Nextcloud Office Could not establish connection to the Collabora Online server

ℹ️ Support 📄 Collabora
, , , ,
1

Hi,

I’m using Nextcloud AIO on Linode and upgraded from 27 to 28.0.3.

Nextcloud Office shows the error:

Could not establish connection to the Collabora Online server.

Failed to connect to the remote server: cURL error 28: Operation timed out after 45002 milliseconds with 0 bytes received (see libcurl - Error Codes) for https://nextcloud.greatday.fit/hosting/discovery

I tried the steps in document: https://github.com/nextcloud/all-in-one/discussions/1358

Allow list for WOPI requests does not come up.

Output of curl:

  • Host nextcloud.greatday.fit:443 was resolved.
  • IPv6: (none)
  • IPv4: 66.228.48.147
  • Trying 66.228.48.147:443…
  • Connected to nextcloud.greatday.fit (66.228.48.147) port 443
  • ALPN: curl offers h2,http/1.1
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: /etc/ssl/certs
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / id-ecPublicKey
  • ALPN: server accepted h2
  • Server certificate:
  • subject: CN=nextcloud.greatday.fit
  • start date: Feb 6 04:57:46 2024 GMT
  • expire date: May 6 04:57:45 2024 GMT
  • subjectAltName: host “nextcloud.greatday.fit” matched cert’s “nextcloud.greatday.fit”
  • issuer: C=US; O=Let’s Encrypt; CN=R3
  • SSL certificate verify ok.
  • Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
  • Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
  • Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • using HTTP/2
  • [HTTP/2] [1] OPENED stream for https://nextcloud.greatday.fit:443/hosting/discovery
  • [HTTP/2] [1] [:method: GET]
  • [HTTP/2] [1] [:scheme: https]
  • [HTTP/2] [1] [:authority: nextcloud.greatday.fit]
  • [HTTP/2] [1] [:path: /hosting/discovery]
  • [HTTP/2] [1] [user-agent: curl/8.5.0]
  • [HTTP/2] [1] [accept: /]

GET /hosting/discovery HTTP/2
Host: nextcloud.greatday.fit
User-Agent: curl/8.5.0
Accept: /

^C
da548be2f2a3:/var/www/html# # Now inside the container
curl -vvv https://$NC_DOMAIN:443/hosting/discovery
exit

  • Host nextcloud.greatday.fit:443 was resolved.
  • IPv6: (none)
  • IPv4: 66.228.48.147
  • Trying 66.228.48.147:443…
  • Connected to nextcloud.greatday.fit (66.228.48.147) port 443
  • ALPN: curl offers h2,http/1.1
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: /etc/ssl/certs
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / id-ecPublicKey
  • ALPN: server accepted h2
  • Server certificate:
  • subject: CN=nextcloud.greatday.fit
  • start date: Feb 6 04:57:46 2024 GMT
  • expire date: May 6 04:57:45 2024 GMT
  • subjectAltName: host “nextcloud.greatday.fit” matched cert’s “nextcloud.greatday.fit”
  • issuer: C=US; O=Let’s Encrypt; CN=R3
  • SSL certificate verify ok.
  • Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
  • Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
  • Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • using HTTP/2
  • [HTTP/2] [1] OPENED stream for https://nextcloud.greatday.fit:443/hosting/discovery
  • [HTTP/2] [1] [:method: GET]
  • [HTTP/2] [1] [:scheme: https]
  • [HTTP/2] [1] [:authority: nextcloud.greatday.fit]
  • [HTTP/2] [1] [:path: /hosting/discovery]
  • [HTTP/2] [1] [user-agent: curl/8.5.0]
  • [HTTP/2] [1] [accept: /]

