Nextcloud in Docker with Collabora Code

please restart Nextcloud as well - it might have cached wrong data. Then repeat troubleshooting with the browser (and try increasing log verbosity if the issue remains)

After restarting all (cloud, collabora, redis) and use another browser:

Not solved.

1. it looks there is still some reference to https://office
2. you need to fix the CSP error if not fixed with 1.

Now i got a Message in collabora Log:

wsd-00001-00033 2022-11-09 13:02:44.541194 +0000 [ websrv_poll ] ERR  #28 Exception while processing incoming request: [GET /cool/https%3A%2F%2Fcloud.domain%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F2784651_ocxhj39jv7tr%3Faccess_token%3DnHNyx2zoCic0Pz7zQXLoQEIlUUf98aGm%26access_token_ttl%3D0%26permission%3Dedit/ws?WOPISrc=https%3A%2F%2Fcloud.domain%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F2784651_ocxhj39jv7tr&compat=/ws HTTP/1.0
...]: Invalid or unknown request.| wsd/COOLWSD.cpp:3739

I added this in my Configuration for ssl nginx and removed the nonssl config for office:

upstream office {
 server 10.0.0.41:9980;
}



server {
    listen 443 ssl http2;
	listen   [::]:443 http2;
    server_name office.domain;
    ssl_certificate           /root/.acme.sh/office.domain/fullchain.cer; 
    ssl_certificate_key       /root/.acme.sh/office.domain/office.domain.key;

    #ssl_protocols  TLSv1.2;
#    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#    ssl_prefer_server_ciphers on;
#	client_max_body_size 20000m;
#    fastcgi_buffer_size 4k;
#	fastcgi_buffers 64 4k;
#    fastcgi_hide_header X-Powered-By;

    access_log            /var/log/nginx/office-access.log adv;
    error_log            /var/log/nginx/office-error.log notice;

	index index.html index.htm index.php /index.php;

location ~ / {
    proxy_pass http://office;
    proxy_set_header Host $server_name;
    #proxy_set_header Upgrade $http_upgrade;
    #proxy_set_header Connection "upgrade";
    #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #proxy_set_header User-Agent $http_user_agent;
	#proxy_hide_header Upgrade;
	#proxy_ssl_verify off;

	}

# static files
location ^~ /loleaflet {
    proxy_pass http://office;
    proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
    proxy_pass http://office;
    proxy_set_header Host $http_host;
}

# Capabilities
location ^~ /hosting/capabilities {
    proxy_pass http://office;
    proxy_set_header Host $http_host;
}

# main websocket
location ~ ^/lool/(.*)/ws$ {
    proxy_pass http://office;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
}

# download, presentation and image upload
location ~ ^/lool {
    proxy_pass http://office;
    proxy_set_header Host $http_host;
}

# Admin Console websocket
location ^~ /lool/adminws {
    proxy_pass http://office;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
}


}

newer version of Collabora use /cool namespace, configuration example: Proxy settings — SDK https://sdk.collaboraonline.com/ documentation

I try with the ssl termination settings:

upstream office {
 server 10.0.0.41:9980;
}

server {
    listen 443 ssl http2;
	listen   [::]:443 http2;
    server_name office.domain;
    ssl_certificate           /root/.acme.sh/office.domain/fullchain.cer; 
    ssl_certificate_key       /root/.acme.sh/office.domain/office.domain.key;

    access_log            /var/log/nginx/office-access.log adv;
    error_log            /var/log/nginx/office-error.log notice;

# static files
 location ^~ /browser {
   proxy_pass http://office;
   proxy_set_header Host $http_host;
 }

 # WOPI discovery URL
 location ^~ /hosting/discovery {
   proxy_pass http://office;
   proxy_set_header Host $http_host;
 }

 # Capabilities
 location ^~ /hosting/capabilities {
   proxy_pass http://office;
   proxy_set_header Host $http_host;
 }

 # main websocket
 location ~ ^/cool/(.*)/ws$ {
   proxy_pass http://office;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }

 # download, presentation and image upload
 location ~ ^/(c|l)ool {
   proxy_pass http://office;
   proxy_set_header Host $http_host;
 }

 # Admin Console websocket
 location ^~ /cool/adminws {
   proxy_pass http://office;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }

}

Finally!

grafik1679×1245 96.7 KB

Hi,

Today i changed my Proxy and my Problems are back.

