search

owncloud / ocis

:atom_symbol: ownCloud Infinite Scale Stack
https://doc.owncloud.com/ocis/next/
Apache License 2.0
1.4k stars 183 forks source link

Can't create or open office documents with WOPI in oCIS test Deployment `ocis_full` #9779

Closed igdete closed 3 months ago

igdete commented 3 months ago

Describe the bug

Unable to create or open office document in oCIS with WOPI in the collabora or the onlyoffice. I use your development guide https://owncloud.dev/ocis/deployment/ocis_full/

Steps to reproduce

  1. Upgrade server apt update && apt upgrade -y and install docker and docker compose https://docs.docker.com/engine/install/ubuntu/
  2. Add domain names to the /etc/hosts 
    127.0.0.1 ocis.owncloud.test
127.0.0.1 traefik.owncloud.test
127.0.0.1 collabora.owncloud.test
127.0.0.1 onlyoffice.owncloud.test
127.0.0.1 wopiserver.owncloud.test
127.0.0.1 mail.owncloud.test
127.0.0.1 companion.owncloud.test
127.0.0.1 minio.owncloud.test
  3. Clone repo git clone https://github.com/owncloud/ocis.git --depth 1, go to cd ocis/deployments/examples/ocis_full and edit .env 
    
LOG_DRIVER=
INSECURE=true

TRAEFIK_DASHBOARD= TRAEFIK_DOMAIN= TRAEFIK_BASIC_AUTH_USERS= TRAEFIK_ACME_MAIL= TRAEFIK_ACME_CASERVER=

OCIS=:ocis.yml OCIS_DOCKER_IMAGE= OCIS_DOCKER_TAG= OCIS_DOMAIN=ocis.owncloud.test ADMIN_PASSWORD=test123 DEMO_USERS= LOG_LEVEL= LOG_PRETTY=true

S3NG=:s3ng.yml

S3NG_ENDPOINT= S3NG_REGION= S3NG_ACCESS_KEY= S3NG_SECRET_KEY= S3NG_BUCKET=

S3NG_MINIO=:minio.yml

MINIO_DOMAIN=

SMTP_HOST=

SMTP_PORT= SMTP_SENDER= SMTP_USERNAME= SMTP_PASSWORD= SMTP_AUTHENTICATION= SMTP_INSECURE=

TIKA=:tika.yml TIKA_IMAGE=

COLLABORA=:collabora.yml COLLABORA_DOMAIN=collabora.owncloud.test WOPISERVER_DOMAIN=wopiserver.owncloud.test COLLABORA_ADMIN_USER=admin COLLABORA_ADMIN_PASSWORD=test123 COLLABORA_SSL_ENABLE=false COLLABORA_SSL_VERIFICATION=false

CLOUD_IMPORTER=:cloudimporter.yml

COMPANION_IMAGE= COMPANION_DOMAIN= COMPANION_ONEDRIVE_KEY= COMPANION_ONEDRIVE_SECRET=

CLAMAV=:clamav.yml

CLAMAV_DOCKER_TAG=

ONLYOFFICE=:onlyoffice.yml ONLYOFFICE_DOMAIN=onlyoffice.owncloud.test WOPISERVER_ONLYOFFICE_DOMAIN=wopiserver.owncloud.test

INBUCKET=:inbucket.yml

INBUCKET_DOMAIN=

COMPOSE_FILE=docker-compose.yml${OCIS:-}${TIKA:-}${S3NG:-}${S3NG_MINIO:-}${COLLABORA:-}${MONITORING:-}${CLOUD_IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}

4. Run `docker compose up -d`
5. After 2 min open `ocis.owncloud.test` in google-chrome and press NEW button

## Expected behavior
**A clear and concise description of what you expected to happen.**
The menu contains items with documents

## Actual behavior
**A clear and concise description of what happened.**
There are no items with documents, and if i upload document 
![1](https://github.com/user-attachments/assets/d8876860-8d44-49d2-905f-f4741ebc0cfe)

