Closed SnejPro closed 2 years ago
To use multiple aliases for same instance , you have to define the groups in alias_groups and set mode to groups:
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
<!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
add the hosts below. If one host is accessible under multiple ip addresses
or names, add them as aliases. -->
<group>
<host desc="hostname to allow or deny." allow="true">protocol://cloud.domain1.de:port</host>
<alias desc="regex pattern of aliasname">protocol://cloud.domain2.de:port</alias>
</group>
<!-- More "group"s possible here -->
</alias_groups>
To use multiple aliases for same instance , you have to define the groups in alias_groups and set mode to groups:
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups"> <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and add the hosts below. If one host is accessible under multiple ip addresses or names, add them as aliases. --> <group> <host desc="hostname to allow or deny." allow="true">protocol://cloud.domain1.de:port</host> <alias desc="regex pattern of aliasname">protocol://cloud.domain2.de:port</alias> </group> <!-- More "group"s possible here --> </alias_groups>
Is this achievable via docker-compose?
docker-compose
I
To use multiple aliases for same instance , you have to define the groups in alias_groups and set mode to groups:
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups"> <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and add the hosts below. If one host is accessible under multiple ip addresses or names, add them as aliases. --> <group> <host desc="hostname to allow or deny." allow="true">protocol://cloud.domain1.de:port</host> <alias desc="regex pattern of aliasname">protocol://cloud.domain2.de:port</alias> </group> <!-- More "group"s possible here --> </alias_groups>
Is this achievable via docker-compose?
you have to edit coolwsd.xml
@Rash419 It would be great if it would be possible via docker-compose as it already worked without manually editing coolwsd.xml
@SnejPro, to be sure, can you check with the updated 21.11.3.4-1 image?
@SnejPro, to be sure, can you check with the updated 21.11.3.4-1 image?
Hi, the error is still present. I think there must be made changes is coolwsd.xml as @Rash419 mentioned.
@SnejPro and is this a new bug that started with the previous Docker build, 21.11.3.3-1, or has it existed before as well?
@SnejPro and is this a new bug that started with the previous Docker build, 21.11.3.3-1, or has it existed before as well?
Unfortunately I haven't used multiple domains for quite some time, so I do not know since when this bug exists.
@Rash419 It would be great if it would be possible via docker-compose as it already worked without manually editing coolwsd.xml
can you please try to edit the coolwsd.xml and confirm that it works , we will have look on how to add multiple hosts using docker-compose
@Rash419 It would be great if it would be possible via docker-compose as it already worked without manually editing coolwsd.xml
can you please try to edit the coolwsd.xml and confirm that it works , we will have look on how to add multiple hosts using docker-compose
No it does not work:
coolwsd.xml
<wopi desc="Allow/deny wopi storage." allow="true">
<host desc="Regex pattern of hostname to allow or deny." allow="true">cloud\.domain1\.de|cloud\.domain2\.de</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
<max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
<locking desc="Locking settings">
<refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
</locking>
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
<!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
add the hosts below. If one host is accessible under multiple ip addresses
or names, add them as aliases. -->
<!--<group>
<host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>
<alias desc="regex pattern of aliasname">scheme://aliasname1:port</alias>
<alias desc="regex pattern of aliasname">scheme://aliasname2:port</alias>
</group>-->
<!-- More "group"s possible here
-->
<group>
<host desc="hostname to allow or deny." allow="true">cloud.domain1.de</host>
<alias desc="regex pattern of aliasname">cloud\.domain1\.de</alias>
</group>
<group>
<host desc="hostname to allow or deny." allow="true">cloud.domain2.de</host>
<alias desc="regex pattern of aliasname">cloud\.domain2\.de</alias>
</group>
</alias_groups>
</wopi>
Log:
{"log":"wsd-00001-00071 2022-03-28 18:26:51.590708 +0000 [ docbroker_003 ] ERR Host: cloud.domain1.de is not allowed, It is not part of alias_groups configuration| wsd/Storage.cpp:337\n","stream":"stderr","time":"2022-03-28T18:26:51.590965855Z"}
{"log":"wsd-00001-00071 2022-03-28 18:26:51.620446 +0000 [ docbroker_003 ] ERR No acceptable WOPI hosts found matching the target host [cloud.domain1.de] in config.| wsd/Storage.cpp:436\n","stream":"stderr","time":"2022-03-28T18:26:51.620555157Z"}
{"log":"wsd-00001-00071 2022-03-28 18:26:51.620768 +0000 [ docbroker_003 ] ERR loading document exception: No acceptable WOPI hosts found matching the target host [cloud.domain1.de] in config.| wsd/DocumentBroker.cpp:2124\n","stream":"stderr","time":"2022-03-28T18:26:51.62085827Z"}
@Rash419 It would be great if it would be possible via docker-compose as it already worked without manually editing coolwsd.xml
can you please try to edit the coolwsd.xml and confirm that it works , we will have look on how to add multiple hosts using docker-compose
No it does not work:
coolwsd.xml
<wopi desc="Allow/deny wopi storage." allow="true"> <host desc="Regex pattern of hostname to allow or deny." allow="true">cloud\.domain1\.de|cloud\.domain2\.de</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host> <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size> <locking desc="Locking settings"> <refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh> </locking> <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups"> <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and add the hosts below. If one host is accessible under multiple ip addresses or names, add them as aliases. --> <!--<group> <host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host> <alias desc="regex pattern of aliasname">scheme://aliasname1:port</alias> <alias desc="regex pattern of aliasname">scheme://aliasname2:port</alias> </group>--> <!-- More "group"s possible here --> <group> <host desc="hostname to allow or deny." allow="true">cloud.domain1.de</host> <alias desc="regex pattern of aliasname">cloud\.domain1\.de</alias> </group> <group> <host desc="hostname to allow or deny." allow="true">cloud.domain2.de</host> <alias desc="regex pattern of aliasname">cloud\.domain2\.de</alias> </group> </alias_groups> </wopi>
Log:
{"log":"wsd-00001-00071 2022-03-28 18:26:51.590708 +0000 [ docbroker_003 ] ERR Host: cloud.domain1.de is not allowed, It is not part of alias_groups configuration| wsd/Storage.cpp:337\n","stream":"stderr","time":"2022-03-28T18:26:51.590965855Z"} {"log":"wsd-00001-00071 2022-03-28 18:26:51.620446 +0000 [ docbroker_003 ] ERR No acceptable WOPI hosts found matching the target host [cloud.domain1.de] in config.| wsd/Storage.cpp:436\n","stream":"stderr","time":"2022-03-28T18:26:51.620555157Z"} {"log":"wsd-00001-00071 2022-03-28 18:26:51.620768 +0000 [ docbroker_003 ] ERR loading document exception: No acceptable WOPI hosts found matching the target host [cloud.domain1.de] in config.| wsd/DocumentBroker.cpp:2124\n","stream":"stderr","time":"2022-03-28T18:26:51.62085827Z"}
Can you add protocol please:
<group> <host desc="hostname to allow or deny." allow="true">protocol://cloud.domain1.de</host> <alias desc="regex pattern of aliasname">protocol://cloud.domain2.de</alias> </group>
@Rash419 this worked!
@Rash419 this worked!
I am glad it worked , I am working on the way to mention it directly in docker-compose, lets see : )
@Rash419 Great. Thank You. It would be good if it would work as before. Because there are many manuals in the wild web suggesting this way to enable multiple domains.
@Rash419 Great. Thank You. It would be good if it would work as before. Because there are many manuals in the wild web suggesting this way to enable multiple domains.
Are there two different nextcloud intances ? Then the correct config will be:
<group>
<host desc="hostname to allow or deny." allow="true">protocol://cloud.domain1.de</host>
</group>
<group>
<host desc="hostname to allow or deny." allow="true">protocol://cloud.domain2.de</host>
</group>
Protocol = http/https
Yes they are two instances.
<group>
<host desc="hostname to allow or deny." allow="true">protocol://cloud.domain1.de</host>
</group>
<group>
<host desc="hostname to allow or deny." allow="true">protocol://cloud.domain2.de</host>
</group>
This works aswell.
@SnejPro and is this a new bug that started with the previous Docker build, 21.11.3.3-1, or has it existed before as well?
Until a few days ago, everything was fine, I have been using dockerized collabora for years and I never had any issues.