My Changes:
Shutdown Nginx Proxy VM
Install Docker Nginx Proxy Manager on the same Host with cloud and Collabora (10.0.0.41)

Change IP Adresses of Compose from 40 to 41

    extra_hosts:
      - "cloud.domain.tld:10.0.0.41"
      - "office.domain.tld:10.0.0.41"

Cloud says: Ok

If i open a Document i get Errors and warnings on collabora container:

sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
wsd-00001-00153 2023-01-28 19:30:08.705477 +0000 [ docbroker_00f ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:727
wsd-00001-00153 2023-01-28 19:30:08.738093 +0000 [ docbroker_00f ] ERR  WOPI::CheckFileInfo failed for URI [https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000]: 403 Forbidden. Headers: 	Server: openresty / 	Date: Sat, 28 Jan 2023 19:30:08 GMT / 	Content-Type: application/json; charset=utf-8 / 	Content-Length: 2 / 	Connection: keep-alive / 	Referrer-Policy: no-referrer / 	X-Content-Type-Options: nosniff / 	X-Frame-Options: SAMEORIGIN / 	X-Permitted-Cross-Domain-Policies: none / 	X-Robots-Tag: none / 	X-XSS-Protection: 1; mode=block / 	X-Powered-By: PHP/8.1.14 / 	Set-Cookie: ocxhj39jv7tr=729fa0b95e99a2394cf01e1073e8dce2; path=/; secure; HttpOnly; SameSite=Lax / 	Expires: Thu, 19 Nov 1981 08:52:00 GMT / 	Cache-Control: no-cache, no-store, must-revalidate / 	Pragma: no-cache / 	Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none' / 	X-Request-Id: mkXMruqQaLzqsKaRwpd0 / 	Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' / 	Strict-Transport-Security: max-age=63072000; preload / 	Body: [[]]| wsd/Storage.cpp:685
wsd-00001-00153 2023-01-28 19:30:08.738926 +0000 [ docbroker_00f ] ERR  loading document exception: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000| wsd/DocumentBroker.cpp:2264
wsd-00001-00153 2023-01-28 19:30:08.738970 +0000 [ docbroker_00f ] ERR  Failed to add session to [https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr] with URI [https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000]: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000| wsd/DocumentBroker.cpp:2226
wsd-00001-00153 2023-01-28 19:30:08.739005 +0000 [ docbroker_00f ] ERR  Unauthorized Request while starting session on https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr for socket #22. Terminating connection. Error: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000| wsd/COOLWSD.cpp:4597
wsd-00001-00153 2023-01-28 19:30:08.739086 +0000 [ docbroker_00f ] ERR  Invalid or unknown session [02c] to remove.| wsd/DocumentBroker.cpp:2309
wsd-00001-00038 2023-01-28 19:30:09.018714 +0000 [ websrv_poll ] WRN  DocBroker with docKey [https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:3157
wsd-00001-00038 2023-01-28 19:30:09.019010 +0000 [ websrv_poll ] ERR  Error while handling Client WS Request: Failed to create DocBroker with docKey [https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr].| wsd/COOLWSD.cpp:4637
wsd-00001-00038 2023-01-28 19:30:09.019088 +0000 [ websrv_poll ] ERR  #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00038 2023-01-28 19:30:09.019121 +0000 [ websrv_poll ] ERR  #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00038 2023-01-28 19:30:09.019146 +0000 [ websrv_poll ] WRN  #32 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:826
wsd-00001-00038 2023-01-28 19:30:09.019173 +0000 [ websrv_poll ] ERR  #32: Attempted to remove: 850 which is > size: 0 clamped to 0| net/Socket.hpp:1234
wsd-00001-00038 2023-01-28 19:30:09.019216 +0000 [ websrv_poll ] ERR  #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00038 2023-01-28 19:30:09.567692 +0000 [ websrv_poll ] WRN  DocBroker with docKey [https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:3157
wsd-00001-00038 2023-01-28 19:30:09.567799 +0000 [ websrv_poll ] ERR  Error while handling Client WS Request: Failed to create DocBroker with docKey [https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr].| wsd/COOLWSD.cpp:4637
wsd-00001-00038 2023-01-28 19:30:09.567821 +0000 [ websrv_poll ] ERR  #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00038 2023-01-28 19:30:09.567839 +0000 [ websrv_poll ] ERR  #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00038 2023-01-28 19:30:09.567849 +0000 [ websrv_poll ] WRN  #32 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:826
