Nextcloud 12 Collabora Unauthorized WOPI host

Hi. New clean install - ubuntu server16.04 updated, nextcloud 12, collabora via docker. Hosting Is located behind the router. There is ports forwarding - 80, 443, 4443, 9980. I have both certs - for nextcloud and for collabora subdomain. Nextcloud seems like working well.

My deploying docker command is:

docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=orhcloud\\.xyz' --restart always --cap-add MKNOD collabora/code

my nginx config is:

    > fastcgi_cache_path /usr/local/tmp/cache levels=1:2 keys_zone=NEXTCLOUD:100m inactive=60m;
> map $request_uri $skip_cache {
>  default 1;
>  ~*/thumbnail.php 0;
>  ~*/apps/galleryplus/ 0;
>  ~*/apps/gallery/ 0;
> }
> server {
>  listen 80 default_server;
>  server_name orhcloud.xyz;
>  location ^~ /.well-known/acme-challenge {
>  proxy_pass http://127.0.0.1:81;
>  proxy_set_header Host $host;
>  proxy_set_header X-Real-IP $remote_addr;
>  proxy_set_header X-Forwarded-For $remote_addr;
>  proxy_set_header X-Forwarded-Host $host;
>  proxy_set_header X-Forwarded-Port $server_port;
>  proxy_set_header X-Forwarded-Protocol $scheme;
>  proxy_redirect off;
>  }
>  location / {
>  return 301 https://$host$request_uri;
>  }
> }

> server {
>     listen       4443 ssl;
>     server_name  office.orhcloud.xyz;

>     ssl_certificate /etc/letsencrypt/live/office.orhcloud.xyz/fullchain.pem;
>     ssl_certificate_key /etc/letsencrypt/live/office.orhcloud.xyz/privkey.pem;

>     # static files
>     location ^~ /loleaflet {
>         proxy_pass https://localhost:9980;
>         proxy_set_header Host $http_host;
>     }

>     # WOPI discovery URL
>     location ^~ /hosting/discovery {
>         proxy_pass https://localhost:9980;
>         proxy_set_header Host $http_host;
>     }

>    # main websocket
>    location ~ ^/lool/(.*)/ws$ {
>        proxy_pass https://localhost:9980;
>        proxy_set_header Upgrade $http_upgrade;
>        proxy_set_header Connection "Upgrade";
>        proxy_set_header Host $http_host;
>        proxy_read_timeout 36000s;
>    }

>    # download, presentation and image upload
>    location ~ ^/lool {
>        proxy_pass https://localhost:9980;
>        proxy_set_header Host $http_host;
>    }

>    # Admin Console websocket
>    location ^~ /lool/adminws {
>        proxy_pass https://localhost:9980;
>        proxy_set_header Upgrade $http_upgrade;
>        proxy_set_header Connection "Upgrade";
>        proxy_set_header Host $http_host;
>        proxy_read_timeout 36000s;
>    }
> }

> server {
>  listen 443 ssl http2 default_server;
>  server_name orhcloud.xyz;
>  root /var/www/nextcloud/;
>  access_log /var/log/nginx/nextcloud.access.log main;
>  error_log /var/log/nginx/nextcloud.error.log warn;
>  location = /robots.txt {
>  allow all;
>  log_not_found off;
>  access_log off;
>  }
>  location = /.well-known/carddav {
>  return 301 $scheme://$host/remote.php/dav;
>  }
>  location = /.well-known/caldav {
>  return 301 $scheme://$host/remote.php/dav;
>  }
>  client_max_body_size 10240M;
>  location / {
>  rewrite ^ /index.php$uri;
>  }
>  location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
>  deny all;
>  }
>  location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
>  deny all;
>  }
>  location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
>  fastcgi_split_path_info ^(.+\.php)(/.*)$;
>  include fastcgi_params;
>  include php_optimization.conf;
>  fastcgi_pass php-handler;
>  fastcgi_param HTTPS on;
>  fastcgi_cache_bypass $skip_cache;
>  fastcgi_no_cache $skip_cache;
>  fastcgi_cache NEXTCLOUD;
>  }
>  location ~ ^/(?:updater|ocs-provider)(?:$|/) {
>  try_files $uri/ =404;
>  index index.php;
>  }
>  location ~ \.(?:css|js|woff|svg|gif)$ {
>  try_files $uri /index.php$uri$is_args$args;
>  add_header Cache-Control "public, max-age=15778463";
>  access_log off;
>  expires 30d;
>  }
>  location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
>  try_files $uri /index.php$uri$is_args$args;
>  access_log off;
>  expires 30d;
>  }
> }

In administration page, at collabora settings i set that:

> https://office.orhcloud.xyz:4443

my ufw parameters:

    > Default: deny (incoming), allow (outgoing), deny (routed)
> 80/tcp                     ALLOW IN    Anywhere                  
> 443/tcp                    ALLOW IN    Anywhere                  
> 22/tcp                     ALLOW IN    Anywhere                  
> 9980/tcp                   ALLOW IN    Anywhere                  
> 4443/tcp                   ALLOW IN    Anywhere                  

When i try to open any document collabora show me the message "Unauthorized WOPI host"
My docker logs:
> Generating RSA private key, 2048 bit long modulus

