Nextcloud docker (Collabora) DNS does not resolve (with possible solution)

[aaaskew]

Collabora docker image incorrectly requires Internet gateway port forwarding and loopback connection from docker image to external Internet gateway IP address back to the Nextcloud server due to bad default DNS setup.

Can the VM be improved or at least FAQ documentation.

Steps to reproduce

1. Install Nextcloud VM with Collabora docker image.
2. Set fixed IP address, gateway and DNS server in Ubuntu netplan config file. Note DNS server is on another server in the subnet.
3. Stop port forwarding on Internet gateway to Nextcloud server on 192.168.0.100:443.
4. Try to edit a document using Nextcloud Collabora

Expected behaviour

It is possible to edit a document

Actual behaviour

Collabora cannot open the document. nextcloud.domain.net inside Collabora docker image resolves to external IP address of Internet gateway. This is not good as it means that all Collabora document opens are going via the Internet gateway when they can be connected directly on the VM.

The problem is with systemd-resolve or docker settings. The VM /etc/hosts file does not appear to be used inside the Collabora docker image and it gets DNS settings from systemd-resolve which has per-interface DNS resolvers. Setting a fixed DNS server against an interface in Netplan only affects that interface and not the docker interface.

I fixed the problem by setting the systemd-resolve default DNS server. See proposed fix below. Maybe there is a better way of solving this?

Please fix or document in FAQ what needs to be done

Server configuration

Nextcloud server version: (see your admin page) 18.0.4

Server OS (Ubuntu server is default) Default - Ubuntu 18.04.4

How did you install the VM? (Scripted install from master OR Released version) Release install

Network

Do you use DHCP? No

Is port 80 and/or 443 open? On Internet gateway, port forwarding done during installation only. Removed afterwards.

Logs / Screenshots

Netplan config file (/etc/netplan/01-netcfg.yaml)

network:
   version: 2
   renderer: networkd
   ethernets:
       enp0s3: #object name
         dhcp4: no # dhcp v4 disable
         dhcp6: no # dhcp v6 disable
         addresses: [192.168.0.100/24] # client IP address
         gateway4: 192.168.0.1 # gateway address
         nameservers:
           addresses: [192.168.0.50] #name servers

Log file (docker logs xxx)

wsd-00006-00036 2020-04-27 17:10:00.790250 [ docbroker_001 ] ERR  Cannot get file info from WOPI storage uri [https://nextcloud.domain.net/index.php/apps/richdocuments/wopi/files/xxx?access_token=xxx&access_token_ttl=0]. Error: Connection refused| wsd/Storage.cpp:564

SystemD resolver before fix (systemd-resolve --status)

Global
         DNS Servers: 9.9.9.9 ...
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
...
Link 3 (docker0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 2 (enp0s3)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.0.50

Proposed fix (/etc/systemd/resolved.conf)

...
[Resolve]
DNS=192.168.0.50
...

[enoch85]

Thanks for your detailed issue!

The reason that we require a valid domain is that when this was made, self-signed certs didn't work.

You are welcome with a PR for review. :eyes:

Thanks!

[aaaskew]

I don't feel comfortable providing a pull request for a couple of reasons. Formost amongst those is that the change to the resolved.conf file is dependant on setting a fixed IP address and DNS server in Ubuntu Netplan. When you make that change, you also need to make this change. If someone can point me to an installation script for fixed DNS server settings then maybe this file can be edited in the same place.

Should this be a documentation improvement instead for people who set a fixed IP address?

The other reason for my uncertainty is that I don't know if this the right thing to do or if the docker image or setup for Collabora should be changed.

I don't have enough technical knowledge to know if it is possible to add a DNS server to a docker interface automatically when adding the Collabora docker image or if the Collabora image should not check the /etc/hosts file before DNS?

[enoch85]

DNS is set here: https://github.com/nextcloud/vm/blob/master/nextcloud_install_production.sh#L172 and here: https://github.com/nextcloud/vm/blob/master/static/static_ip.sh#L121 which is this: https://github.com/nextcloud/vm/blob/master/lib.sh#L46

Should this be a documentation improvement instead for people who set a fixed IP address?

It would be even better if everything worked as intended, which I think it does now. But you are welcome to improve it of course. :+1:

[aaaskew]

Thanks for the update. I am not a coder nowadays, or at least very rusty, and have not used Git for more than commenting. I will see if I can make some changes but this will take time.

I would like to see if I can pull a DNS server from DHCP rather than using the subnet gateway or at least provide the ability to set it manually.

[enoch85]

No worries, let it take the time it needs. :)

Thanks! :+1:

[enoch85]

@aaaskew Any update here?

[aaaskew]

I have been otherwise occupied. I got as far as the following script line which extracts all unique entries from the DHCP leases file. The aim would be that this would be one of the options selectable when picking a DNS server. The list being

Set DNS:

• Discovered by DHCP (192.168.0.1)
• Manual: ___

• OpenDNS?

  cat /var/lib/dhcp/dhclient.leases2 | grep 'option domain-name-servers' | sed -r 's/^.?option domain-name-servers (.);/\1/' | sed 's/\,/\n/g' | sort -u | tr '\n' ' ' | sed 's/ $//'

  ::1 192.168.0.1

When I eventually get back to it, I would embbed something like this to set the DNS server.

[enoch85]

OK, waiting for your PR. :) :+1:

[aaaskew]

Pull request #1306 created, although it might need some style fixes