(Solved) Help starting loolwsd service on CentOS 7

[QUESTION IN THE WRONG CATEGORY, MOVED TO INSTALLATION, SORRY MODS]

Hello,

Can i get some troubleshooting why loolwsd is not starting. I’ve read through other forum post but i cant seem to fix my own problem.

I’ve installed CODE on CentOS 7 not via Docker but as a separate package (followed the instruction on the official collabora site)

SELinux is disabled and firewalld as well.

I am using NGINX and PHP7.3

This is the message i get

● loolwsd.service - LibreOffice Online WebSocket Daemon
   Loaded: loaded (/usr/lib/systemd/system/loolwsd.service; enabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Tue 2019-02-12 15:05:12 UTC; 11min ago
  Process: 4858 ExecStart=/usr/bin/loolwsd --version --o:sys_template_path=/opt/lool/systemplate --o:child_root_path=/opt/lool/child-roots --o:file_server_root_path=/usr/share/loolwsd (code=exited, status=70)
 Main PID: 4858 (code=exited, status=70)

Feb 12 15:05:12 shield systemd[1]: loolwsd.service: main process exited, code=exited, status=70/n/a
Feb 12 15:05:12 shield systemd[1]: Unit loolwsd.service entered failed state.
Feb 12 15:05:12 shield systemd[1]: loolwsd.service failed.
Feb 12 15:05:12 shield systemd[1]: loolwsd.service holdoff time over, scheduling restart.
Feb 12 15:05:12 shield systemd[1]: Stopped LibreOffice Online WebSocket Daemon.
Feb 12 15:05:12 shield systemd[1]: start request repeated too quickly for loolwsd.service
Feb 12 15:05:12 shield systemd[1]: Failed to start LibreOffice Online WebSocket Daemon.
Feb 12 15:05:12 shield systemd[1]: Unit loolwsd.service entered failed state.
Feb 12 15:05:12 shield systemd[1]: loolwsd.service failed.