> ............+++
> ...........+++
> e is 65537 (0x10001)
> Generating RSA private key, 2048 bit long modulus
> .................................................................................................................................................................................................+++
> ..........................................+++
> e is 65537 (0x10001)
> Signature ok
> subject=/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost
> Getting CA Private Key
> loolforkit version details: 2.1.1 - 52f0568e
> office version details: { "ProductName": "Collabora Office", "ProductVersion": "5.3", "ProductExtension": ".10.13", "BuildId": "e639c2ad9c05a793b16db13bd879342ed75dcf95" }
> wsd-00024-00032 08:15:47.871330 [ websrv_poll ] WRN  WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:317
> wsd-00024-00034 08:15:48.471832 [ docbroker_001 ] ERR  Cannot get file info from WOPI storage uri [https://orhcloud.xyz/apps/richdocuments/wopi/files/16_ocq3l4548162?access_token=8Uq6toPoai4PwNOLikp57Kz5fAoLnCZe&access_token_ttl=0&permission=edit]. Error: Connection refused| wsd/Storage.cpp:449
> wsd-00024-00034 08:15:48.471980 [ docbroker_001 ] ERR  Error while handling loading : Connection refused| wsd/LOOLWSD.cpp:2113
> wsd-00024-00034 08:15:48.474540 [ docbroker_001 ] ERR  #15: Wrote outgoing data -1 bytes. (errno: Broken pipe)| ./net/Socket.hpp:909
> wsd-00024-00034 08:15:48.475094 [ docbroker_001 ] WRN  Child session [0003] not found to forward message: load url=https://orhcloud.xyz/apps/richdocuments/wopi/files/16_ocq3l4548162?access_token=8Uq6toPoai4PwNOLikp57Kz5fAoLnCZe&access_token_ttl=0&permission=edit readonly=0 lang=ru| wsd/DocumentBroker.cpp:1272
> wsd-00024-00034 08:15:48.475144 [ docbroker_001 ] WRN  Attempted ping on non-upgraded websocket!| ./net/WebSocketHandler.hpp:285
> wsd-00024-00034 08:15:48.475187 [ docbroker_001 ] ERR  #15: Wrote outgoing data -1 bytes. (errno: Broken pipe)| ./net/Socket.hpp:909
> wsd-00024-00034 08:15:48.494488 [ docbroker_001 ] ERR  Socket #19 SSL BIO error: closed (0).| ./net/SslSocket.hpp:255
> wsd-00024-00034 08:15:48.494632 [ docbroker_001 ] ERR  Socket #19 SSL BIO error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown (errno: Success)| ./net/SslSocket.hpp:273
> wsd-00024-00034 08:15:48.494731 [ docbroker_001 ] WRN  ToClient-0003: Exception while closing socket for docKey [orhcloud.xyz:443/apps/richdocuments/wopi/files/16_ocq3l4548162]: error:140D00CF:SSL routines:SSL_write:protocol is shutdown| wsd/ClientSession.cpp:805
> wsd-00024-00025 08:15:49.370466 [ prisoner_poll ] WRN  Waking up dead poll thread [docbroker_001], started: true, finished: true| ./net/Socket.hpp:507
> wsd-00024-00025 08:15:49.370542 [ prisoner_poll ] WRN  Waking up dead poll thread [docbroker_001], started: true, finished: true| ./net/Socket.hpp:507
> wsd-00024-00025 08:15:49.370602 [ prisoner_poll ] WRN  Waking up dead poll thread [docbroker_001], started: false, finished: true| ./net/Socket.hpp:507
> wsd-00024-00025 08:15:49.370617 [ prisoner_poll ] WRN  Waking up dead poll thread [docbroker_001], started: false, finished: true| ./net/Socket.hpp:507

I know that there is i am make misstake somewhere, but i can’t see that.
Can anyone help me? Thx.

Any thouts? Anyone?

From the Nexcloud collabora installation page:

Issue: I get connection errors when trying to open documents
Be sure to check the error log from docker (docker logs id-of-your-instance). If the logs note something like:
No acceptable WOPI hosts found matching the target host [YOUR NEXTCLOUD DOMAIN] in config.
Unauthorized WOPI host. Please try again later and report to your administrator if the issue persists.
you might have started the docker container with the wrong URL. Be sure to triplecheck that you start it with the URL of your Nextcloud server, not the server where Collabora Online runs on.

1 Like

Trouble was in /etc/loolwsd/loolwsd.xml in section wopi host, there was no my domain. I manually added hostname and it works.

Hi

@Indemio_NoFamily

Could you detail how you implemented your solution please

Thank’s

Hey, I had the same problem and just managed to solve it following @Indemio_NoFamily’s tip of looking into the loolwsd.xml.
If for you have trouble finding the file you can do something like
sudo nano $(sudo find / -name “loolwsd.xml”)
Then, look for the block starting with Backend storage and add your nextcloud domain (not the collabora one) to it:

<storage desc=“Backend storage”>
<filesystem allow=“false” />
<wopi desc=“Allow/deny wopi storage. Mutually exclusive with webdav.” allow=“true”>
<host desc=“Regex pattern of hostname to allow or deny.” allow=“true”>localhost</host>
<!-- Here are a bunch of allowed hostnames, put yours as well": -->
<host desc=“Regex pattern of hostname to allow or deny.” allow=“true”>your-nextcloud-domain.com</host>

<max_file_size desc=“Maximum document size in bytes to load. 0 for unlimited.” type=“uint”>0</max_file_size>
</wopi>