Ubuntu 16.10 + Collabora online

Hello there,

I’m running my NC11 under ubuntu server 16.10 and I wanted to set up collabora online into a docker by following the tutorial on NC website “https://nextcloud.com/collaboraonline/

Everything seems well configured but when I want to open or create a document I get to following error on the webpage “Well, this is embarrassing, we cannot connect to your document. Please try again.” and below what I can see in my apache logs :

[Thu Dec 15 10:11:10.536642 2016] [proxy:warn] [pid 28841] [client 192.168.1.103:40578] AH01144: No protocol handler was valid for the URL /lool/https%3A%2F%2Fnextcloud.xxxxxxx.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F2338?access_token=AxK3t
AokfSab3L7Vzrp9IWgGGTXSDWsO&permission=edit/ws. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

The thing is I enabled all of the required modules :

a2enmod proxy
a2enmod proxy_wstunnel
a2enmod ssl
a2enmod proxy_http

The trouble seems to come from that line into my apache configuration :

Main websocket

ProxyPassMatch “/lool/(.*)/ws$” wss://127.0.0.1:9980/lool/$1/ws

Below the things which differ from the tutorial:

<VirtualHost *:443
ServerName www.xxxxxx.com

Header always add Strict-Transport-Security “max-age=15768000”

ErrorLog /var/log/apache2/office-error.log
CustomLog /var/log/apache2/office-access.log combined

SSLCertificateFile /etc/letsencrypt/live/xxxxx/cert.pem
SSLCACertificateFile /etc/letsencrypt/live/xxxxx/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxxxx/privkey.pem

Include /etc/letsencrypt/options-ssl-apache.conf

Encoded slashes need to be allowed

AllowEncodedSlashes On

Container uses a unique non-signed certificate

SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

And the docker command I launched :

docker run -t -d -p 127.0.0.1:9980:9980 -e ‘domain=nextcloud\\.xxxxx\\.com’ --restart always --cap-add MKNOD collabora/code

the docker logs :

docker logs -f a94d774a03d8
Generating RSA private key, 2048 bit long modulus
…+++
…+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
…+++
…+++
e is 65537 (0x10001)
Signature ok
subject=/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost
Getting CA Private Key
loolwsd version details: 1.9.8 - 1.9.8
loolforkit version details: 1.9.8 - 1.9.8
office version details: { “ProductName”: “Collabora Office”, “ProductVersion”: “5.1”, “ProductExtension”: “.10.12”, “BuildId”: “653cc4c38dd2c05aecbee156aef460f5a361e579” }

And just to complete that issue, I updated NC from 10 to 11 and I also had the same issue with NC10.

So if anyone knows what could be wrong it would be great

Thanks

I think that:

ServerName from the VirtualHosts section and the domain name on the docker run commant should match

If you try to open
https://nextcloud.xxxxxxx.com/hosting/discovery do you get a valid repsonse?

Thanks for your feedback.

If I did something like that it’s because I followed that requirement :

Afterward, configure one VirtualHost properly to proxy the traffic. For
security reason we recommend to use a subdomain such as
office.nextcloud.com instead of running on the same domain.

Also into the documentation, the domain used on the docker run command is not the same than the serverName.

I tried what you asked me and I have a 404 error, but if i’m trying with that URL www.xxxx.com/hosting/discovery, I have something.
I also tried as well to set up the same domain between my serverName into the virtualhost section and my docker run command, but it doesn’t work, same error into my apache logs.

if colabora is responding behind https://www.xxxx.com then just try to enter this url in the nextcloud collabora setting

yes that’s what I did but doesn’t work.

For me the trouble seems coming from the proxypassmatch line.

Just for testing, I tried to set up that line like it was before, I mean like below

ProxyPass “/lool/ws” wss://127.0.0.1:9980/lool/ws

It doesn’t work as well, but I do not have the error anymore instead I have this in my access logs :

192.168.1.103 - - [15/Dec/2016:11:40:36 +0100] “GET /lool/https%253A%252F%252Fnextcloud.xxxxx.com%252Findex.php%252Fapps%252Frichdocuments%252Fwopi%252Ffiles%252F2338%3Faccess_token=XEocWWxatN6IeCcTRQSOrw6ipMm9gfO7&permission=edit/ws HTTP/1.1” 400 3436 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0”

It’s just an idea, I don’t know if this is the real issue.