when I run journalctl -u loolwsd, this is the last lines before crashing

Feb 12 15:05:09 shield loolwsd[4850]: wsd-04850-04850 2019-02-12 15:05:09.784325 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/l10n/locore/ve.json as '/loleaflet/dist/l10n/locore/ve.json'| wsd/FileServer.cpp:476
Feb 12 15:05:09 shield loolwsd[4850]: wsd-04850-04850 2019-02-12 15:05:09.775504 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/l10n/locore/ur.json as '/loleaflet/dist/l10n/locore/ur.json'| wsd/FileServer.cpp:476
Feb 12 15:05:09 shield loolwsd[4850]: wsd-04850-04850 2019-02-12 15:05:09.775583 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/l10n/locore/hsb.json as '/loleaflet/dist/l10n/locore/hsb.json'| wsd/FileServer.cpp:476
Feb 12 15:05:09 shield loolwsd[4850]: wsd-04850-04850 2019-02-12 15:05:09.776722 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/l10n/locore/ks.json as '/loleaflet/dist/l10n/locore/ks.json'| wsd/FileServer.cpp:476
Feb 12 15:05:09 shield loolwsd[4850]: wsd-04850-04850 2019-02-12 15:05:09.777101 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/l10n/locore/hu-Hung.json as '/loleaflet/dist/l10n/locore/hu-Hung.json'| wsd/FileServer.cp
Feb 12 15:05:09 shield loolwsd[4850]: wsd-04850-04850 2019-02-12 15:05:09.777159 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/l10n/locore/uz.json as '/loleaflet/dist/l10n/locore/uz.json'| wsd/FileServer.cpp:476
Feb 12 15:05:09 shield loolwsd[4850]: wsd-04850-04850 2019-02-12 15:05:09.782785 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/l10n/locore/hu.json as '/loleaflet/dist/l10n/locore/hu.json'| wsd/FileServer.cpp:476
Feb 12 15:05:09 shield loolwsd[4850]: wsd-04850-04850 2019-02-12 15:05:09.784325 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/l10n/locore/ve.json as '/loleaflet/dist/l10n/locore/ve.json'| wsd/FileServer.cpp:476
Feb 12 15:05:09 shield loolwsd[4850]: wsd-04850-04850 2019-02-12 15:05:09.785081 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/l10n/locore/id.json as '/loleaflet/dist/l10n/locore/id.json'| wsd/FileServer.cpp:476
Feb 12 15:05:09 shield loolwsd[4850]: wsd-04850-04850 2019-02-12 15:05:09.786156 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/l10n/locore/vec.json as '/loleaflet/dist/l10n/locore/vec.json'| wsd/FileServer.cpp:476
Feb 12 15:05:09 shield systemd[1]: loolwsd.service: main process exited, code=exited, status=70/n/a
Feb 12 15:05:09 shield systemd[1]: Unit loolwsd.service entered failed state.
Feb 12 15:05:09 shield systemd[1]: loolwsd.service failed.
Feb 12 15:05:10 shield systemd[1]: loolwsd.service holdoff time over, scheduling restart.
Feb 12 15:05:10 shield systemd[1]: Stopped LibreOffice Online WebSocket Daemon.
Feb 12 15:05:10 shield systemd[1]: Started LibreOffice Online WebSocket Daemon.
Feb 12 15:05:10 shield systemd[1]: loolwsd.service: main process exited, code=exited, status=70/n/a
Feb 12 15:05:10 shield systemd[1]: Unit loolwsd.service entered failed state.
Feb 12 15:05:10 shield systemd[1]: loolwsd.service failed.
Feb 12 15:05:10 shield systemd[1]: loolwsd.service holdoff time over, scheduling restart.
Feb 12 15:05:10 shield systemd[1]: Stopped LibreOffice Online WebSocket Daemon.
Feb 12 15:05:10 shield systemd[1]: Started LibreOffice Online WebSocket Daemon.
Feb 12 15:05:11 shield systemd[1]: loolwsd.service: main process exited, code=exited, status=70/n/a
Feb 12 15:05:11 shield systemd[1]: Unit loolwsd.service entered failed state.
Feb 12 15:05:11 shield systemd[1]: loolwsd.service failed.
Feb 12 15:05:11 shield systemd[1]: loolwsd.service holdoff time over, scheduling restart.
Feb 12 15:05:11 shield systemd[1]: Stopped LibreOffice Online WebSocket Daemon.
Feb 12 15:05:11 shield systemd[1]: Started LibreOffice Online WebSocket Daemon.
Feb 12 15:05:12 shield systemd[1]: loolwsd.service: main process exited, code=exited, status=70/n/a
Feb 12 15:05:12 shield systemd[1]: Unit loolwsd.service entered failed state.

The logs you are posting aren’t really helping. Anything in the syslog or loolwsd log? You may need to activate the loolwsd log within the loolwsd.xml config file. What does your config file look like?

Hi,
I came along having the same problem and searching for help. The topic is marked “solved” but I can’t really find the solution

I am running Debian9, Apache 2.4.25 and I’ve installed CODE as a seperate package following the offical instructions. When I try to connect from my Nextcloud (running on different system, namely a Synology NAS) I get a similar error message as OP:

* loolwsd.service - LibreOffice Online WebSocket Daemon
   Loaded: loaded (/lib/systemd/system/loolwsd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2019-03-28 22:17:29 CET; 11h ago
  Process: 14648 ExecStart=/usr/bin/loolwsd --version --o:sys_template_path=/opt/lool/systemplate --o:lo_template_path=/opt/collaboraoffice6.0 --o:child_root_path=/opt/lool/child-roots --o:file_server_root_path=/usr/share/loolwsd (code=ex Main PID: 14648 (code=exited, status=70)

