Unable to open word-files, "Failed to load Nextcloud Office - please try again later"

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can.

The Basics

• Nextcloud Server version:
  • 32.0.5
• Operating system and version :
  • Ubuntu 24.04
• Web server and version:
  • Apache 2.4.58
• Reverse proxy and version:
  • Apache 2.4.52
• PHP version:
  • 8.3.6
• Is this the first time you’ve seen this error? (Yes / No):
  • No
• When did this problem seem to first start?
  • After installation
• Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
  • Archive
• Are you using CloudfIare, mod_security, or similar? (Yes / No)
  • No

Summary of the issue you are facing:

I have installed Collabora Online - Built-in CODE Server and Nextcloud Office. I’m able to edit .md-files bit not word-files (doc/docx). In the browser I get

Document loading failed
Failed to load Nextcloud Office - please try again later

Steps to replicate it (hint: details matter!):

1. List files

2. Click on a doc or docx file

3. After som time, the error show up.

Log entries

In the Nextcloud server:
“POST /apps/richdocumentscode/proxy.php?req=/browser/dist/fetch-settings-config HTTP/1.1” 400 414 “-” "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36

And same other 404 errors:
“GET /apps/richdocumentscode/proxy.php?req=/browser/a246f9ab3c/color-palette-dark.css HTTP/1.1” 404 566 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36”
“GET /apps/richdocumentscode/proxy.php?req=/browser/a246f9ab3c/color-palette.css HTTP/1.1” 404 561 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36”
“GET /apps/richdocumentscode/proxy.php?req=/browser/a246f9ab3c/l10n.js HTTP/1.1” 404 551 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36”
“GET /apps/richdocumentscode/proxy.php?req=/browser/a246f9ab3c/color-palette.css HTTP/1.1” 404 561 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36”
“GET /apps/richdocumentscode/proxy.php?req=/browser/a246f9ab3c/color-palette-dark.css HTTP/1.1” 404 566 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36”