Hi all !

I’ve spent countless hours trying to get Collabora work with Ubuntu 16.04 + NC 10 + Apache webserver
Tried all, a huge number of times … to no avail

Until I re-read the command to start the Collabora docker

These double slashes in ‘domain=nextcloud\.xxxxx\.com’ : were they here on purpose ?
It seems that they only are useful for the formating of the guide on the website, but it no way in the command.
But if you copy paste the command, you will get them doubled, as they appeard in my browser.

I remove on of the two slashes for every occurences and …

VOILA : it worked perfectly fine !!!

I am not really sure why the escape “” character is doubled “\” but it was the thing preventing my instance to work.

Maybe this can help someone. Because all other info were not helping !

Now :slight_smile:I’ve upgraded to NC 11 … and I

  • get an “Access denied” error when opening a document
  • dont see the icon to start Collabora in the list of icons

The debugger mentions something about the CSP

“Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src ‘nonce-SjZ…0RT0=’ ‘unsafe-eval’”).”

but I’ve had no time yet to look into it !

Does anyone get the same problems ?

Thanks
GLLM

Hi,

I’ve just tried to put one single backslash instead of two, same thing, same error.

Did you get the same errors than I have when it didn’t work for you?

And since I upgraded to NC11 Collabora is not anymore in the list of icons, like you noticed.

Thanks

Hi !

Not sure about the error messages (@work now, so I cannot tell) but what I did which makes it work was :

  • changed my linux kernel to >4.6 (http://neuro.me.uk/2009/09/20/revert-to-standard-ubuntu-kernel-on-ovh-or-kimsufi-servers/) so that grep AUFS_X /boot/config-4.x.x-xx-generic returns YES
  • change double escape \ to single escape \ in docker command
  • created a subdomain such as nextcloud.domain.tld instead of using domain.tld/nextcloud : because the SSL webbsocket reverse proxy never worked with the path, but did with the subdomain … in a separate file
  • made sure the office.domain.tld was set up properly in apache + setup a SSL certificate via letsencrypt for it
  • remove the SAMEORIGIN (look in the console/debugger) was OFF (commented out line) in nextcloud vhost, otherwise the office.domain.tld iframe cannot be included in your nextcloud.domain.tld
    (commented out Header always set X-Frame-Options SAMEORIGIN)
  • rechecked all files permissions of NC

Doing this, I managED to have Collabora work with NC10 + Ubuntu 16.04 LTS server + apache webserver in SSL

I hope this may help you,
Cheers,
GLLM

Thanks for your tips, I’ll try this tonight or maybe tomorrow and I’ll let you know

Hi GLLM,

So I tried everything you said but still doesn’t work for me, always the same error in my apache logs.

Does anyone have an idea or already encountered that error?

Thanks

Yes, every time i tried Collabora i get the embarrassing message. Cant say much about other logs as i cant remember. But it never worked for me. Same server with NC installed or separate server, a big Fail.

I probably would try it again some time(weeks) as this is the only blocker for me right now to switch from Gdocs.

fyi @z-obaze , @mmarif - under Debian 8.x I had to upgrade to kernel 4.7 (backport repo). There are some issues in Debian (as well for some Ubuntu versions) with aufs storage driver and docker. Don’t ask me what exactly the problem is, I only know that on my way to getting Collabora working it was one of the steps I had to take. Search for that issue on the web. I lost a lot of hair because of that :wink:

Good luck

Thank you for your feedback but my kernel version is 4.8 for my ubuntu server 16.10.
Maybe I should try with an ubuntu server 16.04, I don’t know if it will be better.

I’m quite stuck, I don’t know what I could do now.

Hello z-obaze,

I had the same issue with my setup. Ubuntu 16.10 with docker.
As MikeLupe said there is a driver problem with docker under 16.10.
After a long search I found this post, which solved the problem for me:

Thanks dbohm, unfortunately I tried this, still the same error in apache.

I’ll keep investigating, but thanks for your help :slight_smile:

I have had similar errors while on ubuntu 16.04 with NC10.0.1
Decided to upgrade to NC11 , the error changed to Access forbidden
Having read a lot about a suspected kernel issue with docker … the later was upgraded from 4.4 to 4.9
no progress the error is always Access Forbidden.
Sometimes in the past I encountered some difficulties on XMPP due to tight restrictions on evasion, so now evasion is disabled yet no progress.
I have defined 2 domains, one is to access the nextcloud and one for the collabora.
Both are on the same machine, and both have letsencrypt certificate.
https://mydomain.com is my main nextcloud domain
https://office-mydomain.com is the one defined for collabora
https://office-mydomain.com/hosting/discovery gives a long list

starts with
"wopi-discovery"
“net-zone name=“external-http””
"app name=“application/vnd.lotus-wordpro”
"and ends with
"app name=“application/vnd.sun.xml.report.chart”>
“action ext=“odc” name=“edit” urlsrc=“https://office-mydomain.com/loleaflet/1.9.8/loleaflet.html?"/>
”/app></net-zone
”/wopi-discovery

Could not find any error in the apache log.

Does not really matter if you have had executed the docker with dual back slashes or a single one
the error is the same.

I hope someone can point me to the correct solution.

Hi,

@dbohm : I finally made it work with the solution you gave me. Thank you so much :slight_smile: However I still have a “well embarrassing” message, when I’m clicking back on the “files” icon after viewing or modifying a document but not when i’m closing the document with the “cross” on the top right-hand corner.

I have no errors on apache logs but I have this on the docker logs. I have exactly the same logs whatever how i’m closing the documents.

docker logs -f 2bc7fb53d464

Generating RSA private key, 2048 bit long modulus
…+++
…+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
…+++
…+++
e is 65537 (0x10001)
Signature ok
subject=/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost
Getting CA Private Key
loolwsd version details: 1.9.8 - 1.9.8
loolforkit version details: 1.9.8 - 1.9.8
office version details: { “ProductName”: “Collabora Office”, “ProductVersion”: “5.1”, “ProductExtension”: “.10.12”, “BuildId”: “653cc4c38dd2c05aecbee156aef460f5a361e579” }
wsd-00025-0028 1:07:12.494030 [ client_ws_0002 ] ERR Missing JSON property: 'HidePrintOption’
wsd-00025-0028 1:07:12.494116 [ client_ws_0002 ] ERR Missing JSON property: 'HideSaveOption’
wsd-00025-0028 1:07:12.494142 [ client_ws_0002 ] ERR Missing JSON property: 'HideExportOption’
wsd-00025-0028 1:07:12.494182 [ client_ws_0002 ] ERR Missing JSON property: 'EnableOwnerTermination’
wsd-00025-0028 1:07:40.291656 [ client_ws_0002 ] WRN Connection closed.| IoUtil.cpp:115

I’m trying to figure this out.

@giorgio09 : I already encoutered that kind of trouble and it was an apache miss configuration. Have you checked in your collabora apps that’s the URL is the correct one?

Hi again,

I just realized regarding my “embarrasing” error, that I apparently have it only with firefox, I don’t have it with chrome and IE.
Just to be clear, with chrome and IE i’m not seeing the “embarrassing” message when i’m closing a document but I still have the errors like above on my docker logs.

Below my browser’s versions :

 Firefox : 50.1.0
 Chrome : 55.0.
 IE : 11

Hi,

So nobody noticed that issue? I’m the only one with the “embarrassing” message when using firefox and closing a document by clicking on the “files” button? :cry:

Hi, I’m in same problem.
“Access forbidden”.

NC 11
Every Browser.
Apache: 2.4
RedHat/OracleLinux: 7.3
Last Release Collabora - log from docker.
Generating RSA private key, 2048 bit long modulus
…+++
…+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
…+++
…+++
e is 65537 (0x10001)
Signature ok
subject=/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost
Getting CA Private Key
loolforkit version details: 2.0.1 - 2.0.1
office version details: { “ProductName”: “Collabora Office”, “ProductVersion”: “5.1”, “ProductExtension”: “.10.15”, “BuildId”: “345fa14e85e6e36ad0280f4e549c70f6b9af1a18” }

Still looking for resolution.
Parameters checked…
https://office.xxxxx.local/hosting/discovery
is displayed fine.