Mar 28 22:17:29 localhost loolwsd[14648]: wsd-14648-14648 2019-03-28 21:17:29.276521 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/admin/admin.html as '/loleaflet/dist/admin/admin.html'| wsd/FileServer.cpp:476
Mar 28 22:17:29 localhost loolwsd[14648]: wsd-14648-14648 2019-03-28 21:17:29.276678 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/framed.html as '/loleaflet/dist/framed.html'| wsd/FileServer.cpp:476
Mar 28 22:17:29 localhost loolwsd[14648]: wsd-14648-14648 2019-03-28 21:17:29.276927 [ loolwsd ] TRC  Reading file: '/usr/share/loolwsd/loleaflet/dist/branding.css as '/loleaflet/dist/branding.css'| wsd/FileServer.cpp:476
Mar 28 22:17:29 localhost loolwsd[14648]: wsd-14648-14648 2019-03-28 21:17:29.277026 [ loolwsd ] INF  Adding trusted WOPI host: [localhost].| wsd/Storage.cpp:106
Mar 28 22:17:29 localhost loolwsd[14648]: wsd-14648-14648 2019-03-28 21:17:29.277037 [ loolwsd ] INF  Adding trusted WOPI host: [10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}].| wsd/Storage.cpp:106
Mar 28 22:17:29 localhost loolwsd[14648]: wsd-14648-14648 2019-03-28 21:17:29.277046 [ loolwsd ] INF  Adding trusted WOPI host: [172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}].| wsd/Storage.cpp:106
Mar 28 22:17:29 localhost loolwsd[14648]: wsd-14648-14648 2019-03-28 21:17:29.277054 [ loolwsd ] INF  Adding trusted WOPI host: [172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}].| wsd/Storage.cpp:106
Mar 28 22:17:29 localhost systemd[1]: loolwsd.service: Main process exited, code=exited, status=70/n/a
Mar 28 22:17:29 localhost systemd[1]: loolwsd.service: Unit entered failed state.
Mar 28 22:17:29 localhost systemd[1]: loolwsd.service: Failed with result 'exit-code'.

Any hint for me please?

Anything else from syslog? I think what you posted was from the journalctl log. Maybe you could make the journalctl log more verbose. I’m guessing there is something wrong with your formatting within the loolwsd.xml file however thats a lot of speculation.

What I posted was output of systemclt status loolwsd.

Meanwhile I figured out that I can restart loolwsd after I change SSL setting to false within loolwsd.xml, but of course this is not the way I wanna go.

I am just about to configure rsyslog to get some more info to post, here is my loolwsd.xml in the meantime.

<config>

    <!-- Note: 'default' attributes are used to document a setting's default value as well as to use as fallback. -->
    <!-- Note: When adding a new entry, a default must be set in WSD in case the entry is missing upon deployment. -->

    <allowed_languages desc="List of supported languages of Writing Aids (spell checker, grammar checker, thesaurus, hyphenation) on this instance. Allowing too many has negative effect on startup performance." default="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru">de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</allowed_languages>

    <tile_cache_path desc="Path to a directory where to keep the tile cache." type="path" relative="false" default="/var/cache/loolwsd"></tile_cache_path>
    <sys_template_path desc="Path to a template tree with shared libraries etc to be used as source for chroot jails for child processes." type="path" relative="true" default="systemplate"></sys_template_path>
    <lo_template_path desc="Path to a LibreOffice installation tree to be copied (linked) into the jails for child processes. Should be on the same file system as systemplate." type="path" relative="false" default="/opt/collaboraoffice6.0"></lo_template_path>
    <child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>

    <server_name desc="Hostname:port of the server running loolwsd. If empty, it's derived from the request." type="string" default=""></server_name>
    <file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing loleaflet." type="path" relative="true" default="loleaflet/../"></file_server_root_path>

