Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971


#1

Currently I am having trouble installing Collabora. When trying to open a document it just shows a loading icon and even after waiting sometime nothing shows up. Docker logs is giving me the following errors:
wsd-00031-00041 2018-12-30 22:50:35.996464 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971
wsd-00031-00041 2018-12-30 22:50:36.079972 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971
wsd-00031-00041 2018-12-30 22:50:36.182468 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971
wsd-00031-00041 2018-12-30 22:50:38.913046 [ websrv_poll ] WRN WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:610

Firefox in console mode is giving me the following response:
LibreOffice Online not loaded yet. Listen for App_LoadingStatus (Document_Loaded) event before using PostMessage API. Ignoring post message 'Get_Views'.

Firefox can’t establish a connection to the server at wss:/[**mydomain**]/lool/https%3A%2F%2F[**mydomain**]%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F3771_ocgrf371y5u4%3Faccess_token%3DlBXn7SitETAw54QvvrMGv9VC1SxtS32a%26access_token_ttl%3D0%26permission%3Dedit/ws?WOPISrc=https%3A%2F%2F[**my domain**]t%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F3771_ocgrf371y5u4&compat=/ws.

The instructions I followed were from: Start to Finish Nextcloud+Collabora Step-by-Step Guide

Any advice for why this is happening should be appropriated.


#2

same problem for me, reason might be that the web access within the docker container is somehow restricted. The reverse proxy from apache is accessing the docker container be the complained IP. However I do not find where the allowed access is configured, otherwise I would have tried that out. Anybody an idea?


#3

ok, now I digged a little more deeper, either it was a timeout problem or docker container cannot access nextcloud based on my setup.
My setup is like
Internet -> DSL (nat) -> nextcloud
Internet -> DSL (nat) -> office.nextcloud (apache reverse proxy) -> docker container
With both URLs (nextcloud and office.nextcloud being on same virtual maschine, so docker office.nextcloud cannot access file, because this is a public IP, the docker can never access. so I added following to /etc/hosts in the docker:

echo 172.17.0.1 nextcloud.full-domain.com >>/etc/hosts

and suddenly my web frontend with open office opened.
to get to the docker CLI you have to execute:

docker exec -it friendly_wilson bash

where friendly_wilson bash was the container name in my reference


#4

Hi guys,

I have the same issue here after updating to latest collabora docker image.
And echoing the line to /etc/hosts does not solve it for me.

The default content of /etc/hosts is:

127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 8423848851c9

In the log I read
{“log”:"\u001b[1m\u001b[31mwsd-00029-00039 2019-01-06 16:42:30.651697 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971\u001b[0m\r\n",“stream”:“stdout”,“time”:“2019-01-06T16:42:30.652331011Z”}
{“log”:"\u001b[1m\u001b[31mwsd-00029-00039 2019-01-06 16:42:30.755641 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971\u001b[0m\r\n",“stream”:“stdout”,“time”:“2019-01-06T16:42:30.756111284Z”}
{“log”:"\u001b[1m\u001b[33mwsd-00029-00039 2019-01-06 16:42:36.459515 [ websrv_poll ] WRN WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:610\u001b[0m\r\n",“stream”:“stdout”,“time”:“2019-01-06T16:42:36.459737653Z”}

My setup did work before and I did not change anything but the updated image.
For convenience I removed all the collabora images and containers and pulled again. No change…

I can’t open documents. The screen is white with turning wheel which turns forever and no further error appears…


#5

I investigated a bit further…

The error message about “Requesting address is denied: ::ffff:172.17.0.1” comes from loolwsd.xml config file. There is a storage desc=“Backend storage”… setting with allowed and denied hostnames defined as regex, one of them

<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>


If the access request would come from 172.17.0.1 it would be allowed. But it comes from “::ffff:172.17.0.1” mangled address or hostname. Nevermind, for testing purposes I added another rule

<host desc="Regex pattern of hostname to allow or deny." allow="true">.+</host>
and after container restart and accessing .odt files this error goes away

But there is still the warning
WRN WOPI host did not pass optional access_token_ttl

While observing the container log with tail -f, this error appears on every opening attempt, so even if this is warning level, it could be in the way…

Any ideas?