There are no items with documents. If I download a document and open it, the document is downloaded instead of opening in the browser
![2](https://github.com/user-attachments/assets/757985ae-5ee9-43ea-83ea-edd109e52061)

## Setup
**Please describe how you started the server and provide a list of relevant environment variables or configuration files.**
Ubuntu 24.04
04 (4cpu, 16G ram, 70G ssd) in the virtualbox 
Docker version 27.1.1, build 6312585
Docker Compose version v2.29.1
Google-Chrome Version 127

Info
ownCloud    Infinite Scale
Edition Community
Version 5.1.0-prealpha+42e1d39da
Web client version  9.0.0-alpha.7

**Logs and configs**
<details>
<p>

```console
AME                           IMAGE                             COMMAND                  SERVICE            CREATED             STATUS                          PORTS
ocis_full-collabora-1          collabora/code:24.04.5.1.1        "bash -c 'coolconfig…"   collabora          About an hour ago   Up About an hour (healthy)      9980/tcp
ocis_full-collaboration-1      owncloud/ocis:latest              "/bin/sh -c 'ocis co…"   collaboration      About an hour ago   Restarting (1) 48 seconds ago   
ocis_full-collaboration-oo-1   owncloud/ocis:latest              "/bin/sh -c 'ocis co…"   collaboration-oo   About an hour ago   Restarting (1) 48 seconds ago   
ocis_full-ocis-1               owncloud/ocis:latest              "/bin/sh -c 'ocis in…"   ocis               About an hour ago   Up About an hour                9200/tcp
ocis_full-onlyoffice-1         onlyoffice/documentserver:8.1.0   "/bin/sh /entrypoint…"   onlyoffice         About an hour ago   Up About an hour (healthy)      80/tcp, 443/tcp
ocis_full-tika-1               apache/tika:latest-full           "/bin/sh -c 'exec ja…"   tika               About an hour ago   Up About an hour                9998/tcp
ocis_full-traefik-1            traefik:v3.0.3                    "/entrypoint.sh --lo…"   traefik            About an hour ago   Up About an hour                0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp

Logs collaboration

# docker compose logs collaboration
...
collaboration-1  | 2024/08/12 10:36:42 INFO memory is not limited, skipping package=github.com/KimMachineGun/automemlimit/memlimit
collaboration-1  | The WOPI secret has not been set properly in your config for collaboration. Make sure your /etc/ocis config contains the proper values (e.g. by running ocis init or setting it manually in the config/corresponding environment variable).
collaboration-1  | 2024/08/12 10:37:43 INFO memory is not limited, skipping package=github.com/KimMachineGun/automemlimit/memlimit
collaboration-1  | The WOPI secret has not been set properly in your config for collaboration. Make sure your /etc/ocis config contains the proper values (e.g. by running ocis init or setting it manually in the config/corresponding environment variable).

Logs collaboration-oo

# docker compose logs collaboration-oo
...
collaboration-oo-1  | 2024/08/12 10:37:11 INFO memory is not limited, skipping package=github.com/KimMachineGun/automemlimit/memlimit
collaboration-oo-1  | The WOPI secret has not been set properly in your config for collaboration. Make sure your /etc/ocis config contains the proper values (e.g. by running ocis init or setting it manually in the config/corresponding environment variable).
collaboration-oo-1  | 2024/08/12 10:38:12 INFO memory is not limited, skipping package=github.com/KimMachineGun/automemlimit/memlimit
collaboration-oo-1  | The WOPI secret has not been set properly in your config for collaboration. Make sure your /etc/ocis config contains the proper values (e.g. by running ocis init or setting it manually in the config/corresponding environment variable).

Make sure your /etc/ocis config contains the proper values, as far as I can see values 

# docker compose exec -it ocis /bin/sh
$ ocis init
2024/08/12 10:38:59 INFO memory is not limited, skipping package=github.com/KimMachineGun/automemlimit/memlimit
2024/08/12 10:38:59 Could not create config: config in /etc/ocis/ocis.yaml already exists
$ cat /etc/ocis/ocis.yaml
token_manager:
  jwt_secret: h+IZu8ya7%BqA8zwUo=x+-wXqgY=HYme
machine_auth_api_key: .O8nc&=7&YM^cb5&j#sQ2w@cUGf%#X-W
system_user_api_key: Dcr$nOILpx+d86Y*PB4blWc0okj#eSZj
transfer_secret: 7=Hj2YX.ZXuK!U0ytuTrzG8nqTIomGzO
