Failed to load Nextcloud Office

[Igortorrente]

Describe the bug Cannot open a document in nextcloud using Collabora office online docker container.

To Reproduce Steps to reproduce the behavior:

1. podman pull docker.io/collabora/code:21.11.5.0.1
2. podman run --rm -it --cap-add SYS_CHROOT --cap-add MKNOD --cap-add FOWNER --cap-add CHOWN --cap-add SYS_ADMIN -e username=collabora-admin -e password=collabora-password -e "aliasgroup1=https://\(collaboraonline\.\)*example.com:443" -e server_name=collaboraonline.example.com -p 10.0.0.1:9980:9980 --name collabora-online collabora/code:21.11.5.0.1
3. Set "URL (and Port) of Collabora Online-server" as https://192.168.122.160:443` (192.168.122.160 is the server ip)
4. Open Nextcloud Hub.docx and see the error

Expected behavior The document should be opened successfully.

Actual behavior Fail to load the document.

Desktop (please complete the following information)

• OS: Debian 11
• Browser: 91.9.1esr (64-bit)
• Version: code:21.11.5.0.1

Additional context In my setup I'm using nginx reverse-proxy to expose the collabora office with this configuration. Aside from this issue the Collabora container seems to be working properly and I can access the admin page through the reverse proxy. Nextcloud 24.0.0 Nextcloud Office 6.1.0

Logs Rootfull container

``` log wsd-00001-00039 2022-05-27 21:10:00.904094 +0000 [ docbroker_001 ] WRN Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| ./net/Socket.hpp:722 wsd-00001-00039 2022-05-27 21:10:00.904174 +0000 [ docbroker_001 ] ERR #33: read failed, have 0 buffered bytes (EPIPE: Broken pipe)| ./net/Socket.hpp:1125 wsd-00001-00039 2022-05-27 21:10:00.904223 +0000 [ docbroker_001 ] ERR #33: Socket write returned -1 (EPIPE: Broken pipe)| ./net/Socket.hpp:1418 wsd-00001-00039 2022-05-27 21:10:00.904245 +0000 [ docbroker_001 ] ERR #33: Socket write returned -1 (EPIPE: Broken pipe)| ./net/Socket.hpp:1418 wsd-00001-00039 2022-05-27 21:10:00.904292 +0000 [ docbroker_001 ] ERR WOPI::CheckFileInfo failed for URI [https://.com/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1?access_token=H9Fd0gfnt15Jk76H3Yti0EKU4XeUieJz&access_token_ttl=0]: 0 . Headers: Body: []| wsd/Storage.cpp:675 wsd-00001-00039 2022-05-27 21:10:00.904362 +0000 [ docbroker_001 ] ERR loading document exception: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2155 wsd-00001-00039 2022-05-27 21:10:00.904389 +0000 [ docbroker_001 ] ERR Failed to add session to [https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1] with URI [https://example.com/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1?access_token=H9Fd0gfnt15Jk76H3Yti0EKU4XeUieJz&access_token_ttl=0]: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2117 wsd-00001-00039 2022-05-27 21:10:00.904413 +0000 [ docbroker_001 ] ERR Storage error while starting session on https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1 for socket #28. Terminating connection. Error: WOPI::CheckFileInfo failed: | wsd/COOLWSD.cpp:4398 wsd-00001-00039 2022-05-27 21:10:00.904612 +0000 [ docbroker_001 ] WRN Ignoring attempted read from 28| ./net/Socket.hpp:1102 wsd-00001-00039 2022-05-27 21:10:00.904638 +0000 [ docbroker_001 ] ERR Invalid or unknown session [01b] to remove.| wsd/DocumentBroker.cpp:2200 wsd-00001-00036 2022-05-27 21:10:00.923240 +0000 [ websrv_poll ] ERR #28 Error while handling poll at 0 in websrv_poll: #28: socket closed unexpectedly. BIO error: 0, rc: -1: error:00000000:lib(0):func(0):reason(0):| net/Socket.cpp:451 wsd-00001-00036 2022-05-27 21:10:01.188562 +0000 [ websrv_poll ] WRN DocBroker with docKey [https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:2985 wsd-00001-00036 2022-05-27 21:10:01.188732 +0000 [ websrv_poll ] ERR Error while handling Client WS Request: Failed to create DocBroker with docKey [https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1].| wsd/COOLWSD.cpp:4428 wsd-00001-00036 2022-05-27 21:10:01.188862 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (ENOENT: No such file or directory)| ./net/Socket.hpp:1418 wsd-00001-00036 2022-05-27 21:10:01.188917 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (ENOENT: No such file or directory)| ./net/Socket.hpp:1418 wsd-00001-00036 2022-05-27 21:10:01.188963 +0000 [ websrv_poll ] WRN #32 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| ./net/WebSocketHandler.hpp:795 wsd-00001-00036 2022-05-27 21:10:01.189054 +0000 [ websrv_poll ] ERR #32: attempted to remove: 866 which is > size: 0 clamped to 0| ./net/Socket.hpp:1224 wsd-00001-00036 2022-05-27 21:10:01.189160 +0000 [ websrv_poll ] WRN Ignoring attempted read from 32| ./net/Socket.hpp:1102 wsd-00001-00036 2022-05-27 21:10:01.189297 +0000 [ websrv_poll ] ERR #32 Error while handling poll at 0 in websrv_poll: #32BIO error: 337690831, rc: -1: error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown: 139801185482496:error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown:../ssl/ssl_lib.c:1917: | net/Socket.cpp:451 wsd-00001-00036 2022-05-27 21:10:01.516013 +0000 [ websrv_poll ] WRN DocBroker with docKey [https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:2985 wsd-00001-00036 2022-05-2``` logs7 21:10:01.516620 +0000 [ websrv_poll ] ERR Error while handling Client WS Request: Failed to create DocBroker with docKey [https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1].| wsd/COOLWSD.cpp:4428 wsd-00001-00036 2022-05-27 21:10:01.516832 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (ENOENT: No such file or directory)| ./net/Socket.hpp:1418 wsd-00001-00036 2022-05-27 21:10:01.516997 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (ENOENT: No such file or directory)| ./net/Socket.hpp:1418 wsd-00001-00036 2022-05-27 21:10:01.517129 +0000 [ websrv_poll ] WRN #32 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| ./net/WebSocketHandler.hpp:795 wsd-00001-00036 2022-05-27 21:10:01.517494 +0000 [ websrv_poll ] ERR #32: attempted to remove: 866 which is > size: 0 clamped to 0| ./net/Socket.hpp:1224 wsd-00001-00036 2022-05-27 21:10:01.517558 +0000 [ websrv_poll ] WRN Ignoring attempted read from 32| ./net/Socket.hpp:1102 wsd-00001-00036 2022-05-27 21:10:01.517777 +0000 [ websrv_poll ] ERR #32 Error while handling poll at 0 in websrv_poll: #32BIO error: 337690831, rc: -1: error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown: 139801185482496:error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown:../ssl/ssl_lib.c:1917: | net/Socket.cpp:451 wsd-00001-00031 2022-05-27 21:10:02.905549 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3070 wsd-00001-00031 2022-05-27 21:10:02.906351 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3070 wsd-00001-00047 2022-05-27 21:10:03.564654 +0000 [ docbroker_002 ] WRN Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| ./net/Socket.hpp:722 wsd-00001-00047 2022-05-27 21:10:03.565632 +0000 [ docbroker_002 ] ERR #33: read failed, have 0 buffered bytes (EPIPE: Broken pipe)| ./net/Socket.hpp:1125 wsd-00001-00047 2022-05-27 21:10:03.566355 +0000 [ docbroker_002 ] ERR #33: Socket write returned -1 (EPIPE: Broken pipe)| ./net/Socket.hpp:1418 wsd-00001-00047 2022-05-27 21:10:03.567041 +0000 [ docbroker_002 ] ERR #33: Socket write returned -1 (EPIPE: Broken pipe)| ./net/Socket.hpp:1418 wsd-00001-00047 2022-05-27 21:10:03.567766 +0000 [ docbroker_002 ] ERR WOPI::CheckFileInfo failed for URI [https://example.com/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1?access_token=H9Fd0gfnt15Jk76H3Yti0EKU4XeUieJz&access_token_ttl=0&permission=edit]: 0 . Headers: Body: []| wsd/Storage.cpp:675 wsd-00001-00047 2022-05-27 21:10:03.569017 +0000 [ docbroker_002 ] ERR loading document exception: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2155 wsd-00001-00047 2022-05-27 21:10:03.569578 +0000 [ docbroker_002 ] ERR Failed to add session to [https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1] with URI [https://example.com/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1?access_token=H9Fd0gfnt15Jk76H3Yti0EKU4XeUieJz&access_token_ttl=0&permission=edit]: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2117 wsd-00001-00047 2022-05-27 21:10:03.570128 +0000 [ docbroker_002 ] ERR Storage error while starting session on https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1 for socket #21. Terminating connection. Error: WOPI::CheckFileInfo failed: | wsd/COOLWSD.cpp:4398 wsd-00001-00047 2022-05-27 21:10:03.571912 +0000 [ docbroker_002 ] WRN Ignoring attempted read from 21| ./net/Socket.hpp:1102 wsd-00001-00047 2022-05-27 21:10:03.573415 +0000 [ docbroker_002 ] ERR Invalid or unknown session [020] to remove.| wsd/DocumentBroker.cpp:2200 wsd-00001-00031 2022-05-27 21:10:06.934695 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3070 wsd-00001-00031 2022-05-27 21:10:06.934838 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3070 ```

Rootless container

