Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971


#1

Currently I am having trouble installing Collabora. When trying to open a document it just shows a loading icon and even after waiting sometime nothing shows up. Docker logs is giving me the following errors:
wsd-00031-00041 2018-12-30 22:50:35.996464 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971
wsd-00031-00041 2018-12-30 22:50:36.079972 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971
wsd-00031-00041 2018-12-30 22:50:36.182468 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971
wsd-00031-00041 2018-12-30 22:50:38.913046 [ websrv_poll ] WRN WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:610

Firefox in console mode is giving me the following response:
LibreOffice Online not loaded yet. Listen for App_LoadingStatus (Document_Loaded) event before using PostMessage API. Ignoring post message 'Get_Views'.

Firefox can’t establish a connection to the server at wss:/[**mydomain**]/lool/https%3A%2F%2F[**mydomain**]%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F3771_ocgrf371y5u4%3Faccess_token%3DlBXn7SitETAw54QvvrMGv9VC1SxtS32a%26access_token_ttl%3D0%26permission%3Dedit/ws?WOPISrc=https%3A%2F%2F[**my domain**]t%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F3771_ocgrf371y5u4&compat=/ws.

The instructions I followed were from: Start to Finish Nextcloud+Collabora Step-by-Step Guide

Any advice for why this is happening should be appropriated.


#2

same problem for me, reason might be that the web access within the docker container is somehow restricted. The reverse proxy from apache is accessing the docker container be the complained IP. However I do not find where the allowed access is configured, otherwise I would have tried that out. Anybody an idea?


#3

ok, now I digged a little more deeper, either it was a timeout problem or docker container cannot access nextcloud based on my setup.
My setup is like
Internet -> DSL (nat) -> nextcloud
Internet -> DSL (nat) -> office.nextcloud (apache reverse proxy) -> docker container
With both URLs (nextcloud and office.nextcloud being on same virtual maschine, so docker office.nextcloud cannot access file, because this is a public IP, the docker can never access. so I added following to /etc/hosts in the docker:

echo 172.17.0.1 nextcloud.full-domain.com >>/etc/hosts

and suddenly my web frontend with open office opened.
to get to the docker CLI you have to execute:

docker exec -it friendly_wilson bash

where friendly_wilson bash was the container name in my reference


#4

Hi guys,

I have the same issue here after updating to latest collabora docker image.
And echoing the line to /etc/hosts does not solve it for me.

The default content of /etc/hosts is:

127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 8423848851c9

In the log I read
{“log”:"\u001b[1m\u001b[31mwsd-00029-00039 2019-01-06 16:42:30.651697 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971\u001b[0m\r\n",“stream”:“stdout”,“time”:“2019-01-06T16:42:30.652331011Z”}
{“log”:"\u001b[1m\u001b[31mwsd-00029-00039 2019-01-06 16:42:30.755641 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1971\u001b[0m\r\n",“stream”:“stdout”,“time”:“2019-01-06T16:42:30.756111284Z”}
{“log”:"\u001b[1m\u001b[33mwsd-00029-00039 2019-01-06 16:42:36.459515 [ websrv_poll ] WRN WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:610\u001b[0m\r\n",“stream”:“stdout”,“time”:“2019-01-06T16:42:36.459737653Z”}

My setup did work before and I did not change anything but the updated image.
For convenience I removed all the collabora images and containers and pulled again. No change…

I can’t open documents. The screen is white with turning wheel which turns forever and no further error appears…


#5

I investigated a bit further…

The error message about “Requesting address is denied: ::ffff:172.17.0.1” comes from loolwsd.xml config file. There is a storage desc=“Backend storage”… setting with allowed and denied hostnames defined as regex, one of them

<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>


If the access request would come from 172.17.0.1 it would be allowed. But it comes from “::ffff:172.17.0.1” mangled address or hostname. Nevermind, for testing purposes I added another rule

<host desc="Regex pattern of hostname to allow or deny." allow="true">.+</host>
and after container restart and accessing .odt files this error goes away

But there is still the warning
WRN WOPI host did not pass optional access_token_ttl

While observing the container log with tail -f, this error appears on every opening attempt, so even if this is warning level, it could be in the way…

Any ideas?


#6

Still the same, opening file gives ony turning wheel…

Collabora docker running. I can get to the
https://office.domain.com:9878/hosting/discovery which gives me an xml

I observed the apache log /var/log/apache2/other_vhosts_access.log and clicked the ods files then…
From there I got an axample entry:
office.domain.com:9878 192.168.30.1 - - [07/Jan/2019:11:52:11 +0000] "POST /loleaflet/173510f/loleaflet.html?WOPISrc=https%3A%2F%2Fdomain.com%3A9878%2Fnc%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F2011_oc6z4ethoujb&title=test.odt&lang=en&closebutton=1&revisionhistory=1 HTTP/1.1" 200 2941 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"

I tried to open that loleaflet link directly entering this into browser:
https://office.domain.com:9878/loleaflet/173510f/loleaflet.html?WOPISrc=https%3A%2F%2Fdomain.com%3A9878%2Fnc%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F2011_oc6z4ethoujb&title=test.odt&lang=en&closebutton=1&revisionhistory=1
which gives the Collabora online editing window but again a turning wheel

Apache virtualhosts are definitely set up properly, both having ssl certs attached…

I can only think of the non-standard port 9878 I am using…
Here I found another solved issue where the user apparently solved with switching back to standard 443:

Can I somehow check if Nextcloud or Collabora have access to files? The WOPI storage?
My docker is set up to use
Storage Driver: devicemapper

Shall i switch to another?


