Nextcloud Office/Built in CODE Server will not load files

NC 27.01
Php 8.12
PostgreSQL 14.8
Running behind HaProxy on PfSense with SSL offloading (working)
CODE Server 23.5.202
Nextcloud Office 8.10

Nextcloud office with built-in CODE Server fails to open Office and LibreOffice docs
Gives a ‘Document Loading failed Failed to load Nextcloud Office’ error

Built in CODE Server is reported as reachable, green dot.

However logs has following error:
[richdocuments] Error: GuzzleHttp\Exception\ClientException: Client error: GET http://xxx.xxx.net/apps/richdocumentscode/proxy.php?req=/hosting/capabilities resulted in a 404 Not Found response:

404 Not Found

0. /var/www/html/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 69
   GuzzleHttp\Exception\RequestException::create(“*** sensitive parameters replaced ***”)
1. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 204
   GuzzleHttp\Middleware::GuzzleHttp{closure}(“*** sensitive parameters replaced ***”)
2. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 153
   GuzzleHttp\Promise\Promise::callHandler()
3. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/TaskQueue.php line 48
   GuzzleHttp\Promise\Promise::GuzzleHttp\Promise{closure}(“*** sensitive parameters replaced ***”)
4. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 248
   GuzzleHttp\Promise\TaskQueue->run()
5. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 224
   GuzzleHttp\Promise\Promise->invokeWaitFn()
6. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 269
   GuzzleHttp\Promise\Promise->waitIfPending()
7. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 226
   GuzzleHttp\Promise\Promise->invokeWaitList()
8. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 62
   GuzzleHttp\Promise\Promise->waitIfPending()
9. /var/www/html/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php line 187
   GuzzleHttp\Promise\Promise->wait()
10. /var/www/html/nextcloud/lib/private/Http/Client/Client.php line 226
    GuzzleHttp\Client->request()
11. /var/www/html/nextcloud/apps/richdocuments/lib/Service/CapabilitiesService.php line 135
    OC\Http\Client\Client->get()
12. /var/www/html/nextcloud/apps/richdocuments/lib/Service/CapabilitiesService.php line 73
    OCA\Richdocuments\Service\CapabilitiesService->refetch()
13. /var/www/html/nextcloud/apps/richdocuments/lib/AppInfo/Application.php line 85
    OCA\Richdocuments\Service\CapabilitiesService->getCapabilities()
14. /var/www/html/nextcloud/lib/private/AppFramework/Bootstrap/FunctionInjector.php line 66
    OCA\Richdocuments\AppInfo\Application->OCA\Richdocuments\AppInfo{closure}(“*** sensitive parameters replaced ***”)
15. /var/www/html/nextcloud/lib/private/AppFramework/Bootstrap/BootContext.php line 50
    OC\AppFramework\Bootstrap\FunctionInjector->injectFn()
16. /var/www/html/nextcloud/apps/richdocuments/lib/AppInfo/Application.php line 140
    OC\AppFramework\Bootstrap\BootContext->injectFn()
17. /var/www/html/nextcloud/lib/private/AppFramework/Bootstrap/Coordinator.php line 200
    OCA\Richdocuments\AppInfo\Application->boot()
18. /var/www/html/nextcloud/lib/private/App/AppManager.php line 437
    OC\AppFramework\Bootstrap\Coordinator->bootApp()
19. /var/www/html/nextcloud/lib/private/App/AppManager.php line 216
    OC\App\AppManager->loadApp()
20. /var/www/html/nextcloud/lib/private/legacy/OC_App.php line 126
    OC\App\AppManager->loadApps()
21. /var/www/html/nextcloud/lib/base.php line 1051
    OC_App::loadApps()
22. /var/www/html/nextcloud/index.php line 36
    OC::handleRequest()

GET /index.php/apps/files/api/v1/stats
from 192.168.10.1 by xxxx at 2023-08-07T14:20:29+00:00

Interestingly when setting up the built in server (that shows green dot), the following is displayed briefly:

Screen Shot 2023-08-07 at 9.44.38 AM1301×178 44.3 KB

Which is probably the problem here - but I do not know how to change this on the built in CODE server. Or if that is even doable.

