search

CollaboraOnline / online

Collabora Online is a collaborative online office suite based on LibreOffice technology. This is also the source for the Collabora Office apps for iOS and Android.
https://collaboraonline.com
Other
1.85k stars 702 forks source link

Docker image no longer picks up --o:ssl.enable=false #10449

Open juliusknorr opened 2 hours ago

juliusknorr commented 2 hours ago

Describe the Bug

The nightly docker image has some trouble with changing ssl.enable using the extra_params environment variable.

Steps to Reproduce

  1. docker run -t --rm -p 127.0.0.1:9980:9980 -e "extra_params=--o:ssl.enable=false" ghcr.io/collaboraonline/code-nightly:latest

Expected Behavior

Collabora is reachable on plain HTTP

curl http://localhost:9980
OK%

Actual Behavior

Collabora is still using SSL

curl http://localhost:9980
curl: (52) Empty reply from server

Additional Context

I cannot reproduce this by manually building collabora but I'm also not to sure about possible build differences there

The docker logs output seems interesting as it mentions:

-- snip
ssl.enable: false
-- snip
| wsd/COOLWSD.cpp:1507
-- snip
wsd-00001-00001 2024-11-08 10:13:52.035979 +0000 [ coolwsd ] INF  SSL support: SSL is enabled.| wsd/COOLWSD.cpp:1673
-- snip

Full: 



wsd-00001-00001 2024-11-08 10:13:52.035827 +0000 [ coolwsd ] INF  Loaded config file [/etc/coolwsd/coolwsd.xml] (non-default values):
admin_console.enable: true
admin_console.password:
admin_console.username:
fonts_missing.handling: log
indirection_endpoint.geolocation_setup: false
indirection_endpoint.migration_timeout_secs:
languagetool.enabled:
languagetool.ssl_verification:
logging.anonymize.anonymization_salt: 82589933
logging.anonymize.anonymize_user_data: false
logging.color: false
logging.disabled_areas: Socket,WebSocket,Admin,Pixel
logging.file.property: /var/log/coolwsd.log
logging.file.property[0]: /var/log/coolwsd.log
logging.file.property[2]: timestamp
logging.least_verbose_level_settable_from_client: fatal
logging.most_verbose_level_settable_from_client: notice
net.connection_timeout_secs:
net.lok_allow.host: 192\.168\.[0-9]{1,3}\.[0-9]{1,3}
net.lok_allow.host[10]: ::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}
net.lok_allow.host[11]: 10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
net.lok_allow.host[12]: ::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
net.lok_allow.host[13]: localhost
net.lok_allow.host[1]: ::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}
net.lok_allow.host[2]: 127\.0\.0\.1
net.lok_allow.host[3]: ::ffff:127\.0\.0\.1
net.lok_allow.host[4]: ::1
net.lok_allow.host[5]: 172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}
net.lok_allow.host[6]: ::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}
net.lok_allow.host[7]: 172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}
net.lok_allow.host[8]: ::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}
net.lok_allow.host[9]: 172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}
net.post_allow.host: 192\.168\.[0-9]{1,3}\.[0-9]{1,3}
net.post_allow.host[10]: ::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}
net.post_allow.host[11]: 10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
net.post_allow.host[12]: ::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
net.post_allow.host[1]: ::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}
net.post_allow.host[2]: 127\.0\.0\.1
net.post_allow.host[3]: ::ffff:127\.0\.0\.1
net.post_allow.host[4]: ::1
net.post_allow.host[5]: 172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}
net.post_allow.host[6]: ::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}
net.post_allow.host[7]: 172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}
net.post_allow.host[8]: ::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}
net.post_allow.host[9]: 172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}
net.proxy_prefix:
per_document.background_autosave: true
per_document.background_manualsave: true
per_document.bgsave_priority: 5
per_view.min_saved_message_timeout_secs: 6
quarantine_files.expiry_min:
quarantine_files.limit_dir_size_mb:
quarantine_files.max_versions_to_maintain:
quarantine_files.path:
remote_font_config.url:
security.enable_macros_execution: false
security.enable_websocket_urp: false
security.macro_security_level: 1
ssl.enable: false
ssl.hpkp: 1000
ssl.hpkp.max_age: 1000
ssl.hpkp.pins:
ssl.hpkp.pins.pin:
ssl.hpkp.report_uri:
storage.filesystem:
storage.ssl: true
storage.ssl.as_scheme: true
storage.ssl.enable:
storage.wopi: 0900
storage.wopi.alias_groups:
storage.wopi.is_legacy_server:
storage.wopi.locking: 900
trace.filter:
trace.filter.message:
trace.outgoing: false
trace.outgoing.record: false
trace.path:
trace_event.path: /var/log/coolwsd.trace.json
wasm.enable:
wasm.force:
watermark.opacity:
watermark.text:
| wsd/COOLWSD.cpp:1507
wsd-00001-00001 2024-11-08 10:13:52.035940 +0000 [ coolwsd ] INF  Anonymization of user-data is configurable.| wsd/COOLWSD.cpp:1579
wsd-00001-00001 2024-11-08 10:13:52.035955 +0000 [ coolwsd ] INF  Anonymization of user-data is disabled.| wsd/COOLWSD.cpp:1627
wsd-00001-00001 2024-11-08 10:13:52.035979 +0000 [ coolwsd ] INF  SSL support: SSL is enabled.| wsd/COOLWSD.cpp:1673
wsd-00001-00001 2024-11-08 10:13:52.035987 +0000 [ coolwsd ] INF  SSL support: termination is disabled.| wsd/COOLWSD.cpp:1674
caolanm commented 2 hours ago

@Ashod you had some config changes recently, so that comes to mind here