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

{"reqId":"Schtx5hcZPmX3d6nzDaG","level":3,"time":"2026-01-25T14:25:32+00:00","remoteAddr":"192.168.11.10","user":"nc-admin","app":"richdocuments","method":"GET","url":"/index.php/apps/r
ichdocuments/settings/check","scriptName":"/index.php","message":"Client error: `GET https://ncloud.xxx.no/hosting/discovery` resulted in a `404 Not Found` response:\n<!DOCTYPE 
html>\n<html class=\"ng-csp\" data-placeholder-focus=\"false\" lang=\"en\" data-locale=\"en\" translate=\"no\" >\n\t<head\n  (truncated...)\n","userAgent":"Mozilla/5.0 (X11; Linux x86_6
4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36","version":"32.0.5.0","exception":{"Exception":"GuzzleHttp\\Exception\\ClientException","Message":"Client error:
 `GET https://ncloud.xxx.no/hosting/discovery` resulted in a `404 Not Found` response:\n<!DOCTYPE html>\n<html class=\"ng-csp\" data-placeholder-focus=\"false\" lang=\"en\" data
-locale=\"en\" translate=\"no\" >\n\t<head\n  (truncated...)\n","Code":404,"Trace":[{"file":"/var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Middleware.php","line":72,"function":"crea
te","class":"GuzzleHttp\\Exception\\RequestException","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.
php","line":209,"function":"GuzzleHttp\\{closure}","class":"GuzzleHttp\\Middleware","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/gu
zzlehttp/promises/src/Promise.php","line":158,"function":"callHandler","class":"GuzzleHttp\\Promise\\Promise","type":"::"},{"file":"/var/www/nextcloud/3rdparty/guzzlehttp/promises/src/T
askQueue.php","line":52,"function":"GuzzleHttp\\Promise\\{closure}","class":"GuzzleHttp\\Promise\\Promise","type":"::","args":["*** sensitive parameters replaced ***"]},{"file":"/var/ww
w/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":251,"function":"run","class":"GuzzleHttp\\Promise\\TaskQueue","type":"->"},{"file":"/var/www/nextcloud/3rdparty/guzzleht
tp/promises/src/Promise.php","line":227,"function":"invokeWaitFn","class":"GuzzleHttp\\Promise\\Promise","type":"->"},{"file":"/var/www/nextcloud/3rdparty/guzzlehttp/promises/src/Promis
e.php","line":272,"function":"waitIfPending","class":"GuzzleHttp\\Promise\\Promise","type":"->"},{"file":"/var/www/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":229,"fu
nction":"invokeWaitList","class":"GuzzleHttp\\Promise\\Promise","type":"->"},{"file":"/var/www/nextcloud/3rdparty/guzzlehttp/promises/src/Promise.php","line":69,"function":"waitIfPendin
g","class":"GuzzleHttp\\Promise\\Promise","type":"->"},{"file":"/var/www/nextcloud/3rdparty/guzzlehttp/guzzle/src/Client.php","line":189,"function":"wait","class":"GuzzleHttp\\Promise\\
Promise","type":"->"},{"file":"/var/www/nextcloud/lib/private/Http/Client/Client.php","line":206,"function":"request","class":"GuzzleHttp\\Client","type":"->"},{"file":"/var/www/nextclo
ud/apps/richdocuments/lib/Service/DiscoveryService.php","line":61,"function":"get","class":"OC\\Http\\Client\\Client","type":"->","args":["*** sensitive parameters replaced ***"]},{"fil
e":"/var/www/nextcloud/apps/richdocuments/lib/Service/CachedRequestService.php","line":74,"function":"sendRequest","class":"OCA\\Richdocuments\\Service\\DiscoveryService","type":"->"},{
"file":"/var/www/nextcloud/apps/richdocuments/lib/Service/ConnectivityService.php","line":28,"function":"fetch","class":"OCA\\Richdocuments\\Service\\CachedRequestService","type":"->"},
{"file":"/var/www/nextcloud/apps/richdocuments/lib/Controller/SettingsController.php","line":73,"function":"testDiscovery","class":"OCA\\Richdocuments\\Service\\ConnectivityService","ty
pe":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":204,"function":"checkSettings","class":"OCA\\Richdocuments\\Controller\\SettingsController","t
ype":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":118,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},
{"file":"/var/www/nextcloud/lib/private/AppFramework/App.php","line":153,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/
private/Route/Router.php","line":321,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/nextcloud/lib/base.php","line":1061,"function":"match","class":"OC\
\Route\\Router","type":"->"},{"file":"/var/www/nextcloud/index.php","line":25,"function":"handleRequest","class":"OC","type":"::"}],"File":"/var/www/nextcloud/3rdparty/guzzlehttp/guzzle
/src/Exception/RequestException.php","Line":111,"message":"Client error: `GET https://ncloud.xxx.no/hosting/discovery` resulted in a `404 Not Found` response:\n<!DOCTYPE html>\n
<html class=\"ng-csp\" data-placeholder-focus=\"false\" lang=\"en\" data-locale=\"en\" translate=\"no\" >\n\t<head\n  (truncated...)\n","exception":{},"CustomMessage":"Client error: `GE
T https://ncloud.xxx.no/hosting/discovery` resulted in a `404 Not Found` response:\n<!DOCTYPE html>\n<html class=\"ng-csp\" data-placeholder-focus=\"false\" lang=\"en\" data-loc
ale=\"en\" translate=\"no\" >\n\t<head\n  (truncated...)\n"}}

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

I cannot see eny errors

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

“POST /apps/richdocumentscode/proxy.php?req=/cool/https%3A%2F%2Fncloud.xxx.no%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F620_ocb3uxizfvok%3Faccess_token%3DzfAffnOBt8B6yl0vvhGKXnQu1cXAbCiH%26access_token_ttl%3D0%26no_auth_header%3D/ws?WOPISrc=https%3A%2F%2Fncloud.xxx.no%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F620_ocb3uxizfvok&compat=/ws/open/open/1 HTTP/1.1” 400 826 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36”

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "ncloud.xxx.no",
            "ncloud.yyy.net"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "32.0.5.0",
        "overwrite.cli.url": "https:\/\/ncloud.xxx.no",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpauth": true,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "proxy": "http:\/\/a.b.c:3128",
        "config_preset": 7,
        "maintenance": false,
        "overwriteprotocol": "https",
        "twofactor_enforced": "true",
        "twofactor_enforced_groups": [
            "interne"
        ],
        "twofactor_enforced_excluded_groups": [],
        "default_phone_region": "NO"
    }
}

Apps

The output of occ app:list (if possible).