```log wsd-00001-00087 2022-05-27 21:25:53.584751 +0000 [ docbroker_003 ] WRN Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722 wsd-00001-00087 2022-05-27 21:25:53.585106 +0000 [ docbroker_003 ] ERR #33: read failed, have 0 buffered bytes (EPIPE: Broken pipe)| net/Socket.hpp:1125 wsd-00001-00087 2022-05-27 21:25:53.585253 +0000 [ docbroker_003 ] ERR #33: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418 wsd-00001-00087 2022-05-27 21:25:53.585343 +0000 [ docbroker_003 ] ERR #33: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418 wsd-00001-00087 2022-05-27 21:25:53.585584 +0000 [ docbroker_003 ] ERR loading document exception: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2216 wsd-00001-00087 2022-05-27 21:25:53.585698 +0000 [ docbroker_003 ] ERR Failed to add session to [https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1] with URI [https://example.com/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1?access_token=tTpFO87hjw4bGhe9HCYf9g8WwmE2uaJG&access_token_ttl=0]: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2178 wsd-00001-00087 2022-05-27 21:25:53.585786 +0000 [ docbroker_003 ] ERR Storage error while starting session on https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1 for socket #22. Terminating connection. Error: WOPI::CheckFileInfo failed: | wsd/COOLWSD.cpp:4407 wsd-00001-00087 2022-05-27 21:25:53.586181 +0000 [ docbroker_003 ] WRN Ignoring attempted read from 22| net/Socket.hpp:1102 wsd-00001-00087 2022-05-27 21:25:53.586300 +0000 [ docbroker_003 ] ERR Invalid or unknown session [047] to remove.| wsd/DocumentBroker.cpp:2261 kit-00088-00034 2022-05-27 21:25:53.688156 +0000 [ kit_spare_004 ] ERR mknod(/opt/cool/child-roots/GoFDoI8YVRT18ZT1//tmp/dev/random) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:262 kit-00088-00034 2022-05-27 21:25:53.688366 +0000 [ kit_spare_004 ] ERR mknod(/opt/cool/child-roots/GoFDoI8YVRT18ZT1//tmp/dev/urandom) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:274 wsd-00001-00048 2022-05-27 21:25:53.728592 +0000 [ websrv_poll ] ERR #32 Error while handling poll at 0 in websrv_poll: #32: socket closed unexpectedly. BIO error: 0, rc: -1: error:00000000:lib(0):func(0):reason(0):| net/Socket.cpp:451 wsd-00001-00048 2022-05-27 21:25:53.737244 +0000 [ websrv_poll ] ERR #32 Error while handling poll at 0 in websrv_poll: #32: socket closed unexpectedly. BIO error: 0, rc: -1: error:00000000:lib(0):func(0):reason(0):| net/Socket.cpp:451 wsd-00001-00048 2022-05-27 21:25:53.742348 +0000 [ websrv_poll ] ERR #32 Error while handling poll at 0 in websrv_poll: #32: socket closed unexpectedly. BIO error: 0, rc: -1: error:00000000:lib(0):func(0):reason(0):| net/Socket.cpp:451 wsd-00001-00048 2022-05-27 21:25:53.751850 +0000 [ websrv_poll ] ERR #32 Error while handling poll at 0 in websrv_poll: #32: socket closed unexpectedly. BIO error: 0, rc: -1: error:00000000:lib(0):func(0):reason(0):| net/Socket.cpp:451 wsd-00001-00048 2022-05-27 21:25:53.899375 +0000 [ websrv_poll ] WRN DocBroker with docKey [https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:2994 wsd-00001-00048 2022-05-27 21:25:53.899476 +0000 [ websrv_poll ] ERR Error while handling Client WS Request: Failed to create DocBroker with docKey [https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1].| wsd/COOLWSD.cpp:4437 wsd-00001-00048 2022-05-27 21:25:53.899503 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (ENOENT: No such file or directory)| net/Socket.hpp:1418 wsd-00001-00048 2022-05-27 21:25:53.899537 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (ENOENT: No such file or directory)| net/Socket.hpp:1418 wsd-00001-00048 2022-05-27 21:25:53.899548 +0000 [ websrv_poll ] WRN #32 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:795 wsd-00001-00048 2022-05-27 21:25:53.899568 +0000 [ websrv_poll ] ERR #32: attempted to remove: 866 which is > size: 0 clamped to 0| net/Socket.hpp:1224 wsd-00001-00048 2022-05-27 21:25:53.899588 +0000 [ websrv_poll ] WRN Ignoring attempted read from 32| net/Socket.hpp:1102 wsd-00001-00048 2022-05-27 21:25:53.899638 +0000 [ websrv_poll ] ERR #32 Error while handling poll at 0 in websrv_poll: #32BIO error: 337690831, rc: -1: error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown: 139790439671552:error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown:../ssl/ssl_lib.c:1917: | net/Socket.cpp:451 wsd-00001-00048 2022-05-27 21:25:54.469053 +0000 [ websrv_poll ] WRN DocBroker with docKey [https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:2994 wsd-00001-00048 2022-05-27 21:25:54.469281 +0000 [ websrv_poll ] ERR Error while handling Client WS Request: Failed to create DocBroker with docKey [https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1].| wsd/COOLWSD.cpp:4437 wsd-00001-00048 2022-05-27 21:25:54.469369 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (ENOENT: No such file or directory)| net/Socket.hpp:1418 wsd-00001-00048 2022-05-27 21:25:54.469425 +0000 [ websrv_poll ] ERR #32: Socket write returned -1 (ENOENT: No such file or directory)| net/Socket.hpp:1418 wsd-00001-00048 2022-05-27 21:25:54.470078 +0000 [ websrv_poll ] WRN #32 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:795 wsd-00001-00048 2022-05-27 21:25:54.470163 +0000 [ websrv_poll ] ERR #32: attempted to remove: 866 which is > size: 0 clamped to 0| net/Socket.hpp:1224 wsd-00001-00048 2022-05-27 21:25:54.470436 +0000 [ websrv_poll ] WRN Ignoring attempted read from 32| net/Socket.hpp:1102 wsd-00001-00048 2022-05-27 21:25:54.470645 +0000 [ websrv_poll ] ERR #32 Error while handling poll at 0 in websrv_poll: #32BIO error: 337690831, rc: -1: error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown: 139790439671552:error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown:../ssl/ssl_lib.c:1917: | net/Socket.cpp:451 wsd-00001-00033 2022-05-27 21:25:55.586679 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 wsd-00001-00033 2022-05-27 21:25:55.586743 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 wsd-00001-00105 2022-05-27 21:25:56.490040 +0000 [ docbroker_004 ] WRN Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722 wsd-00001-00105 2022-05-27 21:25:56.490550 +0000 [ docbroker_004 ] ERR #33: read failed, have 0 buffered bytes (EPIPE: Broken pipe)| net/Socket.hpp:1125 wsd-00001-00105 2022-05-27 21:25:56.490870 +0000 [ docbroker_004 ] ERR #33: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418 wsd-00001-00105 2022-05-27 21:25:56.491130 +0000 [ docbroker_004 ] ERR #33: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418 wsd-00001-00105 2022-05-27 21:25:56.491521 +0000 [ docbroker_004 ] ERR loading document exception: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2216 wsd-00001-00105 2022-05-27 21:25:56.491770 +0000 [ docbroker_004 ] ERR Failed to add session to [https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1] with URI [https://example.com/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1?access_token=tTpFO87hjw4bGhe9HCYf9g8WwmE2uaJG&access_token_ttl=0&permission=edit]: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2178 wsd-00001-00105 2022-05-27 21:25:56.492022 +0000 [ docbroker_004 ] ERR Storage error while starting session on https://example.com:443/index.php/apps/richdocuments/wopi/files/24_ocv7k84glke1 for socket #21. Terminating connection. Error: WOPI::CheckFileInfo failed: | wsd/COOLWSD.cpp:4407 wsd-00001-00105 2022-05-27 21:25:56.492662 +0000 [ docbroker_004 ] WRN Ignoring attempted read from 21| net/Socket.hpp:1102 wsd-00001-00105 2022-05-27 21:25:56.492909 +0000 [ docbroker_004 ] ERR Invalid or unknown session [050] to remove.| wsd/DocumentBroker.cpp:2261 kit-00106-00034 2022-05-27 21:25:56.574413 +0000 [ kit_spare_005 ] ERR mknod(/opt/cool/child-roots/I7Re2GCz24yINNb6//tmp/dev/random) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:262 kit-00106-00034 2022-05-27 21:25:56.574629 +0000 [ kit_spare_005 ] ERR mknod(/opt/cool/child-roots/I7Re2GCz24yINNb6//tmp/dev/urandom) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:274 wsd-00001-00033 2022-05-27 21:25:58.493558 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 wsd-00001-00033 2022-05-27 21:25:58.493728 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 ```

[timparker14]

I have the same issue with a dockerless (standalone) CODE server. Nextcloud integration fails after the latest CODE server update. I still get the green tick in the nextcloud settings but documents fail to load.

[Igortorrente]

@timparker14 For curiosity, which Nextcloud/Nextcloud Office versions are you using?

[timparker14]

Nextcloud 23.0.5 Nextcloud Office 5.0.5

Sent from my iPhone

On 1 Jun 2022, at 22:29, Igortorrente @.***> wrote:

@timparker14 For curiosity, which Nextcloud/Nextcloud Office versions are you using?

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.

[pedropintosilva]

ping @Ezinnem or @thebearon

[elhananjair]

Nextcloud 23.0.5 Nextcloud Office 5.0.5 … Sent from my iPhone On 1 Jun 2022, at 22:29, Igortorrente @.***> wrote: @timparker14 For curiosity, which Nextcloud/Nextcloud Office versions are you using? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.

hello, @timparker14 have you tried to update Nextcloud Office to 6.1.0? I just finished setting up Collabora now and it worked fine.

