Nextcloud web interface does not edit office documents but downloads them instead

Nextcloud version: 29.0.1
Operating system and version: Debian 12
Apache or nginx version: Nginx 1.22.1-9
PHP version: 2:8.2+93

The issue you are facing:
Documents always download rather than edit in Nextcloud office. I am using the built in CODE server.

Collabora Online server is reachable. Collabora Online Development Edition 24.04.2.1 80a6f97

Iā€™ve seen several topics on this, but they were with older Nextcloud versions.

The output of your Nextcloud log in Admin > Logging:

Info	no app in context	
Notification was not parsed by any notifier [app: cospend, subject: add_user_share]

"Jun 8, 2024, 4:51:29 PM"	

Debug	no app in context	
Exception
dirty table reads: SELECT `name` FROM `*PREFIX*authtoken` WHERE (`uid` = :dcValue1) AND (`last_activity` >= :dcValue2)

"Jun 8, 2024, 4:51:25 PM"	

Debug	dav	
No status relevant events found, skipping calendar status change

"Jun 8, 2024, 4:51:24 PM"	

Debug	dav	
No status relevant events found, skipping calendar status change

"Jun 8, 2024, 4:51:02 PM"	

Debug	PHP	
Creation of dynamic property OCA\Richdocuments\Preview\OOXML::$capabilitites is deprecated at /var/www/nextcloud/apps/richdocuments/lib/Preview/Office.php#37

"Jun 8, 2024, 4:50:56 PM"	

Debug	no app in context	
RuntimeException
ignorable exception
The loading of lazy AppConfig values have been requested

"Jun 8, 2024, 4:50:54 PM"	

Debug	dav	
No status relevant events found, skipping calendar status change

"Jun 8, 2024, 4:50:53 PM"	

Debug	no app in context	
Exception
dirty table reads: SELECT * FROM `*PREFIX*user_status` WHERE `user_id` = :dcValue1

"Jun 8, 2024, 4:50:53 PM"	

Debug	dav	
No status relevant events found, skipping calendar status change

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'redacted',
  'passwordsalt' => 'redacted',
  'secret' => 'redacted',
  'trusted_domains' => 
  array (
    0 => 'redacted.net',
    1 => '192.168.1.202',
  ),
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '29.0.1.1',
  'overwrite.cli.url' => 'https://redacted.net/nextcloud',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'ben',
  'dbpassword' => 'redacted',
  'installed' => true,
  'maintenance' => false,
  'chunkSize' => '5120MB',
  'theme' => '',
  'loglevel' => 0,
  'default_phone_region' => 'us',
  'enable_previews' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'filelocking.enabled' => true,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 6379,
    'timeout' => 0.0,
    'password' => '',
  ),
  'enabledPreviewProviders' => 
  array (
    0 => 'OC\\Preview\\Movie',
    1 => 'OC\\Preview\\PNG',
    2 => 'OC\\Preview\\JPEG',
    3 => 'OC\\Preview\\GIF',
    4 => 'OC\\Preview\\BMP',
    5 => 'OC\\Preview\\XBitmap',
    6 => 'OC\\Preview\\MP3',
    7 => 'OC\\Preview\\MP4',
    8 => 'OC\\Preview\\TXT',
    9 => 'OC\\Preview\\MarkDown',
    10 => 'OC\\Preview\\PDF',
  ),
);

Hello,
Iā€™m bumping this because Iā€™m having the same issue. I am also on Debian 12, with php 8.3.10 (before it was 8.2.x) installed. the Built-in CODE server was working ok with NC 28, but since I upgraded to NC 29 it stopped working: files are downloaded instead of opened and forcing opening them from the three dot menu doesnā€™t do anything.

Iā€™ve opened an issue on the collabora github page already: https://github.com/CollaboraOnline/richdocumentscode/issues/277 but received no feedback. Iā€™m trying here now, hoping to find someone who can help.

What is the status reported by Nextcloud Office under Administration settings->Office?

Collabora Online server is reachable.

Collabora Online Development Edition 24.04.5.2 ca2ed20

yes, the status is ok. I think this is an issue in CODE to be honest, but maybe someone has had the same problem and solved it, because the developers donā€™t seem to care at all about bugs opened.

Given how many PRs we routinely merge that are bug fixes, that sounds like speculation.

yes, the status is ok.

