Nextcloud and Collabora with Docker and WOPI requests allow list

Dear all,

I have installed Nextcloud and Collabora with docker containers on the same host. I got issues with configuring the “Allow list for WOPI requests” setting, which restricts the connection between Nextcloud and Collabora. Both docker containers are reachable with service.domain.de from external/internet with https and letsencrypt certificate using nginx proxy manager. I’ve tried all the hints from the forum / internet, e.g. to set the IP address from the docker network (172…/16), the IP of the host, the local DNS IP, etc. The only thing really working is the external IP, which changes every time interval, so will be no solution at all.

Are there any hints on that?

Thank you for any additional idea.
pascal_l

I see the issue in my installation as well (despite using local Pi-Hole DNS), but I never find motivation to dig deeper into the issue. there must be an issue with DNS resolution between containers running on the same docker host but using public DNS names. Container settings like extra_hosts or ailas could be the key.

UPDATE: in the meanwhile I managed to force traffic from Docker straight to the reverse proxy. see details in this post

I know that problem well but I didn’t see any solution about that, yet. No idea how to start.

:frowning: seems to be a generic issue with wopi access lists for dyndns, not only related to collabora.

does anyone have an idea?

Hi @uivens and @wwe

looks like here might be a solution: Nextcloud Office won't open documents : !SOLVED! - #4 by pascal_l

crossing fingers.

cheers

pascal

Does not work for me :-/

Have you check your browser console ? In my case i had 2 issues :

  • The NGINX proxy was forcing the X-Origin header to same origin so the Collabora iframe was not reachable (you can see that in the console)
  • Then setting the WOPI ip range to any value was blocking the access. I had to inspect the docker network used for Nextcloud and set the IP range
    Then tada it works
    Now a new issue is that if i set containers down, as the IP is dynamic then WOPI requests are blocked until i update the value with the new network range

I updated my post above with a solution for this issue as Nextcloud, Collabora and reverse proxy run on the same docker host. As the Docker subnet is is known and remain constant you can allow the access for the whole network eliminating the need to adopt the config every time the public address changes.

1 Like

Dear @wwe,

thanks again for your support. I was able to add the alias to the nginx proxy manager network config.

I am able to curl -v https://collabora.mydomain.tld and curl -v https://cloud.mydomain.tld from within the nginx proxy manager container (am I right here? or where to test from?) and get the docker ip of the npm. I am entering this IP to the wopi access list field, in my case 172.22.0.0/12.

in the end no document opens. I am using Nextcloud Office app 8.3, Collabora latest stable and NC 28.0.1.

There is no useful error message in nextcloud.log.

The error message opening the document in the webfrontend is: „Document loading failed
Failed to load Nextcloud Office - please try again later“

Do you have any idea how to proceed.

it must work from the client, cloud and collabora.

Dear @wwe

I just rechecked everything and now I’am able to contact the docker IP for nextcloud and collabora from the opposite container.

Entering the WOPI with the Docker range now works.

Thanks a lot.

Dear @wwe

Just found this Information:

"By default Collabora Online enables the first WOPI host that tries to connect. You can define the allowed WOPI hosts by passing environment variables.

aliasgroup1=https://<domain1>:443,https://<your-dot-escaped-aliasname1>|<your-dot-escaped-aliasname2>:443"

source: CODE Docker image — SDK https://sdk.collaboraonline.com/ documentation

Not sure, if necessary, while it works by now. Hope that helps for future issues / solving.

With best regards

Pascal

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.