wsd-00001-00038 2023-01-28 19:30:09.567862 +0000 [ websrv_poll ] ERR  #32: Attempted to remove: 850 which is > size: 0 clamped to 0| net/Socket.hpp:1234
wsd-00001-00038 2023-01-28 19:30:09.567889 +0000 [ websrv_poll ] ERR  #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
Forced Exit with code: 70
kit-00146-00034 2023-01-28 19:30:10.739769 +0000 [ kit_spare_00f ] FTL  Forced Exit with code: 70| common/Util.cpp:1102
wsd-00001-00033 2023-01-28 19:30:10.743633 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3242
wsd-00001-00033 2023-01-28 19:30:10.743742 +0000 [ prisoner_poll ] WRN  An unassociated Kit disconnected.| wsd/COOLWSD.cpp:3257
wsd-00001-00033 2023-01-28 19:30:10.743853 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3242
wsd-00001-00033 2023-01-28 19:30:10.744004 +0000 [ prisoner_poll ] WRN  An unassociated Kit disconnected.| wsd/COOLWSD.cpp:3257
wsd-00001-00155 2023-01-28 19:30:11.594700 +0000 [ docbroker_010 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:727
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
wsd-00001-00155 2023-01-28 19:30:11.640076 +0000 [ docbroker_010 ] ERR  WOPI::CheckFileInfo failed for URI [https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000&permission=edit]: 403 Forbidden. Headers: 	Server: openresty / 	Date: Sat, 28 Jan 2023 19:30:11 GMT / 	Content-Type: application/json; charset=utf-8 / 	Content-Length: 2 / 	Connection: keep-alive / 	Referrer-Policy: no-referrer / 	X-Content-Type-Options: nosniff / 	X-Frame-Options: SAMEORIGIN / 	X-Permitted-Cross-Domain-Policies: none / 	X-Robots-Tag: none / 	X-XSS-Protection: 1; mode=block / 	X-Powered-By: PHP/8.1.14 / 	Set-Cookie: ocxhj39jv7tr=66973a38f00842ad135c9aebaaedd99d; path=/; secure; HttpOnly; SameSite=Lax / 	Expires: Thu, 19 Nov 1981 08:52:00 GMT / 	Cache-Control: no-cache, no-store, must-revalidate / 	Pragma: no-cache / 	Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none' / 	X-Request-Id: HhYL1rwP0V0aKv18kqEt / 	Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' / 	Strict-Transport-Security: max-age=63072000; preload / 	Body: [[]]| wsd/Storage.cpp:685
wsd-00001-00155 2023-01-28 19:30:11.640377 +0000 [ docbroker_010 ] ERR  loading document exception: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000&permission=edit| wsd/DocumentBroker.cpp:2264
wsd-00001-00155 2023-01-28 19:30:11.640414 +0000 [ docbroker_010 ] ERR  Failed to add session to [https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr] with URI [https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000&permission=edit]: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000&permission=edit| wsd/DocumentBroker.cpp:2226
wsd-00001-00155 2023-01-28 19:30:11.640434 +0000 [ docbroker_010 ] ERR  Unauthorized Request while starting session on https://cloud.domain.tld:443/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr for socket #23. Terminating connection. Error: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.domain.tld/index.php/apps/richdocuments/wopi/files/21288_ocxhj39jv7tr?access_token=HRwjwJJ5Wkb3w6U5UG6AQCQsNYyub5ni&access_token_ttl=1674970208000&permission=edit| wsd/COOLWSD.cpp:4597
wsd-00001-00155 2023-01-28 19:30:11.640489 +0000 [ docbroker_010 ] ERR  Invalid or unknown session [02f] to remove.| wsd/DocumentBroker.cpp:2309
Forced Exit with code: 70
wsd-00001-00033 2023-01-28 19:30:13.640963 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3242
kit-00154-00034 2023-01-28 19:30:13.640973 +0000 [ kit_spare_010 ] FTL  Forced Exit with code: 70| common/Util.cpp:1102wsd-00001-00033 2023-01-28 19:30:13.641019 +0000 [ prisoner_poll ] WRN  An unassociated Kit disconnected.| wsd/COOLWSD.cpp:3257
wsd-00001-00033 2023-01-28 19:30:13.641032 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3242

wsd-00001-00033 2023-01-28 19:30:13.641042 +0000 [ prisoner_poll ] WRN  An unassociated Kit disconnected.| wsd/COOLWSD.cpp:3257
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted

Nginx Config is the same of the old nginx proxy with 10.0.0.41 ip

image488×535 15 KB

and this in advanced:

# static files
 location ^~ /browser {
   proxy_pass http://10.0.0.41:9980;
   proxy_set_header Host $http_host;
 }

 # WOPI discovery URL
 location ^~ /hosting/discovery {
   proxy_pass http://10.0.0.41:9980;
   proxy_set_header Host $http_host;
 }

 # Capabilities
 location ^~ /hosting/capabilities {
   proxy_pass http://10.0.0.41:9980;
   proxy_set_header Host $http_host;
 }

 # main websocket
 location ~ ^/cool/(.*)/ws$ {
   proxy_pass http://10.0.0.41:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }

 # download, presentation and image upload
 location ~ ^/(c|l)ool {
   proxy_pass http://10.0.0.41:9980;
   proxy_set_header Host $http_host;
 }

 # Admin Console websocket
 location ^~ /cool/adminws {
   proxy_pass http://10.0.0.41:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }

The Nginx Proxy Manager only has ports:

• 80
• 443
• 81

I have two ideas.
First: on the Proxy Manager fails the 9980 port and the connection dont work?
Second: wrong Settings for Connection on the same Host?

I hope you can help me.

Thanks

Honestly, I’ve spend hours, days and nights trying to get this fu$$$^$ Nexcloud + NPM + Collabora. I got it working sometimes, don’t ask me how, but each time I did an upgrade, certificate renewal, or any fu$ù^ù other change I needed to spend again hours and days to get this fu$ù$$ stuff working again. I’m just over now, I will try to find something even if I need to pay for it, but I can’t spend so much time with such kind of piece of shit.

Just created an account for the single purpose of supporting this message. I really love the idea of Nextcloud, and I’m very grateful for being provided with such great software at zero cost. A big shoutout to all the awesome people who work on this!

Nevertheless, my frustration in trying to set up Nextcloud with NPM and Collabora is close to immeasurable. The documentation both on Nextcloud’s and Collabora’s part is mediocre at best. Outdated information everywhere, especially regarding the “richdocumentsbundle”, which is referenced everywhere but found absolutely nowhere (except in the Nextcloud app store website, but not in the actual store once you’re inside Nextcloud).

I have not yet once managed to get it working properly. I tried all sorts of configuration changes, running things in front of or behind a proxy, using LXCs and VMs, Docker, bare-metal and pretty much every other setup I could. Nothing worked.

It seems to me that this integration simply isn’t there yet. Officially, you’re made to believe this is an existing feature, but I assume this only works if you are running like the only working, very specific combination of OS, Reverse Proxy, Docker, and maybe some other obscure configuration parameters.

As I said, I love the fact that Nextcloud is FOSS, and I understand there is no guarantee that free software will always work and be available. But if the setup is quite apparently this wonky (and this does not only seem to be the case for a few users; check your favorite search engine for “nextcloud collabora document loading failed” and you’ll see issues with this seem to be prevalent everywhere, and for multiple years, too), then I’d urge everybody involved in publishing this “feature” to simply not. Don’t push software you know doesn’t really work. It costs the users much more frustration and might ultimately even push them away from Nextcloud. I too will be looking into alternatives to NextCloud simply because I am so very frustrated due to dealing with this for weeks now. Sadly, there aren’t many (full) alternatives to NC afaik, but maybe I’ll just use different apps for different use cases. This has the benefit that, once something breaks with NC (again), I can still use the other features without worry.

Hi, I can only say that Collabora works reliably and without any problem within AIO: GitHub - nextcloud/all-in-one: Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance..

Thanks szaimen, I did indeed hear good things about AIO! Unfortunately I’m currently using a managed version of Nextcloud (i.e. managed by the hoster), so I can’t switch to Nextcloud AIO at the moment. I might try it out at home though and see if I can get it working with CODE. If so, I might consider switching… Have a beautiful day!

This topic was automatically closed after 8 days. New replies are no longer allowed.