UPDATE
Ok, unfortunately no time for playing hide and seek with this buggy…

I went back to image 3.4.2.1 from
https://hub.docker.com/r/collabora/code/tags
with
docker pull collabora/code:3.4.2.1

I am back online with my setup and can edit docs…
Maybe I will try another image later :roll_eyes:


#7

Hello,

I see lots of clicks to my example url. have you replaced full-domain.com with your docker domain, here you need to add the hostname you are accessing the nextcloud from outside.


#8

Yes of course, example.com is my full domain in real setup, here I replaced it only for demonstration…


#9

Same problem. I can’t open document. I try’it solution from sofi (change /etc/hosts), then i try’it to use older version for collabora (3.4.2.1)
I start my docker with this command:
docker run -t -d -p 127.0.0.1:9980:9980 -e ‘domain=nc\.ddns\.com’ -e ‘server_name=office\.ddns\.net’ -e ‘username=userxxx’ -e ‘password=xxxx’ --restart always --cap-add MKNOD collabora/code:3.4.2.1
Nextcloud work fine (classic installation, not doccker). I can access admin console for collabora, everything seem to be fine.
This is my error

wsd-00031-00043 2019-01-08 19:03:06.381753 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1851
wsd-00031-00043 2019-01-08 19:04:37.114655 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.1| wsd/LOOLWSD.cpp:1851
wsd-00031-00043 2019-01-08 19:04:42.976906 [ websrv_poll ] WRN WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:611
wsd-00031-00064 2019-01-08 19:04:43.832296 [ docbroker_003 ] ERR No acceptable WOPI hosts found matching the target host [nc.ddns.net] in config.| wsd/Storage.cpp:235
wsd-00031-00064 2019-01-08 19:04:43.832403 [ docbroker_003 ] ERR Failed to add session to [/nextcloud/index.php/apps/richdocuments/wopi/files/591_oc91romray5a] with URI [https://nc.ddns.net/nextcloud/index.php/apps/richdocuments/wopi/files/591_oc91romray5a?access_token=sdk30GSI2BWb1tFHi3aGQNsXPKfbsLoI&access_token_ttl=0&permission=edit]: No acceptable WOPI hosts found matching the target host [nc.ddns.net] in config.| wsd/DocumentBroker.cpp:1041
wsd-00031-00064 2019-01-08 19:04:43.832451 [ docbroker_003 ] ERR Unauthorized Request while loading session for /nextcloud/index.php/apps/richdocuments/wopi/files/591_oc91romray5a: No acceptable WOPI hosts found matching the target host [nc.ddns.net] in config.| wsd/LOOLWSD.cpp:2522


#10

Sorry, i make an stupid mistake. My domain end in .net not .com. I change that and everything work well, no need to make any tricks, just from official documentation.
Sorry again for confusion.


#11

Same happening here. Have tried adding the /etc/hosts entry suggested by @sofi and reverting to 4.3.2.1 as suggested by @praet0ri4n. No joy.

Running the latest stable (14.05) on a fresh install of Ubuntu 18.04.


#12

vlad2005 so you mean the /etc/hosts trick?
as the hosts seems to be renews with every container start, I have written small script on the nextcloud host, which I put in the crontab, executed every 10 minutes:

#!/bin/bash

FULL_HOST_NAME=nextcloud_full_domain_name
TEMP_FILE=/tmp/collabora_hosts_file

docker exec -t friendly_wilson cat /etc/hosts >$TEMP_FILE
grep $FULL_HOST_NAME $TEMP_FILE >/dev/null
if [ $? -ne 0 ]
then
  echo "$0 is adding hostentry to container's host file"
  docker exec -t friendly_wilson sh -c "echo 172.17.0.1 $FULL_HOST_NAME >>/etc/hosts"
fi

This problem was persistent even after upgrade to 15.0.2, and workaround with hosts file was still working.
Important is that your nextcloud instance is registered in public DNS as the container comes with public DNS resolvers


#13

No, în my case everything works well when access from internet. When I try to access nextcloud from Lan, I still have problems with opening collabora.
I try it to change /etc/hosts file like u explain, but still not working.


#14

Same problem here.

EDIT: hacking the permission mask like @praet0ri4n suggest will work around the problem and make Collabora work.

Can anyone shed some light on why the request come from a host which is not mapped in the permission mask? How can this be solved?

thanks