[SOLVED] Nextcloud does not open Collabora (LibreOffice) files

Hi Guys,

I have a Nextcloud installation on Ubuntu Server in Virtualbox and everything worked perfectly.

Now I have decided to add Collabora to test file sharing.

I added the Docker repositories, installed the collabora/code container, suitably modified the Nginx server configuration and added the richdocuments app.

Software versions:

  • Ubuntu 20.04.1 LTS
  • Nginx 1.19.2-1
  • Nextcloud 19.0.2.2
  • Richdocuments 3.7.3
  • Docker 19.03.12, build 48a66213fe
    (“DockerVersion”: “19.03.11”)
  • Collaboraoffice 4.2.5
    (Loolwsd version details: 4.2.6 - ed4f732 - id 60aaaaaa - on “Ubuntu 18.04.1 LTS”| wsd/LOOLWSD.cpp:3664)

Now I keep accessing my documents, I can create folders and all types of files, but I can open all types of files except LibreOffice (odt, ods, etc.)

When I try to open a LibreOffice document (odt, ods, etc.) I get the message: failed to read document from storage …

In the Nextcloud log I only see this:

{"reqId":"sptH2uOUugkG6pfgCINa","level":2,"time":"2020-09-03T15:21:54+02:00","remoteAddr":"xxx.xxx.xxx.xxx","user":"my-user","app":"no app in context","method":"GET","url":"/core/preview?fileId=471&x=32&y=32","message":"Host my-cloud was not connected to because it violates local access rules","userAgent":"Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0","version":"19.0.2.2"}

I also attach the docker/collabora logs:

  • after trying to open LibreOffice files →
e[1me[31mwsd-00006-00038 2020-09-03 13:22:17.391901 [ docbroker_001 ] ERR  Cannot get file info from WOPI storage uri [https://my-cloud/index.php/apps/richdocuments/wopi/files/22_ocmmlepa6iz9?access_token=HsUUkPJKc8UjdXeDGg6S4ZKTO4VHPC3c&access_token_ttl=0&reuse_cookies=ocmmlepa6iz9%3Do9uenoog0irb83b63phh878fk2%3Aoc_sessionPassphrase%3D%2BsZMXEn5zWLp1PqS4tI%2FGmXUACWgF%2B0IHjea8ejqg%2FGmfxjmU%2FkR0AbdyR7gYSz%2BxJe3%2FLTkC4PJOqBK5%2FUv5TDWormLTEhGMZa2qkNgYZvlMSc0hpDzLG0SdEtucigf%3A__Host-nc_sameSiteCookielax%3Dtrue%3A__Host-nc_sameSiteCookiestrict%3Dtrue%3Anc_username%3Dnt-virtual%3Anc_token%3D5hW03wqPcX3PZSW3I3oxVCrJfKiuz5LV%3Anc_session_id%3Do9uenoog0irb83b63phh878fk2]. Error: Host not found: my-cloud| wsd/Storage.cpp:597e[0m
e[1me[31mwsd-00006-00038 2020-09-03 13:22:17.392010 [ docbroker_001 ] ERR  loading document exception: Host not found| wsd/DocumentBroker.cpp:1380e[0m
e[1me[31mwsd-00006-00038 2020-09-03 13:22:17.392054 [ docbroker_001 ] ERR  Failed to add session to [/index.php/apps/richdocuments/wopi/files/22_ocmmlepa6iz9] with URI [https://my-cloud/index.php/apps/richdocuments/wopi/files/22_ocmmlepa6iz9?access_token=HsUUkPJKc8UjdXeDGg6S4ZKTO4VHPC3c&access_token_ttl=0&reuse_cookies=ocmmlepa6iz9%3Do9uenoog0irb83b63phh878fk2%3Aoc_sessionPassphrase%3D%2BsZMXEn5zWLp1PqS4tI%2FGmXUACWgF%2B0IHjea8ejqg%2FGmfxjmU%2FkR0AbdyR7gYSz%2BxJe3%2FLTkC4PJOqBK5%2FUv5TDWormLTEhGMZa2qkNgYZvlMSc0hpDzLG0SdEtucigf%3A__Host-nc_sameSiteCookielax%3Dtrue%3A__Host-nc_sameSiteCookiestrict%3Dtrue%3Anc_username%3Dnt-virtual%3Anc_token%3D5hW03wqPcX3PZSW3I3oxVCrJfKiuz5LV%3Anc_session_id%3Do9uenoog0irb83b63phh878fk2]: Host not found| wsd/DocumentBroker.cpp:1342e[0m
e[1me[31mwsd-00006-00038 2020-09-03 13:22:17.392103 [ docbroker_001 ] ERR  Error while loading : Host not found| wsd/LOOLWSD.cpp:3169e[0m
e[1me[31mwsd-00006-00038 2020-09-03 13:22:17.511147 [ docbroker_001 ] ERR  No DocBroker found, or DocBroker marked to be destroyed. Terminating session ToClient-008| wsd/ClientSession.cpp:330e[0m
e[1me[31mwsd-00006-00038 2020-09-03 13:22:17.511217 [ docbroker_001 ] ERR  No DocBroker found, or DocBroker marked to be destroyed. Terminating session ToClient-008| wsd/ClientSession.cpp:330e[0m
e[1me[31mwsd-00006-00038 2020-09-03 13:22:18.270514 [ docbroker_001 ] ERR  Invalid or unknown session [008] to remove.| wsd/DocumentBroker.cpp:1418e[0m
e[35mwsd-00006-00030 2020-09-03 13:22:19.396787 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/LOOLWSD.cpp:1970e[0m
e[1me[31mwsd-00006-00040 2020-09-03 13:22:30.144912 [ docbroker_002 ] ERR  Cannot get file info from WOPI storage uri [https://my-cloud/index.php/apps/richdocuments/wopi/files/428_ocmmlepa6iz9?access_token=u9XLPLHt4fUEqbdh0uyp07YeFZClo0PR&access_token_ttl=0&reuse_cookies=ocmmlepa6iz9%3Do9uenoog0irb83b63phh878fk2%3Aoc_sessionPassphrase%3D%2BsZMXEn5zWLp1PqS4tI%2FGmXUACWgF%2B0IHjea8ejqg%2FGmfxjmU%2FkR0AbdyR7gYSz%2BxJe3%2FLTkC4PJOqBK5%2FUv5TDWormLTEhGMZa2qkNgYZvlMSc0hpDzLG0SdEtucigf%3A__Host-nc_sameSiteCookielax%3Dtrue%3A__Host-nc_sameSiteCookiestrict%3Dtrue%3Anc_username%3Dnt-virtual%3Anc_token%3D5hW03wqPcX3PZSW3I3oxVCrJfKiuz5LV%3Anc_session_id%3Do9uenoog0irb83b63phh878fk2]. Error: Host not found: my-cloud| wsd/Storage.cpp:597e[0m
e[1me[31mwsd-00006-00040 2020-09-03 13:22:30.145112 [ docbroker_002 ] ERR  loading document exception: Host not found| wsd/DocumentBroker.cpp:1380e[0m
e[1me[31mwsd-00006-00040 2020-09-03 13:22:30.145229 [ docbroker_002 ] ERR  Failed to add session to [/index.php/apps/richdocuments/wopi/files/428_ocmmlepa6iz9] with URI [https://my-cloud/index.php/apps/richdocuments/wopi/files/428_ocmmlepa6iz9?access_token=u9XLPLHt4fUEqbdh0uyp07YeFZClo0PR&access_token_ttl=0&reuse_cookies=ocmmlepa6iz9%3Do9uenoog0irb83b63phh878fk2%3Aoc_sessionPassphrase%3D%2BsZMXEn5zWLp1PqS4tI%2FGmXUACWgF%2B0IHjea8ejqg%2FGmfxjmU%2FkR0AbdyR7gYSz%2BxJe3%2FLTkC4PJOqBK5%2FUv5TDWormLTEhGMZa2qkNgYZvlMSc0hpDzLG0SdEtucigf%3A__Host-nc_sameSiteCookielax%3Dtrue%3A__Host-nc_sameSiteCookiestrict%3Dtrue%3Anc_username%3Dnt-virtual%3Anc_token%3D5hW03wqPcX3PZSW3I3oxVCrJfKiuz5LV%3Anc_session_id%3Do9uenoog0irb83b63phh878fk2]: Host not found| wsd/DocumentBroker.cpp:1342e[0m
e[1me[31mwsd-00006-00040 2020-09-03 13:22:30.145331 [ docbroker_002 ] ERR  Error while loading : Host not found| wsd/LOOLWSD.cpp:3169e[0m
e[1me[31mwsd-00006-00040 2020-09-03 13:22:30.319033 [ docbroker_002 ] ERR  No DocBroker found, or DocBroker marked to be destroyed. Terminating session ToClient-01d| wsd/ClientSession.cpp:330e[0m
e[1me[31mwsd-00006-00040 2020-09-03 13:22:30.319254 [ docbroker_002 ] ERR  No DocBroker found, or DocBroker marked to be destroyed. Terminating session ToClient-01d| wsd/ClientSession.cpp:330e[0m
e[1me[31mwsd-00006-00040 2020-09-03 13:22:30.864629 [ docbroker_002 ] ERR  Invalid or unknown session [01d] to remove.| wsd/DocumentBroker.cpp:1418e[0m
e[35mwsd-00006-00030 2020-09-03 13:22:32.145978 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/LOOLWSD.cpp:1970e[0m

How can I find a solution?