    <memproportion desc="The maximum percentage of system memory consumed by all of the LibreOffice Online, after which we start cleaning up idle documents" type="double" default="80.0"></memproportion>
    <num_prespawn_children desc="Number of child processes to keep started in advance and waiting for new clients." type="uint" default="1">1</num_prespawn_children>
    <per_document desc="Document-specific settings, including LO Core settings.">
        <max_concurrency desc="The maximum number of threads to use while processing a document." type="uint" default="4">4</max_concurrency>
        <document_signing_url desc="The endpoint URL of signing server, if empty the document signing is disabled" type="string" default="https://app.vereign.com"></document_signing_url>
	<redlining_as_comments desc="If true show red-lines as comments" type="bool" default="true">true</redlining_as_comments>
        <idle_timeout_secs desc="The maximum number of seconds before unloading an idle document. Defaults to 1 hour." type="uint" default="3600">3600</idle_timeout_secs>
        <!-- Idle save and auto save are checked every 30 seconds -->
        <idlesave_duration_secs desc="The number of idle seconds after which document, if modified, should be saved. Defaults to 30 seconds." type="uint" default="30">30</idlesave_duration_secs>
        <autosave_duration_secs desc="The number of seconds after which document, if modified, should be saved. Defaults to 5 minutes." type="uint" default="300">300</autosave_duration_secs>
        <limit_virt_mem_kb desc="The maximum virtual memory allowed to each document process. 0 for unlimited, 1700 min." type="uint">0</limit_virt_mem_kb>
        <limit_data_mem_kb desc="The maximum memory data segment allowed to each document process. 0 for unlimited." type="uint">0</limit_data_mem_kb>
        <limit_stack_mem_kb desc="The maximum stack size allowed to each document process. 0 for unlimited." type="uint">8000</limit_stack_mem_kb>
        <limit_file_size_mb desc="The maximum file size allowed to each document process to write. 0 for unlimited." type="uint">0</limit_file_size_mb>
        <limit_num_open_files desc="The maximum number of files allowed to each document process to open. 0 for unlimited." type="uint">0</limit_num_open_files>
    <limit_load_secs desc="Maximum number of seconds to wait for a document load to succeed. 0 for unlimited." type="uint" default="100">100</limit_load_secs>
    </per_document>

    <per_view desc="View-specific settings.">
        <out_of_focus_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the browser tab is no longer in focus. Defaults to 60 seconds." type="uint" default="60">60</out_of_focus_timeout_secs>
        <idle_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the user is no longer active (even if the browser is in focus). Defaults to 15 minutes." type="uint" default="900">900</idle_timeout_secs>
    </per_view>

    <loleaflet_html desc="Allows UI customization by replacing the single endpoint of loleaflet.html" type="string" default="loleaflet.html">loleaflet.html</loleaflet_html>

    <logging>
        <color type="bool">true</color>
        <level type="string" desc="Can be 0-8, or none (turns off logging), fatal, critical, error, warning, notice, information, debug, trace" default="warning">warning</level>
        <file enable="false">
            <property name="path" desc="Log file path.">/var/log/loolwsd.log</property>
            <property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property>
            <property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property>
            <property name="compress" desc="Enable/disable log file compression.">true</property>
            <property name="purgeAge" desc="The maximum age of log files to preserve. See Poco FileChannel.">10 days</property>
            <property name="purgeCount" desc="The maximum number of log archives to preserve. Use 'none' to disable purging. See Poco FileChannel.">10</property>
            <property name="rotateOnOpen" desc="Enable/disable log file rotation on opening.">true</property>
            <property name="flush" desc="Enable/disable flushing after logging each line. May harm performance. Note that without flushing after each line, the log lines from the different processes will not appear in chronological order.">false</property>
        </file>
        <anonymize>
            <filenames type="bool" desc="Enable to anonymize/obfuscate filenames in logs. If default is true, it was forced at compile-time and cannot be disabled." default="false">false</filenames>
            <usernames type="bool" desc="Enable to anonymize/obfuscate usernames in logs. If default is true, it was forced at compile-time and cannot be disabled." default="false">false</usernames>
        </anonymize>
    </logging>

    <loleaflet_logging desc="Logging in the browser console" default="false">false</loleaflet_logging>