[shoelzle]

Hi,

Same problem here: Nextcloud Office 5.0.5 Nextcloud 23.0.5

Documents are not opened since collabora/code:21.11.5.0.1. The previous version docker pull collabora/code:21.11.4.2.1 works just fine. Same configuration (container environment variables taken from the output of docker inspect):

            "Env": [
                "aliasgroup1=https://nextcloud\\.mydomain\\.de:443",
                "server_name=collabora.mydomain.de",
                "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:net.post_allow.host[0]=::ffff:172.18.0.1 -o:storage.wopi.host[0]=nextcloud.mydomain.de",
                "username=myadminuser",
                "password=myadminpassword",
                "dictionaries=de_DE en_US",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "LC_CTYPE=C.UTF-8"
            ],

With Collabora CODE version 21.11.5.0.1, I get the following log messages, when a document is opened in Nextcloud:

Ready to accept connections on port 9980.

wsd-00001-00001 2022-06-05 08:49:23.846105 +0000 [ coolwsd ] WRN  Waking up dead poll thread [update], started: false, finished: false| net/Socket.hpp:722
wsd-00001-00042 2022-06-05 08:50:00.026866 +0000 [ websrv_poll ] WRN  client - server version mismatch, disabling browser cache. Expected: 338d741| wsd/FileServer.cpp:510
wsd-00001-00046 2022-06-05 08:50:00.254008 +0000 [ docbroker_001 ] ERR  No acceptable WOPI hosts found matching the target host [nextcloud.mydomain.de] in config.| wsd/Storage.cpp:259
wsd-00001-00046 2022-06-05 08:50:00.254256 +0000 [ docbroker_001 ] ERR  loading document exception: No acceptable WOPI hosts found matching the target host [nextcloud.mydomain.de] in config.| wsd/DocumentBroker.cpp:2216
wsd-00001-00046 2022-06-05 08:50:00.254310 +0000 [ docbroker_001 ] ERR  Failed to add session to [https://nextcloud.mydomain.de:443/index.php/apps/richdocuments/wopi/files/4195176_ocobe9ubr97l] with URI [https://nextcloud.mydomain.de/index.php/apps/richdocuments/wopi/files/4195176_ocobe9ubr97l?access_token=asdf&access_token_ttl=0]: No acceptable WOPI hosts found matching the target host [nextcloud.mydomain.de] in config.| wsd/DocumentBroker.cpp:2178
wsd-00001-00046 2022-06-05 08:50:00.254365 +0000 [ docbroker_001 ] ERR  Unauthorized Request while starting session on https://nextcloud.mydomain.de:443/index.php/apps/richdocuments/wopi/files/4195176_ocobe9ubr97l for socket #29. Terminating connection. Error: No acceptable WOPI hosts found matching the target host [nextcloud.mydomain.de] in config.| wsd/COOLWSD.cpp:4397
wsd-00001-00046 2022-06-05 08:50:00.254617 +0000 [ docbroker_001 ] WRN  Ignoring attempted read from 29| net/Socket.hpp:1102
wsd-00001-00046 2022-06-05 08:50:00.254680 +0000 [ docbroker_001 ] ERR  #29: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418
wsd-00001-00046 2022-06-05 08:50:00.254722 +0000 [ docbroker_001 ] ERR  Invalid or unknown session [009] to remove.| wsd/DocumentBroker.cpp:2261
wsd-00001-00042 2022-06-05 08:50:00.850348 +0000 [ websrv_poll ] WRN  DocBroker with docKey [https://nextcloud.mydomain.de:443/index.php/apps/richdocuments/wopi/files/4195176_ocobe9ubr97l] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:2994
wsd-00001-00042 2022-06-05 08:50:00.850673 +0000 [ websrv_poll ] ERR  Error while handling Client WS Request: Failed to create DocBroker with docKey [https://nextcloud.mydomain.de:443/index.php/apps/richdocuments/wopi/files/4195176_ocobe9ubr97l].| wsd/COOLWSD.cpp:4437
wsd-00001-00042 2022-06-05 08:50:00.851212 +0000 [ websrv_poll ] ERR  #33: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418
wsd-00001-00042 2022-06-05 08:50:00.851647 +0000 [ websrv_poll ] ERR  #33: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418
wsd-00001-00042 2022-06-05 08:50:00.851709 +0000 [ websrv_poll ] WRN  #33 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:795
wsd-00001-00042 2022-06-05 08:50:00.851789 +0000 [ websrv_poll ] ERR  #33: attempted to remove: 1009 which is > size: 0 clamped to 0| net/Socket.hpp:1224
wsd-00001-00042 2022-06-05 08:50:00.851958 +0000 [ websrv_poll ] WRN  Ignoring attempted read from 33| net/Socket.hpp:1102
wsd-00001-00042 2022-06-05 08:50:00.852579 +0000 [ websrv_poll ] ERR  #33: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418
wsd-00001-00042 2022-06-05 08:50:01.206269 +0000 [ websrv_poll ] WRN  DocBroker with docKey [https://nextcloud.mydomain.de:443/index.php/apps/richdocuments/wopi/files/4195176_ocobe9ubr97l] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:2994
wsd-00001-00042 2022-06-05 08:50:01.206585 +0000 [ websrv_poll ] ERR  Error while handling Client WS Request: Failed to create DocBroker with docKey [https://nextcloud.mydomain.de:443/index.php/apps/richdocuments/wopi/files/4195176_ocobe9ubr97l].| wsd/COOLWSD.cpp:4437
wsd-00001-00042 2022-06-05 08:50:01.206658 +0000 [ websrv_poll ] ERR  #33: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418
wsd-00001-00042 2022-06-05 08:50:01.206724 +0000 [ websrv_poll ] ERR  #33: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418
wsd-00001-00042 2022-06-05 08:50:01.206784 +0000 [ websrv_poll ] WRN  #33 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:795
wsd-00001-00042 2022-06-05 08:50:01.206854 +0000 [ websrv_poll ] ERR  #33: attempted to remove: 1009 which is > size: 0 clamped to 0| net/Socket.hpp:1224
wsd-00001-00042 2022-06-05 08:50:01.206929 +0000 [ websrv_poll ] WRN  Ignoring attempted read from 33| net/Socket.hpp:1102
wsd-00001-00042 2022-06-05 08:50:01.206995 +0000 [ websrv_poll ] ERR  #33: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418
wsd-00001-00037 2022-06-05 08:50:02.255322 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079
wsd-00001-00037 2022-06-05 08:50:02.255460 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079
sh: 1: /usr/bin/coolmount: Operation not permitted
frk-00038-00038 2022-06-05 08:50:03.238616 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/fE4bW8aNgqO9yKAP/tmp]| common/JailUtil.cpp:70
sh: 1: /usr/bin/coolmount: Operation not permitted
frk-00038-00038 2022-06-05 08:50:03.264552 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/fE4bW8aNgqO9yKAP/lo]| common/JailUtil.cpp:70
sh: 1: /usr/bin/coolmount: Operation not permitted
frk-00038-00038 2022-06-05 08:50:03.286751 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/fE4bW8aNgqO9yKAP]| common/JailUtil.cpp:70
wsd-00001-00054 2022-06-05 08:50:03.300041 +0000 [ docbroker_002 ] ERR  No acceptable WOPI hosts found matching the target host [nextcloud.mydomain.de] in config.| wsd/Storage.cpp:259
wsd-00001-00054 2022-06-05 08:50:03.300272 +0000 [ docbroker_002 ] ERR  loading document exception: No acceptable WOPI hosts found matching the target host [nextcloud.mydomain.de] in config.| wsd/DocumentBroker.cpp:2216
wsd-00001-00054 2022-06-05 08:50:03.300342 +0000 [ docbroker_002 ] ERR  Failed to add session to [https://nextcloud.mydomain.de:443/index.php/apps/richdocuments/wopi/files/4195176_ocobe9ubr97l] with URI [https://nextcloud.mydomain.de/index.php/apps/richdocuments/wopi/files/4195176_ocobe9ubr97l?access_token=asdf&access_token_ttl=0&permission=edit]: No acceptable WOPI hosts found matching the target host [nextcloud.mydomain.de] in config.| wsd/DocumentBroker.cpp:2178
wsd-00001-00054 2022-06-05 08:50:03.300418 +0000 [ docbroker_002 ] ERR  Unauthorized Request while starting session on https://nextcloud.mydomain.de:443/index.php/apps/richdocuments/wopi/files/4195176_ocobe9ubr97l for socket #21. Terminating connection. Error: No acceptable WOPI hosts found matching the target host [nextcloud.mydomain.de] in config.| wsd/COOLWSD.cpp:4397
wsd-00001-00054 2022-06-05 08:50:03.300681 +0000 [ docbroker_002 ] WRN  Ignoring attempted read from 21| net/Socket.hpp:1102
wsd-00001-00054 2022-06-05 08:50:03.300748 +0000 [ docbroker_002 ] ERR  #21: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418
wsd-00001-00054 2022-06-05 08:50:03.300806 +0000 [ docbroker_002 ] ERR  Invalid or unknown session [018] to remove.| wsd/DocumentBroker.cpp:2261
wsd-00001-00037 2022-06-05 08:50:05.301194 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079
wsd-00001-00037 2022-06-05 08:50:05.301313 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079
sh: 1: /usr/bin/coolmount: Operation not permitted
frk-00038-00038 2022-06-05 08:50:05.703945 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/a5mH47GZxNgo45Nn/tmp]| common/JailUtil.cpp:70
sh: 1: /usr/bin/coolmount: Operation not permitted
frk-00038-00038 2022-06-05 08:50:05.724670 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/a5mH47GZxNgo45Nn/lo]| common/JailUtil.cpp:70
sh: 1: /usr/bin/coolmount: Operation not permitted
frk-00038-00038 2022-06-05 08:50:05.742723 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/a5mH47GZxNgo45Nn]| common/JailUtil.cpp:70

I noticed the error message No acceptable WOPI hosts found matching the target host. But, I only changed the Collabora CODE version, not the configuration. Maybe this helps.

[timparker14]

I've built a new cloud server as I have seen previous configurations can cause issues. Using Nextcloud 24.0.1 and Nextcloud Office 6.1.0. Still get a green tick in the settings docs still fail to load.

[elmakias5]

שיש לי הרגשה על מישהו/ או משהו זה כמו בסרטים הרוצח זה הדמות שאתה לא מצפה לה .

אלמקייס חיים

בתאריך יום ב׳, 6 ביוני 2022, 12:48, מאת timparker14 ‏< @.***>:

I've built a new cloud server as I have seen previous configurations can cause issues. Using Nextcloud 24.0.1 and Nextcloud Office 6.1.0. Still get a green tick in the settings docs still fail to load.

— Reply to this email directly, view it on GitHub https://github.com/CollaboraOnline/online/issues/4828#issuecomment-1147264863, or unsubscribe https://github.com/notifications/unsubscribe-auth/AXOZ5UBJQK2LEGIVCNPDJXDVNXCM7ANCNFSM5XFRT6YQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[Rash419]

-o:storage.wopi.host[0]=nextcloud.mydomain.de"

@shoelzle can you try removing this parameter ?

[timparker14]

@Rash419 That worked for me. I'm not using docker but edited the XML file and all is good. Thank you

[shoelzle]

-o:storage.wopi.host[0]=nextcloud.mydomain.de"

@shoelzle can you try removing this parameter ?

