Nextcloud version : 25.0.5
Operating system and version : rocky8
Apache : apache 2.4.37
ReverseProxy: nginx (other machine)
PHP version : PHP 8.0.28
Collabora Docker on same machine but published via nginx reverse proxy (v 22.05.12.4)
nextcloud url: https://homecloud.domain.owner
colloabora url: https://collaboffice.domain.owner
CODE Server details:
run params: -e “extra_params=–o:ssl.enable=false --o:ssl.termination=true”
Correctly responding under
/hosting/capabilities
/browser/dist/admin/admin.html
/hosting/discovery
Checkmark is green in Nextcloud Office configuration.
and collaboffice.domain.owner is checked from CLI of nextcloud with curl to work
BUT
What bothers me most is:
Exception":"OCA\\Richdocuments\\Exceptions\\UnknownTokenException
Failed to validate WOPI access
The output of your Nextcloud log in data/nextcloud.log:
{"reqId":"ZCX6g-OCcyAL@Inlc@kNBAAAAE4","level":3,"time":"2023-03-30T21:09:23+00:00","remoteAddr":"xx.xx.xx.xx","user":"cloud_supervisor","app":"richdocuments","method":"GET","url":"/index.php/apps/richdocuments/wopi/files/52921_octjxe23w86g","message":"Failed to validate WOPI access","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0","version":"25.0.5.1","exception":{"Exception":"OCA\\Richdocuments\\Exceptions\\UnknownTokenException","Message":"Could not find token.","Code":0,"Trace":[{"file":"/var/www/html/nextcloud/apps/richdocuments/lib/Middleware/WOPIMiddleware.php","line":76,"function":"getWopiForToken","class":"OCA\\Richdocuments\\Db\\WopiMapper","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php","line":97,"function":"beforeController","class":"OCA\\Richdocuments\\Middleware\\WOPIMiddleware","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":125,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\MiddlewareDispatcher","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/App.php","line":172,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/Route/Router.php","line":298,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/html/nextcloud/lib/base.php","line":1047,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/html/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/nextcloud/apps/richdocuments/lib/Db/WopiMapper.php","Line":157,"message":"Failed to validate WOPI access","exception":{},"CustomMessage":"Failed to validate WOPI access"}}
{"reqId":"ZCX60s-Gb5XB76KoMi81kAAAAIc","level":3,"time":"2023-03-30T21:10:42+00:00","remoteAddr":"xx.xx.xx.xx","user":"cloud_supervisor","app":"richdocuments","method":"GET","url":"/index.php/apps/richdocuments/wopi/files/52921_octjxe23w86g","message":"Failed to validate WOPI access","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0","version":"25.0.5.1","exception":{"Exception":"OCA\\Richdocuments\\Exceptions\\UnknownTokenException","Message":"Could not find token.","Code":0,"Trace":[{"file":"/var/www/html/nextcloud/apps/richdocuments/lib/Middleware/WOPIMiddleware.php","line":76,"function":"getWopiForToken","class":"OCA\\Richdocuments\\Db\\WopiMapper","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/Middleware/MiddlewareDispatcher.php","line":97,"function":"beforeController","class":"OCA\\Richdocuments\\Middleware\\WOPIMiddleware","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":125,"function":"beforeController","class":"OC\\AppFramework\\Middleware\\MiddlewareDispatcher","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/AppFramework/App.php","line":172,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/html/nextcloud/lib/private/Route/Router.php","line":298,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/html/nextcloud/lib/base.php","line":1047,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/html/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/html/nextcloud/apps/richdocuments/lib/Db/WopiMapper.php","Line":157,"message":"Failed to validate WOPI access","exception":{},"CustomMessage":"Failed to validate WOPI access"}}
The output the access log of nginx:
xx.xx.xx.xx - - [31/Mar/2023:22:04:45 +0200] "GET /cool/https%3A%2F%2Fhomecloud.domain.owner%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F52908_octjxe23w86g%3Faccess_token%3DozH4N2UICBLbg1EnNKaQshxz5tbu13Q9%26access_token_ttl%3D1680329083000%26permission%3Dedit/ws?WOPISrc=https%3A%2F%2Fhomecloud.domain.owner%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F52908_octjxe23w86g&compat=/ws HTTP/1.1" 101 114 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0"
The reverse proxy conf:
upstream config available +
# static files
location ^~ /browser {
proxy_pass http://collabora;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://collabora;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://collabora;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://collabora;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass http://collabora;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass http://collabora;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}