Enabled:
  - activity: 5.0.0-dev.0
  - bruteforcesettings: 5.0.0-dev.0
  - calendar: 6.1.5
  - circles: 32.0.0
  - cloud_federation_api: 1.16.0
  - comments: 1.22.0
  - contacts: 8.3.0
  - contactsinteraction: 1.13.1
  - dashboard: 7.12.0
  - dav: 1.34.2
  - federatedfilesharing: 1.22.0
  - federation: 1.22.0
  - files: 2.4.0
  - files_downloadlimit: 5.0.0-dev.0
  - files_pdfviewer: 5.0.0-dev.0
  - files_reminders: 1.5.0
  - files_sharing: 1.24.1
  - files_trashbin: 1.22.0
  - files_versions: 1.25.0
  - firstrunwizard: 5.0.0-dev.0
  - guests: 4.6.0
  - logreader: 5.0.0-dev.0
  - lookup_server_connector: 1.20.0
  - mail: 5.6.8
  - nextcloud_announcements: 4.0.0-dev.0
  - notifications: 5.0.0-dev.0
  - oauth2: 1.20.0
  - password_policy: 4.0.0-dev.0
  - photos: 5.0.0-dev.1
  - privacy: 4.0.0-dev.0
  - profile: 1.1.0
  - provisioning_api: 1.22.0
  - recommendations: 5.0.0-dev.0
  - related_resources: 3.0.0-dev.0
  - richdocuments: 9.0.2
  - richdocumentscode: 25.4.702
  - serverinfo: 4.0.0-dev.0
  - settings: 1.15.1
  - sharebymail: 1.22.0
  - support: 4.0.0-dev.0
  - survey_client: 4.0.0-dev.0
  - systemtags: 1.22.0
  - text: 6.0.1
  - theming: 2.7.0
  - twofactor_backupcodes: 1.21.0
  - twofactor_nextcloud_notification: 6.0.0-dev.0
  - twofactor_totp: 14.0.0
  - updatenotification: 1.22.0
  - user_status: 1.12.0
  - viewer: 5.0.0-dev.0
  - weather_status: 1.12.0
  - webhook_listeners: 1.3.0
  - workflowengine: 2.14.0
Disabled:
  - admin_audit: 1.22.0
  - app_api: 32.0.0 (installed 32.0.0)
  - encryption: 2.20.0
  - files_external: 1.24.1
  - suspicious_login: 10.0.0-dev.0
  - user_ldap: 1.23.0

Tips for increasing the likelihood of a response

• Use the preformatted text formatting option in the editor for all log entries and configuration output.
• If screenshots are useful, feel free to include them.
  • If possible, also include key error output in text form so it can be searched for.
• Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.

Apache rproxy config:

<VirtualHost *:80>
   ServerName ncloud.xxx.no
   CustomLog ${APACHE_LOG_DIR}/ncloud.log combined

   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 

#RewriteCond %{SERVER_NAME} =ncloud.xxx.no
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
   ServerName ncloud.xxx.no

   Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"

    #<Proxy *>
    #    Order deny,allow
    #    Allow from all
    #</Proxy>


    SetEnv    nokeepalive ssl-unclean-shutdown
    ## Request header rules
    ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Real-IP %{REMOTE_ADDR}s
    RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s

    # For WebSockets (crucial for some NC features)
    RewriteEngine On
    #RewriteCond %{HTTP:Upgrade} =websocket [NC]
    #RewriteRule /(.*) ws://ncloud.yyy.no:80/$1 [P,L]

    CustomLog ${APACHE_LOG_DIR}/ncloud.log combined

    LimitRequestBody 104857600  

    AllowEncodedSlashes NoDecode
    ProxyRequests Off
    ProxyPreserveHost On

    ProxyPass           /browser http://ncloud.yyy.no:9980/browser retry=0
    ProxyPassReverse    /browser http://ncloud.yyy.no:9983/browser

    # WOPI discovery URL

    ProxyPass           /hosting/discovery http://ncloud.yyy.no:9983/hosting/discovery retry=0
    ProxyPassReverse    /hosting/discovery http://ncloud.yyy.no:9983/hosting/discovery

    # Capabilities
    ProxyPass           /hosting/capabilities http://ncloud.yyy.no:9983/hosting/capabilities retry=0
    ProxyPassReverse    /hosting/capabilities http://ncloud.yyy.no:9983/hosting/capabilities

    # Main websocket

    ProxyPassMatch      "/cool/(.*)/ws$"      ws://ncloud.yyy.no:9983/cool/$1/ws nocanon
    # Admin Console websocket
    ProxyPass           /cool/adminws ws://ncloud.yyy.no:9983/cool/adminws

    # Download as, Fullscreen presentation and Image upload operations

    ProxyPass           /cool http://ncloud.yyy.no:9983/cool
    ProxyPassReverse    /cool http://ncloud.yyy.no:9983/cool

    ProxyPass / http://ncloud.yyy.no/
    ProxyPassReverse / http://ncloud.yyy.no/
    ProxyPass /.well-known/acme/ !