Removing the parameter --o:storage.wopi.host[0]=nextcloud.mydomain.de works for me. I guess I picked up this configuration parameter somewhere without really needing it. Btw, for anyone curious, the parameter is kind of mentioned in the Backend storage configurations: ".. The administrator has to list the host names and/or IP addresses of these trusted WOPI hosts in the storage.wopi block. .."

Thanks for helping @Rash419 !

@Igortorrente, unfortunately, I guess this doesn't solve your original issue. But I noticed that your configuration contains the parameter "aliasgroup1=https://\(collaboraonline\.\)*example.com:443". In my configuration, this is the URL of Nextcloud, not the URL of Collabara CODE.

Also, my configuration is missing only contains --cap-add MKNOD, so I guess the other parameters (--cap-add SYS_CHROOT --cap-add FOWNER --cap-add CHOWN --cap-add SYS_ADMIN) are not necessary.

[Rash419]

-o:storage.wopi.host[0]=nextcloud.mydomain.de"

@shoelzle can you try removing this parameter ?

Removing the parameter --o:storage.wopi.host[0]=nextcloud.mydomain.de works for me. I guess I picked up this configuration parameter somewhere without really needing it. Btw, for anyone curious, the parameter is kind of mentioned in the Backend storage configurations: ".. The administrator has to list the host names and/or IP addresses of these trusted WOPI hosts in the storage.wopi block. .."

Thanks for helping @Rash419 !

@Igortorrente, unfortunately, I guess this doesn't solve your original issue. But I noticed that your configuration contains the parameter "aliasgroup1=https://\(collaboraonline\.\)*example.com:443". In my configuration, this is the URL of Nextcloud, not the URL of Collabara CODE.

Also, my configuration is missing only contains --cap-add MKNOD, so I guess the other parameters (--cap-add SYS_CHROOT --cap-add FOWNER --cap-add CHOWN --cap-add SYS_ADMIN) are not necessary.

@shoelzle thanks I will update the documentation , thanks for reporting

[shoelzle]

@Rash419 , @Igortorrente already shared logs:

As I first read this issue, I overlooked that collapsed logs, maybe you too?

[Rash419]

@Rash419 , @Igortorrente already shared logs:

As I first read this issue, I overlooked that collapsed looks, maybe you too?

yup thanks : )

[kinslayer1982]

Hey,

same problem her. This was my first try to integrate an office into Nextcloud.

Setup:

• Nextcloud 24.0.1 in Docker on Synology Diskstation with DSM 7
• Nginx 1.21.3 reverse proxy in Docker on RPi4 with Debian 10
• Nextcloud Office 6.1.0
• second RPi4 running collabora/code 21.11.5.0.1 (and 21.11.4.2.1 like mentioned here) in Docker with Debian 11

Nextcloud reachable via https://nc.mydomain.de Collabora reachable via https://office.mydomain.de

Nginx conf for Nextcloud:

server {
    listen 443 http2 ssl;
    server_name nc.mydomain.de;
    include /etc/nginx/conf.d/ssl.conf;
    client_max_body_size 0;
    proxy_read_timeout 300;
    proxy_connect_timeout 300;
    proxy_send_timeout 300;
    location / {
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_pass http://192.162.172.31:8080;
    }
    location ^~ /.well-known {
      location = /.well-known/carddav     { return 301 /remote.php/dav/; }
      location = /.well-known/caldav      { return 301 /remote.php/dav/; }
      # Anything else is dynamically handled by Nextcloud
      location ^~ /.well-known            { return 301 /index.php$uri; }
      try_files $uri $uri/ =404;
    }
}

Nginx conf for Collabora:

server {
    listen 443 http2 ssl;
    server_name office.mydomain.de;
    include /etc/nginx/conf.d/ssl.conf;
    client_max_body_size 0;
    proxy_read_timeout 300;
    proxy_connect_timeout 300;
    proxy_send_timeout 300;

    location ^~ / {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Host $http_host;
    }

    # static files
    location ^~ /browser {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/cool/(.*)/ws$ {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $http_host;
      proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/(c|l)ool {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /cool/adminws {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $http_host;
      proxy_read_timeout 36000s;
    }
}

Things I've tried:

1. built-in code version -> failed to load Nextcloud Office - try again later...
2. collabora/code Docker image on Diskstation -> container keeps crashing
3. collabora/code Docker image on RPi4 -> failed to load Nextcloud Office - try again later...
4. demo-server -> working

Right now I'm still trying to get the Docker version running on the RPi4. I manually edited the collwsd.xml file because it seems some settings are ignored when I run it via docker compose. (Disabled SSL, enabled termination) I can access the discovery and capabilities URLs, the admin UI and Nextcloud shows that the server works. Running a curl https://nc.mydomain.de from within the collabora/code Docker container works, too. No errors in Nginx or Nextcloud logs when trying to open a document, but in the collabora/code it shows:

collabora  | wsd-00001-00034 2022-06-06 13:48:49.862982 +0000 [ websrv_poll ] ERR  #30 Exception while processing incoming request: [GET /cool/https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy%3Faccess_token%3DrInxBrX9eXV3...]: Invalid or unknown request.| wsd/COOLWSD.cpp:3539https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy&compat=/ws HTTP/1.0
collabora  | wsd-00001-00034 2022-06-06 13:48:50.160054 +0000 [ websrv_poll ] ERR  #30 Exception while processing incoming request: [GET /cool/https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy%3Faccess_token%3DrInxBrX9eXV3...]: Invalid or unknown request.| wsd/COOLWSD.cpp:3539n%3Dedit/ws?WOPISrc=https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy&compat=/ws HTTP/1.0
collabora  | wsd-00001-00034 2022-06-06 13:48:50.616088 +0000 [ websrv_poll ] ERR  #30 Exception while processing incoming request: [GET /cool/https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy%3Faccess_token%3DrInxBrX9eXV3...]: Invalid or unknown request.| wsd/COOLWSD.cpp:3539n%3Dedit/ws?WOPISrc=https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy&compat=/ws HTTP/1.0

Edit: Forgot to mention that the quick tryout from https://www.collaboraoffice.com/code/quick-tryout-nextcloud-docker/ does work.

[Rash419]

Hey,

same problem her. This was my first try to integrate an office into Nextcloud.

Setup:

• Nextcloud 24.0.1 in Docker on Synology Diskstation with DSM 7
• Nginx 1.21.3 reverse proxy in Docker on RPi4 with Debian 10
• Nextcloud Office 6.1.0
• second RPi4 running collabora/code 21.11.5.0.1 (and 21.11.4.2.1 like mentioned here) in Docker with Debian 11

Nextcloud reachable via https://nc.mydomain.de Collabora reachable via https://office.mydomain.de

Nginx conf for Nextcloud:

server {
    listen 443 http2 ssl;
    server_name nc.mydomain.de;
    include /etc/nginx/conf.d/ssl.conf;
    client_max_body_size 0;
    proxy_read_timeout 300;
    proxy_connect_timeout 300;
    proxy_send_timeout 300;
    location / {
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_pass http://192.162.172.31:8080;
    }
    location ^~ /.well-known {
      location = /.well-known/carddav     { return 301 /remote.php/dav/; }
      location = /.well-known/caldav      { return 301 /remote.php/dav/; }
      # Anything else is dynamically handled by Nextcloud
      location ^~ /.well-known            { return 301 /index.php$uri; }
      try_files $uri $uri/ =404;
    }
}

Nginx conf for Collabora:

server {
    listen 443 http2 ssl;
    server_name office.mydomain.de;
    include /etc/nginx/conf.d/ssl.conf;
    client_max_body_size 0;
    proxy_read_timeout 300;
    proxy_connect_timeout 300;
    proxy_send_timeout 300;

    location ^~ / {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Host $http_host;
    }

    # static files
    location ^~ /browser {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/cool/(.*)/ws$ {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $http_host;
      proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/(c|l)ool {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /cool/adminws {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $http_host;
      proxy_read_timeout 36000s;
    }
}

Things I've tried:

1. built-in code version -> failed to load Nextcloud Office - try again later...
2. collabora/code Docker image on Diskstation -> container keeps crashing
3. collabora/code Docker image on RPi4 -> failed to load Nextcloud Office - try again later...
4. demo-server -> working

Right now I'm still trying to get the Docker version running on the RPi4. I manually edited the collwsd.xml file because it seems some settings are ignored when I run it via docker compose. (Disabled SSL, enabled termination) I can access the discovery and capabilities URLs, the admin UI and Nextcloud shows that the server works. Running a curl https://nc.mydomain.de from within the collabora/code Docker container works, too. No errors in Nginx or Nextcloud logs when trying to open a document, but in the collabora/code it shows:

collabora  | wsd-00001-00034 2022-06-06 13:48:49.862982 +0000 [ websrv_poll ] ERR  #30 Exception while processing incoming request: [GET /cool/https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy%3Faccess_token%3DrInxBrX9eXV3...]: Invalid or unknown request.| wsd/COOLWSD.cpp:3539https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy&compat=/ws HTTP/1.0
collabora  | wsd-00001-00034 2022-06-06 13:48:50.160054 +0000 [ websrv_poll ] ERR  #30 Exception while processing incoming request: [GET /cool/https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy%3Faccess_token%3DrInxBrX9eXV3...]: Invalid or unknown request.| wsd/COOLWSD.cpp:3539n%3Dedit/ws?WOPISrc=https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy&compat=/ws HTTP/1.0
collabora  | wsd-00001-00034 2022-06-06 13:48:50.616088 +0000 [ websrv_poll ] ERR  #30 Exception while processing incoming request: [GET /cool/https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy%3Faccess_token%3DrInxBrX9eXV3...]: Invalid or unknown request.| wsd/COOLWSD.cpp:3539n%3Dedit/ws?WOPISrc=https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy&compat=/ws HTTP/1.0

Edit: Forgot to mention that the quick tryout from https://www.collaboraoffice.com/code/quick-tryout-nextcloud-docker/ does work.