system_user_id: 47d44ebc-6979-4d09-8232-66cfdd1ff934
admin_user_id: 215293d3-0a64-48c9-bd64-9e1b8e56b86d
graph:
  application:
    id: 8773cc28-e25b-4ddc-836f-5d22123da53e
  events:
    tls_insecure: true
  spaces:
    insecure: true
  identity:
    ldap:
      bind_password: '*SFA8QG=OHGSr$0qr^y1w$0jrTdZE=d7'
  service_account:
    service_account_id: 3ff2d7a8-efb4-45e3-ba78-3480ce6d5e07
    service_account_secret: '!YRcvYNpvjV-yA6TPcP2zO7!weFq+bR6'
idp:
  ldap:
    bind_password: jTD-okiRib7zAKlQaK=ogQJfQ5xik9.g
idm:
  service_user_passwords:
    admin_password: test123
    idm_password: '*SFA8QG=OHGSr$0qr^y1w$0jrTdZE=d7'
    reva_password: ftxSi7QIIiUnzxlIZUth&z7$tNCsOA%=
    idp_password: jTD-okiRib7zAKlQaK=ogQJfQ5xik9.g            
collaboration:                                      
  wopiapp:                                                  
    insecure: true                                            
    secret: 3DsU+&momQFVjNki#.VEp=q^@kRf9*sb        
proxy:                                                      
  oidc:                                                       
    insecure: true                                  
  insecure_backends: true                                   
  service_account:                                            
    service_account_id: 3ff2d7a8-efb4-45e3-ba78-3480ce6d5e07
    service_account_secret: '!YRcvYNpvjV-yA6TPcP2zO7!weFq+bR6'
frontend:                                                     
  app_handler:                                              
    insecure: true                                            
  archiver:                                                   
    insecure: true                                          
  service_account:                                            
    service_account_id: 3ff2d7a8-efb4-45e3-ba78-3480ce6d5e07
    service_account_secret: '!YRcvYNpvjV-yA6TPcP2zO7!weFq+bR6'
auth_basic:                                                   
  auth_providers:                                           
    ldap:                                                     
      bind_password: ftxSi7QIIiUnzxlIZUth&z7$tNCsOA%=
auth_bearer:                                                  
  auth_providers:                                             
    oidc:                                                     
      insecure: true                                          
users:                                                        
  drivers:                                                    
    ldap:                                                     
      bind_password: ftxSi7QIIiUnzxlIZUth&z7$tNCsOA%=         
groups:                                                       
  drivers:                                                    
    ldap:                                                     
      bind_password: ftxSi7QIIiUnzxlIZUth&z7$tNCsOA%=         
ocdav:                                                        
  insecure: true                                              
ocm:                                                          
  service_account:                                          
    service_account_id: 3ff2d7a8-efb4-45e3-ba78-3480ce6d5e07  
    service_account_secret: '!YRcvYNpvjV-yA6TPcP2zO7!weFq+bR6'
thumbnails:                                                 
  thumbnail:                                                  
    transfer_secret: PVoawETrjrM^.bbAo*-JtGR5T!FKFQwO
    webdav_allow_insecure: true                               
    cs3_allow_insecure: true                                  
search:                                                       
  events:                                                     
    tls_insecure: true                                        
  service_account:                                            
    service_account_id: 3ff2d7a8-efb4-45e3-ba78-3480ce6d5e07  
    service_account_secret: '!YRcvYNpvjV-yA6TPcP2zO7!weFq+bR6'
audit:                                                        
  events:                                                     
    tls_insecure: true                                        
settings:                                                     
  service_account_ids:                                        
  - 3ff2d7a8-efb4-45e3-ba78-3480ce6d5e07                      
