Nextcloud AIO 4.0.1 built-in Collabora server: /usr/bin/coolmount: Operation not permitted

Hey there,

my AIO instance generally seems to work, but I cannot open any documents via the NC interface (using Collabora). Error message in GUI says “document couldn’t be loaded. please try again later”.

The Nextcloud instance is behind Cloudflare DNS and Nginx Proxy Manager with Websocket support activated.

This is the collabora log with the timestamp from trying to open a document:

frk-00035-00035 2023-01-08 22:12:41.825447 +0000 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:437
wsd-00001-00034 2023-01-08 22:12:41.957146 +0000 [ prisoner_poll ] WRN  Attempted ping on non-upgraded websocket! #33| net/WebSocketHandler.hpp:573
wsd-00001-07082 2023-01-08 22:12:42.014900 +0000 [ docbroker_00b ] ERR  WOPI::CheckFileInfo failed for URI [https://ncloud.ourdomain.de/index.php/apps/richdocuments/wopi/files/60591_oczlu288wh9m?access_token=GN6b79AXQQ0MjBDI4wnpET0fhGvnda2R&access_token_ttl=1673251942000&permission=edit]: 403 Forbidden. Headers: 	Date: Sun, 08 Jan 2023 22:12:42 GMT / 	Content-Type: application/json; charset=utf-8 / 	Content-Length: 2 / 	Connection: keep-alive / 	Cache-Control: no-cache, no-store, must-revalidate / 	content-security-policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none' / 	expires: Thu, 19 Nov 1981 08:52:00 GMT / 	feature-policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' / 	pragma: no-cache / 	referrer-policy: no-referrer / 	set-cookie: oczlu288wh9m=678dde919ef2aa235fbab196a8dddf41; path=/; secure; HttpOnly; SameSite=Lax / 	strict-transport-security: max-age=15552000; includeSubDomains / 	x-content-type-options: nosniff / 	x-frame-options: SAMEORIGIN / 	x-permitted-cross-domain-policies: none / 	x-powered-by: PHP/8.0.26 / 	x-request-id: 7YHTA3j3KZdjH9IZtfcI / 	x-robots-tag: none / 	x-xss-protection: 1; mode=block / 	CF-Cache-Status: DYNAMIC / 	Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i3Ser0%2FHt8VqE4n0%2FV4DMeGbrF5UM6TGPa9CMvi%2BVV35M%2BRJrTnCze92zMLFkXB3qCpmTRFF9BBJP92TEdcyCF1YCf2BLea%2BpWJtIKKupv2y%2Bsc9Qh%2FBxYcgKoGKYyAayxja40A%3D"}],"group":"cf-nel","max_age":604800} / 	NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} / 	Server: cloudflare / 	CF-RAY: 786846b1ebdfbb91-FRA / 	alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 / 	Body: [[]]| wsd/Storage.cpp:687
wsd-00001-07082 2023-01-08 22:12:42.015059 +0000 [ docbroker_00b ] ERR  loading document exception: Access denied, 403. WOPI::CheckFileInfo failed on: https://ncloud.ourdomain.de/index.php/apps/richdocuments/wopi/files/60591_oczlu288wh9m?access_token=GN6b79AXQQ0MjBDI4wnpET0fhGvnda2R&access_token_ttl=1673251942000&permission=edit| wsd/DocumentBroker.cpp:2339
wsd-00001-07082 2023-01-08 22:12:42.015086 +0000 [ docbroker_00b ] ERR  Failed to add session to [https://ncloud.ourdomain.de:443/index.php/apps/richdocuments/wopi/files/60591_oczlu288wh9m] with URI [https://ncloud.ourdomain.de/index.php/apps/richdocuments/wopi/files/60591_oczlu288wh9m?access_token=GN6b79AXQQ0MjBDI4wnpET0fhGvnda2R&access_token_ttl=1673251942000&permission=edit]: Access denied, 403. WOPI::CheckFileInfo failed on: https://ncloud.ourdomain.de/index.php/apps/richdocuments/wopi/files/60591_oczlu288wh9m?access_token=GN6b79AXQQ0MjBDI4wnpET0fhGvnda2R&access_token_ttl=1673251942000&permission=edit| wsd/DocumentBroker.cpp:2301
wsd-00001-07082 2023-01-08 22:12:42.015110 +0000 [ docbroker_00b ] ERR  Unauthorized Request while starting session on https://ncloud.ourdomain.de:443/index.php/apps/richdocuments/wopi/files/60591_oczlu288wh9m for socket #27. Terminating connection. Error: Access denied, 403. WOPI::CheckFileInfo failed on: https://ncloud.ourdomain.de/index.php/apps/richdocuments/wopi/files/60591_oczlu288wh9m?access_token=GN6b79AXQQ0MjBDI4wnpET0fhGvnda2R&access_token_ttl=1673251942000&permission=edit| wsd/COOLWSD.cpp:4727
wsd-00001-07082 2023-01-08 22:12:42.029879 +0000 [ docbroker_00b ] ERR  #21: Read failed, have 0 buffered bytes (ECONNRESET: Connection reset by peer)| net/Socket.hpp:1134
wsd-00001-07082 2023-01-08 22:12:42.029921 +0000 [ docbroker_00b ] WRN  DocBroker [https://ncloud.ourdomain.de:443/index.php/apps/richdocuments/wopi/files/60591_oczlu288wh9m] got disconnected from its Kit (-1). Closing.| wsd/COOLWSD.cpp:3283
wsd-00001-00034 2023-01-08 22:12:42.030110 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3275
wsd-00001-00034 2023-01-08 22:12:42.030123 +0000 [ prisoner_poll ] WRN  An unassociated Kit disconnected.| wsd/COOLWSD.cpp:3290
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted

What I found on the internet points to a websockets problem, maybe an nginx config issue. But I haven’t found a solution.

Any ideas?

Cheers!

Hi, can you follow How to debug problems with Collabora and/or Talk · Discussion #1358 · nextcloud/all-in-one · GitHub?

it worked!! just adding ,0.0.0.0/0 solved the issue - thank you so much / vielen Dank!!