please restart Nextcloud as well - it might have cached wrong data. Then repeat troubleshooting with the browser (and try increasing log verbosity if the issue remains)
After restarting all (cloud, collabora, redis) and use another browser:
Not solved.
- it looks there is still some reference to
https://office
- you need to fix the CSP error if not fixed with 1.
Now i got a Message in collabora Log:
wsd-00001-00033 2022-11-09 13:02:44.541194 +0000 [ websrv_poll ] ERR #28 Exception while processing incoming request: [GET /cool/https%3A%2F%2Fcloud.domain%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F2784651_ocxhj39jv7tr%3Faccess_token%3DnHNyx2zoCic0Pz7zQXLoQEIlUUf98aGm%26access_token_ttl%3D0%26permission%3Dedit/ws?WOPISrc=https%3A%2F%2Fcloud.domain%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F2784651_ocxhj39jv7tr&compat=/ws HTTP/1.0
...]: Invalid or unknown request.| wsd/COOLWSD.cpp:3739
I added this in my Configuration for ssl nginx and removed the nonssl config for office:
upstream office {
server 10.0.0.41:9980;
}
server {
listen 443 ssl http2;
listen [::]:443 http2;
server_name office.domain;
ssl_certificate /root/.acme.sh/office.domain/fullchain.cer;
ssl_certificate_key /root/.acme.sh/office.domain/office.domain.key;
#ssl_protocols TLSv1.2;
# ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
# ssl_prefer_server_ciphers on;
# client_max_body_size 20000m;
# fastcgi_buffer_size 4k;
# fastcgi_buffers 64 4k;
# fastcgi_hide_header X-Powered-By;
access_log /var/log/nginx/office-access.log adv;
error_log /var/log/nginx/office-error.log notice;
index index.html index.htm index.php /index.php;
location ~ / {
proxy_pass http://office;
proxy_set_header Host $server_name;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "upgrade";
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header User-Agent $http_user_agent;
#proxy_hide_header Upgrade;
#proxy_ssl_verify off;
}
# static files
location ^~ /loleaflet {
proxy_pass http://office;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://office;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://office;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass http://office;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass http://office;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass http://office;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
newer version of Collabora use /cool
namespace, configuration example: Proxy settings â SDK https://sdk.collaboraonline.com/ documentation
I try with the ssl termination settings:
upstream office {
server 10.0.0.41:9980;
}
server {
listen 443 ssl http2;
listen [::]:443 http2;
server_name office.domain;
ssl_certificate /root/.acme.sh/office.domain/fullchain.cer;
ssl_certificate_key /root/.acme.sh/office.domain/office.domain.key;
access_log /var/log/nginx/office-access.log adv;
error_log /var/log/nginx/office-error.log notice;
# static files
location ^~ /browser {
proxy_pass http://office;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://office;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://office;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://office;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass http://office;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass http://office;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
Finally!
Hi,
Today i changed my Proxy and my Problems are back.
My Changes:
Shutdown Nginx Proxy VM
Install Docker Nginx Proxy Manager on the same Host with cloud and Collabora (10.0.0.41)
Change IP Adresses of Compose from 40 to 41
extra_hosts:
- "cloud.domain.tld:10.0.0.41"
- "office.domain.tld:10.0.0.41"
Cloud says: Ok
If i open a Document i get Errors and warnings on collabora container:
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
wsd-00001-00153 2023-01-28 19:30:08.705477 +0000 [ docbroker_00f ] WRN Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:727
wsd-00001-00153 2023-01-28 19:30:08.738093 +0000 [ docbroker_00f ] ERR WOPI::CheckFileInfo failed for URI [https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000]: 403 Forbidden. Headers: Server: openresty / Date: Sat, 28 Jan 2023 19:30:08 GMT / Content-Type: application/json; charset=utf-8 / Content-Length: 2 / Connection: keep-alive / Referrer-Policy: no-referrer / X-Content-Type-Options: nosniff / X-Frame-Options: SAMEORIGIN / X-Permitted-Cross-Domain-Policies: none / X-Robots-Tag: none / X-XSS-Protection: 1; mode=block / X-Powered-By: PHP/8.1.14 / Set-Cookie: ocxhj39jv7tr=729fa0b95e99a2394cf01e1073e8dce2; path=/; secure; HttpOnly; SameSite=Lax / Expires: Thu, 19 Nov 1981 08:52:00 GMT / Cache-Control: no-cache, no-store, must-revalidate / Pragma: no-cache / Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none' / X-Request-Id: mkXMruqQaLzqsKaRwpd0 / Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' / Strict-Transport-Security: max-age=63072000; preload / Body: [[]]| wsd/Storage.cpp:685
wsd-00001-00153 2023-01-28 19:30:08.738926 +0000 [ docbroker_00f ] ERR loading document exception: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000| wsd/DocumentBroker.cpp:2264