GET /hosting/discovery HTTP/2
Host: nextcloud.greatday.fit
User-Agent: curl/8.5.0
Accept: /

curl command does not exit

The end of the Collabora logs show:

frk-00013-00013 2024-03-19 12:08:20.629481 -0600 [ coolforkit ] ERR Capability cap_sys_chroot is not set for the coolforkit program.| kit/ForKit.cpp:228
frk-00013-00013 2024-03-19 12:08:20.629488 -0600 [ coolforkit ] ERR Capability cap_mknod is not set for the coolforkit program.| kit/ForKit.cpp:228
frk-00013-00013 2024-03-19 12:08:20.629493 -0600 [ coolforkit ] ERR Capability cap_fowner is not set for the coolforkit program.| kit/ForKit.cpp:228
frk-00013-00013 2024-03-19 12:08:20.629498 -0600 [ coolforkit ] ERR Capability cap_chown is not set for the coolforkit program.| kit/ForKit.cpp:228
Capabilities are not set for the coolforkit program.
frk-00013-00013 2024-03-19 12:08:20.629505 -0600 [ coolforkit ] FTL Capabilities are not set for the coolforkit program.| kit/ForKit.cpp:720
Please make sure that the current partition was not mounted with the ‘nosuid’ option.
frk-00013-00013 2024-03-19 12:08:20.629511 -0600 [ coolforkit ] FTL Please make sure that the current partition was not mounted with the ‘nosuid’ option.| kit/ForKit.cpp:721
If you are on SLES11, please set ‘file_caps=1’ as kernel boot option.
frk-00013-00013 2024-03-19 12:08:20.629518 -0600 [ coolforkit ] FTL If you are on SLES11, please set ‘file_caps=1’ as kernel boot option.| kit/ForKit.cpp:722
coolforkit version details: 23.05.9.2 - 9831402
wsd-00007-00012 2024-03-19 12:08:20.626267 -0600 [ prisoner_poll ] TRC ppoll start, timeoutMicroS: 5000000 size 1| net/Socket.cpp:347
wsd-00007-00012 2024-03-19 12:08:25.631293 -0600 [ prisoner_poll ] TRC Poll completed with 0 live polls max (5000000us)(timedout)| net/Socket.cpp:366
wsd-00007-00012 2024-03-19 12:08:25.631335 -0600 [ prisoner_poll ] TRC #7: Handling events of wakeup pipe: 0x0| net/Socket.cpp:370
wsd-00007-00012 2024-03-19 12:08:25.631345 -0600 [ prisoner_poll ] TRC #16: Handling poll events of prisoner_poll at index 0 (of 1): 0x0| net/Socket.cpp:463
wsd-00007-00012 2024-03-19 12:08:25.631349 -0600 [ prisoner_poll ] TRC Executing SocketDisposition of #16: Type::CONTINUE| net/Socket.cpp:696
wsd-00007-00012 2024-03-19 12:08:25.631353 -0600 [ prisoner_poll ] TRC #16: setupPollFds getPollEvents: 0x1| net/Socket.hpp:860

When I stop containers via AIO the Collabra logs shows: Shutdown requested while starting up. Exiting.

Any help is appreciated. TIA

2

The problem is the server can not connect to CODE component. There might be multiple issues I would start checking the list below. do you have separated CODE from aio or did you install build-in version (Could not establish connection to the Collabora Online server (Using "Collabora Online - Built-in CODE Server" option) - #2 by szaimen)

  • in case of separated AiO Collabora your instance should be reachable at https://nextcloud.greatday.fit/hosting/discovery which is not the case now. Please review your reverseproxy config
  • sometimes docker container can not talk to each other/itself using public DNS name, you might need to setup a DNS alias to short-cut the connection to the public-facing container like discussed here: Probably DNS help with NC Docker + Collabora + Wireguard tunnel - #5 by wwe
  • in case you are using collabora-built-in it is hosted at ${server}/apps/richdocumentscode/proxy.php?req= so you should see XML describing CODE capabilities at https://nextcloud.greatday.fit/apps/richdocumentscode/proxy.php?req=/hosting/discovery which is not reachable for me.

please look through other threads - this problem is very common for collabora-online and collabora-built-in installations.

3

Thank you. I got the update today which seems to include bullet #2. Everything is working and working faster.

4

great to hear it works now.

could you please explain this?

5

I only started looking at your recommendations yesterday. I use a vanilla Linode install with the Collabra server bundled. I don’t have a separated Collabra instance and I’m not using the “Collabora Online - Built-in CODE Server” app so I though the first and third bullets likely didn’t apply.

Before I made any changes, I noticed a master container update available today and I’m now on AIO 8.0.0. After restarting I’m still says on on Hub 28.0.3. The Nextcloud Office was working after restart and Office setting tab looks different and now shows:

image
image973×438 19.2 KB

The Allow WOPI requests now shows up and is populated.

image