search

CollaboraOnline / online

Collabora Online is a collaborative online office suite based on LibreOffice technology. This is also the source for the Collabora Office apps for iOS and Android.
https://collaboraonline.com
Other
1.78k stars 681 forks source link

CODE blocks requests from the host specified in the `domain` env variable #5267

Closed yogo1212 closed 2 years ago

yogo1212 commented 2 years ago

Describe the bug

CODE blocks requests from the host specified in the domain env variable. Real domain redacted. Nextcloud works normally under cloud.the.domain and CODE serves "OK" under office.the.domain.

ERR  Failed to add session to [https://cloud.the.domain:443/index.php/apps/richdocuments/wopi/files/54826_ocrto4zmrcr9] with URI [https://cloud.the.domain/index.php/apps/richdocuments/wopi/files/54826_ocrto4zmrcr9?access_token=Y3YJUhePWp7gUwFBYfcXLMlc7IsjIwuW&access_token_ttl=0]: No acceptable WOPI hosts found matching the target host [cloud.the.domain] in config.
docker exec -it office /bin/bash -c 'env' | grep domain
domain=cloud\\.the\\.domain

To Reproduce Steps to reproduce the behavior:

  1. Open any docx file stored in Nextcloud
  2. See error

Expected behavior An editor opens.

Actual behavior A white page showing an error message and a 'Close' button pops up.

Because it's a nice page, it doesn't allow selecting text so I have to remember and type: Failed to load Nextcloud Office - please try again later.

Desktop (please complete the following information)

Additional context Nextcloud and CODE are hosted on the same machine using docker. Nginx terminates SSL for both.

yogo1212 commented 2 years ago

i managed to get a bit closer myself:

                <group>
                    <host desc="hostname to allow or deny." allow="true">http://cloud\\.the\\.domain:80</host>
                </group>

should that still be regex-escaped? how about the slashes? looking for the code that generates that now.

yogo1212 commented 2 years ago

while digging through the code of start-collabora-online, i noticed two things:

  1. SSL is terminated by nginx. the container only sees plain http (on 9980) - which is what i want with extra_params=--o:ssl.enable=false --o:ssl.termination=true. domain is used together with these settings to produce an entry with https. the wrong port (80 vs. 443) is added for consistency :grin:
  2. the docs are very specific about escaping the env value with double-backslash which, being an obedient citizen, i did: 'domain=cloud\\.upsii\\.de' anyone sees it?
    resolution

    the double-backslash imperative assumes double-quoted shell expansion. single quotes don't mangle backslashes. i wouldn't recommend double-quotes to build regexes :-)

so, i ended up with:

    -e 'aliasgroup1=https://cloud\.the\.domain:443'

EDIT: forgot the most important thing: it works like that! here's to hoping that people with a similar problem will find this issue :beers: