd3oeWG","level":3,"time":"2025-05-11T16:29:13+00:00","remoteAddr":"10.0.0.1","user":"user","app":"richdocuments","method":"GET","url":"/ocs/v2.php/apps/files/api/v1/templates","message":"Server error: `POST https://collabora.MYFQDN.com/cool/extract-document-structure?filter=contentcontrol` resulted in a `502 Bad Gateway` response","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0","version":"31.0.4.1","data":{"app":"richdocuments"}}
