Rich documents stopped working — can't connect to Collabora

Nextcloud version: 29.0.7
Operating system and version: Ubuntu 22.04.5 LTS
Apache or version: 2.4.62
PHP version: 8.2-fpm

The issue you are facing:

I had another developer set up Rich Documents for me, installing a Collabora online server locally. It was working fine for a while, and then it stopped.

It looks like he installed the coolwsd service, which is running properly. However, the Collabora settings in Nextcloud say the following:

Client error: GET https://alivio.cloud/hosting/discovery resulted in a 404 Not Found response

The URL (and port) were simply listed as https://alivio.cloud. I have tried changing this to https://alivio.cloud:9980 or https://127.0.0.1:9980 and this doesn’t fix the problem.

When I run curl https://localhost:9980/hosting/discovery I get:

curl: (60) SSL certificate problem: self-signed certificate

The main Alivio.cloud uses letsencrypt certificates, but then /etc/coolwsd has its own key, cert and chain files and these are the ones the xml config file points to.

The config has ssl enabled and termination disabled. My Apache .conf file has these entries:

 AllowEncodedSlashes NoDecode
 ProxyPreserveHost On
 SSLProxyengine On


 # static html, js, images, etc. served from coolwsd
 # browser is the client part of Collabora Online
 ProxyPass           /browser https://127.0.0.1:9980/browser retry=0
 ProxyPassReverse    /browser https://127.0.0.1:9980/browser


 # WOPI discovery URL
 ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
 ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery


 # Capabilities
 ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
 ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities


 # Main websocket
 ProxyPassMatch      "/cool/(.*)/ws$"      ws://127.0.0.1:9980/cool/$1/ws nocanon


 # Admin Console websocket
 ProxyPass           /cool/adminws ws://127.0.0.1:9980/cool/adminws


 # Download as, Fullscreen presentation and Image upload operations
 ProxyPass           /cool https://127.0.0.1:9980/cool
 ProxyPassReverse    /cool https://127.0.0.1:9980/cool
 # Compatibility with integrations that use the /lool/convert-to endpoint
 ProxyPass           /lool https://127.0.0.1:9980/cool
 ProxyPassReverse    /lool https://127.0.0.1:9980/cool

This is for <VirtualHost *:443>. Before, they all said http but the Collabora docs said these should be http unless ssl is disabled and termination enabled. For whatever reason, this worked before with http but not anymore.

I have no specific entry for <VirtualHost *:9980> but I tried creating one and it didnt’ fix this problem. When I go to https://alivio.cloud:9980/hosting/discovery in Firefox I get MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT.

Is this the first time you’ve seen this error? Y

The output of your Nextcloud log in Admin > Logging:

ConnectException
cURL error 28: Failed to connect to alivio.cloud port 9980 after 2701 ms: Connection timed out (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://alivio.cloud:9980/hosting/discovery
Failed to fetch discovery: cURL error 28: Failed to connect to alivio.cloud port 9980 after 2701 ms: Connection timed out (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://alivio.cloud:9980/hosting/discovery

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'xxx',
  'passwordsalt' => 'xxx',
  'secret' => 'xxx',
  'trusted_domains' => 
  array (
    0 => 'localhost',
    1 => 'alivio.cloud',
  ),
  'datadirectory' => '/var/www/cloud/data',
  'skeletondirectory' => '/var/www/cloud/starter',
  'dbtype' => 'mysql',
  'version' => '29.0.7.1',
  'overwrite.cli.url' => 'https://alivio.cloud',
  'dbname' => 'cloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'htaccess.RewriteBase' => '/',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'xxx',
  'dbpassword' => 'xxx',
  'installed' => true,
  'maintenance' => false,
  'maintenance_window_start' => 1,
  'default_phone_region' => 'US',
  'filelocking.enabled' => true,
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.local' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 6379,
    'timeout' => 0.0,
    'read_timeout' => 0.0,
    'user' => '',
    'password' => 'xxx',
    'dbindex' => 0,
  ),
  'allow_local_remote_servers' => true,
  'loglevel' => 2,
  'theme' => '',
  'mail_smtpmode' => 'sendmail',
  'mail_sendmailmode' => 'pipe',
  'mail_from_address' => 'noreply',
  'mail_domain' => 'alivio.cloud',
);