Please check:

  • What is going on your browser inspector under the Network tab (and the Console tab too for that matter) when you attempt to open a document?
  • Can you open text/md documents successfully?

Also, just to confirm a few things:

  • Are you testing this with v8.4.4 of the Nextcloud Office integration app?
  • Are you both on Server 29.0.4 at this point?
  • Any errors or warnings under Admin settings->Overview?

@benm I would suggest setting your loglevel back to 2 or at least 1 so that anything notable isnā€™t hidden in the noise.

@iacchi Are you also using Nginx?

Just to be clear, I didnā€™t mean to say they (or you?) are not actively working on the code or fixing bugs, but if you look at the issue page on the github repo for the project there are several bugs open even months old (mine is only 3 weeks old, so relatively new but not super new) without a single reply to them.

  • Under the network tab I get this for what concerns headers (I guess itā€™s what you want to know?

Reply header:

HTTP/2 200 
server: nginx/1.22.1
date: Wed, 07 Aug 2024 08:30:42 GMT
content-type: application/vnd.oasis.opendocument.spreadsheet
content-length: 26196
content-security-policy: default-src 'none';
last-modified: Tue, 25 Jun 2024 15:10:14 GMT
etag: "e9ff90ae64f4c022959c5911797595e4"
x-request-id: JiEwccqSMhdo1rbABUL9
oc-etag: "e9ff90ae64f4c022959c5911797595e4"
x-debug-token: JiEwccqSMhdo1rbABUL9
content-disposition: attachment; filename*=UTF-8''Dare-avere%20Grecia.ods; filename="Dare-avere%20Grecia.ods"
strict-transport-security: max-age=15768000; includeSubDomains; preload;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-robots-tag: noindex, nofollow
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

Request header:

GET /remote.php/dav/files/iacchi/Dare-avere%20Grecia.ods HTTP/2
Host: cloud.iacchi.casa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br, zstd
DNT: 1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Connection: keep-alive
Cookie: __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oc_sessionPassphrase=JJAnjPOOvz7O%2BxTawbNFtU4gAXf7OA%2F%2BY7vwyXGxXuLgoy%2BXiXDdvCcm%2FJ2pt4h76HOmUt9As44OO0STJ8e1rxtH0uwbrN2RfsPpY0%2FHV4LN9P6R1FNvUzvdpHuS6ms5; oc9yet8budyx=adqri5gvvellifub0rmvdq8v6a
Priority: u=0, i
TE: trailers

In the console tab I donā€™t think Iā€™m getting anything, but these are the first three lines that popped up after clicking on the file:

[DEBUG] text: [PollingBackend] Fetching steps 
Object { app: "text", uid: "iacchi", level: 0 }
vendors-node_modules_nextcloud_logger_dist_index_js-node_modules_nextcloud_vue_dist_chunks_em-5dca48.js:2:2065
[DEBUG] text: [PollingBackend] Fetching steps 
Object { app: "text", uid: "iacchi", level: 0 }
vendors-node_modules_nextcloud_logger_dist_index_js-node_modules_nextcloud_vue_dist_chunks_em-5dca48.js:2:2065
[DEBUG] text: [PollingBackend] Fetching steps 
Object { app: "text", uid: "iacchi", level: 0 }
  • Well, this is interesting and we may be on to something. Apparently also text files get downloaded, even when the CODE and Nextcloud Office addons are disabled (not uninstalled, but disabled).
  • Iā€™m now on 8.4.4, but it started with 8.4.3
  • Yes, Iā€™m on 29.0.4, and I was on the 28 branch before upgrading to this version.
  • I do have a few warnings that I think donā€™t influence this problem, but Iā€™ll see if I can solve a few of them and come back to you. For the record, this is what I have:

Finally, yes, Iā€™m on nginx as well.

Ok, looks like problem solved. I had a nginx config file from a few NC versions ago, and it looks like new NC versions required some modifications to it to work properly. Iā€™m copying my current, working configuration file for others to look at, with a couple of caveats:

  • change anything within Ā£Ā£ with what is relevant for you
  • I have some custom changes that are not in the suggested default config file. Namely: I ban older SSL ciphers by whitelisting only newer ones, and I add a couple more http headers for extra security that you may not want to use.

Thank you @jtr for your help!