#6

Still the same, opening file gives ony turning wheel…

Collabora docker running. I can get to the
https://office.domain.com:9878/hosting/discovery which gives me an xml

I observed the apache log /var/log/apache2/other_vhosts_access.log and clicked the ods files then…
From there I got an axample entry:
office.domain.com:9878 192.168.30.1 - - [07/Jan/2019:11:52:11 +0000] "POST /loleaflet/173510f/loleaflet.html?WOPISrc=https%3A%2F%2Fdomain.com%3A9878%2Fnc%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F2011_oc6z4ethoujb&title=test.odt&lang=en&closebutton=1&revisionhistory=1 HTTP/1.1" 200 2941 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"

I tried to open that loleaflet link directly entering this into browser:
https://office.domain.com:9878/loleaflet/173510f/loleaflet.html?WOPISrc=https%3A%2F%2Fdomain.com%3A9878%2Fnc%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F2011_oc6z4ethoujb&title=test.odt&lang=en&closebutton=1&revisionhistory=1
which gives the Collabora online editing window but again a turning wheel

Apache virtualhosts are definitely set up properly, both having ssl certs attached…

I can only think of the non-standard port 9878 I am using…
Here I found another solved issue where the user apparently solved with switching back to standard 443:

Can I somehow check if Nextcloud or Collabora have access to files? The WOPI storage?
My docker is set up to use
Storage Driver: devicemapper

Shall i switch to another?


UPDATE
Ok, unfortunately no time for playing hide and seek with this buggy…

I went back to image 3.4.2.1 from
https://hub.docker.com/r/collabora/code/tags
with
docker pull collabora/code:3.4.2.1

I am back online with my setup and can edit docs…
Maybe I will try another image later :roll_eyes:


#7

Hello,

I see lots of clicks to my example url. have you replaced full-domain.com with your docker domain, here you need to add the hostname you are accessing the nextcloud from outside.


#8

Yes of course, example.com is my full domain in real setup, here I replaced it only for demonstration…


#9

Same problem. I can’t open document. I try’it solution from sofi (change /etc/hosts), then i try’it to use older version for collabora (3.4.2.1)
I start my docker with this command:
docker run -t -d -p 127.0.0.1:9980:9980 -e ‘domain=nc\.ddns\.com’ -e ‘server_name=office\.ddns\.net’ -e ‘username=userxxx’ -e ‘password=xxxx’ --restart always --cap-add MKNOD collabora/code:3.4.2.1
Nextcloud work fine (classic installation, not doccker). I can access admin console for collabora, everything seem to be fine.
This is my error

wsd-00031-00043 2019-01-08 19:03:06.381753 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1851
wsd-00031-00043 2019-01-08 19:04:37.114655 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1851
wsd-00031-00043 2019-01-08 19:04:42.976906 [ websrv_poll ] WRN WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:611
wsd-00031-00064 2019-01-08 19:04:43.832296 [ docbroker_003 ] ERR No acceptable WOPI hosts found matching the target host [nc.ddns.net] in config.| wsd/Storage.cpp:235
wsd-00031-00064 2019-01-08 19:04:43.832403 [ docbroker_003 ] ERR Failed to add session to [/nextcloud/index.php/apps/richdocuments/wopi/files/591_oc91romray5a] with URI [https://nc.ddns.net/nextcloud/index.php/apps/richdocuments/wopi/files/591_oc91romray5a?access_token=sdk30GSI2BWb1tFHi3aGQNsXPKfbsLoI&access_token_ttl=0&permission=edit]: No acceptable WOPI hosts found matching the target host [nc.ddns.net] in config.| wsd/DocumentBroker.cpp:1041
wsd-00031-00064 2019-01-08 19:04:43.832451 [ docbroker_003 ] ERR Unauthorized Request while loading session for /nextcloud/index.php/apps/richdocuments/wopi/files/591_oc91romray5a: No acceptable WOPI hosts found matching the target host [nc.ddns.net] in config.| wsd/LOOLWSD.cpp:2522


#10

Sorry, i make an stupid mistake. My domain end in .net not .com. I change that and everything work well, no need to make any tricks, just from official documentation.
Sorry again for confusion.