As a note I did have this working behind an NGINX reverse proxy until recent updates to Nextcloud Office and CODE Server broke something. There were no special rules for the CODE Server, just for WellKnownCardDav etc, I decided to switch over to HaProxy to get my reverse proxy located in PfSense and free up a Truenas Jail where the NGINX reverse proxy had been.

I was hoping today’s update of the CODE server might help, but no joy.

Have tried setting WOPI to 0.0.0.0 etc., which doesn’t seem to make a difference.

ATM Nextcloud office is basically unusable for me.

I have researched this problem, but it only seems to be documented and addressed for Collabora CODE Server installs which for me is another rabbit hole, although if I have to I’ll set up a separate server, but I’d much rather use the built-in as I don’t have heavy demands for editing etc., so I can deal with the slowness of the built-in.

I have also tried to figure out if there is a missing HaProxy config given that my NC install is running on Port 80 and HaProxy is handling the SSL with ACME producing the Let’s Encrypt Cert for the site. I have not found any documentation of such.

I am no expert, but would appreciate any input on where to go to fix this. Unless of course the latest versions of these apps broke something that had previously working… I doubt that’s the case, but possible.

Thanks for any input.

Built-in CODE heavily relies on correct reverse proxy config - likely something is wrong with you overwrite* parameters (or proxy headers). Especially the error regarding http:// makes me think something is wrong with reverse proxy config.

this might help: Nextcloud Collabora integration it’s mainly about dedicated setup but few hints address built-in CODE as well.

@wwe Thanks for the comment - I had actually read your wiki before and was able to see that my NC was reaching the richdocuments code hosting proxy, for example. I really appreciate that the wiki is a proper debug checklist.

I tried modifying my apache virtual hosts config, as I had to get caldav and carddav working, but was left scratching my head.

I tried adding a rule in PfSense to allow port 9980-9984 traffic back to my NC install, and tried adding config to HaProxy, but in short dont know enough to know how to do that and havent found a guide anywhere.

In short I dont know what to do to address overwrite parameters, like what that means. Just being honest. So I dont know if that’s a problem with HaProxy, Pfsense or Apache or NC Config.php (I dont think it’s the config.php as the trusted proxy works).

nobody can tell you how your system must be setup. again plan http:// is a problem as well - you have to analyze and resolve the problem…

following the guide I provided you will find at least this working Apache config which is easy to adopt for other products

@wwe Thanks again.
Update: I got rid of the guzzle exception error by changing the overwrite.cli.url from http to https in config.php
However I am still getting a ‘Document Loading failed Failed to load Nextcloud Office’ error and although I appreciated the document you referred me to and tried putting those settings in my Apache Virtual hosts file, it did not change the situation. The problem seems to be how to configure the built in CODE server to have the correct ssl.enable and ssl.termination settings.

there is nothing to configure builtin CODE. It completely relies on reverse proxy header to understand the config.
Please follow the discussions I provided.

@wwe thanks, did not fully get that.

Where could I find an explanation of what a reverse proxy header is? I think if I understood that I could figure out what to tweak in HaProxy

use your favorite internet search engine and familiarize yourself how applications run behind reverse proxy and how requested URI and scheme are configured. “real ip” is a useful search term.

@wwe thanks again. I have spent some time researching how applications run behind reverse proxies.
What I cant figure out is in this case, where the built in CODE server is trying to talk to the NC instance, that the CODE server is communicating with HTTPS wheras the NC install is HTTP, behind Haproxy which is doing the SSL termination for NC. So the CODE server cant talk to NC.
So, is this a problem solved in my virtual host, my config.php file for NC or HaProxy setup?

this means your NC is running https:// and CODE is correctly accessing NC with https://.

if the user sits in front of the proxy there is no way CODE can access Nextcloud bypassing the proxy.