We use a single Collabora CODE instance from multiple Nextcloud instances. With collabora/code:6.4.11.3
we pass the list of allowed domains to the collabora container as an environment variable as described here, e.g., docker run (...) -e "domain=my\\.first\\.domain|my\\.second\\.domain
.
We noticed this same issue when testing the collabora/code:21.11.3.4.1
image, only the first domain to connect is allowed afterwards. Modifying coolwsd.xml wouldn't be a deal breaker for us, but environment variables are so much more convenient to configure containers so we're holding on the upgrade for now. I'll be glad to assist with testing if it helps.
@SnejPro and is this a new bug that started with the previous Docker build, 21.11.3.3-1, or has it existed before as well?
Until a few days ago, everything was fine, I have been using dockerized collabora for years and I never had any issues.
@vasyugan for now you can modify coolwsd.xml if you have multiple hosts, lets see if we can pass it by env : ) set alias_groups mode to groups
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="first">
<!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
add the hosts below. If one host is accessible under multiple ip addresses
or names, add them as aliases. -->
<!--<group>
<host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>
<alias desc="regex pattern of aliasname">scheme://aliasname1:port</alias>
<alias desc="regex pattern of aliasname">scheme://aliasname2:port</alias>
</group>-->
<!-- More "group"s possible here -->
</alias_groups>
@Rash419 The way I tried didn't work for me. Do I have to use a single line per host? Also, why do I need to resort to the alias groups? Some are in fact aliases, as they are on the same server, while others are other distinct hosts.
@Rash419 The way I tried didn't work for me. Do I have to use a single line per host? Also, why do I need to resort to the alias groups? Some are in fact aliases, as they are on the same server, while others are other distinct hosts.
What is your setup ? How many instances of nextcloud your using and which are aliases of which instance , can you share please
@Rash419 The way I tried didn't work for me. Do I have to use a single line per host? Also, why do I need to resort to the alias groups? Some are in fact aliases, as they are on the same server, while others are other distinct hosts.
What is your setup ? How many instances of nextcloud your using and which are aliases of which instance , can you share please
five are on the same server as the dockerized collabora, while three are remote. Those who are on the same server I have tried to add to the alias group, yet to no avail:
<wopi desc="Allow/deny wopi storage." allow="true">
<alias desc="Regex pattern of hostname to allow or deny." allow="true">cloud.****.org</alias>
<host desc="Regex pattern of hostname to allow or deny." allow="true">nextcloud.****************.de</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">****.***********.me</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">*************.***</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
<max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
<locking desc="Locking settings">
<refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
</locking>
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
<host desc="Regex pattern of hostname to allow or deny." allow="true">https://cloud.*****.org:443</host>
<alias desc="Regex pattern of aliasname to allow or deny." allow="true">https://nextcloud.******.org:443</alias>
<alias desc="Regex pattern of aliasname to allow or deny." allow="true">https://cloud.anotherorg.org:443</alias>
<alias desc="Regex pattern of aliasname to allow or deny." allow="true">https://cloud.thirdorg.org:443</alias>
<alias desc="Regex pattern of aliasname to allow or deny." allow="true">https://cloud.fourt.org:443</alias>
<!-- If you need to use multiple wopi aliass, please change the mode to "groups" and
add the aliass below. If one alias is accessible under multiple ip addresses
or names, add them as aliases. -->
<!-- More "group"s possible here -->
</alias_groups>
</wopi>
@vasyugan Depending on the number of instances you have to add a group tag for example if you have two different instances of nc called nc1 and nc2
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
<group>
<host allow="true">https://nc1:443</host>
<!-- mention below all aliases of nc1 below before the group tag finishes if you don't have any aliases
just don't use alias tag -->
<alias>https://aliasname:port </alias>
</group>
<group>
<host allow="true">https://nc2:443</host>
<!-- mention below all aliases of nc2 below before the group tag finishes-->
<alias>https://aliasname:port</alias>
</group>
<!-- If you need to use multiple wopi aliass, please change the mode to "groups" and
add the aliass below. If one alias is accessible under multiple ip addresses
or names, add them as aliases. -->
<!-- More "group"s possible here -->
</alias_groups>
@Rash419 It is still not working. Can you give me a working example of everything between<wopi>
and</wopi>
?
