search

CollaboraOnline / online

Collabora Online is a collaborative online office suite based on LibreOffice technology. This is also the source for the Collabora Office apps for iOS and Android.
https://collaboraonline.com
Other
1.78k stars 681 forks source link

Access from multiple domains does not work. #4477

Closed SnejPro closed 2 years ago

SnejPro commented 2 years ago

Describe the bug Access from multiple domains does not work.

To Reproduce Steps to reproduce the behavior:

  1. Create docker instance via docker-compose:
services:
  collabora_app:
    image: collabora/code
    container_name: collabora_app
    cap_add:
      - MKNOD
    ports:
      - "9980:9980"
    environment:
      - domain=cloud\\.domain1\\.de|cloud\\.domain2\\.de
      - dictionaries=de en
      - username=USERNAME
      - password=PASSWORD
    restart: always
  1. Connect both nextclouds to collabora

Expected behavior Both should work

Actual behavior Only the second cloud works with collabora. Trying to reach collabora via the first cloud results in:

wsd-00001-00063 2022-03-24 22:23:35.149283 +0000 [ docbroker_002 ] ERR  Only allowed host is: cloud.domain2.de| wsd/Storage.cpp:330
wsd-00001-00063 2022-03-24 22:23:35.175933 +0000 [ docbroker_002 ] ERR  No acceptable WOPI hosts found matching the target host [cloud.domain1.de] in config.| wsd/Storage.cpp:436

Content of /etc/coolwsd/coolwsd.xml

        <filesystem allow="false" />
        <wopi desc="Allow/deny wopi storage." allow="true">
            <host desc="Regex pattern of hostname to allow or deny." allow="true">cloud\.domain1\.de|cloud\.domain2\.de</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
            <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
            <locking desc="Locking settings">
                <refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
            </locking>

            <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="first">
            <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
                    add the hosts below.  If one host is accessible under multiple ip addresses
                    or names, add them as aliases. -->
            <!--<group>
                    <host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>
                    <alias desc="regex pattern of aliasname">scheme://aliasname1:port</alias>
                    <alias desc="regex pattern of aliasname">scheme://aliasname2:port</alias>
            </group>-->
            <!-- More "group"s possible here -->
            </alias_groups>

        </wopi>
        <ssl desc="SSL settings">
            <as_scheme type="bool" default="true" desc="When set we exclusively use the WOPI URI's scheme to enable SSL for storage">true</as_scheme>
            <enable type="bool" desc="If as_scheme is false or not set, this can be set to force SSL encryption between storage and coolwsd. When empty this defaults to following the ssl.enable setting"></enable>
            <cert_file_path desc="Path to the cert file" relative="false"></cert_file_path>
            <key_file_path desc="Path to the key file" relative="false"></key_file_path>
            <ca_file_path desc="Path to the ca file. If this is not empty, then SSL verification will be strict, otherwise cert of storage (WOPI-like host) will not be verified." relative="false"></ca_file_path>
            <cipher_list desc="List of OpenSSL ciphers to accept. If empty the defaults are used. These can be overridden only if absolutely needed."></cipher_list>
        </ssl>
    </storage>

Desktop (please complete the following information)

Rash419 commented 2 years ago

To use multiple aliases for same instance , you have to define the groups in alias_groups and set mode to groups:

           <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
            <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
                    add the hosts below.  If one host is accessible under multiple ip addresses
                    or names, add them as aliases. -->
            <group>
                    <host desc="hostname to allow or deny." allow="true">protocol://cloud.domain1.de:port</host>
                    <alias desc="regex pattern of aliasname">protocol://cloud.domain2.de:port</alias>
            </group>
            <!-- More "group"s possible here -->
            </alias_groups>
SnejPro commented 2 years ago

To use multiple aliases for same instance , you have to define the groups in alias_groups and set mode to groups:

           <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
            <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
                    add the hosts below.  If one host is accessible under multiple ip addresses
                    or names, add them as aliases. -->
            <group>
                    <host desc="hostname to allow or deny." allow="true">protocol://cloud.domain1.de:port</host>
                    <alias desc="regex pattern of aliasname">protocol://cloud.domain2.de:port</alias>
            </group>
            <!-- More "group"s possible here -->
            </alias_groups>

Is this achievable via docker-compose?