@wwe You keep replying which I appreciate. Let me rephrase what I’m saying:
I think it means that NC is http behind the proxy, so if CODE is running https it wont connect - which is the current situation.
So to get CODE running with the correct ssl.enable and ssl.termination (the error in setup I have) to be able to talk to NC - is that an Apache, Haproxy or NC Config thing? My virtual host in Apache is on port 80, behind the reverse proxy. Hopefully that makes more sense?

I’m sorry I can’t follow your questions. Initially you stated you run built-in CODE server which automatically makes Nextcloud and CODE running same http/s protocol and same hostname. Assuming your NC runs well you likely only need to verify correct reverse proxy headers. If you run another config please do 3 steps back and describe how you setup the system and provide all the logs…

Please take the time to read and understand the integration wiki - I wrote wiki this because WOPI integration is very different from normal webhosting and many many people struggle with the config. I’m confident 99% of all questions are answered already and I’ll be happy to help you with the remaining 1%… or maybe this 1% are real bugs and not generic “it doesn’t work”

@wwe ok progress.

RequestHeader set X-FORWARDED-PROTOCOL https
RequestHeader set X-Forwarded-Ssl on

in the Apache2 Virtual Host made it possible to open .ods and word/excel files momentarily.

But then get the document failed to load error again.

<VirtualHost *:80>
ServerName (server).net
ServerAdmin (server).net
DocumentRoot /var/www/html/nextcloud
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

RequestHeader set X-FORWARDED-PROTOCOL https
RequestHeader set X-Forwarded-Ssl on

Redirect 301 /.well-known/carddav https://(server)/remote.php/dav
Redirect 301 /.well-known/caldav https://(server)/remote.php/dav
Redirect 301 /.well-known/webfinger https://(server)t/index.php/.well-known/webfinger
Redirect 301 /.well-known/nodeinfo https://(server)/index.php/.well-known/nodeinfo
</VirtualHost>

I also had to set WOPI allow to 0.0.0.0/0
And remove reinstall CODE and Nextcloud office.

Persistence pays off. Thanks for nudging me along.

This the error in the log when it stopped working again. If I flush the cache on my browser it works again for a moment.

No longer getting errors in the Code Server setup.

This is the log for the error thrown:

[richdocuments] Info: GuzzleHttp\Exception\ServerException: Server error: `POST https://xxx.xxxx.net/apps/richdocumentscode/proxy.php?req=/lool/convert-to/png` resulted in a `502 Bad Gateway` response:
<html><body><h1>502 Bad Gateway</h1>
The server returned an invalid or incomplete response.
</body></html>

