403 Forbidden and Access Denied to Nextcloud URL - can't open any files

Hi everyone.
I moved from the old Ubuntu-provided docker to docker from the official repo. This turned docker-compose into ‘docker compose’.

All other containers work fine, however Collabora is broken.

Specifically, Collabora used to work fine with my existing configuration, but it broke as soon as I moved to the official docker repo.

Here is a sample of the error messages I get in the container logs:

WOPI::CheckFileInfo failed for URI [https://nextcloud-domain/index.php/apps/richdocuments/wopi/files/2701334_oceyq4ovwzku?access_token=1ZmkWqkyoXhM26lFhcqISS2mumkxuNUS&access_token_ttl=0]: 403 (Forbidden) Forbidden.

and

wsd-00001-00063 2024-10-19 23:08:28.263228 +0000 [ websrv_poll ] ERR  #31: Access denied to [https://nextcloud-domain/index.php/apps/richdocuments/wopi/files/2701334_oceyq4ovwzku?access_token=1ZmkWqkyoXhM26lFhcqISS2mumkxuNUS&access_token_ttl=0]| wsd/wopi/CheckFileInfo.cpp:105

So, I cannot open any files from within Nextcloud with Collabora.

In Nextcloud Office admin settings, I get:

Collabora Online server is reachable.

Collabora Online Development Edition 24.04.4.2 fbf97e9

URL used by the browser: https://collabora-domain
Nextcloud URL used by Collabora: https://nextcloud-domain (Determined from the browser URL)

The Collabora admin UI works fine over the web, I can login etc.

But Collabora doesn’t work from within Nextcloud.

My docker-compose.yml:

services:
  collabora:
    image: collabora/code
    container_name: collabora
    restart: always
    cap_add:
      - MKNOD
    environment:
      - username=admin
      - password=password
      - aliasgroup1="https://nextcloud-domain:443"
      - extra_params=--o:welcome.enable=false --o:hexify_embedded_urls=true
      - server_name=collabora-domain
      - "d:net.proto=IPv4"
    ports:
      - 127.0.0.1:9980:9980

I can’t for the life of me find any officially recommended docker-compose.yml to see if there is anything new/different required with newer versions of Collabora (however that doesn’t seem likely as this must be an issue between Collabora and the new docker).

Any help will be immensely welcome.

It turns out https://www.cloudflare.com/ips-v4 is badly out of date, and my nginx didn’t know where requests were coming from (I have automated the Cloudflare IP updates, otherwise Collabora + Nextcloud just don’t work together if requests are coming from a random IP address).