Rash419 commented 2 years ago

docker-compose

I

To use multiple aliases for same instance , you have to define the groups in alias_groups and set mode to groups:

           <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
            <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
                    add the hosts below.  If one host is accessible under multiple ip addresses
                    or names, add them as aliases. -->
            <group>
                    <host desc="hostname to allow or deny." allow="true">protocol://cloud.domain1.de:port</host>
                    <alias desc="regex pattern of aliasname">protocol://cloud.domain2.de:port</alias>
            </group>
            <!-- More "group"s possible here -->
            </alias_groups>

Is this achievable via docker-compose?

you have to edit coolwsd.xml

SnejPro commented 2 years ago

@Rash419 It would be great if it would be possible via docker-compose as it already worked without manually editing coolwsd.xml

thebearon commented 2 years ago

@SnejPro, to be sure, can you check with the updated 21.11.3.4-1 image?

SnejPro commented 2 years ago

@SnejPro, to be sure, can you check with the updated 21.11.3.4-1 image?

Hi, the error is still present. I think there must be made changes is coolwsd.xml as @Rash419 mentioned.

thebearon commented 2 years ago

@SnejPro and is this a new bug that started with the previous Docker build, 21.11.3.3-1, or has it existed before as well?

SnejPro commented 2 years ago

@SnejPro and is this a new bug that started with the previous Docker build, 21.11.3.3-1, or has it existed before as well?

Unfortunately I haven't used multiple domains for quite some time, so I do not know since when this bug exists.

Rash419 commented 2 years ago

@Rash419 It would be great if it would be possible via docker-compose as it already worked without manually editing coolwsd.xml

can you please try to edit the coolwsd.xml and confirm that it works , we will have look on how to add multiple hosts using docker-compose

SnejPro commented 2 years ago

@Rash419 It would be great if it would be possible via docker-compose as it already worked without manually editing coolwsd.xml

can you please try to edit the coolwsd.xml and confirm that it works , we will have look on how to add multiple hosts using docker-compose

No it does not work:

coolwsd.xml

        <wopi desc="Allow/deny wopi storage." allow="true">
            <host desc="Regex pattern of hostname to allow or deny." allow="true">cloud\.domain1\.de|cloud\.domain2\.de</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
            <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
            <locking desc="Locking settings">
                <refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
            </locking>

            <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
            <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
                    add the hosts below.  If one host is accessible under multiple ip addresses
                    or names, add them as aliases. -->
            <!--<group>
                    <host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>
                    <alias desc="regex pattern of aliasname">scheme://aliasname1:port</alias>
                    <alias desc="regex pattern of aliasname">scheme://aliasname2:port</alias>
            </group>-->
            <!-- More "group"s possible here 
            -->
                <group>
                    <host desc="hostname to allow or deny." allow="true">cloud.domain1.de</host>
                    <alias desc="regex pattern of aliasname">cloud\.domain1\.de</alias>
                </group>
                <group>
                    <host desc="hostname to allow or deny." allow="true">cloud.domain2.de</host>
                    <alias desc="regex pattern of aliasname">cloud\.domain2\.de</alias>
                </group>
            </alias_groups>

        </wopi>

Log:

{"log":"wsd-00001-00071 2022-03-28 18:26:51.590708 +0000 [ docbroker_003 ] ERR  Host: cloud.domain1.de is not allowed, It is not part of alias_groups configuration| wsd/Storage.cpp:337\n","stream":"stderr","time":"2022-03-28T18:26:51.590965855Z"}
{"log":"wsd-00001-00071 2022-03-28 18:26:51.620446 +0000 [ docbroker_003 ] ERR  No acceptable WOPI hosts found matching the target host [cloud.domain1.de] in config.| wsd/Storage.cpp:436\n","stream":"stderr","time":"2022-03-28T18:26:51.620555157Z"}
{"log":"wsd-00001-00071 2022-03-28 18:26:51.620768 +0000 [ docbroker_003 ] ERR  loading document exception: No acceptable WOPI hosts found matching the target host [cloud.domain1.de] in config.| wsd/DocumentBroker.cpp:2124\n","stream":"stderr","time":"2022-03-28T18:26:51.62085827Z"}
Rash419 commented 2 years ago

@Rash419 It would be great if it would be possible via docker-compose as it already worked without manually editing coolwsd.xml

can you please try to edit the coolwsd.xml and confirm that it works , we will have look on how to add multiple hosts using docker-compose

