Wrong protocol for TemplateSource URL when using nextcloud behind a proxy

[k-jell]

Describe the bug I run nextcloud behind a proxy (traefik) which does SSL-termination and another proxy for authentification:

browser ---> Traefik (https termination) ---> Auth Proxy ---> Nextcloud

collabora is setup in a similar way. But internally collabora and nextcloud can communicate over http using the internal ip addresses.

I have set overwriteprotocol to https. Now whenever I create a new document using the "New" Button and try to open it for the first time I get an error:

Failed to read document from storage, please try to load the document again.

Please check the Collabora Online server log for more details and make sure that Nextcloud can be reached from there.

The problem is that collabora gets the wrong URL from nextcloud (https instead of http which is used for the internal communication between collabora and nextcloud):

wsd-00009-00075 2024-04-11 13:40:45.834391 +0000 [ docbroker_004 ] DBG  WOPI::CheckFileInfo: {"BaseFileName":"New document (1).odt","DisableCopy":false,"DisableExport":false,"DisablePrint":false,"DownloadAsPostMessage":false,"EnableInsertRemoteImage":true,"EnableRemoteLinkPicker":true,"EnableShare":true,"HideExportOption":false,"HidePrintOption":false,"HideUserList":"","IsUserLocked":false,"LastModifiedTime":"2024-04-11T13:40:34.000000Z","OwnerId":"admin.example","PostMessageOrigin":"https://nextcloud28.example.org/","Size":1268,"SupportsLocks":false,"SupportsRename":true,"TemplateSource":"https://10.66.60.1:9968/index.php/apps/richdocuments/wopi/template/112?access_token=FtHZIfsoGHjVmfG6EJ8uLmagI7CAkxJY","UserCanNotWriteRelative":false,"UserCanRename":true,"UserCanWrite":true,"UserExtraInfo":{"avatar":"https://10.66.60.1:9968/avatar/admin.example/64","is_admin":true},"UserFriendlyName":"admin.example","UserId":"admin.example","UserPrivateInfo":{"ZoteroAPIKey":""},"Version":"0"}| wsd/Storage.cpp:835

Then collabora fails to open the document (see logs).

If I disable overwriteprotocol it does work, but this brings other problems (the authproxy redirect having the wrong scheme - I am using the sociallogin app).

All other communication with collabora works fine.

This is where the URL is set:

https://github.com/nextcloud/richdocuments/blob/7c5bc7a18eb108b677bb0ec4600b0a40503c3eef/lib/Controller/WopiController.php#L196-L199

But we explicitly set the wopi_callback_url so I think that should be used instead of the generated URL here.

Expected behavior Create document and being able to open it without error. Correct IP is sent to collabora. Nextcloud version:

Server details

Operating system:

Web server:

Database:

PHP version:

Nextcloud version: 28.0.3 Version of the richdocuments app 8.3.2 Version of Collabora Online 23.05.8.2.1 Configuration of the richdocuments app

{
    "apps": {
        "richdocuments": {
            "disable_certificate_verification": "yes",
            "enabled": "yes",
            "installed_version": "8.3.3",
            "public_wopi_url": "https:\/\/collabora.example.org",
            "types": "prevent_group_restriction",
            "wopi_callback_url": "http:\/\/10.66.60.1:9968",
            "wopi_url": "http:\/\/10.66.60.1:9948"
        }
    }
}

Logs

#### Collabora log ``` wsd-00009-00167 2024-04-11 16:07:14.247072 +0000 [ docbroker_00b ] ERR WOPI::GetFile [https://10.66.60.1:9968/index.php/apps/richdocuments/wopi/template/113?access_token=ysFUCxMxIewOUV8SpCJak3iCFsxKKLZj] failed with Status Code: 0 (Unknown)| wsd/Storage.cpp:1149 wsd-00009-00167 2024-04-11 16:07:14.247105 +0000 [ docbroker_00b ] ERR Could not download template from [https://10.66.60.1:9968/index.php/apps/richdocuments/wopi/template/113?access_token=ysFUCxMxIewOUV8SpCJak3iCFsxKKLZj]. Error: WOPI::GetFile [https://10.66.60.1:9968/index.php/apps/richdocuments/wopi/template/113?access_token=ysFUCxMxIewOUV8SpCJak3iCFsxKKLZj] failed: | wsd/Storage.cpp:1045 wsd-00009-00167 2024-04-11 16:07:14.247164 +0000 [ docbroker_00b ] ERR loading document exception: WOPI::GetFile [https://10.66.60.1:9968/index.php/apps/richdocuments/wopi/template/113?access_token=ysFUCxMxIewOUV8SpCJak3iCFsxKKLZj] failed: | wsd/DocumentBroker.cpp:2679 wsd-00009-00167 2024-04-11 16:07:14.247190 +0000 [ docbroker_00b ] ERR Failed to add session to [http%3A%2F%2F10.66.60.1%3A9968%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F149_ock7mh6x4x26] with URI [http://10.66.60.1:9968/index.php/apps/richdocuments/wopi/files/149_ock7mh6x4x26?access_token=ysFUCxMxIewOUV8SpCJak3iCFsxKKLZj&access_token_ttl=0]: WOPI::GetFile [https://10.66.60.1:9968/index.php/apps/richdocuments/wopi/template/113?access_token=ysFUCxMxIewOUV8SpCJak3iCFsxKKLZj] failed: | wsd/DocumentBroker.cpp:2641 wsd-00009-00167 2024-04-11 16:07:14.247214 +0000 [ docbroker_00b ] ERR Storage error while starting session on http%3A%2F%2F10.66.60.1%3A9968%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F149_ock7mh6x4x26 for socket #18. Terminating connection. Error: WOPI::GetFile [https://10.66.60.1:9968/index.php/apps/richdocuments/wopi/template/113?access_token=ysFUCxMxIewOUV8SpCJak3iCFsxKKLZj] failed: | wsd/COOLWSD.cpp:5434 wsd-00009-00167 2024-04-11 16:07:14.247311 +0000 [ docbroker_00b ] ERR #18: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1445 wsd-00009-00167 2024-04-11 16:07:14.255385 +0000 [ docbroker_00b ] ERR #26: Read failed, have 0 buffered bytes (ECONNRESET: Connection reset by peer)| net/Socket.hpp:1137 wsd-00009-00167 2024-04-11 16:07:14.255415 +0000 [ docbroker_00b ] WRN #26: Unassociated Kit (158) disconnected unexpectedly| wsd/COOLWSD.cpp:3851 ```

[juliushaertl]

Thanks a lot for reporting and providing such a insightful issue.

I prepared a fix for this in https://github.com/nextcloud/richdocuments/pull/3580, testing is very welcome :)