Setup Collabora server Ok, nothing in nexcloud


With my subdomain, i can discover the XML file :


It’s really works here.

But nothing be good in nexcloud server :


When i open a document, message Error :
…Please Try later

Where i can show log file for that ?

Apcahe log :
office.error_log : nothing
office.acces_log : no access

docker log : all passed
I use Docker behind a NAT.

Also :
curl -k
return 404

I use the lastest nextcloud version (17)
PHP 7.1
All test passed.
Let-s encrypt with *

It’s crazzy !


docker logs <container-id>

This is likely to be expected as is a loopback address. It would only work from the server running Collabora. Use your FQDN instead.


curl -k

In docker logs :
File not found: Invalid URI request: [/loleaflet].| wsd/FileServer.cpp:441

OK there (??) :

Apache conf :
# static html, js, images, etc. served from loolwsd
** # loleaflet is the client part of LibreOffice Online**
** ProxyPass /loleaflet retry=0**
** ProxyPassReverse /loleaflet**

Nextcloud err :
(…) Please Try later


In these url :
==> Good ! I can show Stats & Param.
==> Good, i can show XML file

In nextcloud server :
Collabora config :

When i launch a doc (last nxcloud version,18) , after a while, error :
(…) Please try later.

Error logs, in Apache : nothing
Access logs, in Apache : nothing (no access !)

Docker logs instance : Nothing red…

NextCloud logs (graphical) : All right !

Iptable rule on 9980 port works (open).

I read and test so much things in these trheads.
Nothing can be done.

Finaly i found a working Collabora Docker config under a NAT / Firewall :

-> hosts IP must be local.
-> dns must be local too.

hostname -I

cat /etc/resolv.conf

ipatble rule :

sudo iptables -t filter -A INPUT -p tcp --dport 9980 -j ACCEPT
sudo iptables -t filter -A OUTPUT -p tcp --dport 9980 -j ACCEPT

Finaly, working docker image :
docker ps
docker stop myid
docker rm myid
docker run -t -d -p -e ‘domain=cloud\.mydom\.com’ --restart always --cap-add MKNOD --dns= -e ‘username=user’ -e ‘password=123’ collabora/code

If trouble :
service docker restart

So in essence it was a firewall problem?

Yes it was. May be, this is a working configuration for all kinds under docker systems.
I forget also settings in server hosts file (the main server, not the docker image) :
nano /etc/hosts localhost

Yes I suppose you could set your host names at the level of the host’s /etc/hosts file. Totally valid. I usually set hostnames at the router level since I’m a lot less likely to forget what I’ve done. I also have cloud and office on physically different VM’s so it’s easier for me to set the parameter at the router level. If they are on the same host, modification of /etc/hosts may be easier.

Things I see commonly as errors:

  1. Don’t open firewall ports
  2. Don’t set local resolution of domain names at the /etc/host or router level
  3. Don’t enable kernel packet forwarding.

Thank’s for the recommandations !

Did you know why the iptable rule bellow stop the connection beetween nexcloud to Docker ?

By default, i need to use this geoip rule for security reason. It blocks all traffic, execpt for countries ID :

sudo iptables -A INPUT -m geoip ! --src-cc FR,DE,BE,CH,US,GB,IE,FI,IT,ES -j DROP

But, i must disable this rule to open all docs in Collabora.

Netstat show only locals IP in server host (not the docker). Strange ?

netstat -np --inet

Collabora needs to connect to its own server (external(s) IP) ?
Very strange …

Honestly I’ve never really done a packet capture with Collabora. I never really knew you could write an iptables rule based on country of origin. However you have your rule on the input chain (not output). This would imply you are receiving packets externally.

I’m thinking about my own setup. I have wide open input rules to the collabora port (just a generic pass all rule which I believe is being controlled ufw (which definitely isn’t as fine grained as an actual iptables rule)), however at the router level there are no port forwarding rules to allow external access. In fact on my nginx configuration, I only allow LAN IP address access to nextcloud. All my docs open in Collabora (locally). Perhaps your iptables rule is blocking more than what it should?