@kinslayer1982 can you check for error like ERR No acceptable WOPI hosts found matching the target host in config. ? If there is mentioned error then can you paste wopi settings in cooolwsd.xml

[timparker14]

@Rash419 That worked for me. I'm not using docker but edited the XML file and all is good. Thank you

This also works on my old Nextcloud Server after restarting the codeserver

[kinslayer1982]

@kinslayer1982 can you check for error like ERR No acceptable WOPI hosts found matching the target host in config. ? If there is mentioned error then can you paste wopi settings in cooolwsd.xml

@Rash419 There's no such error. After trying to open different documents multiple times I see

collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00030-00030 2022-06-07 15:44:28.010462 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/a2ZbFgKXkRwyyTwp/tmp]| common/JailUtil.cpp:70
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00030-00030 2022-06-07 15:44:28.047137 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/a2ZbFgKXkRwyyTwp/lo]| common/JailUtil.cpp:70
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00030-00030 2022-06-07 15:44:28.091501 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/a2ZbFgKXkRwyyTwp]| common/JailUtil.cpp:70
collabora  | wsd-00001-00029 2022-06-07 15:44:30.239514 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079

Aside from that only the errors from my previous post, nothing more.

Edit: Tried without setting a WOPI host and using the setting 'first' in storage.wopi.host with same result.

[shoelzle]

@kinslayer1982, I guess the culprit lies within the nginx configuration, because the incoming request to the Collabora container doesn't look healthy to me:

GET /cool/https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy%3Faccess_token%3DrInxBrX9eXV3...

So I compared your nginx configuration with the configuration from the Collabora docs.

There is one difference: Could you try your nginx configuration without the following part of the Collabora part of the nginx configuration:

    location ^~ / {
      proxy_pass http://192.162.172.100:9980;
      proxy_set_header Host $http_host;
    }

[kinslayer1982]

@kinslayer1982, I guess the culprit lies within the nginx configuration, because the incoming request to the Collabora container doesn't look healthy to me:

GET /cool/https%3A%2F%2Fnc.mydomain.de%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11_oc9gakpatouy%3Faccess_token%3DrInxBrX9eXV3...

So I compared your nginx configuration with the configuration from the Collabora docs.

There is one difference: Could you try your nginx configuration without the following part of the Collabora part of the nginx configuration:

   location ^~ / {
     proxy_pass http://192.162.172.100:9980;
     proxy_set_header Host $http_host;
   }

This part wan't there in the beginning, I added it at some point because trying to open https://office.mydomain.de resulted in "404" instead of the "200 ok" message when testing if the code server is reachable. (My Nginx is configured to block access to unconfigured URLs)

But I'll try again without and report back as soon as I can.

[Igortorrente]

-o:storage.wopi.host[0]=nextcloud.mydomain.de"

@shoelzle can you try removing this parameter ?

Removing the parameter --o:storage.wopi.host[0]=nextcloud.mydomain.de works for me. I guess I picked up this configuration parameter somewhere without really needing it. Btw, for anyone curious, the parameter is kind of mentioned in the Backend storage configurations: ".. The administrator has to list the host names and/or IP addresses of these trusted WOPI hosts in the storage.wopi block. .."

Thanks for helping @Rash419 !

@Igortorrente, unfortunately, I guess this doesn't solve your original issue. But I noticed that your configuration contains the parameter "aliasgroup1=https://\(collaboraonline\.\)*example.com:443". In my configuration, this is the URL of Nextcloud, not the URL of Collabara CODE.

Also, my configuration is missing only contains --cap-add MKNOD, so I guess the other parameters (--cap-add SYS_CHROOT --cap-add FOWNER --cap-add CHOWN --cap-add SYS_ADMIN) are not necessary.

Unfortunately no luck so far

podman run --rm -it --cap-add SYS_CHROOT --cap-add MKNOD --cap-add FOWNER --cap-add CHOWN --cap-add SYS_ADMIN -e username=collabora-admin -e password=collabora-password -e "aliasgroup1=https://example.com:443" -e server_name=collaboraonline.example.com -p 10.0.0.1:9980:9980 --name collabora-online collabora/code:21.11.5.0.1

``` log wsd-00001-00033 2022-06-07 21:24:06.274030 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 wsd-00001-00087 2022-06-07 21:24:21.037347 +0000 [ docbroker_003 ] WRN Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722 wsd-00001-00087 2022-06-07 21:24:21.037563 +0000 [ docbroker_003 ] ERR #32: read failed, have 0 buffered bytes (EPIPE: Broken pipe)| net/Socket.hpp:1125 wsd-00001-00087 2022-06-07 21:24:21.037666 +0000 [ docbroker_003 ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418 wsd-00001-00087 2022-06-07 21:24:21.037742 +0000 [ docbroker_003 ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418 wsd-00001-00087 2022-06-07 21:24:21.037907 +0000 [ docbroker_003 ] ERR loading document exception: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2216 wsd-00001-00087 2022-06-07 21:24:21.037986 +0000 [ docbroker_003 ] ERR Failed to add session to [https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8] with URI [https://exampĺe.com/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8?access_token=aCahaqb1lgU9laoZAgLRyvDcPDVOFkDH&access_token_ttl=0]: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2178 wsd-00001-00087 2022-06-07 21:24:21.038062 +0000 [ docbroker_003 ] ERR Storage error while starting session on https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8 for socket #22. Terminating connection. Error: WOPI::CheckFileInfo failed: | wsd/COOLWSD.cpp:4407 wsd-00001-00087 2022-06-07 21:24:21.038654 +0000 [ docbroker_003 ] WRN Ignoring attempted read from 22| net/Socket.hpp:1102 wsd-00001-00087 2022-06-07 21:24:21.038743 +0000 [ docbroker_003 ] ERR Invalid or unknown session [007] to remove.| wsd/DocumentBroker.cpp:2261 kit-00088-00034 2022-06-07 21:24:21.133664 +0000 [ kit_spare_004 ] ERR mknod(/opt/cool/child-roots/EfDIaEY4jREf3sGt//tmp/dev/random) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:262 kit-00088-00034 2022-06-07 21:24:21.133938 +0000 [ kit_spare_004 ] ERR mknod(/opt/cool/child-roots/EfDIaEY4jREf3sGt//tmp/dev/urandom) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:274 wsd-00001-00048 2022-06-07 21:24:21.257311 +0000 [ websrv_poll ] WRN DocBroker with docKey [https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:2994 wsd-00001-00048 2022-06-07 21:24:21.257680 +0000 [ websrv_poll ] ERR Error while handling Client WS Request: Failed to create DocBroker with docKey [https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8].| wsd/COOLWSD.cpp:4437 wsd-00001-00048 2022-06-07 21:24:21.257928 +0000 [ websrv_poll ] ERR #31: Socket write returned -1 (ENOENT: No such file or directory)| net/Socket.hpp:1418 wsd-00001-00048 2022-06-07 21:24:21.258109 +0000 [ websrv_poll ] ERR #31: Socket write returned -1 (ENOENT: No such file or directory)| net/Socket.hpp:1418 wsd-00001-00048 2022-06-07 21:24:21.258142 +0000 [ websrv_poll ] WRN #31 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:795 wsd-00001-00048 2022-06-07 21:24:21.258241 +0000 [ websrv_poll ] ERR #31: attempted to remove: 866 which is > size: 0 clamped to 0| net/Socket.hpp:1224 wsd-00001-00048 2022-06-07 21:24:21.258373 +0000 [ websrv_poll ] WRN Ignoring attempted read from 31| net/Socket.hpp:1102 wsd-00001-00048 2022-06-07 21:24:21.258633 +0000 [ websrv_poll ] ERR #31 Error while handling poll at 0 in websrv_poll: #31BIO error: 337690831, rc: -1: error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown: 140487432333056:error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown:../ssl/ssl_lib.c:1917: | net/Socket.cpp:451 wsd-00001-00048 2022-06-07 21:24:21.779466 +0000 [ websrv_poll ] WRN DocBroker with docKey [https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:2994 wsd-00001-00048 2022-06-07 21:24:21.780043 +0000 [ websrv_poll ] ERR Error while handling Client WS Request: Failed to create DocBroker with docKey [https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8].| wsd/COOLWSD.cpp:4437 wsd-00001-00048 2022-06-07 21:24:21.780105 +0000 [ websrv_poll ] ERR #31: Socket write returned -1 (ENOENT: No such file or directory)| net/Socket.hpp:1418 wsd-00001-00048 2022-06-07 21:24:21.780145 +0000 [ websrv_poll ] ERR #31: Socket write returned -1 (ENOENT: No such file or directory)| net/Socket.hpp:1418 wsd-00001-00048 2022-06-07 21:24:21.780168 +0000 [ websrv_poll ] WRN #31 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:795 wsd-00001-00048 2022-06-07 21:24:21.780203 +0000 [ websrv_poll ] ERR #31: attempted to remove: 866 which is > size: 0 clamped to 0| net/Socket.hpp:1224 wsd-00001-00048 2022-06-07 21:24:21.780239 +0000 [ websrv_poll ] WRN Ignoring attempted read from 31| net/Socket.hpp:1102 wsd-00001-00048 2022-06-07 21:24:21.780309 +0000 [ websrv_poll ] ERR #31 Error while handling poll at 0 in websrv_poll: #31BIO error: 337690831, rc: -1: error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown: 140487432333056:error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown:../ssl/ssl_lib.c:1917: | net/Socket.cpp:451 wsd-00001-00033 2022-06-07 21:24:23.039164 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 wsd-00001-00033 2022-06-07 21:24:23.039367 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 wsd-00001-00099 2022-06-07 21:24:23.817716 +0000 [ docbroker_004 ] WRN Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722 wsd-00001-00099 2022-06-07 21:24:23.817846 +0000 [ docbroker_004 ] ERR #32: read failed, have 0 buffered bytes (EPIPE: Broken pipe)| net/Socket.hpp:1125 wsd-00001-00099 2022-06-07 21:24:23.818375 +0000 [ docbroker_004 ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418 wsd-00001-00099 2022-06-07 21:24:23.818472 +0000 [ docbroker_004 ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418 wsd-00001-00099 2022-06-07 21:24:23.818958 +0000 [ docbroker_004 ] ERR loading document exception: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2216 wsd-00001-00099 2022-06-07 21:24:23.819026 +0000 [ docbroker_004 ] ERR Failed to add session to [https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8] with URI [https://exampĺe.com/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8?access_token=aCahaqb1lgU9laoZAgLRyvDcPDVOFkDH&access_token_ttl=0&permission=edit]: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2178 wsd-00001-00099 2022-06-07 21:24:23.819408 +0000 [ docbroker_004 ] ERR Storage error while starting session on https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8 for socket #21. Terminating connection. Error: WOPI::CheckFileInfo failed: | wsd/COOLWSD.cpp:4407 wsd-00001-00099 2022-06-07 21:24:23.820711 +0000 [ docbroker_004 ] WRN Ignoring attempted read from 21| net/Socket.hpp:1102 wsd-00001-00099 2022-06-07 21:24:23.820780 +0000 [ docbroker_004 ] ERR Invalid or unknown session [00a] to remove.| wsd/DocumentBroker.cpp:2261 kit-00106-00034 2022-06-07 21:24:23.973161 +0000 [ kit_spare_005 ] ERR mknod(/opt/cool/child-roots/mkE2Elwf7iZJks5C//tmp/dev/random) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:262 kit-00106-00034 2022-06-07 21:24:23.973436 +0000 [ kit_spare_005 ] ERR mknod(/opt/cool/child-roots/mkE2Elwf7iZJks5C//tmp/dev/urandom) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:274 wsd-00001-00033 2022-06-07 21:24:25.821732 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 wsd-00001-00033 2022-06-07 21:24:25.822231 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 ```

podman run --rm -it --cap-add MKNOD -e username=collabora-admin -e password=collabora-password -e "aliasgroup1=https://example.com:443" -e server_name=collaboraonline.example.com -p 10.0.0.1:9980:9980 --name collabora-online2 collabora/code:21.11.5.0.1