Many thanks

Can anyone help me find a solution?

Hi Guys,

I solved it, finally!

I state that my configuration is for a development environment (server on virtualbox that shares the same network as the pc).

The matter is this: pc, server and docker share the same network addresses, but Collabora (the Docker container) is configured to be “isolated”.

The solution is in the references of Docker:


--network host

My configuration is:
Ubuntu Server 20.04 LTS Focal Fossa
nginx 1.19 mainline
MariaDB 10.5
PHP 7.4
SSL certificates (personal CA)
Nextcloud 19
Redis
Fail2ban
ufw
Netdata
apticron
ssh + 2fa
logwatch
Two-Factor TOTP Provider
Clamav
Collabora Office

Nextcloud is in the domain “my-cloud” and the configuration of the reverse proxy of Collabora is added to that of Nextcloud.

Therefore Collabora shares everything but the network and the certificates (the Docker container creates its own certificates when installing the collabora/code image).

The “--network host” option allows just what Collabora needs to open inside Nextcloud and edit LibreOffice/Office files.

The command now becomes:
docker run -t -d -e "domain=my-cloud" -e "username=my-user" -e "password=my-psw" --name=my-collabora --network host --restart always --cap-add MKNOD collabora/code

The option “-p 127.0.0.1:9980:9980” is no longer necessary because “--network host” bypasses it (the reverse proxy is configured on port 9980, so all relative addresses will always be reachable).

Be careful not to use “--network host” in a production environment, as exposing the Docker container to the same network could create security problems.

Hope it can help someone.

1 Like

You save my day!! Thanks a lot!! I was getting the same error and I don’t know why. I changed my docker command -p 127.0.0.1:9980:99880 to --network host and now it works!!

But you say that this change can expose the docker container and create security problems, what kind of problems?? Can you give me a link to read about it?

Thanks a lot again!!!

Hi Gotzon

You don’t have to thank me, but all the guys who work and share free software.

As for the information you asked me, these are the links where I found the references I was looking for:

I didn’t delve further, I “trusted” them.

Glad I could help.

To the next.

Thank you again,

I can see now why is considered insecure, but while a find another solution, i will fix the error with your solution.

Thank you :blush: :blush:

Thanks for sharing, this helped me solve a similar issue. However, there’s a much better solution to this than exposing your entire network to your container with --network host. This is a bad idea from a security standpoint and defeats the purpose of using a container.

In my case, this was a DNS resolution issue, since the address my container received for my Nextcloud instance wasn’t an IP it could route to. Your docker containers will resolve DNS based on what’s in /etc/docker/daemon.json, I think it pulls from the host /etc/resolv.conf by default. So in my case, I had my LAN DNS server, as well as a couple public ones, similar to this.

{
  "dns": ["192.168.0.1", "8.8.8.8", "8.8.4.4"]
}

So what happened when the Collabora container tried to lookup nextcloud.example.com from my local DNS server, it got back 192.168.0.2. But since the container only knows about the network 172.17.0.0, it wasn’t able to route there to talk to it. You could remove your local DNS server from there, if your Nextcloud is reachable from the internet, but then you’d get a lot of unnecessary latency.

To test the connectivity of your Nextcloud instance, get a shell inside the Collabora container:
docker exec -u root -it collabora /bin/bash

Then, you can use curl to try to reach your Nextcloud instance:

root@6da61a92f999:/etc# curl -Lv https://nextcloud.example.com
* Rebuilt URL to: https://nextcloud.example.com/
*   Trying 192.168.0.2...
* TCP_NODELAY set
* connect to 192.168.0.2 port 443 failed: Connection refused
* Failed to connect to nextcloud.example.com port 443: Connection refused
* Closing connection 0
curl: (7) Failed to connect to nextcloud.example.com port 443: Connection refused

So that’s what it looks like when it can’t route correctly. The container should be talking to Nextcloud on the docker bridge address (which is also what it needs for Nextcloud’s DNS entry), which in my case was 172.17.0.1.

To test the fix, add your bridge IP address to the container’s /etc/hosts:
echo 172.17.0.1 >> /etc/hosts

Then if you rerun the curl command again it will work, as will Nextcloud.

Solution:
To make that permanent use --add-hosts in your docker command, which in my case would be --add-hosts nextcloud.example.com:172.17.0.1