 at <<closure>>

 0. /var/www/html/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 69
    GuzzleHttp\Exception\RequestException::create("*** sensitive parameters replaced ***")
 1. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 204
    GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***")
 2. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 153
    GuzzleHttp\Promise\Promise::callHandler()
 3. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/TaskQueue.php line 48
    GuzzleHttp\Promise\Promise::GuzzleHttp\Promise\{closure}("*** sensitive parameters replaced ***")
 4. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 248
    GuzzleHttp\Promise\TaskQueue->run()
 5. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 224
    GuzzleHttp\Promise\Promise->invokeWaitFn()
 6. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 269
    GuzzleHttp\Promise\Promise->waitIfPending()
 7. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 226
    GuzzleHttp\Promise\Promise->invokeWaitList()
 8. /var/www/html/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php line 62
    GuzzleHttp\Promise\Promise->waitIfPending()
 9. /var/www/html/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php line 187
    GuzzleHttp\Promise\Promise->wait()
10. /var/www/html/nextcloud/lib/private/Http/Client/Client.php line 297
    GuzzleHttp\Client->request()
11. /var/www/html/nextcloud/apps/richdocuments/lib/Preview/Office.php line 90
    OC\Http\Client\Client->post()
12. /var/www/html/nextcloud/lib/private/Preview/ProviderV1Adapter.php line 53
    OCA\Richdocuments\Preview\Office->getThumbnail()
13. /var/www/html/nextcloud/lib/private/Preview/GeneratorHelper.php line 64
    OC\Preview\ProviderV1Adapter->getThumbnail()
14. /var/www/html/nextcloud/lib/private/Preview/Generator.php line 397
    OC\Preview\GeneratorHelper->getThumbnail()
15. /var/www/html/nextcloud/lib/private/Preview/Generator.php line 373
    OC\Preview\Generator->generateProviderPreview()
16. /var/www/html/nextcloud/lib/private/Preview/Generator.php line 166
    OC\Preview\Generator->getMaxPreview()
17. /var/www/html/nextcloud/lib/private/Preview/Generator.php line 116
    OC\Preview\Generator->generatePreviews()
18. /var/www/html/nextcloud/lib/private/PreviewManager.php line 192
    OC\Preview\Generator->getPreview()
19. /var/www/html/nextcloud/core/Controller/PreviewController.php line 144
    OC\PreviewManager->getPreview()
20. /var/www/html/nextcloud/core/Controller/PreviewController.php line 113
    OC\Core\Controller\PreviewController->fetchPreview()
21. /var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 230
    OC\Core\Controller\PreviewController->getPreviewByFileId()
22. /var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 137
    OC\AppFramework\Http\Dispatcher->executeController()
23. /var/www/html/nextcloud/lib/private/AppFramework/App.php line 183
    OC\AppFramework\Http\Dispatcher->dispatch()
24. /var/www/html/nextcloud/lib/private/Route/Router.php line 315
    OC\AppFramework\App::main()
25. /var/www/html/nextcloud/lib/base.php line 1071
    OC\Route\Router->match()
26. /var/www/html/nextcloud/index.php line 36
    OC::handleRequest()

GET /index.php/core/preview?fileId=1270797&x=250&y=250
from 192.168.10.1 by xxx at 2023-08-13T22:13:23+00:00

it looks like reverse proxy doesn’t know where to route this request… maybe the reverse proxy config is still incomplete. Looking at Collabora reverse proxy guide I see many special config - not sure this is required for built-in CODE as well… I would start with proxy_set_header Host $http_host; I don’t see it in your config…

There was working Apache reverse proxy example linked to the above guide… the solution is not very clear but two different working Apache configs

another weird issue there is a /lool/ piece in the URI while CODE switched to /cool/ long time ago…

@wwe

That is an NGINX parameter, trying to find equivalent in Apache2

I tried

sudo killall coolwsd

to see if it would address the lool error you mentioned. Reinstalled CODE and Office after.

As it stands I can open docs every 2nd or 3rd try, getting ‘Document Failed to Load’ error in between.

Getting there…

try ProxyPreserveHost On

maybe browser log (f12) gives more insights what is going wrong?

@wwe thanks.

I did use

ProxyPreserveHost On

And that got me to being able to open every two or three tries

It seems like the proxy parameters need a directive that will enable opening each try, either allowing multiple requests or setting the proxy to handle a new request each time - a subjective take I know, but not sure which other parameter is needed and I’ve scoured through Apache2 documentation, trying to guess basically.

If you say it works every few times I would try to find a difference - if this is another header, DNS, cache etc… is there some “logic” between working and non-working scenarios, like it works every X seconds or after every Z requests? just wondering - you are not running some weird security solution which limits the number of requests or "sanitize"s URLs?

Update: Solved this issue - what was causing the problem was two DNS forwarding IP addresses from Route 53, one was incorrect. With this resolved everything else worked flawlessly. Nothing special needed in the Apache config as far as the reverse proxy goes.