DNS resolve error since last update

[NaggingDaivy]

Describe the bug Since last update, Collabora has a "DNS resolve" errror. To Reproduce Steps to reproduce the behavior:

1. Create docker instance via docker-compose:

version: '3'

services:
  collabora-code:
    image: collabora/code
    container_name: collabora-code
    cap_add:
      - MKNOD
    environment:
      - username=USERNAME
      - password=PASSWORD
      - dictionaries=fr_FR en_US
      - domain=nextcloud\\.domain\\.com

    ports:
      - 9980:9980
    restart: always

2. Connect both Nextcloud to Collabora

Expected behavior Both should work

Actual behavior Collabora is only looking at the IP and not the nextcloud hostname since last update, so both can't connect. Instead of looking for "nextcloud.domain.com", it looks at the IP behind it, which is proxied within Cloudflare. When I disable the Cloudflare proxy and using my real IP, the same issue occurs, so it is not a Cloudflare issue. Here is a error log :

wsd-00001-00041 2022-03-25 15:30:17.066960 +0000 [ websrv_poll ] ERR  Poco::Net::DNS::resolve("162.158.233.69") failed: Host not found: 162.158.233.69| wsd/COOLWSD.cpp:3015
wsd-00001-00041 2022-03-25 15:30:17.067047 +0000 [ websrv_poll ] WRN  convert-to: Requesting address is denied: 162.158.233.69| wsd/COOLWSD.cpp:3021

[mmeeks]

Is that just for convert-to ? or is that for editing too ?

[mmeeks]

Rash - may be alias related; @NaggingDaivy can you provide your coolwsd.xml ? also if you turn logging up to TRC - it would be great to attach a much longer chunk of log

Thanks for reporting !

[NaggingDaivy]

Is that just for convert-to ? or is that for editing too ?

What do you mean by that ? Basically, my Nextcloud is able to connect to my Collabora, but Collabora refuses the connection, so I can't edit or view a document.

Rash - may be alias related; @NaggingDaivy can you provide your coolwsd.xml ? also if you turn logging up to TRC - it would be great to attach a much longer chunk of log

I want to help you but I don't know how I can download coolwsd.xml from a Portainer bash terminal. Can you help me on this ? Sorry, I am a newbie lol

[NaggingDaivy]

As for the logs :

_collabora-code_logs.txt

[mmeeks]

Interestingly, the error log you give is only for convert-to - used just for thumbnailing documents.

For editing - can you press F12 in your browser and see what you get on the console tab as/when you click on a document in Nextcloud to edit it ? in the network tab - are you making a connection to COOLWSD ?

[mmeeks]

Perhaps a picture or video of your launch experience would be useful =)

[NaggingDaivy]

Console log : console-error-1648225246610.log

Network tab (no connection to COOLWSD it seems) :

[NaggingDaivy]

I managed to copy my coolwsl.xml file : coolwsl.txt

[NaggingDaivy]

Do you have everything you need?

[mmeeks]

Can you show a screenshot of the Nextcloud / Collabora Online settings - do you get a green connection tick there? it really looks like you can't connect. Thanks !

[NaggingDaivy]

Yes I got a green connection tick, so Nextcloud seems to be able to join Collabora but Collabora seems to refuse the connection because of the DNS error (instead of using domain name, it uses the IP)

[NaggingDaivy]

When I click on the "save" button, I receive this log error in Collabora :

[thebearon]

That error isn't particularly indicative of an error, it's only related to previews. The logs indicate no other errors.

Perhaps trace level logs would be more helpful, do you think you could gather some to see what happens when you actually try opening a file? You can switch to trace log level using the admin console, under the Log item. It's going to be large, so please compress it, and if you don't want to share the file here, you could send it to hello at collaboraoffice.com

[NaggingDaivy]

What do you mean by switching to trace log level ?

Anyway, here is a collabora log file which show the errors when I try to edit a document : collabora-editing-document-error.txt

[PA3LIT0]

I can confirm that I have the same error as @NaggingDaivy after the latest update. :(

[mmeeks]

The error around convert-to in the logs is a red herring I'm afraid - it needs to be removed.

More usefully - can you provide some more trace information - can you turn your logging.level=trace in coolwsd.xml and then get us a log of all of the connections - that would be really helpful. Ultimately if you can't connect I would expect to see:

    LOG_ERR("No acceptable WOPI hosts found matching the target host [" << targetHost << "] in config.");

Or something similar in the logs; the trace logs will let us see every connection and what is going on.

In the meantime can you both try to connect to:

https://_public-name-of -your-server_>:9980/hosting/capabilities

and see if you can fetch the capabilities. Apparently Nextcloud can (or it would not be green) but somehow the browser can't connect to get the UI downloaded. If that fails - it would be good to get an F12/'Network' tab readout for that connection attempt; or perhaps a curl command-line.

Thanks !

[mmeeks]

PA3LITO - if you can also tell us what host / IP / port you're putting in the Nextcloud settings that might be useful.

[NaggingDaivy]

More usefully - can you provide some more trace information - can you turn your logging.level=trace in coolwsd.xml and then get us a log of all of the connections - that would be really helpful.

OK, let me try this and I will be back to you ASAP.