No it does not work:

coolwsd.xml

        <wopi desc="Allow/deny wopi storage." allow="true">
            <host desc="Regex pattern of hostname to allow or deny." allow="true">cloud\.domain1\.de|cloud\.domain2\.de</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
            <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
            <locking desc="Locking settings">
                <refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
            </locking>

            <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
            <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
                    add the hosts below.  If one host is accessible under multiple ip addresses
                    or names, add them as aliases. -->
            <!--<group>
                    <host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>
                    <alias desc="regex pattern of aliasname">scheme://aliasname1:port</alias>
                    <alias desc="regex pattern of aliasname">scheme://aliasname2:port</alias>
            </group>-->
            <!-- More "group"s possible here 
            -->
                <group>
                    <host desc="hostname to allow or deny." allow="true">cloud.domain1.de</host>
                    <alias desc="regex pattern of aliasname">cloud\.domain1\.de</alias>
                </group>
                <group>
                    <host desc="hostname to allow or deny." allow="true">cloud.domain2.de</host>
                    <alias desc="regex pattern of aliasname">cloud\.domain2\.de</alias>
                </group>
            </alias_groups>

        </wopi>

Log:

{"log":"wsd-00001-00071 2022-03-28 18:26:51.590708 +0000 [ docbroker_003 ] ERR  Host: cloud.domain1.de is not allowed, It is not part of alias_groups configuration| wsd/Storage.cpp:337\n","stream":"stderr","time":"2022-03-28T18:26:51.590965855Z"}
{"log":"wsd-00001-00071 2022-03-28 18:26:51.620446 +0000 [ docbroker_003 ] ERR  No acceptable WOPI hosts found matching the target host [cloud.domain1.de] in config.| wsd/Storage.cpp:436\n","stream":"stderr","time":"2022-03-28T18:26:51.620555157Z"}
{"log":"wsd-00001-00071 2022-03-28 18:26:51.620768 +0000 [ docbroker_003 ] ERR  loading document exception: No acceptable WOPI hosts found matching the target host [cloud.domain1.de] in config.| wsd/DocumentBroker.cpp:2124\n","stream":"stderr","time":"2022-03-28T18:26:51.62085827Z"}

Can you add protocol please: <group> <host desc="hostname to allow or deny." allow="true">protocol://cloud.domain1.de</host> <alias desc="regex pattern of aliasname">protocol://cloud.domain2.de</alias> </group>

SnejPro commented 2 years ago

@Rash419 this worked!

Rash419 commented 2 years ago

@Rash419 this worked!

I am glad it worked , I am working on the way to mention it directly in docker-compose, lets see : )

SnejPro commented 2 years ago

@Rash419 Great. Thank You. It would be good if it would work as before. Because there are many manuals in the wild web suggesting this way to enable multiple domains.

Rash419 commented 2 years ago

@Rash419 Great. Thank You. It would be good if it would work as before. Because there are many manuals in the wild web suggesting this way to enable multiple domains.

Are there two different nextcloud intances ? Then the correct config will be:

<group> 
<host desc="hostname to allow or deny." allow="true">protocol://cloud.domain1.de</host>
</group>
<group> 
<host desc="hostname to allow or deny." allow="true">protocol://cloud.domain2.de</host>  
</group>

Protocol = http/https

SnejPro commented 2 years ago

Yes they are two instances.

<group> 
<host desc="hostname to allow or deny." allow="true">protocol://cloud.domain1.de</host>
</group>
<group> 
<host desc="hostname to allow or deny." allow="true">protocol://cloud.domain2.de</host>  
</group>

This works aswell.

vasyugan commented 2 years ago

@SnejPro and is this a new bug that started with the previous Docker build, 21.11.3.3-1, or has it existed before as well?

Until a few days ago, everything was fine, I have been using dockerized collabora for years and I never had any issues.

dvdjaco commented 2 years ago

We use a single Collabora CODE instance from multiple Nextcloud instances. With collabora/code:6.4.11.3 we pass the list of allowed domains to the collabora container as an environment variable as described here, e.g., docker run (...) -e "domain=my\\.first\\.domain|my\\.second\\.domain.