``` wsd-00001-00039 2022-06-07 21:26:39.880463 +0000 [ docbroker_001 ] WRN Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722 wsd-00001-00039 2022-06-07 21:26:39.880918 +0000 [ docbroker_001 ] ERR #32: read failed, have 0 buffered bytes (EPIPE: Broken pipe)| net/Socket.hpp:1125 wsd-00001-00039 2022-06-07 21:26:39.881222 +0000 [ docbroker_001 ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418 wsd-00001-00039 2022-06-07 21:26:39.881574 +0000 [ docbroker_001 ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418 wsd-00001-00039 2022-06-07 21:26:39.881958 +0000 [ docbroker_001 ] ERR loading document exception: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2216 wsd-00001-00039 2022-06-07 21:26:39.882054 +0000 [ docbroker_001 ] ERR Failed to add session to [https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8] with URI [https://exampĺe.com/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8?access_token=g4mDrwBWuFWvVukFacos66Qre8vYIYpf&access_token_ttl=0]: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2178 wsd-00001-00039 2022-06-07 21:26:39.882358 +0000 [ docbroker_001 ] ERR Storage error while starting session on https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8 for socket #27. Terminating connection. Error: WOPI::CheckFileInfo failed: | wsd/COOLWSD.cpp:4407 wsd-00001-00039 2022-06-07 21:26:39.883082 +0000 [ docbroker_001 ] WRN Ignoring attempted read from 27| net/Socket.hpp:1102 wsd-00001-00039 2022-06-07 21:26:39.883488 +0000 [ docbroker_001 ] ERR Invalid or unknown session [002] to remove.| wsd/DocumentBroker.cpp:2261 wsd-00001-00036 2022-06-07 21:26:40.253862 +0000 [ websrv_poll ] WRN DocBroker with docKey [https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:2994 wsd-00001-00036 2022-06-07 21:26:40.254018 +0000 [ websrv_poll ] ERR Error while handling Client WS Request: Failed to create DocBroker with docKey [https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8].| wsd/COOLWSD.cpp:4437 wsd-00001-00036 2022-06-07 21:26:40.254047 +0000 [ websrv_poll ] ERR #27: Socket write returned -1 (ENOENT: No such file or directory)| net/Socket.hpp:1418 wsd-00001-00036 2022-06-07 21:26:40.254068 +0000 [ websrv_poll ] ERR #27: Socket write returned -1 (ENOENT: No such file or directory)| net/Socket.hpp:1418 wsd-00001-00036 2022-06-07 21:26:40.254080 +0000 [ websrv_poll ] WRN #27 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:795 wsd-00001-00036 2022-06-07 21:26:40.254109 +0000 [ websrv_poll ] ERR #27: attempted to remove: 866 which is > size: 0 clamped to 0| net/Socket.hpp:1224 wsd-00001-00036 2022-06-07 21:26:40.254128 +0000 [ websrv_poll ] WRN Ignoring attempted read from 27| net/Socket.hpp:1102 wsd-00001-00036 2022-06-07 21:26:40.254208 +0000 [ websrv_poll ] ERR #27 Error while handling poll at 0 in websrv_poll: #27BIO error: 337690831, rc: -1: error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown: 140305602553600:error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown:../ssl/ssl_lib.c:1917: | net/Socket.cpp:451 wsd-00001-00036 2022-06-07 21:26:40.591047 +0000 [ websrv_poll ] WRN DocBroker with docKey [https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:2994 wsd-00001-00036 2022-06-07 21:26:40.591640 +0000 [ websrv_poll ] ERR Error while handling Client WS Request: Failed to create DocBroker with docKey [https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8].| wsd/COOLWSD.cpp:4437 wsd-00001-00036 2022-06-07 21:26:40.591917 +0000 [ websrv_poll ] ERR #27: Socket write returned -1 (ENOENT: No such file or directory)| net/Socket.hpp:1418 wsd-00001-00036 2022-06-07 21:26:40.592172 +0000 [ websrv_poll ] ERR #27: Socket write returned -1 (ENOENT: No such file or directory)| net/Socket.hpp:1418 wsd-00001-00036 2022-06-07 21:26:40.592413 +0000 [ websrv_poll ] WRN #27 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:795 wsd-00001-00036 2022-06-07 21:26:40.592621 +0000 [ websrv_poll ] ERR #27: attempted to remove: 866 which is > size: 0 clamped to 0| net/Socket.hpp:1224 wsd-00001-00036 2022-06-07 21:26:40.592813 +0000 [ websrv_poll ] WRN Ignoring attempted read from 27| net/Socket.hpp:1102 wsd-00001-00036 2022-06-07 21:26:40.593040 +0000 [ websrv_poll ] ERR #27 Error while handling poll at 0 in websrv_poll: #27BIO error: 337690831, rc: -1: error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown: 140305602553600:error:1420C0CF:SSL routines:ssl_write_internal:protocol is shutdown:../ssl/ssl_lib.c:1917: | net/Socket.cpp:451 kit-00040-00032 2022-06-07 21:26:40.670261 +0000 [ kit_spare_002 ] ERR mknod(/opt/cool/child-roots/5oRTnaeqO6KLeOue//tmp/dev/random) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:262 kit-00040-00032 2022-06-07 21:26:40.670575 +0000 [ kit_spare_002 ] ERR mknod(/opt/cool/child-roots/5oRTnaeqO6KLeOue//tmp/dev/urandom) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:274 wsd-00001-00031 2022-06-07 21:26:41.883605 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 wsd-00001-00031 2022-06-07 21:26:41.883816 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 wsd-00001-00041 2022-06-07 21:26:42.614110 +0000 [ docbroker_002 ] WRN Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722 wsd-00001-00041 2022-06-07 21:26:42.614377 +0000 [ docbroker_002 ] ERR #32: read failed, have 0 buffered bytes (EPIPE: Broken pipe)| net/Socket.hpp:1125 wsd-00001-00041 2022-06-07 21:26:42.614489 +0000 [ docbroker_002 ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418 wsd-00001-00041 2022-06-07 21:26:42.614549 +0000 [ docbroker_002 ] ERR #32: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1418 wsd-00001-00041 2022-06-07 21:26:42.615017 +0000 [ docbroker_002 ] ERR loading document exception: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2216 wsd-00001-00041 2022-06-07 21:26:42.615213 +0000 [ docbroker_002 ] ERR Failed to add session to [https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8] with URI [https://exampĺe.com/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8?access_token=g4mDrwBWuFWvVukFacos66Qre8vYIYpf&access_token_ttl=0&permission=edit]: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2178 wsd-00001-00041 2022-06-07 21:26:42.615424 +0000 [ docbroker_002 ] ERR Storage error while starting session on https://exampĺe.com:443/index.php/apps/richdocuments/wopi/files/24_ocp05ziqb8c8 for socket #21. Terminating connection. Error: WOPI::CheckFileInfo failed: | wsd/COOLWSD.cpp:4407 wsd-00001-00041 2022-06-07 21:26:42.616295 +0000 [ docbroker_002 ] WRN Ignoring attempted read from 21| net/Socket.hpp:1102 wsd-00001-00041 2022-06-07 21:26:42.616625 +0000 [ docbroker_002 ] ERR Invalid or unknown session [005] to remove.| wsd/DocumentBroker.cpp:2261 sh: 1: /usr/bin/coolmount: Operation not permitted frk-00032-00032 2022-06-07 21:26:42.645701 +0000 [ forkit ] ERR Failed to unmount [/opt/cool/child-roots/eVwBIOSxOWgZYUYs/tmp]| common/JailUtil.cpp:70 sh: 1: /usr/bin/coolmount: Operation not permitted frk-00032-00032 2022-06-07 21:26:42.662479 +0000 [ forkit ] ERR Failed to unmount [/opt/cool/child-roots/eVwBIOSxOWgZYUYs/lo]| common/JailUtil.cpp:70 sh: 1: /usr/bin/coolmount: Operation not permitted frk-00032-00032 2022-06-07 21:26:42.678456 +0000 [ forkit ] ERR Failed to unmount [/opt/cool/child-roots/eVwBIOSxOWgZYUYs]| common/JailUtil.cpp:70 kit-00048-00032 2022-06-07 21:26:44.119051 +0000 [ kit_spare_003 ] ERR mknod(/opt/cool/child-roots/AAmFZpJVapaPRKmx//tmp/dev/random) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:262 kit-00048-00032 2022-06-07 21:26:44.119347 +0000 [ kit_spare_003 ] ERR mknod(/opt/cool/child-roots/AAmFZpJVapaPRKmx//tmp/dev/urandom) failed. Mount must not use nodev flag. (EPERM: Operation not permitted)| common/JailUtil.cpp:274 wsd-00001-00031 2022-06-07 21:26:44.617176 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 wsd-00001-00031 2022-06-07 21:26:44.617309 +0000 [ prisoner_poll ] WRN Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079 sh: 1: /usr/bin/coolmount: Operation not permitted frk-00032-00032 2022-06-07 21:26:45.357314 +0000 [ forkit ] ERR Failed to unmount [/opt/cool/child-roots/5oRTnaeqO6KLeOue/tmp]| common/JailUtil.cpp:70 sh: 1: /usr/bin/coolmount: Operation not permitted frk-00032-00032 2022-06-07 21:26:45.376628 +0000 [ forkit ] ERR Failed to unmount [/opt/cool/child-roots/5oRTnaeqO6KLeOue/lo]| common/JailUtil.cpp:70 sh: 1: /usr/bin/coolmount: Operation not permitted frk-00032-00032 2022-06-07 21:26:45.393407 +0000 [ forkit ] ERR Failed to unmount [/opt/cool/child-roots/5oRTnaeqO6KLeOue]| common/JailUtil.cpp:70 log ```

[kinslayer1982]

@shoelzle That really fixed it! Strange, it didn't work before I added the location / part, but after removing it, it does...