    <trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="false">
        <path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/looltrace-%.gz" compress="true" snapshot="false"></path>
        <filter>
            <message desc="Regex pattern of messages to exclude"></message>
        </filter>
        <outgoing>
            <record desc="Whether or not to record outgoing messages" default="false">false</record>
        </outgoing>
    </trace>

    <net desc="Network settings">
      <proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto>
      <listen type="string" default="any" desc="Listen address that loolwsd binds to. Can be 'any' or 'loopback'.">any</listen>
      <service_root type="path" default="" desc="Prefix all the pages, websockets, etc. with this path."></service_root>
      <post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
        <host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
        <host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>
        <host desc="Ditto, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
        <host desc="The IPv6 loopback (localhost) address.">::1</host>
		<host desc="SVP NAS">78.\132.\114.\230</host>
		<host desc="auch SPV NAS aber IPv4 mapped IPv6">::ffff:78.\132.\114.\230</host>
      </post_allow>
      <frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
    </net>

    <ssl desc="SSL settings">
        <enable type="bool" desc="Controls whether SSL encryption is enable (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">true</enable>
        <termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
        <cert_file_path desc="Path to the cert file" relative="false">/etc/letsencrypt/live/myfqdn/cert.pem</cert_file_path>
        <key_file_path desc="Path to the key file" relative="false">/etc/letsencrypt/live/myfqdn/privkey.pem</key_file_path>
        <ca_file_path desc="Path to the ca file" relative="false">/etc/letsencrypt/live/myfqdn/fullchain.pem</ca_file_path>
        <cipher_list desc="List of OpenSSL ciphers to accept" default="ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"></cipher_list>
        <hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
            <max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
            <report_uri desc="HPKP's report-uri directive - pin validation failure are reported at this URL" enable="false"></report_uri>
            <pins desc="Base64 encoded SPKI fingerprints of keys to be pinned">
            <pin></pin>
            </pins>
        </hpkp>
    </ssl>

    <security desc="Altering these defaults potentially opens you to significant risk">
      <seccomp desc="Should we use the seccomp system call filtering." type="bool" default="true">true</seccomp>
      <capabilities desc="Should we require capabilities to isolate processes into chroot jails" type="bool" default="true">true</capabilities>
    </security>

    <storage desc="Backend storage">
        <filesystem allow="false" />
        <wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
            <host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
			<host desc="Regex pattern of hostname to allow or deny."  allow="true">78.\132.\114.\230</host>
			<host desc="Regex pattern of hostname to allow or deny."  allow="true">::ffff:78.\132.\114.\230</host>
            <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
        </wopi>
        <webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="false">
            <host desc="Hostname to allow" allow="false">localhost</host>
        </webdav>
    </storage>

    <tile_cache_persistent desc="Should the tiles persist between two editing sessions of the given document?" type="bool" default="true">true</tile_cache_persistent>

    <admin_console desc="Web admin console settings.">
        <enable desc="Enable the admin console functionality" type="bool" default="true">false</enable>
        <enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
        <username desc="The username of the admin console. Ignored if PAM is enabled."></username>
        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password."></password>
    </admin_console>

    <monitors desc="Addresses of servers we connect to on start for monitoring">
    </monitors>

</config>

you might want to check the permissions to the cert files: the user loolwsd is running should be able to read these files. Else make a copy of these files available to your loolwsd installation and repeat the copy and chown process on each renewal. Or add that user to a group that can read the originals.
Additionally I don’t know whether the names

/etc/letsencrypt/live/myfqdn/cert.pem
(...)

should match your certs.

@joergschulz: Thanks man, that helped a lot! Now the service starts up properly, I only have to re-think how I will manage accessibility of the ceritifcate files for user lool, as for the moment I changed the directories to 655, which does not seem as a perfect solution for me (thinking about security).