In the meantime can you both try to connect to:

https://_public-name-of -your-server_>:9980/hosting/capabilities

[NaggingDaivy]

Here is the trace log : collabora-code-trace.txt

[Rash419]

Here is the trace log : collabora-code-trace.txt

this file doesnot contain the log when you try edit/open the file, can you please share the log after it fails to open/edit a file

[NaggingDaivy]

this file doesnot contain the log when you try edit/open the file, can you please share the log after it fails to open/edit a file

It is ok with this one ? [attachment sanitized]

[Rash419]

this file doesnot contain the log when you try edit/open the file, can you please share the log after it fails to open/edit a file

It is ok with this one ? [attachment sanitized]

@NaggingDaivy thanks

[PA3LIT0]

Can you show a screenshot of the Nextcloud / Collabora Online settings - do you get a green connection tick there? it really looks like you can't connect. Thanks !

[PA3LIT0]

In the meantime can you both try to connect to:

https://_public-name-of -your-server_>:9980/hosting/capabilities

and see if you can fetch the capabilities. Apparently Nextcloud can (or it would not be green) but somehow the browser can't connect to get the UI downloaded. If that fails - it would be good to get an F12/'Network' tab readout for that connection attempt; or perhaps a curl command-line.

Thanks !

{"convert-to":{"available":false},"hasMobileSupport":true,"hasProxyPrefix":false,"hasTemplateSaveAs":false,"hasTemplateSource":true,"productName":"Collabora Online Development Edition","productVersion":"21.11.3.3","productVersionHash":"ad4ad219"}

[mmeeks]

Ok! there is/was a change to our SSL code handling and possibly this broke things. We don't see problems related to the new aliasing work in the logs it seems. This looks problematic:

wsd-00001-00062 2022-03-26 13:48:59.681421 +0000 [ docbroker_004 ] TRC #30 SSL error: WANT_READ (2) has no pending data to read: 0. BIO error: 0, rc: -1: error:00000000:lib(0):func(0):reason(0):| ./net/SslSocket.hpp:275 wsd-00001-00062 2022-03-26 13:48:59.681467 +0000 [ docbroker_004 ] TRC #30 SSL error: SSL (1) BIO error: 336151568, rc: -1: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:| ./net/SslSocket.hpp:346 wsd-00001-00062 2022-03-26 13:48:59.681512 +0000 [ docbroker_004 ] ERR #30 Error while handling poll at 0 in HttpSynReqPoll: #30: socket closed unexpectedly. BIO error: 0, rc: -1: error:00000000:lib(0):func(0):reason(0):| net/Socket.cpp:467 wsd-00001-00062 2022-03-26 13:48:59.681699 +0000 [ docbroker_004 ] ERR WOPI::CheckFileInfo failed for URI [https://nextcloud.bankaz.online/index.php/apps/richdocuments/wopi/files/81376_ocp16leagvr2?...

[mmeeks]

So - the interesting thing is the https / SSL implementation of Nextcloud - can you provide detail on what webserver and version you're using and/or on what version of what Linux(?) thanks!

[NaggingDaivy]

So - the interesting thing is the https / SSL implementation of Nextcloud - can you provide detail on what webserver and version you're using and/or on what version of what Linux(?) thanks!

Both Nextcloud and Collabora are docker image, and use Nginx Proxy Manager for reverse proxy / SSL.

I use OpenMediaVault 5.6.26.-1 (Usul), based on Debian 10.

[mmeeks]

Soo - we're chasing this hard. Interesting I reproduce a problem like this:

wsd-2851381-2851396 2022-03-26 23:16:28.582630 +0000 [ websrv_poll ] TRC Socket #23 SSL error: SSL (1).| ./net/SslSocket.hpp:306 wsd-2851381-2851396 2022-03-26 23:16:28.582713 +0000 [ websrv_poll ] ERR #23 Error while handling poll at 0 in websrv_poll: #23 SSL BIO error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown| net/Socket.cpp:466

on my machine at least - with 21.11.2-4

Which is really unexpected - can you report which version you upgraded from that worked so we can help bisect this ? - of course, could just be my testing going wrong =)

[mmeeks]

Ash has an interesting problem bisected to: "f74192d9ac wsd: always include the BIO errors in SSL logs" And we continue to chase that.

[timar]

@NaggingDaivy We released a new docker image with the fix above. Could you please try it and report back? Thanks.

[NaggingDaivy]

@NaggingDaivy We released a new docker image with the fix above. Could you please try it and report back? Thanks.

Problem fixed (I can edit my doc), but still the following warning :

[Ashod]

Thanks @NaggingDaivy for the quick confirmation! We should avoid that error and warning. Until then, please ignore them (I know they are noisy and annoying).

I'll close this now, but please do reopen if there are any breaking issues related to this.

[ciphel]

Thanks, it works again also for the deb-package (a new package came this morning with "apt upgrade"). Not working is the access from multiple wopi-hosts, maybe a duplicate of #4477 ? Maybe I'm holding the wrong? Anyway, thank you for your work.

[Ashod]

Thanks @ciphel for the confirmation. Let's track the 'multiple wopi-hosts' issue in #4477. It does sound the same. Feel free to share your config there with any other relevant details so we can fix that soonest as well.

[mmeeks]

A quick word of thanks to @NaggingDaivy for being fast off the block reporting this, @PA3LIT0 for helping out and @ciphel for confirming, and to all of you for helping to debug & fix it quickly. Much appreciated.

[mmeeks]

https://twitter.com/CollaboraOffice/status/1508412745162579972 =)

[ciphel]

Hello @Ashod , we finally solved the problem with multiple hosts thanks to the comments in #4477 . My section contains now: `

https://nextcloud.domain1.tld

https://nextcloud.domain2.tld ` Prior I was using the `` statement, what was not working. I did'nt use the ``, Maybe a ``-example can be included for the next release? Thank you for your work.