Only one more thing. Should I worry about any of these:

collabora  | wsd-00001-00043 2022-06-08 16:03:47.642380 +0000 [ docbroker_001 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722
collabora  | wsd-00001-00043 2022-06-08 16:03:51.858906 +0000 [ docbroker_001 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722
collabora  | wsd-00001-00001 2022-06-08 16:04:36.217104 +0000 [ coolwsd ] WRN  Waking up dead poll thread [update], started: false, finished: false| net/Socket.hpp:722
collabora  | wsd-00001-00043 2022-06-08 16:05:02.910563 +0000 [ docbroker_001 ] WRN  Ignoring attempted read from 30| net/Socket.hpp:1102
collabora  | wsd-00001-00034 2022-06-08 16:05:02.947615 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00035-00035 2022-06-08 16:05:03.817927 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/LFVlSjpuyRB9mFFz/tmp]| common/JailUtil.cpp:70
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00035-00035 2022-06-08 16:05:03.854671 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/LFVlSjpuyRB9mFFz/lo]| common/JailUtil.cpp:70
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00035-00035 2022-06-08 16:05:03.891174 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/LFVlSjpuyRB9mFFz]| common/JailUtil.cpp:70
collabora  | wsd-00001-00061 2022-06-08 16:10:44.536186 +0000 [ docbroker_002 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722
collabora  | wsd-00001-00061 2022-06-08 16:10:48.732485 +0000 [ docbroker_002 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722
collabora  | wsd-00001-00061 2022-06-08 16:10:52.271611 +0000 [ docbroker_002 ] WRN  Dropping empty tile response: tile: nviewid=0 part=0 width=256 height=256 tileposx=0 tileposy=7680 tilewidth=3840 tileheight=3840 oldwid=10 wid=10 ver=62| wsd/DocumentBroker.cpp:2978
collabora  | wsd-00001-00061 2022-06-08 16:10:57.785654 +0000 [ docbroker_002 ] WRN  Ignoring attempted read from 28| net/Socket.hpp:1102
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00035-00035 2022-06-08 16:10:58.860113 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/GzdWYZapGwEEjGLQ/tmp]| common/JailUtil.cpp:70
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00035-00035 2022-06-08 16:10:58.896738 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/GzdWYZapGwEEjGLQ/lo]| common/JailUtil.cpp:70
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00035-00035 2022-06-08 16:10:58.933384 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/GzdWYZapGwEEjGLQ]| common/JailUtil.cpp:70
collabora  | wsd-00001-00034 2022-06-08 16:11:16.578692 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079

[Igortorrente]

For testing purposes, I installed both. The Collabora and Onlyoffice built-in servers.

The Onlyoffice is working with all documents available. But the Collabora office isn't working at all.

These are the messages in the log:

``` log [richdocuments] Error: GuzzleHttp\Exception\ConnectException: cURL error 28: Operation timed out after 45001 milliseconds with 0 bytes received (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://example.com/apps/richdocumentscode/proxy.php?req=/hosting/discovery at <> 0. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 158 GuzzleHttp\Handler\CurlFactory::createRejection(GuzzleHttp\Handl ... l}, {0: "And 36 more ... l}) 1. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 110 GuzzleHttp\Handler\CurlFactory::finishError(GuzzleHttp\Handler\CurlHandler {}, GuzzleHttp\Handl ... l}, GuzzleHttp\Handler\CurlFactory {}) 2. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlHandler.php line 47 GuzzleHttp\Handler\CurlFactory::finish(GuzzleHttp\Handler\CurlHandler {}, GuzzleHttp\Handl ... l}, GuzzleHttp\Handler\CurlFactory {}) 3. /var/www/html/lib/private/Http/Client/DnsPinMiddleware.php line 113 GuzzleHttp\Handler\CurlHandler->__invoke("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***") 4. /var/www/html/3rdparty/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php line 35 OC\Http\Client\DnsPinMiddleware->OC\Http\Client\{closure}("*** sensitive parameters replaced ***") 5. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 31 GuzzleHttp\PrepareBodyMiddleware->__invoke("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***") 6. /var/www/html/3rdparty/guzzlehttp/guzzle/src/RedirectMiddleware.php line 71 GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***") 7. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Middleware.php line 63 GuzzleHttp\RedirectMiddleware->__invoke("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***") 8. /var/www/html/3rdparty/guzzlehttp/guzzle/src/HandlerStack.php line 75 GuzzleHttp\Middleware::GuzzleHttp\{closure}("*** sensitive parameters replaced ***") 9. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php line 331 GuzzleHttp\HandlerStack->__invoke("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***") 10. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php line 168 GuzzleHttp\Client->transfer("*** sensitive parameter replaced ***", "*** sensitive parameter replaced ***") 11. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Client.php line 187 GuzzleHttp\Client->requestAsync("get", GuzzleHttp\Psr7\Uri {}, {0: "And 6 more ... }}) 12. /var/www/html/lib/private/Http/Client/Client.php line 218 GuzzleHttp\Client->request("get", "https://example ... y", {verify: false,t ... e}) 13. /var/www/html/apps/richdocuments/lib/WOPI/DiscoveryManager.php line 84 OC\Http\Client\Client->get("https://example ... y", {timeout: 45,nex ... e}) 14. /var/www/html/apps/richdocuments/lib/WOPI/DiscoveryManager.php line 56 OCA\Richdocuments\WOPI\DiscoveryManager->fetchFromRemote() 15. /var/www/html/apps/richdocuments/lib/WOPI/Parser.php line 41 OCA\Richdocuments\WOPI\DiscoveryManager->get() 16. /var/www/html/apps/richdocuments/lib/TokenManager.php line 206 OCA\Richdocuments\WOPI\Parser->getUrlSrc("application/vnd ... t") 17. /var/www/html/apps/richdocuments/lib/Controller/DocumentController.php line 207 OCA\Richdocuments\TokenManager->getToken("*** sensitive parameters replaced ***") 18. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 225 OCA\Richdocuments\Controller\DocumentController->index("*** sensitive parameter replaced ***", "/Documents/Welc ... x") 19. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 133 OC\AppFramework\Http\Dispatcher->executeController(OCA\Richdocument ... {}, "index") 20. /var/www/html/lib/private/AppFramework/App.php line 172 OC\AppFramework\Http\Dispatcher->dispatch(OCA\Richdocument ... {}, "index") 21. /var/www/html/lib/private/Route/Router.php line 298 OC\AppFramework\App::main("OCA\\Richdocume ... r", "index", OC\AppFramework\ ... {}, {_route: "richdocuments.document.index"}) 22. /var/www/html/lib/base.php line 1023 OC\Route\Router->match("/apps/richdocuments/index") 23. /var/www/html/index.php line 36 OC::handleRequest() GET /apps/richdocuments/index?fileId=24&requesttoken=GEUg3eIWrJ%2BWj%2BlND8Jz8flzli9ThWS%2BUW4pwPxJFXI%3D%3AexwRjKd5666iyIR7avQbuJ9G7gAl3BPRPDlLhqoxUTw%3D&path=%2FDocuments%2FWelcome%20to%20Nextcloud%20Hub.docx ```

``` log [PHP] Error: Error: Trying to access array offset on value of type null at /var/www/html/apps/richdocuments/lib/WOPI/DiscoveryManager.php#125 at <> 0. /var/www/html/apps/richdocuments/lib/WOPI/DiscoveryManager.php line 125 OC\Log\ErrorHandler::onError(2, "Trying to acces ... l", "/var/www/html/a ... p", 125) 1. /var/www/html/apps/richdocuments/lib/WOPI/DiscoveryManager.php line 80 OCA\Richdocuments\WOPI\DiscoveryManager->isProxyStarting("https://example ... y") 2. /var/www/html/apps/richdocuments/lib/WOPI/DiscoveryManager.php line 56 OCA\Richdocuments\WOPI\DiscoveryManager->fetchFromRemote() 3. /var/www/html/apps/richdocuments/lib/WOPI/Parser.php line 41 OCA\Richdocuments\WOPI\DiscoveryManager->get() 4. /var/www/html/apps/richdocuments/lib/TokenManager.php line 206 OCA\Richdocuments\WOPI\Parser->getUrlSrc("application/vnd ... t") 5. /var/www/html/apps/richdocuments/lib/Controller/DocumentController.php line 207 OCA\Richdocuments\TokenManager->getToken("*** sensitive parameters replaced ***") 6. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 225 OCA\Richdocuments\Controller\DocumentController->index("*** sensitive parameter replaced ***", "/Documents/Welc ... x") 7. /var/www/html/lib/private/AppFramework/Http/Dispatcher.php line 133 OC\AppFramework\Http\Dispatcher->executeController(OCA\Richdocument ... {}, "index") 8. /var/www/html/lib/private/AppFramework/App.php line 172 OC\AppFramework\Http\Dispatcher->dispatch(OCA\Richdocument ... {}, "index") 9. /var/www/html/lib/private/Route/Router.php line 298 OC\AppFramework\App::main("OCA\\Richdocume ... r", "index", OC\AppFramework\ ... {}, {_route: "richdocuments.document.index"}) 10. /var/www/html/lib/base.php line 1023 OC\Route\Router->match("/apps/richdocuments/index") 11. /var/www/html/index.php line 36 OC::handleRequest() GET /apps/richdocuments/index?fileId=24&requesttoken=GEUg3eIWrJ%2BWj%2BlND8Jz8flzli9ThWS%2BUW4pwPxJFXI%3D%3AexwRjKd5666iyIR7avQbuJ9G7gAl3BPRPDlLhqoxUTw%3D&path=%2FDocuments%2FWelcome%20to%20Nextcloud%20Hub.docx ```