Unfortunately, if I try to connect from my Nextcloud it still says “Failed to load collabora online - please try again lager”, and if I have a look at systemctl status loolwsd I can see some errors I do not understand:

 * loolwsd.service - LibreOffice Online WebSocket Daemon
   Loaded: loaded (/lib/systemd/system/loolwsd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-04-02 12:09:15 CEST; 3min 17s ago
 Main PID: 29881 (loolwsd)
    Tasks: 10 (limit: 75)
   CGroup: /system.slice/loolwsd.service
           |-29881 /usr/bin/loolwsd --version --o:sys_template_path=/opt/lool/systemplate --o:lo_template_path=/opt/collaboraoffice6.0 --o:child_root_path=/opt/lool/child-roots --o:file_server_root_path=/usr/share/loolwsd
           |-29883 /usr/bin/loolforkit --losubpath=lo --systemplate=/opt/lool/systemplate --lotemplate=/opt/collaboraoffice6.0 --childroot=/opt/lool/child-roots/ --clientport=9980 --masterport=9981 --rlimits=limit_virt_mem_mb:0;limit_stack_mem_kb:8000;limit_file_size_mb:0;limit_num_open_files:0 --version
           `-29887 /usr/bin/loolforkit --losubpath=lo --systemplate=/opt/lool/systemplate --lotemplate=/opt/collaboraoffice6.0 --childroot=/opt/lool/child-roots/ --clientport=9980 --masterport=9981 --rlimits=limit_virt_mem_mb:0;limit_stack_mem_kb:8000;limit_file_size_mb:0;limit_num_open_files:0 --version

Apr 02 12:11:13 localhost loolwsd[29881]: wsd-29881-29891 2019-04-02 10:11:13.752928 [ websrv_poll ] ERR  Socket #20 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281
Apr 02 12:11:13 localhost loolwsd[29881]: wsd-29881-29891 2019-04-02 10:11:13.753069 [ websrv_poll ] ERR  Error while handling poll for socket #20 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570
Apr 02 12:11:30 localhost loolwsd[29881]: wsd-29881-29891 2019-04-02 10:11:30.835016 [ websrv_poll ] ERR  Socket #20 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281
Apr 02 12:11:30 localhost loolwsd[29881]: wsd-29881-29891 2019-04-02 10:11:30.835078 [ websrv_poll ] ERR  Error while handling poll for socket #20 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570
Apr 02 12:11:32 localhost loolwsd[29881]: wsd-29881-29891 2019-04-02 10:11:32.133082 [ websrv_poll ] ERR  Socket #20 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281
Apr 02 12:11:32 localhost loolwsd[29881]: wsd-29881-29891 2019-04-02 10:11:32.133158 [ websrv_poll ] ERR  Error while handling poll for socket #20 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570
Apr 02 12:11:32 localhost loolwsd[29881]: wsd-29881-29891 2019-04-02 10:11:32.134805 [ websrv_poll ] ERR  Socket #21 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281
Apr 02 12:11:32 localhost loolwsd[29881]: wsd-29881-29891 2019-04-02 10:11:32.134843 [ websrv_poll ] ERR  Error while handling poll for socket #21 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570
Apr 02 12:11:32 localhost loolwsd[29881]: wsd-29881-29891 2019-04-02 10:11:32.916034 [ websrv_poll ] ERR  Socket #20 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:281
Apr 02 12:11:32 localhost loolwsd[29881]: wsd-29881-29891 2019-04-02 10:11:32.916094 [ websrv_poll ] ERR  Error while handling poll for socket #20 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:570

Anyone can help here? Thx

in your loolwsd.xml you have the IP of your nextcloud instance, correct?
Please try and use the actual hostname like “sub.domain.com” (the host your nextcloud instance is on)
If you use your collabora setup for more than one host, add these too.

Yes IP is in my loolwsd.xml. I also added the hostname (mysubdomain.synology.me) of my Nextcloud instance to section “Network settings” in my loolwsd.xml, but makes no difference.

I tried to open https://subdomain.mydomain.tld/hosting/discovery and what I get shown is xml-file starting with <wopi-discovery>, so I was wondering if I have a problem with my reverse proxy.