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLEngine On
    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off

    SSLOptions +StdEnvVars +ExportCertData
    SSLCertificateFile /etc/letsencrypt/live/ncloud.xxx.no/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/ncloud.xxx.no/privkey.pem
</VirtualHost>

Apache config on Nexctcloud server:

<VirtualHost *:80>
  DocumentRoot /var/www/nextcloud/
  ServerName  ncloud.xxx.no
  ServerAlias  ncloud.yyy.no

  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"   

  CustomLog ${APACHE_LOG_DIR}/ncloud.log combined

  <Directory /var/www/nextcloud/>
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews

    <IfModule mod_dav.c>
      Dav off
    </IfModule>
  </Directory>
</VirtualHost>

It seems, the Built-in CODE server does not work properly. You can try disabling and enabling it again or even completely remove the CODE server and reinstalling it.

However, the Built-in CODE server should not be used for any productive use, having Collabora in a Docker container with its own reverse proxy is usually the better choice. Also see Installation guide - Collabora Online in Nextcloud and Nextcloud Office | Arno Welzel

Hi

Thank you for your answer. I have installed Collaboro Online with apt ( Collabora Online Development Edition - Collabora Online and Collabora Office ). I am not used to containers, so I prefer this method, I can find log-files etc.

Changed /etc/coolwsd/coolwsd.xml like this:

# diff coolwsd.xml coolwsd.xml.orig 
5c5
<     https://sdk.collaboraonline.com/docs/installation/Configuration.html -->
---
>          https://sdk.collaboraonline.com/docs/installation/Configuration.html -->
14c14
<     <allowed_languages desc="List of supported languages of Writing Aids (spell checker, grammar checker, thesaurus, hyphenation) on this instance. Allowing too many has negative effect on startup performance." default="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru">no_NO de_DE en_GB en_US  pt_BR pt_PT </allowed_languages>
---
>     <allowed_languages desc="List of supported languages of Writing Aids (spell checker, grammar checker, thesaurus, hyphenation) on this instance. Allowing too many has negative effect on startup performance." default="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru">de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</allowed_languages>
27c27
<         <ssl_verification desc="Enable or disable SSL verification. You may have to disable it in test environments with self-signed certificates." type="string" default="true">false</ssl_verification>
---
>         <ssl_verification desc="Enable or disable SSL verification. You may have to disable it in test environments with self-signed certificates." type="string" default="true">true</ssl_verification>
41c41
<     <server_name desc="External hostname:port of the server running coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default="">ncloud.multifritid.no</server_name>
---
>     <server_name desc="External hostname:port of the server running coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default=""></server_name>
165c165
<       <proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">IPv4</proto>
---
>       <proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto>
218c218
<         <enable type="bool" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>
---
>         <enable type="bool" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">true</enable>
220c220
<         <termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="false">true</termination>
---
>         <termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="false">false</termination>
287c287
<                     <host desc="hostname to allow or deny." allow="true">https://ncloud.multifritid.no:443</host>
---
>                     <host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>

and the rproxy with port 9980 instead of 9983.

Enabled “Use your own server”, seems ok.

coolwsd logging:

2026-01-26T14:55:18.173469+01:00 ncloud coolwsd[15059]: wsd-15059-15074 2026-01-26 14:55:18.172704 +0100 [ websrv_poll ] WRN  #45: CheckTimeout: Timeout while requesting [GET ncloud.multifritid.no/index.php/apps/richdocuments/wopi/files/620_ocb3uxizfvok?access_token=Rvz1zX6KJNBmuQYpLkUVhsbOFPDiaQMh&access_token_ttl=0] after 58771ms| net/HttpRequest.hpp:2008
2026-01-26T14:55:18.175165+01:00 ncloud coolwsd[15059]: wsd-15059-15074 2026-01-26 14:55:18.172807 +0100 [ websrv_poll ] ERR  #45: WOPI::CheckFileInfo returned0 (Unknown)  for URI [https://ncloud.multifritid.no/index.php/apps/richdocuments/wopi/files/620_ocb3uxizfvok?access_token=Rvz1zX6KJNBmuQYpLkUVhsbOFPDiaQMh&access_token_ttl=0]. Headers: #011Body: []| wsd/wopi/CheckFileInfo.cpp:103
2026-01-26T14:55:18.175245+01:00 ncloud coolwsd[15059]: wsd-15059-15074 2026-01-26 14:55:18.172854 +0100 [ websrv_poll ] ERR  #45: Failed or timed-out CheckFileInfo [https://ncloud.multifritid.no/index.php/apps/richdocuments/wopi/files/620_ocb3uxizfvok?access_token=Rvz1zX6KJNBmuQYpLkUVhsbOFPDiaQMh&access_token_ttl=0]| wsd/wopi/CheckFileInfo.cpp:117
2026-01-26T14:56:25.221188+01:00 ncloud coolwsd[15059]: wsd-15059-15074 2026-01-26 14:56:25.220493 +0100 [ websrv_poll ] WRN  #45: CheckTimeout: Timeout while requesting [GET ncloud.multifritid.no/index.php/apps/richdocuments/wopi/files/620_ocb3uxizfvok?access_token=rcktKsk6UWgyhW0N37cnB61doc1QGk0k&access_token_ttl=0] after 64231ms| net/HttpRequest.hpp:2008
2026-01-26T14:56:25.221536+01:00 ncloud coolwsd[15059]: wsd-15059-15074 2026-01-26 14:56:25.220567 +0100 [ websrv_poll ] ERR  #45: WOPI::CheckFileInfo returned0 (Unknown)  for URI [https://ncloud.multifritid.no/index.php/apps/richdocuments/wopi/files/620_ocb3uxizfvok?access_token=rcktKsk6UWgyhW0N37cnB61doc1QGk0k&access_token_ttl=0]. Headers: #011Body: []| wsd/wopi/CheckFileInfo.cpp:103
2026-01-26T14:56:25.221611+01:00 ncloud coolwsd[15059]: wsd-15059-15074 2026-01-26 14:56:25.220581 +0100 [ websrv_poll ] ERR  #45: Failed or timed-out CheckFileInfo [https://ncloud.multifritid.no/index.php/apps/richdocuments/wopi/files/620_ocb3uxizfvok?access_token=rcktKsk6UWgyhW0N37cnB61doc1QGk0k&access_token_ttl=0]| wsd/wopi/CheckFileInfo.cpp:117

On the rproxy

"PROPFIND /remote.php/dav/files/aref/ HTTP/1.1" 207 3592 "-" "Mozilla/5.0 (Windows) mirall/4.0.5 (build 20260119) (Nextcloud, windows-10.0.22631 ClientArchitecture: x86_64 OsArchitecture: x86_64)"

I do not know if this is a problem.

The apache log on the nextcloud server give no errors.

Any ideas?

@hanssa you need a valid SSL certificate, how are you terminating that service?

<termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="false">true</termination>
<termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="false">false</termination>
<host desc="hostname to allow or deny." allow="true">https://ncloud.multifritid.no:443</host>
<host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>

• assuming a reverse proxy is handling ssl termination, coolswd termination would be disabled: ssl.enable=false and ssl.termination=true

  • Create a DNS entry for subdomain like office.mydomain.tld
  • Set reverse proxy host for office domain to forward and encrypt HTTP & WSS (WebSockets Support) for port 9980 to https://office.mydomain.tld.

• alternatively, without a reverse proxy letting coolswd handle ssl termination using Certbot or acme.sh coolswd termination would be enabled: → ssl.enable=true and ssl.termination=false

take a look at this anyway. even if you don’t use docker or containers, the method is similar and the explanation might help:

Just a general description how to set it up: https://arnowelzel.de/en/nextcloud-office

If you don’t use Docker but a local installation as package, it works the same, just the local configuration of Collabora needs to be modified to fulfil the following requirements (TLS = SSL):

1. You need TLS for accessing Collabora from outside.
2. The proxy will handle TLS - so Collabora needs to be aware not to use TLS but let the proxy do it.
3. The proxy needs its own FQDN (like “collabora.mynextcloud.example”).
4. The proxy needs to be able to accept incoming TLS connections on port 443 TCP but forward this as non-TLS to the local Collabora service on port 9980.
5. Collabora must know the FQDN of Nextcloud (like “mynextcloud.example”) and must also have at least one aliasgroup with the same FQDN defined as well so it can access Nextcloud when you want to import images from Nextcloud to office documents. Aliasgroups are also defined in coolwsd.xml.