Now I'm suspect of my nginx config files. Can you spot anything wrong in them?

nginx_proxy/conf.d/nextcloud.conf

``` nginx server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name example.com www.example.com; include /etc/nginx/templates/ssl.tmpl; include /etc/nginx/templates/common.tmpl; #https://github.com/nextcloud/server/issues/8802#issuecomment-431610484 location ~ /\.(?!file).* { deny all; } location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $server_name; add_header Front-End-Https on; client_max_body_size 50G; proxy_buffering off; proxy_redirect off; proxy_pass http://10.0.0.1:10200; access_log /var/log/nginx/nextcloud.access.log; error_log /var/log/nginx/nextcloud.error.log; } # https://github.com/nextcloud/notify_push#reverse-proxy location ^~ /push/ { proxy_pass http://10.0.0.1:7867/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log /var/log/nginx/notify_push.access.log; error_log /var/log/nginx/notify_push.error.log; } # https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html#service-discovery location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/webfinger { return 301 $scheme://$host/index.php/.well-known/webfinger; } location = /.well-known/nodeinfo { return 301 $scheme://$host/index.php/.well-known/nodeinfo; } } ```

nginx_proxy/conf.d/collabora-online.conf

``` nginx server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name collaboraonline.example.com www.collaboraonline.example.com; include /etc/nginx/templates/ssl.tmpl; include /etc/nginx/templates/misc.tmpl; access_log /var/log/nginx/collaboraonline.access.log; error_log /var/log/nginx/collaboraonline.error.log; # https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-with-nginx-webserver # static files location ^~ /browser { proxy_pass https://10.0.0.1:9980; proxy_set_header Host $http_host; } # WOPI discovery URL location ^~ /hosting/discovery { proxy_pass https://10.0.0.1:9980; proxy_set_header Host $http_host; } # Capabilities location ^~ /hosting/capabilities { proxy_pass https://10.0.0.1:9980; proxy_set_header Host $http_host; } # main websocket location ~ ^/cool/(.*)/ws$ { proxy_pass https://10.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } # download, presentation and image upload location ~ ^/(c|l)ool { proxy_pass https://10.0.0.1:9980; proxy_set_header Host $http_host; } # Admin Console websocket location ^~ /cool/adminws { proxy_pass https://10.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } } ```

nextcloud-nginx.conf

``` nginx worker_processes auto; error_log /var/log/nginx/error.log notice; #pid isn't /var/run/nginx.pid because we are using nginx rootless pid /tmp/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; client_max_body_size 50G; proxy_request_buffering off; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; # Prevent nginx HTTP Server Detection server_tokens off; keepalive_timeout 65; upstream php-handler { server localhost:9000; } server { listen 10200; listen [::]:10200; server_name example.com www.example.com; # Path to the root of your installation root /var/www/html; # Prevent nginx HTTP Server Detection server_tokens off; # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; # set max upload size and increase upload timeout: client_max_body_size 50G; client_body_timeout 300s; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Pagespeed is not supported by Nextcloud, so if your server is built # with the `ngx_pagespeed` module, uncomment this line to disable it. #pagespeed off; # HTTP response headers borrowed from Nextcloud `.htaccess` add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; # Specify how to handle directories -- specifying `/index.php$request_uri` # here as the fallback means that Nginx always exhibits the desired behaviour # when a client requests a path that corresponds to a directory that exists # on the server. In particular, if that directory contains an index.php file, # that file is correctly served; if it doesn't, then the request is passed to # the front-end controller. This consistent behaviour means that we don't need # to specify custom rules for certain paths (e.g. images and other assets, # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus # `try_files $uri $uri/ /index.php$request_uri` # always provides the desired behaviour. index index.php index.html /index.php$request_uri; # Rule borrowed from `.htaccess` to handle Microsoft DAV clients location = / { if ( $http_user_agent ~ ^DavClnt ) { return 302 /remote.php/webdav/$is_args$args; } } location = /robots.txt { allow all; log_not_found off; access_log off; } # Make a regex exception for `/.well-known` so that clients can still # access it despite the existence of the regex rule # `location ~ /(\.|autotest|...)` which would otherwise handle requests # for `/.well-known`. location ^~ /.well-known { location /.well-known/acme-challenge { try_files $uri $uri/ =404; } location /.well-known/pki-validation { try_files $uri $uri/ =404; } # Let Nextcloud's API for `/.well-known` URIs handle all other # requests by passing them to the front-end controller. return 301 /index.php$request_uri; } # Rules borrowed from `.htaccess` to hide certain paths from clients location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } # Ensure this block, which passes PHP files to the PHP process, is above the blocks # which handle static assets (as seen below). If this block is not declared first, # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` # to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; fastcgi_max_temp_file_size 0; } # Rule borrowed from `.htaccess` location /remote { return 301 /remote.php$request_uri; } location / { try_files $uri $uri/ /index.php$request_uri; } ######################[New/modified config]###################### location ~ (!/roundcube/)\.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ { try_files $uri /index.php$request_uri; #add_header Cache-Control "public, max-age=15778463, $asset_immutable"; access_log off; # Optional: Don't log access to assets location ~ \.wasm$ { default_type application/wasm; } } location ~ (!/roundcube/)\.woff2?$ { try_files $uri /index.php$request_uri; expires 7d; # Cache-Control policy borrowed from `.htaccess` access_log off; # Optional: Don't log access to assets } #location /roundcube/ { # proxy_set_header X-Forwarded-Host $host:$server_port; # proxy_set_header X-Forwarded-Server $host; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_pass https://mail.example.com/; #} } } ```

[shoelzle]

@Igortorrente, In the config file nginx_proxy/conf.d/collabora-online.conf, your upstream URL is https://10.0.0.1:9980. Is you Colllabora instance really speaking HTTPS or is it plain HTTP without SSL?

[shoelzle]

@shoelzle That really fixed it! Strange, it didn't work before I added the location / part, but after removing it, it does...

Great :)

Only one more thing. Should I worry about any of these:

collabora  | wsd-00001-00043 2022-06-08 16:03:47.642380 +0000 [ docbroker_001 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722
collabora  | wsd-00001-00043 2022-06-08 16:03:51.858906 +0000 [ docbroker_001 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722
collabora  | wsd-00001-00001 2022-06-08 16:04:36.217104 +0000 [ coolwsd ] WRN  Waking up dead poll thread [update], started: false, finished: false| net/Socket.hpp:722
collabora  | wsd-00001-00043 2022-06-08 16:05:02.910563 +0000 [ docbroker_001 ] WRN  Ignoring attempted read from 30| net/Socket.hpp:1102
collabora  | wsd-00001-00034 2022-06-08 16:05:02.947615 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00035-00035 2022-06-08 16:05:03.817927 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/LFVlSjpuyRB9mFFz/tmp]| common/JailUtil.cpp:70
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00035-00035 2022-06-08 16:05:03.854671 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/LFVlSjpuyRB9mFFz/lo]| common/JailUtil.cpp:70
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00035-00035 2022-06-08 16:05:03.891174 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/LFVlSjpuyRB9mFFz]| common/JailUtil.cpp:70
collabora  | wsd-00001-00061 2022-06-08 16:10:44.536186 +0000 [ docbroker_002 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722
collabora  | wsd-00001-00061 2022-06-08 16:10:48.732485 +0000 [ docbroker_002 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:722
collabora  | wsd-00001-00061 2022-06-08 16:10:52.271611 +0000 [ docbroker_002 ] WRN  Dropping empty tile response: tile: nviewid=0 part=0 width=256 height=256 tileposx=0 tileposy=7680 tilewidth=3840 tileheight=3840 oldwid=10 wid=10 ver=62| wsd/DocumentBroker.cpp:2978
collabora  | wsd-00001-00061 2022-06-08 16:10:57.785654 +0000 [ docbroker_002 ] WRN  Ignoring attempted read from 28| net/Socket.hpp:1102
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00035-00035 2022-06-08 16:10:58.860113 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/GzdWYZapGwEEjGLQ/tmp]| common/JailUtil.cpp:70
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00035-00035 2022-06-08 16:10:58.896738 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/GzdWYZapGwEEjGLQ/lo]| common/JailUtil.cpp:70
collabora  | sh: 1: /usr/bin/coolmount: Operation not permitted
collabora  | frk-00035-00035 2022-06-08 16:10:58.933384 +0000 [ forkit ] ERR  Failed to unmount [/opt/cool/child-roots/GzdWYZapGwEEjGLQ]| common/JailUtil.cpp:70
collabora  | wsd-00001-00034 2022-06-08 16:11:16.578692 +0000 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3079

I also have these log messages in my Collabora logs, but I couldn't find any side effects, so I just decided to ignore them.

[Igortorrente]

@Igortorrente, In the config file nginx_proxy/conf.d/collabora-online.conf, your upstream URL is https://10.0.0.1:9980. Is you Colllabora instance really speaking HTTPS or is it plain HTTP without SSL?

I tried all combinations:

• Nextcloud communicating directly to collabora using http
• Nextcloud communicating directly to collabora using https
• Nextcloud communicating through the proxy using http between the proxy and collabora
• Nextcloud communicating through the proxy using https between the proxy and collabora

The first two doesn't work for me at all.
The third connects but I'm receiving this following message "Saved with error: Collabora Online should use the same protocol as the server installation."
And the last connects without any error.

(I'm using extra_params=--o:ssl.enable=false when http) (The aliasgroup that I'm using to test -e "aliasgroup1=https://example\\.com:443,https://collaboraonline\\.example\\.com:443")

[Igortorrente]

After spend some time reading all the comments and documentation I discovered that I forgot one backslash at some point. It's working with this cmd:

podman run --rm -it --cap-add MKNOD -e "aliasgroup1=https://example\\.com:443" -e server_name="collaboraonline.example.com" -v $PWD/configs/coolwsd.xml:/etc/coolwsd/coolwsd.xml -v $PWD/log/collabora-office/:/var/log/ -p 10.0.0.1:9980:9980 --name collabora-online collabora/code:21.11.5.0.1

Thank you all!!