I also was thinking if the problem could be me using a synology.me DDNS subdomain on my Nextcloud instance (or, to be precise, I checked whether my IP was static (should be) or not, but my IP remained the same for couple of days now and it matches the one that I entered in loolwsd.xml), but I do not think this is so.

@kevdog I now configured rsyslog, put the log file here (https://pastebin.com/ecZEALba). Of course I edited lines 885-900 to not expose my Nextcloud instance IP address and and my true FQDN of my server running collabora online.

Logging inside my loolwsd.xml was always set to true, but there never was any /var/log/loolwsd.log (thats the logfile configured inside my loolwsd.xml)

Does this help?

What’s your setup like? Is the loolwsd server on the same machine as your nextcloud? From the last few lines of your setup, I would guess this relates to a SSL error. What about your nextcloud log? There are three main logs you can look at – syslog on nextcloud box, nextcloud.log on nextcloud box, and loolwsd log (may need to enable within loolwsd.xml) on loolwsd box.

Nextcloud runs on a Synology NAS in my village, using Let’s Encrypt to issue certificates. Certificates seem to be OK (installed simply via Synology’s DSM, no errors/warnings if I connect with my browser).

Loolwsd box is a VPS hosted at a German provider, running Debian 9, using Let’s Encrypt for certificates, also no issues when connecting with my browser.

So certifcate-wise, I feel comfortable.

Loolwsd.log on my loowsd box is for some reason not there, even if it is set to true in loolwsd.xml (as I wrote above). No idea why.

Regarding the logs from my nextcould box I have to see what I can find (it is much more difficult to find things there, because file system layout to me is a complete mess. Probably due to DSM being a web-based management backend. One reason why I decided to host loolwsd on a different system, I thought it would make things easier. I also tried hostig loolwsd inside Docker on my Synology NAS, but I even struggled much more doing so.

I fiddeled around a little bit during the last days. I still did not manage to find the logs on my nextcloud box as proposed by @kevdog, so if anyone can point me to where to find them I would be grateful.

However, I managed to get rid of the error messages before, if I now systemctl status loolwsd on my loolwsd box, I can see the following:

root@localhost:~# systemctl status loolwsd
* loolwsd.service - LibreOffice Online WebSocket Daemon
   Loaded: loaded (/lib/systemd/system/loolwsd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-04-08 21:07:47 CEST; 2 days ago
 Main PID: 20402 (loolwsd)
    Tasks: 10 (limit: 75)
   CGroup: /system.slice/loolwsd.service
           |- 2496 /usr/bin/loolforkit --losubpath=lo --systemplate=/opt/lool/systemplate --lotemplate=/opt/collaboraoffice6.0 --childroot=/opt/lool/child-roots/ --clientport=9980 --masterport=9981 --rlimits=limit_virt_mem_mb:0;limit_stac
           |-20402 /usr/bin/loolwsd --version --o:sys_template_path=/opt/lool/systemplate --o:lo_template_path=/opt/collaboraoffice6.0 --o:child_root_path=/opt/lool/child-roots --o:file_server_root_path=/usr/share/loolwsd
           `-20404 /usr/bin/loolforkit --losubpath=lo --systemplate=/opt/lool/systemplate --lotemplate=/opt/collaboraoffice6.0 --childroot=/opt/lool/child-roots/ --clientport=9980 --masterport=9981 --rlimits=limit_virt_mem_mb:0;limit_stac
Apr 10 17:57:47 localhost loolwsd[20402]: wsd-20402-20412 2019-04-10 15:57:47.002108 [ websrv_poll ] ERR  Error while handling poll for socket #20 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Sock
Apr 11 17:57:12 localhost loolwsd[20402]: wsd-20402-20412 2019-04-11 15:57:12.650301 [ websrv_poll ] ERR  Requesting address is denied: ::ffff:78.132.82.156| wsd/LOOLWSD.cpp:1978
Apr 11 17:57:16 localhost loolwsd[20402]: wsd-20402-20412 2019-04-11 15:57:16.636518 [ websrv_poll ] ERR  Requesting address is denied: ::ffff:78.132.82.156| wsd/LOOLWSD.cpp:1978
Apr 11 17:57:17 localhost loolwsd[20402]: wsd-20402-02495 2019-04-11 15:57:17.158265 [ docbroker_001 ] ERR  No acceptable WOPI hosts found matching the target host [dyn-subdomain-of-my-nextcloudbox.synology.me] in config.| wsd/Storage.cpp:250
Apr 11 17:57:17 localhost loolwsd[20402]: wsd-20402-02495 2019-04-11 15:57:17.158840 [ docbroker_001 ] ERR  Failed to add session to [/index.php/apps/richdocuments/wopi/files/357_oc0z6ow0d9wn] with URI [https://dyn-subdomain-of-my-nextcloudbox.synology.me/inde
Apr 11 17:57:17 localhost loolwsd[20402]: wsd-20402-02495 2019-04-11 15:57:17.159209 [ docbroker_001 ] ERR  Unauthorized Request while loading session for /index.php/apps/richdocuments/wopi/files/357_oc0z6ow0d9wn: No acceptable WOPI hosts
Apr 11 17:57:17 localhost loolwsd[20402]: wsd-20402-02495 2019-04-11 15:57:17.180830 [ docbroker_001 ] WRN  Child session [000a] not found to forward message: load url=https://dyn-subdomain-of-my-nextcloudbox.synology.me/index.php/apps/richdocuments/wopi/files
Apr 11 17:57:17 localhost loolwsd[20402]: wsd-20402-02495 2019-04-11 15:57:17.232323 [ docbroker_001 ] ERR  Invalid or unknown session [000a] to remove.| wsd/DocumentBroker.cpp:1163
Apr 11 17:57:18 localhost loolwsd[20402]: kit-20408-20404 2019-04-11 15:57:18.161751 [ loolkit ] WRN  Kit connection lost without exit arriving from wsd. Setting TerminationFlag| kit/Kit.cpp:2222
Apr 11 17:57:34 localhost loolwsd[20402]: wsd-20402-20403 2019-04-11 15:57:34.534969 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/LOOLWSD.cpp:1783

Note: of course instead of dyn-subdomain-of-my-nextcloudbox.synology.me my console output shows the correct FQDN, just don’t want to post it here.

This matches the error message I get in my Nextcloud, if I try to make a new calc document:

unautorized%20WOPI%20host1918×618 22.7 KB

Maybe I misunderstood what/where to configure as correct WOPI host. Inside my loolwsd.xml I (definitely?) entered the correct FQDN of my Nextcloud box, both as IPv4 and via FQDN, see here:

<storage desc="Backend storage">
    <filesystem allow="true" />
    <wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
        <host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host>
        <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
        <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
        <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
        <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
        <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
        <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.1\.1</host>
	<host desc="Regex pattern of hostname to allow or deny." allow="true">HERE.\IS.\MY.\IP</host>
	<host desc="Regex pattern of hostname to allow or deny." allow="true">::ffff:HERE.\IS.\MY.\IP</host>
	<host desc="FQDN pattern of hostname to allow" allow="true">dyn-subdomain-of-my-nextcloudbox.\synology.\me</host>
	<host desc="FQDN pattern of hostname to allow" allow="true">https:\\\\dyn-subdomain-of-my-nextcloudbox.\synology.\me</host>
        <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
    </wopi>
    <webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="false">
        <host desc="Hostname to allow" allow="false">localhost</host>
    </webdav>
</storage>

I am desperate guys, what am I doing wrong / where do I f*** up so badly??

This is a very old thread, but in case someone else has a similar issue:

you have a syntax error in you regex:

HERE.\IS.\MY.\IP

it should be

HERE\.IS\.MY\.IP

So the “” should be before the “.” because it is an escape character. This way regex treats “.” as a literal period.