Requesting Address is Denied. Unable to open Next Cloud Office

qubit2022 · February 27, 2022, 7:09am

Hello, I have created my collabora server, enabled ssl and I am getting an error “Requesting Address is Denied.” and in next cloud I am getting the error Unable to open nextcloud office.

My collabora server address is https://collab.qubitologyhldg.com

I am running collabora and next cloud in two different docker containers with a bridged network.

I also cant access the admin panel @ [/loleaflet/dist/admin/admin.html ] (404 error)

ZendaiOwl · February 27, 2022, 7:43am

@qubit2022 I haven’t used collabora myself but after taking a look on the error message and what I could find from that it looks like your issue is the enabled SSL if you’re using a reverse proxy in your network to access the collabora server from nextcloud?

Otherwise there is a potential missing file or that file has permissions that needs to be changed

I found this on GitHub with others having your error code

github.com/CollaboraOnline/Docker-CODE

Requesting address is denied

opened 03:50PM - 13 Dec 18 UTC

pwFoo

Have a running Collabora with nextcloud, but if I load file list I get the follo…wing error messege for each word / excel document in list. ``` wsd-00029-00040 2018-12-13 14:45:46.879437 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.8| wsd/LOOLWSD.cpp:1851 wsd-00029-00040 2018-12-13 14:45:46.903576 [ websrv_poll ] ERR Requesting address is denied: ::ffff:172.17.0.8| wsd/LOOLWSD.cpp:1851 ``` 172.17.0.8 is the current nextcloud container ip address which should be allowed. So how can I allow it? ``` <storage desc="Backend storage"> <filesystem allow="false" /> <wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true"> <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host> <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size> </wopi> <webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="false"> <host desc="Hostname to allow" allow="false">office</host> </webdav> </storage> ``` connected from nextcloud container to collabora container looks good. ``` $ docker exec -ti nextcloud_app_1 curl http://office:9980 OK ``` So I think I need to allow the nextcloud container by hostname or ip (subnet)? How to do with docker compose environment?

qubit2022 · February 27, 2022, 7:44am

This is correct. Im using openlitespeed (from my hosting panel) to reverse proxy my docker container. Im using cloudflare SSL to wild card the domain.

ZendaiOwl · February 27, 2022, 7:45am

Most likely there is your issue, either turn off the tls verification for an insecure connection with your reverse proxy, or use http with the reverse proxy. You can see the people on GitHub use extra_params=--o:ssl.enable=false --

ZendaiOwl · February 27, 2022, 7:47am

Right there

o:ssl.enable=true

qubit2022 · February 27, 2022, 7:48am

Okay so rebuild with ssl false?

ZendaiOwl · February 27, 2022, 7:48am

Yes, I would say try that first

qubit2022 · February 27, 2022, 7:49am

Okay let me try it.

qubit2022 · February 27, 2022, 7:51am

@ZendaiOwl are you able to fully delete posts? the one I deleted has information I do not need on the internet lol. I know mods can. Any idea how to get ahold of one?

ZendaiOwl · February 27, 2022, 7:54am

If you deleted a post it is gone for others except the forum admins (I think) and you

I can’t see your post anymore

qubit2022 · February 27, 2022, 7:54am

Wonderful thank you!

Okay Im trying the new stack now.

qubit2022 · February 27, 2022, 7:58am

@ZendaiOwl I made the SSL = false, and now it wont connect to the server at all.

qubit2022 · February 27, 2022, 7:59am

wsd-00001-00040 2022-02-27 07:57:40.717650 +0000 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/COOLWSD.cpp:2668
wsd-00001-00040 2022-02-27 07:57:40.719075 +0000 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/COOLWSD.cpp:2668
wsd-00001-00040 2022-02-27 07:57:44.516879 +0000 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/COOLWSD.cpp:2668
wsd-00001-00040 2022-02-27 07:57:44.518328 +0000 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/COOLWSD.cpp:2668
wsd-00001-00040 2022-02-27 07:57:44.519807 +0000 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/COOLWSD.cpp:2668

It wont allow an http connection as the website is ssl’ed, and the collabora server has to be in the same protocol as the domain.

ZendaiOwl · February 27, 2022, 8:02am

Hm

So the configuration should be something along the lines of

Nextcloud server ← This one needs to have SSL for HTTPS, when you connect to it

Collabora server ← The reverse_proxy you use to connect to this one should not use SSL -or- use SSL/TLS and turn off the insecure verification for the connection

I have multiple services set up at home on a Proxmox with a Caddy server reverse_proxy to all of them, the Caddy holds all the certificates (SSL) for my services and reverse_proxies to the other VM’s and containers using HTTPS with TLS insecure verification turned off. (I can use HTTP as well, which is how it was at first before I turned on the SSL as I was setting it up)

EDIT: I also remembered, you need to pass Host headers with the reverse_proxy as well when you’re using SSL/TLS, though that will depend on the reverse_proxy you use and how it functions

qubit2022 · February 27, 2022, 8:09am

So I have a rewrite to the local IP and port of the docker containers. they arnt http, or https.
https://prnt.sc/lULnRp_5mMvg

And also I have the rewrites in the website htaccess.
https://prnt.sc/zT-Rjz79v5Io

qubit2022 · February 27, 2022, 8:10am

So I do have https on it. Im changing it now.

ZendaiOwl · February 27, 2022, 8:10am

Correct, currently it is forcing you to use HTTPS regardless as you’re specifying that in the URI there with the IP

qubit2022 · February 27, 2022, 8:11am

Got it. It must use ssl right? Due to the nextcloud office thing sayign it has to be the same protocol as the domain? So do I change that to http, and the force ssl in the stack?

Or do I turn ssl off everywhere and let my wild card do the ssl?

ZendaiOwl · February 27, 2022, 8:14am

Hm, if the docs say it has to use the same protocol then you will need to turn it on and turn off the insecure verification so it allows the connection

Checked the github some more and here is another setting that needs to be set
net.post_allow.host

I recommend reading through that GitHub issue post and cross-reference your configuration with what they are saying there should give you the most hints at what is not working

It’s difficult for me to troubleshoot any further here as I don’t have any hands-on experience with setting up a collabora server behind a reverse_proxy

qubit2022 · February 27, 2022, 8:15am

@ZendaiOwl

extra_params= --o:server_name=collab.qubitologyhldg.com --o:ssl.enable=false --o:ssl.termination=true --o:net.post_allow.host=::ffff:75.143.148.[0-9]+ --o:net.post_allow.host=75.143.148.[0-9]+ --o:net.proto=IPv4

is what I have currently.