We noticed this same issue when testing the collabora/code:21.11.3.4.1 image, only the first domain to connect is allowed afterwards. Modifying coolwsd.xml wouldn't be a deal breaker for us, but environment variables are so much more convenient to configure containers so we're holding on the upgrade for now. I'll be glad to assist with testing if it helps.

Rash419 commented 2 years ago

@SnejPro and is this a new bug that started with the previous Docker build, 21.11.3.3-1, or has it existed before as well?

Until a few days ago, everything was fine, I have been using dockerized collabora for years and I never had any issues.

@vasyugan for now you can modify coolwsd.xml if you have multiple hosts, lets see if we can pass it by env : ) set alias_groups mode to groups

            <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="first">
            <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
                    add the hosts below.  If one host is accessible under multiple ip addresses
                    or names, add them as aliases. -->
            <!--<group>
                    <host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>
                    <alias desc="regex pattern of aliasname">scheme://aliasname1:port</alias>
                    <alias desc="regex pattern of aliasname">scheme://aliasname2:port</alias>
            </group>-->
            <!-- More "group"s possible here -->
            </alias_groups>
vasyugan commented 2 years ago

@Rash419 The way I tried didn't work for me. Do I have to use a single line per host? Also, why do I need to resort to the alias groups? Some are in fact aliases, as they are on the same server, while others are other distinct hosts.

Rash419 commented 2 years ago

@Rash419 The way I tried didn't work for me. Do I have to use a single line per host? Also, why do I need to resort to the alias groups? Some are in fact aliases, as they are on the same server, while others are other distinct hosts.

What is your setup ? How many instances of nextcloud your using and which are aliases of which instance , can you share please

vasyugan commented 2 years ago

@Rash419 The way I tried didn't work for me. Do I have to use a single line per host? Also, why do I need to resort to the alias groups? Some are in fact aliases, as they are on the same server, while others are other distinct hosts.

What is your setup ? How many instances of nextcloud your using and which are aliases of which instance , can you share please

five are on the same server as the dockerized collabora, while three are remote. Those who are on the same server I have tried to add to the alias group, yet to no avail:

        <wopi desc="Allow/deny wopi storage." allow="true">
            <alias desc="Regex pattern of hostname to allow or deny." allow="true">cloud.****.org</alias>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">nextcloud.****************.de</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">****.***********.me</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">*************.***</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
            <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
            <locking desc="Locking settings">
                <refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
            </locking>

            <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
                    <host desc="Regex pattern of hostname to allow or deny." allow="true">https://cloud.*****.org:443</host>
                        <alias desc="Regex pattern of aliasname to allow or deny." allow="true">https://nextcloud.******.org:443</alias>
                        <alias desc="Regex pattern of aliasname to allow or deny." allow="true">https://cloud.anotherorg.org:443</alias>
                        <alias desc="Regex pattern of aliasname to allow or deny." allow="true">https://cloud.thirdorg.org:443</alias>
                        <alias desc="Regex pattern of aliasname to allow or deny." allow="true">https://cloud.fourt.org:443</alias>
            <!-- If you need to use multiple wopi aliass, please change the mode to "groups" and
                    add the aliass below.  If one alias is accessible under multiple ip addresses
                    or names, add them as aliases. -->
            <!-- More "group"s possible here -->
            </alias_groups>

        </wopi>
Rash419 commented 2 years ago

@vasyugan Depending on the number of instances you have to add a group tag for example if you have two different instances of nc called nc1 and nc2

            <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
                    <group> 
                                 <host allow="true">https://nc1:443</host>
                                 <!-- mention below all aliases of nc1 below  before the group tag finishes if you don't have any aliases 
                                          just don't use alias tag -->
                                 <alias>https://aliasname:port </alias>
                    </group>
                    <group>
                                  <host allow="true">https://nc2:443</host>
                                 <!-- mention below all aliases of nc2 below  before the group tag finishes-->
                                 <alias>https://aliasname:port</alias>
                    </group>
            <!-- If you need to use multiple wopi aliass, please change the mode to "groups" and
                    add the aliass below.  If one alias is accessible under multiple ip addresses
                    or names, add them as aliases. -->
            <!-- More "group"s possible here -->
            </alias_groups>
vasyugan commented 2 years ago

@Rash419 It is still not working. Can you give me a working example of everything between<wopi> and</wopi>?

Isn't this shit documented anywhere?

