Unauthorized WOPI host on UnRaid

Hello all,

Im running into the Issue of “Unauthorized WOPI host” When opening a document.

I searched the Forums, all solutions didnt apply to my Config.

Im running NGINXProxyManager, Cloudflare DDNS, Nextcloud Container and a Collabra Container.

Nextcloud Config looks like this:

Log:
{00AEA7CD-6C54-4D24-8E20-AB0F0FD93652}

This seems to be my Public IP? Though im Running the Cloudflare Proxy.
I would just add the IP, but its different every time.
{0A3543F6-5ADF-41BD-B2F9-0A1647226710}

Allowlist: 192.168.178.10(Server),192.168.178.1(Router),172.18.0.8(Collabra Docker),172.18.0.4(NPM),172.18.0.5(NC),docsrv.domain.com(collabra),nextcloud.domain.com.

Im running this on Unraid.

What am i missing, what needs to be changed?

Cloudflare uses the ASN AS13335 with 1,715,200 IPv4 and 8.11 Ă— 10^29 IPv6. The problem is that Cloudflare uses different ranges see here.

I found the list of the ips:

start page: Cloudflare IPs | Cloudflare Learning Paths
details: IP Ranges

173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22

Unfortunately, I don’t know whether you can enter this in Nextcloud “Allow List for WOPI Requests”.

173.245.48.0/20, 103.21.244.0/22, 103.22.200.0/22, 103.31.4.0/22, 141.101.64.0/18, 108.162.192.0/18, 190.93.240.0/20, 188.114.96.0/20, 197.234.240.0/22, 198.41.128.0/17, 162.158.0.0/15, 104.16.0.0/13, 104.24.0.0/14, 172.64.0.0/13, 131.0.72.0/22

Perhaps 172.64.0.0/13 solves your problem for a while.

2 Likes

Thanks for your help.

Question, would 0.0.0.0/0 be a good Idea since ive got my Proxies?

Actually, i added the IPS your provided from Cloudflare. It seems to be working now!

173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22
1 Like

That would probably have worked. But at the end of the day, it’s a safety function. So it’s probably better to use a fairly long whitelist than to allow it in principle.

:grinning:

1 Like