Collabora working but get error: net/Socket.hpp ERR: Read failed, have 0 buffered bytes

[zeigerpuppy]

Describe the bug

I have set up collabora office with Netxcloud as follows:

• collabora (docker-compose) latest: v22.05.14.3
• nextcloud v24 (running in VM) with "Nextcloud Office" app
• reverse proxy - HAPROXY (pfSense)
• SSL certs via Letsencrypt

Collabora can load documents, although the initial loading appears quite slow.

In the docker-compose logs, there is a frequent error (every 1 sec):

ccollabora | wsd-00001-00043 2023-05-25 15:11:17.158578 +1000 [ websrv_poll ] ERR  #21: Read failed, have 0 buffered bytes (ECONNRESET: Connection reset by peer)| net/Socket.hpp:1136
collabora | wsd-00001-00043 2023-05-25 15:11:17.158578 +1000 [ websrv_poll ] ERR  #21: Read failed, have 0 buffered bytes (ECONNRESET: Connection reset by peer)| net/Socket.hpp:1136

There are no errors in the web browser console log

To Reproduce Steps to reproduce the behavior:

1. start collabora container with docker-compose up -d
2. open logs with docker-compose logs -f

Expected behavior Not sure whether this error is significant, it seems to be related to a socket issue, perhaps resetting too frequently?

Desktop (please complete the following information)

• OS: Linux
• Browser: Firefox
• Version: 102.10.0esr

Additional context

docker-compose.yml (sanitised domains):

version: '2'

services:
    collabora:
        restart: unless-stopped
        image: collabora/code:latest
        container_name: collabora
        ipc: private
        shm_size: 128M
        cap_add:
            - MKNOD
        ports:
            - 9980:9980
        environment:
            - username=XX
            - password=XXXXXXXX
            - aliasgroup1=https://nextcloud.server.net:443
            - server_name=https://collabora.dockerserver.net:443
            - TZ=Australia/Melbourne
            - dictionaries=en_GB en_US
            - extra_params=--o:ssl.enable=false --o:ssl.termination=true

HAPROXY config (sanitised domains and IP addresses):

# Automaticaly generated, dont edit manually.
# Generated on: 2023-05-25 14:14
global
    maxconn         10000
    log         /var/run/log    local0  info
    stats socket /tmp/haproxy.socket level admin  expose-fd listeners
    uid         80
    gid         80
    nbproc          1
    nbthread            1
    hard-stop-after     15m
    chroot              /tmp/haproxy_chroot
    daemon
    tune.ssl.default-dh-param   2048
    server-state-file /tmp/haproxy_server_state

frontend parent.domain.net-merged
    bind            103.XX.XX.XX:80 name 103.XX.XX.XX:80   
    bind            103.XX.XX.XX:443 name 103.XX.XX.XX:443   ssl crt-list /var/etc/haproxy/parent.domain.net.crt_list  
    mode            http
    log         global
    option          http-keep-alive
    option          forwardfor
    acl https ssl_fc
    http-request set-header     X-Forwarded-Proto http if !https
    http-request set-header     X-Forwarded-Proto https if https
    timeout client      30000
    redirect scheme https code 301 if !{ ssl_fc }
    acl         caldav-endpoint var(txn.txnpath) -m beg -i /.well-known/caldav
    acl         carddav-endpoint    var(txn.txnpath) -m beg -i /.well-known/carddav
    acl         host_ws var(txn.txnhost) -m beg -i ws.
    acl         hdr_connection_upgrade  hdr(Connection) -i upgrade
    acl         hdr_upgrade_websocket   hdr(Upgrade) -i websocket
    acl         collabora.dockerserver.net var(txn.txnhost) -m str -i collabora.dockerserver.net
    acl         aclcrt_collabora.dockerserver.net   var(txn.txnhost) -m reg -i ^collabora\.dockersever\.net(:([0-9]){1,5})?$
    acl         nextcloud.server.net    var(txn.txnhost) -m str -i nextcloud.server.net
    acl         aclcrt_nextcloud.server.net var(txn.txnhost) -m reg -i ^nextcloud\.server\.net(:([0-9]){1,5})?$
    http-request set-var(txn.txnhost) hdr(host)
    http-request set-var(txn.txnpath) path
    http-request set-path /remote.php/dav  if  caldav-endpoint aclcrt_nextcloud.server.net
    http-request set-path /remote.php/dav  if  carddav-endpoint aclcrt_nextcloud.server.net
    http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"  if  nextcloud.server.net aclcrt_nextcloud.server.net
    use_backend docker_on_server_ipvANY  if   aclcrt_collabora.dockerserver.net
    use_backend nc_vm_server_ipvANY  if   aclcrt_nextcloud.server.net

backend docker_on_server_ipvANY
    mode            http
    id          108
    log         global
    timeout connect     60000
    timeout server      30000
    retries         3
    server          server 192.XX.XX.2:9980 id 105 check inter 1000  

backend nc_vm_server_ipvANY
    mode            http
    id          109
    log         global
    timeout connect     60000
    timeout server      30000
    retries         3
    server          nc.vm.server 192.XX.XX.19:80 id 105 check inter 1000

[DanScharon]

this seems to be related to the availability checks by HAProxy. coolwsd/openssl doesn't seem satisfied with the way that HAProxy resets these connections.

After an upgrade to COOL 23.05 the log spam even seems worse. I get entries like:

[ websrv_poll ] ERR  #38: Error while handling poll at 0 in websrv_poll: #38 (read): unknown. BIO error: 167772454, rc: 0: error:0A000126:SSL routines::unexpected eof while reading:
 coolwsd[1244]: 0077BA89DF7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:303:
coolwsd[1244]: | net/Socket.cpp:464

[DanScharon]

@zeigerpuppy add this to your docker_on_server_ipvANY backend definition:

        option httpchk HEAD / HTTP/1.1
        http-check send hdr Host foo

replace foo with a value of your liking. httpcheck doesn't work if a Host header isn't also explicitly set, but coolwsd doesn't seem to care about its value.

The log spam should vanish afterwards.