URL from outside is https://ncloud.multifritid.no, local URL is http://ncloud.sandsdalen.net (from local DNS).

rproxy config:

<VirtualHost *:80>
   ServerName ncloud.multifritid.no
   CustomLog ${APACHE_LOG_DIR}/ncloud.log combined

   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 

#RewriteCond %{SERVER_NAME} =ncloud.multifritid.no
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
   ServerName ncloud.multifritid.no

   Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"

    #<Proxy *>
    #    Order deny,allow
    #    Allow from all
    #</Proxy>


    SetEnv    nokeepalive ssl-unclean-shutdown
    ## Request header rules
    ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Real-IP %{REMOTE_ADDR}s
    RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s

    # For WebSockets (crucial for some NC features)
    RewriteEngine On
    #RewriteCond %{HTTP:Upgrade} =websocket [NC]
    #RewriteRule /(.*) ws://ncloud.sandsdalen.net:80/$1 [P,L]

    CustomLog ${APACHE_LOG_DIR}/ncloud.log combined

    LimitRequestBody 104857600  

    AllowEncodedSlashes NoDecode
    ProxyRequests Off
    ProxyPreserveHost On

    ProxyPass           /browser http://ncloud.sandsdalen.net:9980/browser retry=0
    ProxyPassReverse    /browser http://ncloud.sandsdalen.net:9980/browser

    # WOPI discovery URL

    ProxyPass           /hosting/discovery http://ncloud.sandsdalen.net:9980/hosting/discovery retry=0
    ProxyPassReverse    /hosting/discovery http://ncloud.sandsdalen.net:9980/hosting/discovery

    # Capabilities
    ProxyPass           /hosting/capabilities http://ncloud.sandsdalen.net:9980/hosting/capabilities retry=0
    ProxyPassReverse    /hosting/capabilities http://ncloud.sandsdalen.net:9980/hosting/capabilities

    # Main websocket

    ProxyPassMatch      "/cool/(.*)/ws$"      ws://ncloud.sandsdalen.net:9980/cool/$1/ws nocanon
    # Admin Console websocket
    ProxyPass           /cool/adminws ws://ncloud.sandsdalen.net:9980/cool/adminws

    # Download as, Fullscreen presentation and Image upload operations

    ProxyPass           /cool http://ncloud.sandsdalen.net:9980/cool
    ProxyPassReverse    /cool http://ncloud.sandsdalen.net:9980/cool

    ProxyPass / http://ncloud.sandsdalen.net/
    ProxyPassReverse / http://ncloud.sandsdalen.net/
    ProxyPass /.well-known/acme/ !

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLEngine On
    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off

    SSLOptions +StdEnvVars +ExportCertData
    SSLCertificateFile /etc/letsencrypt/live/ncloud.multifritid.no/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/ncloud.multifritid.no/privkey.pem
</VirtualHost>

From coolwsd.xml:

<termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="false">true</termination>

<host desc="hostname to allow or deny." allow="true">https://ncloud.multifritid.no:443</host>

Is this correct?

@hanssa

TIP

Permitted client domain instead of WOPI clients, see example below

• Prefer using - aliasgroup instead of - server_name for environment definition.
  • Aliasgroups ensures that only permitted encrypted client domains will be able to connect.
  • Define - aliasgroup iterating 1,2,3 for multiple encrypted client domains.
  • Be aware of the syntax for defining client domains using \\ as separator before .

- aliasgroup1=https://cloud.mydomain.tld:443,https://cloud\\.mydomain\\.tld:443

This is my settings now:

<host desc="hostname to allow or deny." allow="true">https://ncloud.multifritid.no:443</host>
<alias desc="regex pattern of aliasname">http://ncloud\\.sandsdalen\\.net(:[0-9]+)?</alias>

Test:

$ curl -I https://ncloud.multifritid.no/hosting/discovery
HTTP/1.1 200 Connection established

HTTP/1.1 200 OK
Date: Mon, 26 Jan 2026 16:53:33
Server: 
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Length: 33981
Content-Type: text/xml
Last-Modified: Mon, 26 Jan 2026 16:53:33
X-Content-Type-Options: nosniff
Connection: close