wsd-00001-00153 2023-01-28 19:30:08.738970 +0000 [ docbroker_00f ] ERR Failed to add session to [https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr] with URI [https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000]: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000| wsd/DocumentBroker.cpp:2226
wsd-00001-00153 2023-01-28 19:30:08.739005 +0000 [ docbroker_00f ] ERR Unauthorized Request while starting session on https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr for socket #22. Terminating connection. Error: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000| wsd/COOLWSD.cpp:4597
wsd-00001-00153 2023-01-28 19:30:08.739086 +0000 [ docbroker_00f ] ERR Invalid or unknown session [02c] to remove.| wsd/DocumentBroker.cpp:2309
wsd-00001-00038 2023-01-28 19:30:09.018714 +0000 [ websrv_poll ] WRN DocBroker with docKey [https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:3157
wsd-00001-00038 2023-01-28 19:30:09.019010 +0000 [ websrv_poll ] ERR Error while handling Client WS Request: Failed to create DocBroker with docKey [https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr].| wsd/COOLWSD.cpp:4637
wsd-00001-00038 2023-01-28 19:30:09.019088 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00038 2023-01-28 19:30:09.019121 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00038 2023-01-28 19:30:09.019146 +0000 [ websrv_poll ] WRN #32 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:826
wsd-00001-00038 2023-01-28 19:30:09.019173 +0000 [ websrv_poll ] ERR #32: Attempted to remove: 850 which is > size: 0 clamped to 0| net/Socket.hpp:1234
wsd-00001-00038 2023-01-28 19:30:09.019216 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00038 2023-01-28 19:30:09.567692 +0000 [ websrv_poll ] WRN DocBroker with docKey [https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:3157
wsd-00001-00038 2023-01-28 19:30:09.567799 +0000 [ websrv_poll ] ERR Error while handling Client WS Request: Failed to create DocBroker with docKey [https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr].| wsd/COOLWSD.cpp:4637
wsd-00001-00038 2023-01-28 19:30:09.567821 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00038 2023-01-28 19:30:09.567839 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00038 2023-01-28 19:30:09.567849 +0000 [ websrv_poll ] WRN #32 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:826
wsd-00001-00038 2023-01-28 19:30:09.567862 +0000 [ websrv_poll ] ERR #32: Attempted to remove: 850 which is > size: 0 clamped to 0| net/Socket.hpp:1234
wsd-00001-00038 2023-01-28 19:30:09.567889 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
Forced Exit with code: 70
kit-00146-00034 2023-01-28 19:30:10.739769 +0000 [ kit_spare_00f ] FTL Forced Exit with code: 70| common/Util.cpp:1102
wsd-00001-00033 2023-01-28 19:30:10.743633 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3242
wsd-00001-00033 2023-01-28 19:30:10.743742 +0000 [ prisoner_poll ] WRN An unassociated Kit disconnected.| wsd/COOLWSD.cpp:3257
wsd-00001-00033 2023-01-28 19:30:10.743853 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3242
wsd-00001-00033 2023-01-28 19:30:10.744004 +0000 [ prisoner_poll ] WRN An unassociated Kit disconnected.| wsd/COOLWSD.cpp:3257
wsd-00001-00155 2023-01-28 19:30:11.594700 +0000 [ docbroker_010 ] WRN Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:727
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
wsd-00001-00155 2023-01-28 19:30:11.640076 +0000 [ docbroker_010 ] ERR WOPI::CheckFileInfo failed for URI [https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000&permission=edit]: 403 Forbidden. Headers: Server: openresty / Date: Sat, 28 Jan 2023 19:30:11 GMT / Content-Type: application/json; charset=utf-8 / Content-Length: 2 / Connection: keep-alive / Referrer-Policy: no-referrer / X-Content-Type-Options: nosniff / X-Frame-Options: SAMEORIGIN / X-Permitted-Cross-Domain-Policies: none / X-Robots-Tag: none / X-XSS-Protection: 1; mode=block / X-Powered-By: PHP/8.1.14 / Set-Cookie: ocxhj39jv7tr=66973a38f00842ad135c9aebaaedd99d; path=/; secure; HttpOnly; SameSite=Lax / Expires: Thu, 19 Nov 1981 08:52:00 GMT / Cache-Control: no-cache, no-store, must-revalidate / Pragma: no-cache / Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none' / X-Request-Id: HhYL1rwP0V0aKv18kqEt / Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' / Strict-Transport-Security: max-age=63072000; preload / Body: [[]]| wsd/Storage.cpp:685
wsd-00001-00155 2023-01-28 19:30:11.640377 +0000 [ docbroker_010 ] ERR loading document exception: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000&permission=edit| wsd/DocumentBroker.cpp:2264
wsd-00001-00155 2023-01-28 19:30:11.640414 +0000 [ docbroker_010 ] ERR Failed to add session to [https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr] with URI [https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000&permission=edit]: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000&permission=edit| wsd/DocumentBroker.cpp:2226