Isn't this shit documented anywhere?
@Rash419 It is still not working. Can you give me a working example of everything between
<wopi>
and</wopi>
?<wopi desc="Allow/deny wopi storage." allow="true"> <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size> <locking desc="Locking settings"> <refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh> </locking>
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
<!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
add the hosts below. If one host is accessible under multiple ip addresses
or names, add them as aliases. -->
<group>
<host desc="hostname to allow or deny." allow="true">http://nextcloud-vm1:80</host>
</group>
<group>
<host desc="hostname to allow or deny." allow="true">http://nextcloud-vm2:80</host>
<alias desc="regex pattern of aliasname">http://nextcloud-.*:80</alias>
</group>
<!-- More "group"s possible here -->
</alias_groups>
</wopi>
this is my setup with 2 vms and having two different nextcloud instances ,nextcloud-vm1 has no aliases
nextcloud-vm2 has aliases like nextcloud-abc, nextcloud-xyz
so I have defined regex nextcloud-.*:80
Sorry but we are working on documentation right now
@Rash419 Thanks, following this scheme, it works again with all my instances. Hope, this bug is going to be fixed, soon, however, as getting it to run this way is a bit of a hassle... Thanks again!
For me it woked again when I put brackets arount the hosts, e.g.:
environment:
- domain=(cloud.domain1.de|cloud.domain2.de)
For me it woked again when I put brackets arount the hosts, e.g.:
environment: - domain=(cloud.domain1.de|cloud.domain2.de)
This hasn't worked for me last week.
You are right, sorry. Doesn't work, it just works with the 2nd Domain now but doesn't work with the first anymore. I just tested the second one because that was the one that was not working before. Sorry.
@kendy will this be in the next release on docker hub?
@SnejPro yes : )
We use a single Collabora CODE instance from multiple Nextcloud instances. With
collabora/code:6.4.11.3
we pass the list of allowed domains to the collabora container as an environment variable as described here, e.g.,docker run (...) -e "domain=my\\.first\\.domain|my\\.second\\.domain
.We noticed this same issue when testing the
collabora/code:21.11.3.4.1
image, only the first domain to connect is allowed afterwards. Modifying coolwsd.xml wouldn't be a deal breaker for us, but environment variables are so much more convenient to configure containers so we're holding on the upgrade for now. I'll be glad to assist with testing if it helps.
Hello,
we are running the container like this:
sudo docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=(cloud1\.domain\.de|cloud2\.domain\.de)" --dns=10.10.20.28 -e "username=xxx" -e "password=xxx" -e "extra_params=--o:ssl.enable=true -o:welcome.enable=false" -e "dictionaries=de en" --volume "/usr/share/fonts/truetype/:/opt/collaboraoffice6.4/share/fonts/truetype/local/:ro" --restart always --cap-add MKNOD collabora/code
Only the first domain is working.
Viewing the log shows:
loading document exception: No acceptable WOPI hosts found matching the target host [cloud2.domain.de] in config
Info: if i enclose the dots with double backslashs \\ then the second domain is working, but the first one not.
@apg1980: You published your username and password (I received it in a notification mail from GitHub from before you redacted it afterwards) and should change them on your production machines. BTW, the used username and passwort would not provide any meaningful barrier against any brute force access attempt.
Solution is: -e "aliasgroup1=https://cloud\\.domain1\\.de:443" -e "aliasgroup2=https://cloud\\.domain2\\.de:443"
we have updated the docker image and here is the documentation of how to set multiple domains and its aliases https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html : ) .
we have updated the docker image and here is the documentation of how to set multiple domains and its aliases https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html : ) .
Thanks! Is there a limit on the number of aliasgroups you can define?
we have updated the docker image and here is the documentation of how to set multiple domains and its aliases https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html : ) .
Thanks! Is there a limit on the number of aliasgroups you can define?
No there is no limit : )
Describe the bug Access from multiple domains does not work.
To Reproduce Steps to reproduce the behavior:
Expected behavior Both should work
Actual behavior Only the second cloud works with collabora. Trying to reach collabora via the first cloud results in:
Content of /etc/coolwsd/coolwsd.xml
Desktop (please complete the following information)