$ curl -I https://ncloud.multifritid.no/cool
HTTP/1.1 200 Connection established

HTTP/1.1 400 (Bad Request)
Date: Mon, 26 Jan 2026 16:54:00
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Connection: close

$ curl -I https://ncloud.multifritid.no/cool/adminws
HTTP/1.1 200 Connection established

HTTP/1.1 400 Bad Request
Date: Mon, 26 Jan 2026 16:54:23
Server: 
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Connection: close

on the nexcloud server:

root@ncloud:~# curl -I http://localhost:9980/hosting/discovery
HTTP/1.1 200 OK
Date: Mon, 26 Jan 2026 17:01:41
Server:
Content-Length: 33981
Content-Type: text/xml
Last-Modified: Mon, 26 Jan 2026 17:01:41
X-Content-Type-Options: nosniff

root@ncloud:~# curl -I http://localhost:9980/cool
HTTP/1.1 400 (Bad Request)
Date: Mon, 26 Jan 2026 17:01:48
Content-Length: 0
Connection: close

I think this is doen now, see below. But the problem is still there

The nextcloud server is behind a firewall, and had to use a proxy to reach external hosts. I opened the firewall so the server could reach itself with the externmal address, and now there is something else: “Unauthorized WOPI host. Please try again later and report to your administrator if the issue persists.”.

I can’t find where the error is now.

sudo -u www-data php -d memory_limit=512M /var/www/nextcloud/occ config:list richdocuments
{
    "apps": {
        "richdocuments": {
            "disable_certificate_verification": "",
            "doc_format": "ooxml",
            "enabled": "yes",
            "installed_version": "9.0.2",
            "public_wopi_url": "https:\/\/ncloud.multifritid.no",
            "types": "filesystem,prevent_group_restriction",
            "wopi_allowlist": "0.0.0.0,192.168.0.0\/16",
            "wopi_url": "https:\/\/ncloud.multifritid.no"
        }
    }
}

What can be the problem now?

And coolwsc logs:

2026-01-27T08:20:12.844714+01:00 ncloud coolwsd[24770]: wsd-24770-24789 2026-01-27 08:20:12.844021 +0100 [ websrv_poll ] ERR  #33: WOPI::CheckFileInfo returned403 (Forbidden) Forbidden for URI [https://ncloud.multifritid.no/index.php/apps/richdocuments/wopi/files/620_ocb3uxizfvok?access_token=X2pixDTKdw2HKvtpZUShGQjm1fIrco35&access_token_ttl=0]. Headers: Date: Tue, 27 Jan 2026 07:20:12 GMT / Server: Apache/2.4.58 (Ubuntu) / Strict-Transport-Security: max-age=15552000; includeSubDomains; preload / X-Content-Type-Options: nosniff / X-Frame-Options: SAMEORIGIN / X-Permitted-Cross-Domain-Policies: none / X-Robots-Tag: noindex, nofollow / Referrer-Policy: no-referrer / Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none' / X-Request-Id: n8SPPfrqansMCdd1MuCT / Cache-Control: no-cache, no-store, must-revalidate / Feature-Policy: autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none' / Content-Length: 2 / Content-Type: application/json; charset=utf-8 / Set-Cookie: ocb3uxizfvok=j53uvvf8m2qr8it7n12ok7cld5; path=/; secure; HttpOnly; SameSite=Lax / Connection: close#011Body: [[]]| wsd/wopi/CheckFileInfo.cpp:103
2026-01-27T08:20:12.845144+01:00 ncloud coolwsd[24770]: wsd-24770-24789 2026-01-27 08:20:12.844067 +0100 [ websrv_poll ] ERR  #33: Access denied to CheckFileInfo [https://ncloud.multifritid.no/index.php/apps/richdocuments/wopi/files/620_ocb3uxizfvok?access_token=X2pixDTKdw2HKvtpZUShGQjm1fIrco35&access_token_ttl=0]| wsd/wopi/CheckFileInfo.cpp:115
2026-01-27T08:20:12.846925+01:00 ncloud coolwsd[24770]: wsd-24770-24789 2026-01-27 08:20:12.846788 +0100 [ websrv_poll ] ERR  #33: CheckFileInfo failed for [https%3A%2F%2Fncloud.multifritid.no%3A443%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F620_ocb3uxizfvok], State::Unauthorized| wsd/RequestVettingStation.cpp:341

Found out that my own server has to be in allow list for WOPI requests

So everything is working fine now?

I had to do some testing. It seems to be working fine. Thank you for your support!

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.