wsd-00001-00155 2023-01-28 19:30:11.640434 +0000 [ docbroker_010 ] ERR Unauthorized Request while starting session on https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr for socket #23. Terminating connection. Error: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000&permission=edit| wsd/COOLWSD.cpp:4597
wsd-00001-00155 2023-01-28 19:30:11.640489 +0000 [ docbroker_010 ] ERR Invalid or unknown session [02f] to remove.| wsd/DocumentBroker.cpp:2309
Forced Exit with code: 70
wsd-00001-00033 2023-01-28 19:30:13.640963 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3242
kit-00154-00034 2023-01-28 19:30:13.640973 +0000 [ kit_spare_010 ] FTL Forced Exit with code: 70| common/Util.cpp:1102wsd-00001-00033 2023-01-28 19:30:13.641019 +0000 [ prisoner_poll ] WRN An unassociated Kit disconnected.| wsd/COOLWSD.cpp:3257
wsd-00001-00033 2023-01-28 19:30:13.641032 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3242
wsd-00001-00033 2023-01-28 19:30:13.641042 +0000 [ prisoner_poll ] WRN An unassociated Kit disconnected.| wsd/COOLWSD.cpp:3257
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
Nginx Config is the same of the old nginx proxy with 10.0.0.41 ip
and this in advanced:
# static files
location ^~ /browser {
proxy_pass http://10.0.0.41:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://10.0.0.41:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://10.0.0.41:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://10.0.0.41:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass http://10.0.0.41:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass http://10.0.0.41:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
The Nginx Proxy Manager only has ports:
- 80
- 443
- 81
I have two ideas.
First: on the Proxy Manager fails the 9980 port and the connection dont work?
Second: wrong Settings for Connection on the same Host?
I hope you can help me.
Thanks
Honestly, Iâve spend hours, days and nights trying to get this fu$$$^$ Nexcloud + NPM + Collabora. I got it working sometimes, donât ask me how, but each time I did an upgrade, certificate renewal, or any fu$Ăš^Ăš other change I needed to spend again hours and days to get this fu$Ăš$$ stuff working again. Iâm just over now, I will try to find something even if I need to pay for it, but I canât spend so much time with such kind of piece of shit.
Just created an account for the single purpose of supporting this message. I really love the idea of Nextcloud, and Iâm very grateful for being provided with such great software at zero cost. A big shoutout to all the awesome people who work on this!
Nevertheless, my frustration in trying to set up Nextcloud with NPM and Collabora is close to immeasurable. The documentation both on Nextcloudâs and Collaboraâs part is mediocre at best. Outdated information everywhere, especially regarding the ârichdocumentsbundleâ, which is referenced everywhere but found absolutely nowhere (except in the Nextcloud app store website, but not in the actual store once youâre inside Nextcloud).
I have not yet once managed to get it working properly. I tried all sorts of configuration changes, running things in front of or behind a proxy, using LXCs and VMs, Docker, bare-metal and pretty much every other setup I could. Nothing worked.
It seems to me that this integration simply isnât there yet. Officially, youâre made to believe this is an existing feature, but I assume this only works if you are running like the only working, very specific combination of OS, Reverse Proxy, Docker, and maybe some other obscure configuration parameters.
As I said, I love the fact that Nextcloud is FOSS, and I understand there is no guarantee that free software will always work and be available. But if the setup is quite apparently this wonky (and this does not only seem to be the case for a few users; check your favorite search engine for ânextcloud collabora document loading failedâ and youâll see issues with this seem to be prevalent everywhere, and for multiple years, too), then Iâd urge everybody involved in publishing this âfeatureâ to simply not. Donât push software you know doesnât really work. It costs the users much more frustration and might ultimately even push them away from Nextcloud. I too will be looking into alternatives to NextCloud simply because I am so very frustrated due to dealing with this for weeks now. Sadly, there arenât many (full) alternatives to NC afaik, but maybe Iâll just use different apps for different use cases. This has the benefit that, once something breaks with NC (again), I can still use the other features without worry.
Hi, I can only say that Collabora works reliably and without any problem within AIO: GitHub - nextcloud/all-in-one: Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance..
Thanks szaimen, I did indeed hear good things about AIO! Unfortunately Iâm currently using a managed version of Nextcloud (i.e. managed by the hoster), so I canât switch to Nextcloud AIO at the moment. I might try it out at home though and see if I can get it working with CODE. If so, I might consider switching⌠Have a beautiful day!
This topic was automatically closed after 8 days. New replies are no longer allowed.