Hello, I am trying to configure nextcloud instance with Collabora server. Unfortunately I still get error âUnauthorised WOPI host. Please try again later and report to your administrator if the issue persists.â Below is my configuration and network schema.
Thank you for your reply. To be more specific, I donât use docker instance of Collabora - I have installed it directly inside my LXC container.
I added this block into storage.wopi.alias_groups. Unfortunately it didnât help.
<group>
<host desc="hostname to allow or deny." allow="true">nextcloud.ramus.ovh</host>
</group>
You have entered the IP address of your nextcloud server in the âAllowlist for WOPI requestsâ which is incorrect.
the coolwsd server is the WOPI client
the nextcloud server is the WOPI host/server
You must enter the IP address of your coolwsd server (WOPI client), as this is the WOPI endpoint that makes the requests to your WOPI host (the Nextcloud server).
I will check if settings inside the net section will solve my problem. Collabora server and Nextcloud server are inside the same LXC container - these services have same IP addresses. As you can see above, I have entered both Nginx and LXC container IPs.
No it wonât if it is the default and not changed before.
Since you need an IP Address in the allow list (no host name) you MUST find out, under what IP Address the coolwsd is seen from within the nextcloud server.
you can find out exactly under which IP Address nextcoud sees the Coolwsd with
Unfortunately even setting WOPI IP as 0.0.0.0/0 in Nextcloud didnât make any afford. I think, the problem may be caused by Nginx reverse proxy or my Nextcloud do not respect WOPI whitelist setting. I have installed NextCloud inside /var/www/nextcloud. Where can I find access.log file?
Sorry for my late reply. Unfortunately setting WOPI allow list to 0.0.0.0/0, ::/0 didnât help. I have also checked this setting from command line, but everything looks right.
Iâm not sure if it will help, but try it without a space after the comma:
0.0.0.0/0,::/0
If it still doesnât work, just leave it blank, which afaik is basically the same as 0.0.0.0/0 anyway. If that still doesnât work, then your problem is most likely not related to the WOPI allow list.
Not sure, as my setup is quite different from yours.
My Nextcloud is installed in a VM and served directly from that VM by Apache (no external reverse proxy), and Colabora is running as a Docker container inside the same VM, also served by the same Apache instance, so basically this setup. Iâve been running it this way for years, and expect for a few minor changes in Apache when they renamed the service and a few environment variables that have been added/changed over the years, Iâve never had any issues.
@bb77 Finally I decided to prepare the same setup as you have and everything started working. Despite this, I still see warnings in Collabora:
frk-00027-00027 2024-08-15 15:59:51.226333 +0000 [ forkit ] WRN The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:555
frk-00027-00027 2024-08-15 15:59:51.233998 +0000 [ forkit ] WRN The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:555
frk-00027-00027 2024-08-15 15:59:59.330233 +0000 [ forkit ] WRN The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:555
frk-00027-00027 2024-08-15 16:00:03.533105 +0000 [ forkit ] WRN The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:555
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
sh: 1: /usr/bin/coolmount: Operation not permitted
Apparently, you can get rid of the messages by running the container in privileged mode, which, if I understand it correctly, should also result in better performance.
However, Iâm not going to do that, because the performance is good enough for what Iâm doing with it. I mean, documents open instantly, I can edit things without issues, and generally I donât experience any problems with it except for these warnings in the logs, so I just ignore them.
I am not a heavy user of Collabora online though, so your mileage may vary
Thank you. In my case, documents load around 5 seconds. What can I do to decrease loading time? Load of the LXC container with Docker is near 0. When new document is loading, load average is around 10% in a very small period of time.
Not sure to be honest. I mean I can fiddle my way through on how to get things working but Iâm by no means an expert on the inner workings of Collabora, or when it comes to Docker.
Nevertheless, a few (very general) thoughts.
Maybe it has something to do with the fact that the Docker container is running in a Linux container, where Iâm no expert either, but I know that this can bring its own challenges.
Otherwise, I donât know, the general performance of your Nextcloud and the HW specs of your system can of course also have an impact.
âŚor the general performance of your storage, like whether it is running on spinning rust or solid state, or on a (slow) network storage.
Otherwise, maybe just try running it in privileged mode, although, to be honest, I doubt youâll go from 5 seconds to one second, by just doing that⌠I could be wrong though.
I most likely found, why my first configuration didnât work. I named ânextcloudâ the LXC container(192.168.1.17) where Collabora and Nextcloud were started. Next, I added these DNS records: nextcloud.example.com â 192.168.1.201(NGINX) collabora-office.example.com â 192.168.1.201(NGINX)
PVE automatically added this record to /etc/hosts in LXC container.
When Nextcloud was sending requests to Collabora, everything worked properly - requests were proxied by Nginx, terminated from HTTPS to HTTP and received by Collabora. To the other side, when Collabora was trying to send request to Nextcloud, was sending https requests not by Nginx, but directly to the Nextcloud which was listening to the HTTP requests.
I didnât think through the naming properly and that led to an error.
@bb77 and @ernolf Thank you so much for your help.