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

{"reqId":"Ml3py7V7BswTWktnmcdA","level":3,"time":"2024-09-18T16:30:01+00:00","remoteAddr":"","user":"--","app":"richdocuments","method":"","url":"--","message":"Failed to fetch discovery: Client error: `GET https://alivio.cloud/hosting/discovery` resulted in a `404 Not Found` response:\n<!DOCTYPE html>\n<html class=\"ng-csp\" data-placeholder-focus=\"false\" lang=\"en\" data-locale=\"en\" translate=\"no\" >\n\t<head\n  (truncated...)\n","userAgent":"--","version":"29.0.7.1","exception":{"Exception":"GuzzleHttp\\Exception\\ClientException","Message":"Client error: `GET https://alivio.cloud/hosting/discovery` resulted in a `404 Not Found` response:\n<!DOCTYPE html>\n<html class=\"ng-csp\" data-placeholder-focus=\"false\" lang=\"en\" data-locale=\"en\" translate=\"no\" >\n\t<head\n  (truncated...)\n","Code":404,"Trace":[{"file":"/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":72,"function":"create","class":"GuzzleHttp\\Exception\\RequestException","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/cloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":204,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/cloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":153,"function":"callHandler","class":"GuzzleHttp\\Promise\\Promise","type":"::"},{"file":"/var/www/cloud/3rdparty/guzzlehttp/promises/src/TaskQueue.php","line":48,"function":"GuzzleHttp\\Promise\\{closure}","class":"GuzzleHttp\\Promise\\Promise","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/cloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":248,"function":"run","class":"GuzzleHttp\\Promise\\TaskQueue","type":"->"},{"file":"/var/www/cloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":224,"function":"invokeWaitFn","class":"GuzzleHttp\\Promise\\Promise","type":"->"},{"file":"/var/www/cloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":269,"function":"waitIfPending","class":"GuzzleHttp\\Promise\\Promise","type":"->"},{"file":"/var/www/cloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":226,"function":"invokeWaitList","class":"GuzzleHttp\\Promise\\Promise","type":"->"},{"file":"/var/www/cloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":62,"function":"waitIfPending","class":"GuzzleHttp\\Promise\\Promise","type":"->"},{"file":"/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Client.php","line":189,"function":"wait","class":"GuzzleHttp\\Promise\\Promise","type":"->"},{"file":"/var/www/cloud/lib/private/Http/Client/Client.php","line":230,"function":"request","class":"GuzzleHttp\\Client","type":"->"},{"file":"/var/www/cloud/apps/richdocuments/lib/Service/DiscoveryService.php","line":75,"function":"get","class":"OC\\Http\\Client\\Client","type":"->"},{"file":"/var/www/cloud/apps/richdocuments/lib/Service/CachedRequestService.php","line":74,"function":"sendRequest","class":"OCA\\Richdocuments\\Service\\DiscoveryService","type":"->"},{"file":"/var/www/cloud/apps/richdocuments/lib/Backgroundjobs/ObtainCapabilities.php","line":58,"function":"fetch","class":"OCA\\Richdocuments\\Service\\CachedRequestService","type":"->"},{"file":"/var/www/cloud/lib/public/BackgroundJob/Job.php","line":80,"function":"run","class":"OCA\\Richdocuments\\Backgroundjobs\\ObtainCapabilities","type":"->"},{"file":"/var/www/cloud/lib/public/BackgroundJob/TimedJob.php","line":102,"function":"start","class":"OCP\\BackgroundJob\\Job","type":"->"},{"file":"/var/www/cloud/lib/public/BackgroundJob/TimedJob.php","line":92,"function":"start","class":"OCP\\BackgroundJob\\TimedJob","type":"->"},{"file":"/var/www/cloud/cron.php","line":177,"function":"execute","class":"OCP\\BackgroundJob\\TimedJob","type":"->"}],"File":"/var/www/cloud/3rdparty/guzzlehttp/guzzle/src/Exception/RequestException.php","Line":113,"message":"Failed to fetch discovery: Client error: `GET https://alivio.cloud/hosting/discovery` resulted in a `404 Not Found` response:\n<!DOCTYPE html>\n<html class=\"ng-csp\" data-placeholder-focus=\"false\" lang=\"en\" data-locale=\"en\" translate=\"no\" >\n\t<head\n  (truncated...)\n","exception":{},"CustomMessage":"Failed to fetch discovery: Client error: `GET https://alivio.cloud/hosting/discovery` resulted in a `404 Not Found` response:\n<!DOCTYPE html>\n<html class=\"ng-csp\" data-placeholder-focus=\"false\" lang=\"en\" data-locale=\"en\" translate=\"no\" >\n\t<head\n  (truncated...)\n"}}

Update: the first problem I had, which you could never have guessed, is that I moved this instance to a new server and /etc/hosts/ was still using the old IPv4 and IPv6 addresses. Whoops!

I fixed that, and it still didn’t work. The only way I have been able to make the server reachable again is to disable SSL in coolwsd.xml, enable termination, change all the proxy values back to http, and explicitly set the URL and port for Nextcloud office at https://alivio.cloud:443.

After this, it’s reachable. However, the coolwsd config says I don’t want this configuration in a production environment. So I suppose I’ll have to figure out why I can’t enable ssl and use https.

When I had it that way, I was getting a 502 proxy error message when I ran curl -I curl -I https://alivio.cloud/hosting/discovery.

hi @3x5 you are likely on the right path - public DNS records and TLS connection between the system must work. Please review Collabora integration guide for details