#11

Same happening here. Have tried adding the /etc/hosts entry suggested by @sofi and reverting to 4.3.2.1 as suggested by @praet0ri4n. No joy.

Running the latest stable (14.05) on a fresh install of Ubuntu 18.04.


#12

vlad2005 so you mean the /etc/hosts trick?
as the hosts seems to be renews with every container start, I have written small script on the nextcloud host, which I put in the crontab, executed every 10 minutes:

#!/bin/bash

FULL_HOST_NAME=nextcloud_full_domain_name
TEMP_FILE=/tmp/collabora_hosts_file

docker exec -t friendly_wilson cat /etc/hosts >$TEMP_FILE
grep $FULL_HOST_NAME $TEMP_FILE >/dev/null
if [ $? -ne 0 ]
then
  echo "$0 is adding hostentry to container's host file"
  docker exec -t friendly_wilson sh -c "echo 172.17.0.1 $FULL_HOST_NAME >>/etc/hosts"
fi

This problem was persistent even after upgrade to 15.0.2, and workaround with hosts file was still working.
Important is that your nextcloud instance is registered in public DNS as the container comes with public DNS resolvers


#13

No, în my case everything works well when access from internet. When I try to access nextcloud from Lan, I still have problems with opening collabora.
I try it to change /etc/hosts file like u explain, but still not working.


#14

Same problem here.

EDIT: hacking the permission mask like @praet0ri4n suggest will work around the problem and make Collabora work.

Can anyone shed some light on why the request come from a host which is not mapped in the permission mask? How can this be solved?

thanks


#15

Can confirm this is still happening with the lates CODE image updates last month. In this case I have CODE set up on a separate server with docker and nginx reverse proxy I can connect to the nginx instance fine but when I open a document I get similar error.

wsd-00029-00040 2019-01-23 14:59:16.837453 [ websrv_poll ] ERR  Requesting address is denied: ::ffff:172.17.0.4| wsd/LOOLWSD.cpp:1971

Where 172.17.0.4 is the nginx container. Far as I can tell my nginx proxy is correct.

static files

location ^~ /loleaflet {
proxy_pass https://172.17.0.2:9980;
proxy_set_header Host $http_host;
}

WOPI discovery URL

location ^~ /hosting/discovery {
proxy_pass https://172.17.0.2:9980;
proxy_set_header Host $http_host;
}

Capabilities

location ^~ /hosting/capabilities {
proxy_pass https://172.17.0.2:9980;
proxy_set_header Host $http_host;
}

main websocket

location ~ ^/lool/(.*)/ws$ {
proxy_pass https://172.17.0.2:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}

download, presentation and image upload

location ~ ^/lool {
proxy_pass https://172.17.0.2:9980;
proxy_set_header Host $http_host;
}

Admin Console websocket

location ^~ /lool/adminws {
proxy_pass https://172.17.0.2:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}

Not sure how to resolve that. Unless I need to link the containers on their own network and turn off SSL on the CODE container?


#16

Hmm I’m getting error:

wsd-00028-00039 2019-02-14 13:53:33.329330 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971

I even tried have mask suggested by @prae0ri4n and still got same error
I tried changing /etc/hosts file but this didn’t work either (did this by logging into container)

I haven’t tried downgrading container version yet.
Any other suggestions?


#17

Other than doing this trick did you do anything else to make collabra show odt document?


#18

The problem with ::ffff:172 comes from merging IPv6 and IPv4.
Disable IPv6 with
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
and for future
echo net.ipv6.conf.all.disable_ipv6 = 1 > /etc/sysctl.d/01-disable-ipv6.conf
than restart the dockercotainer and all works fine.

with regards


#19

In my case it turned out this error does not blocks Collabora from working (I still have see in the logs).

The important part to ensure is that inside the container the /etc/loolwsd/loolwsd.xml file is correctly pointing to your NextCloud domain:

    <storage desc="Backend storage">
        <filesystem allow="false" />
        <wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
            <host desc="Regex pattern of hostname to allow or deny." allow="true">your\.nextcloud-domain\.com</host>
         ...

#20

@nextClo

I tried this approach and I must have something really screwed up. Where do I run these commands?? With the docker container? Within the docker host? or within the nextcloud host?