Rash419 commented 2 years ago

@Rash419 It is still not working. Can you give me a working example of everything between<wopi> and</wopi>?


<wopi desc="Allow/deny wopi storage." allow="true">
<max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
<locking desc="Locking settings">
<refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
</locking>
        <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
        <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
                add the hosts below.  If one host is accessible under multiple ip addresses
                or names, add them as aliases. -->
        <group>
                <host desc="hostname to allow or deny." allow="true">http://nextcloud-vm1:80</host>
        </group>
        <group>
                <host desc="hostname to allow or deny." allow="true">http://nextcloud-vm2:80</host>
                 <alias desc="regex pattern of aliasname">http://nextcloud-.*:80</alias>
         </group>
        <!-- More "group"s possible here -->
        </alias_groups>

    </wopi>

this is my setup with 2 vms and having two different nextcloud instances ,nextcloud-vm1 has no aliases 
nextcloud-vm2 has aliases like nextcloud-abc, nextcloud-xyz
so I have defined regex nextcloud-.*:80

Sorry but we are working on documentation right now
vasyugan commented 2 years ago

@Rash419 Thanks, following this scheme, it works again with all my instances. Hope, this bug is going to be fixed, soon, however, as getting it to run this way is a bit of a hassle... Thanks again!

benvei commented 2 years ago

For me it woked again when I put brackets arount the hosts, e.g.:

    environment:
      - domain=(cloud.domain1.de|cloud.domain2.de)
SnejPro commented 2 years ago

For me it woked again when I put brackets arount the hosts, e.g.:

    environment:
      - domain=(cloud.domain1.de|cloud.domain2.de)

This hasn't worked for me last week.

benvei commented 2 years ago

You are right, sorry. Doesn't work, it just works with the 2nd Domain now but doesn't work with the first anymore. I just tested the second one because that was the one that was not working before. Sorry.

SnejPro commented 2 years ago

@kendy will this be in the next release on docker hub?

Rash419 commented 2 years ago

@SnejPro yes : )

apg1980 commented 2 years ago

We use a single Collabora CODE instance from multiple Nextcloud instances. With collabora/code:6.4.11.3 we pass the list of allowed domains to the collabora container as an environment variable as described here, e.g., docker run (...) -e "domain=my\\.first\\.domain|my\\.second\\.domain.

We noticed this same issue when testing the collabora/code:21.11.3.4.1 image, only the first domain to connect is allowed afterwards. Modifying coolwsd.xml wouldn't be a deal breaker for us, but environment variables are so much more convenient to configure containers so we're holding on the upgrade for now. I'll be glad to assist with testing if it helps.

Hello,

we are running the container like this: sudo docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=(cloud1\.domain\.de|cloud2\.domain\.de)" --dns=10.10.20.28 -e "username=xxx" -e "password=xxx" -e "extra_params=--o:ssl.enable=true -o:welcome.enable=false" -e "dictionaries=de en" --volume "/usr/share/fonts/truetype/:/opt/collaboraoffice6.4/share/fonts/truetype/local/:ro" --restart always --cap-add MKNOD collabora/code

Only the first domain is working. Viewing the log shows: loading document exception: No acceptable WOPI hosts found matching the target host [cloud2.domain.de] in config

Info: if i enclose the dots with double backslashs \\ then the second domain is working, but the first one not.

gohrner commented 2 years ago

@apg1980: You published your username and password (I received it in a notification mail from GitHub from before you redacted it afterwards) and should change them on your production machines. BTW, the used username and passwort would not provide any meaningful barrier against any brute force access attempt.

apg1980 commented 2 years ago

Solution is: -e "aliasgroup1=https://cloud\\.domain1\\.de:443" -e "aliasgroup2=https://cloud\\.domain2\\.de:443"

Rash419 commented 2 years ago

we have updated the docker image and here is the documentation of how to set multiple domains and its aliases https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html : ) .

vasyugan commented 2 years ago

we have updated the docker image and here is the documentation of how to set multiple domains and its aliases https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html : ) .

Thanks! Is there a limit on the number of aliasgroups you can define?

Rash419 commented 2 years ago

we have updated the docker image and here is the documentation of how to set multiple domains and its aliases https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html : ) .

Thanks! Is there a limit on the number of aliasgroups you can define?

No there is no limit : )