Hereā€™s the config file:

upstream php-handler {
    server unix:/Ā£path/to/php-fpm.sockĀ£;
}

# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
    "" "";
    default ", immutable";
}

server {
    if ($host = Ā£hostnameĀ£) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;
    server_name Ā£hostnameĀ£;
    return 404; # managed by Certbot

    # Prevent nginx HTTP Server Detection
    server_tokens off;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name Ā£hostnameĀ£;
    ssl_certificate Ā£path/to/fullchain.pemĀ£; # managed by Certbot
    ssl_certificate_key Ā£path/to/privkey.pemĀ£; # managed by Certbot
    root Ā£path/to/documentrootĀ£;
    index index.php index.html /index.php$request_uri;
    access_log Ā£path/to/logfile.logĀ£;
    error_log  Ā£path/to/logfile2.logĀ£;
    large_client_header_buffers 4 8k;

    # Prevent nginx HTTP Server Detection
    server_tokens off;

    # set max upload size and increase upload timeout
    client_max_body_size 3072M;
    client_body_timeout 300s;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    # The settings allows you to optimize the HTTP2 bandwidth
    client_body_buffer_size 512k;

    # Ban old SSL ciphers for enhanced security
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    add_header Strict-Transport-Security         "max-age=15768000; includeSubDomains; preload;" always;
    add_header X-Content-Type-Options            "nosniff"                                       always;
    add_header X-XSS-Protection                  "1; mode=block"                                 always;
    add_header X-Robots-Tag                      "noindex, nofollow"                             always;
    add_header X-Download-Options                "noopen"                                        always;
    add_header X-Permitted-Cross-Domain-Policies "none"                                          always;
    add_header Referrer-Policy                   "no-referrer"                                   always;
    add_header X-Frame-Options                   "SAMEORIGIN"                                    always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    # Set .mjs and .wasm MIME types
    include mime.types;
    types {
        text/javascript mjs;
	       application/wasm wasm;
    }

    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
    location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Make a regex exception for `/.well-known` so that clients can still
    # access it despite the existence of the regex rule
    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
    # for `/.well-known`.
    location ^~ /.well-known {
        location = /.well-known/carddav {
            return 301 /remote.php/dav/;
        }
        location = /.well-known/caldav {
            return 301 /remote.php/dav/;
        }
        location /.well-known/acme-challenge { 
            try_files $uri $uri/ =404;
        }
        location /.well-known/pki-validation {
            try_files $uri $uri/ =404;
        }
        return 301 /index.php$request_uri;
    }

    # Rules borrowed from `.htaccess` to hide certain paths from clients
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) {
        return 404;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        return 404;
    }

    location ~ \.php(?:$|/) {
        # Required for legacy support
        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
        fastcgi_param front_controller_active true;     # Enable pretty urls
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
        fastcgi_max_temp_file_size 0;
    }

    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|jpeg|png|webp|wasm|tflite|map|ogg|flac)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control                     "public, max-age=15778463$asset_immutable";
        # Add headers to serve security related headers (It is intended to have those duplicated to the ones above)
        add_header Strict-Transport-Security         "max-age=15768000; includeSubDomains; preload;" always;
        add_header X-Content-Type-Options            "nosniff"                                       always;
        add_header X-XSS-Protection                  "1; mode=block"                                 always;
        add_header X-Robots-Tag                      "noindex, nofollow"                             always;
        add_header X-Download-Options                "noopen"                                        always;
        add_header X-Permitted-Cross-Domain-Policies "none"                                          always;
        add_header Referrer-Policy                   "no-referrer"                                   always;
        add_header X-Frame-Options                   "SAMEORIGIN"                                    always;
        access_log off; # Optional: Don't log access to assets
    }

    location ~ \.woff2?$ {
        try_files $uri /index.php$request_uri;
        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
        access_log off;     # Optional: Don't log access to assets
    }

    # Rule borrowed from `.htaccess`
    location /remote {
        return 301 /remote.php$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }
}
1 Like

Can you identify exactly what fixed it? Iā€™ve gone through the whole config line by line and could not find anything that fixed it.

Of note is that this line created an error for me because my site is at example.com/nextcloud/ instead of nextcloud.example.com.

rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;

But the problem still persisted after modifying that to

^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /nextcloud/index.php$request_uri;

Any direction you can point me?

image

There is a dedicated config file provided for subdirectory installations: NGINX configuration ā€” Nextcloud latest Administration Manual latest documentation