sharing:                                                      
  events:                                                     
    tls_insecure: true                                        
storage_users:                                                
  events:                                                   
    tls_insecure: true                                        
  mount_id: 51339fd7-76e1-4439-bb4c-332f033e5b7a              
  service_account:                                          
    service_account_id: 3ff2d7a8-efb4-45e3-ba78-3480ce6d5e07  
    service_account_secret: '!YRcvYNpvjV-yA6TPcP2zO7!weFq+bR6'
notifications:                                                
  notifications:                                              
    events:                                                   
      tls_insecure: true                                      
  service_account:                                            
    service_account_id: 3ff2d7a8-efb4-45e3-ba78-3480ce6d5e07  
    service_account_secret: '!YRcvYNpvjV-yA6TPcP2zO7!weFq+bR6'
nats:                                                         
  nats:                                                       
    tls_skip_verify_client_cert: true                         
gateway:                                                      
  storage_registry:                                           
    storage_users_mount_id: 51339fd7-76e1-4439-bb4c-332f033e5b7a
userlog:                                                      
  service_account:                                            
    service_account_id: 3ff2d7a8-efb4-45e3-ba78-3480ce6d5e07    
    service_account_secret: '!YRcvYNpvjV-yA6TPcP2zO7!weFq+bR6'
auth_service:                                                 
  service_account:                                              
    service_account_id: 3ff2d7a8-efb4-45e3-ba78-3480ce6d5e07  
    service_account_secret: '!YRcvYNpvjV-yA6TPcP2zO7!weFq+bR6'
clientlog:                                                      
  service_account:                                            
    service_account_id: 3ff2d7a8-efb4-45e3-ba78-3480ce6d5e07  
    service_account_secret: '!YRcvYNpvjV-yA6TPcP2zO7!weFq+bR6'  
activitylog:                                                  
  service_account:
    service_account_id: 3ff2d7a8-efb4-45e3-ba78-3480ce6d5e07  
    service_account_secret: '!YRcvYNpvjV-yA6TPcP2zO7!weFq+bR6'

Additional context

Add any other context about the problem here. I tried changing several versions 5.0.1 and 5.0.6 in OCIS_DOCKER_TAG in .env but it did not help. Deployment with document servers doesn't work? Or do I need to specify some specific other apps versions? Where?

micbar commented 3 months ago

See the error message in the collaboration service log. Wopi secret is not set. You are coming from an older version of ocis.

igdete commented 3 months ago

@micbar thanks for your reply. Could you please clarify?

Wopi secret is not set.

Where should I set it? I didn't see variable it in .env https://github.com/owncloud/ocis/blob/master/deployments/examples/ocis_full/.env

You are coming from an older version of ocis.

Do you mean OCIS_DOCKER_IMAGE and OCIS_DOCKER_TAG? Can you tell me actual version?

micbar commented 3 months ago

@igdete I am on vacation for the next two weeks.

@rhafer could you help?

the new ocis_full example only works with the latest rolling release (6.2.0)

igdete commented 3 months ago

@micbar thanks again, you are right, its work with OCIS_DOCKER_IMAGE=owncloud/ocis-rolling and OCIS_DOCKER_TAG=6.2.0. Have a nice vacation..:)

Hi @rhafer, in the guide https://owncloud.dev/ocis/deployment/ocis_full/ the production environment owncloud/ocis is used by default, but it doesn't work with this example. What do you think about adding production compatibility for this example?

rhafer commented 3 months ago

What do you think about adding production compatibility for this example?

The example relies on features that are not yet available in the latest "production" release. E.g. we replace the external wopi servcie with the new built-in "collaboration" service. This is not something we can easily backport to the production branch.

For now I think we should make the ocis_full example default to the latest "rolling" image and add a note to the documentation that it requires at least a 6.2.0 release.