Hello There
I was sent here by our friends over at the nextcloud forum. See my post over there for additional info: Nextcloud & Collabora CODE docker compose almost everything is working - except it isn't - 📄 Collabora - Nextcloud community
I am running Docker on my Debian server and have a docker-compose containing the following services:
- nextcloud → official image running 28.0.2
- collabora/code → official image, latest version
In Addition I have the nginx-proxy-manager in another docker-compose file which is handling all the proxying.
I installed Collabora and was pleasantly surprised how easy and quick everything worked. I can Edit, Share and Create new documents. 
[11:42:48] [~] ❱❱❱ curl https://office.mydomain.tld
OK%
After my initial success, I wanted to visit the admin dashboard at https://office.mydomain.tld/browser/dist/admin/admin.html → a login prompt appears and I can’t log in using my defined credentials. Or any other credentials.
I’ve set the “username” and “password” in the environment variables in my docker-compose file as well as the commonly mentioned ssl extra_params (extra_params appear to be working).
In addition, I then tried to upload custom fonts via the Nextcloud Office Administration Settings and add the custom font json via extra_params as well. This also doesn’t work.
This appears to be working now after I removed the local DNS entry from my pi-hole instance.
Here is my docker-compose config for collabora:
collabora:
image: collabora/code
hostname: nc-collabora
privileged: true
restart: unless-stopped
environment:
- TZ=Europe/Zurich
- dictionaries=de_DE
- VIRTUAL_HOST=office.mydomain.tld
- aliasgroup1=https://cloud.mydomain.tld
- server_name=office.mydomain.tld
- username="${COLLABORA_USERNAME}"
- password="${COLLABORA_PASSWORD}"
- "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:remote_font_config.url=https://cloud.mydomain.tld/apps/richdocuments/settings/fonts.json"
networks:
- proxy
- nextcloud
After some more digging I found that the coolwsd command inside of the docker container doesn’t work as well:
cool@nc-collabora:/$ coolwsd
Failed to initialize COOLWSD: Access to file denied: /usr/bin/jails
wsd-00081-00081 2024-02-27 11:51:11.752447 +0100 [ coolwsd ] INF Initializing wsd. Local time: Tue 2024-02-27 11:51:11 +0100. Log level is [8]| common/Log.cpp:597
wsd-00081-00081 2024-02-27 11:51:11.752463 +0100 [ coolwsd ] INF Setting log-level to [trace] and delaying setting to [warning] until after WSD initialization.| wsd/COOLWSD.cpp:2424
wsd-00081-00081 2024-02-27 11:51:11.752469 +0100 [ coolwsd ] INF Initializing coolwsd server []. Experimental features are enabled.| wsd/COOLWSD.cpp:2435
wsd-00081-00081 2024-02-27 11:51:11.752478 +0100 [ coolwsd ] DBG New SocketPoll [UnitWSD] owned by 0x7f07350da880| net/Socket.cpp:199
wsd-00081-00081 2024-02-27 11:51:11.752526 +0100 [ coolwsd ] INF Anonymization of user-data is configurable.| wsd/COOLWSD.cpp:2504
wsd-00081-00081 2024-02-27 11:51:11.752534 +0100 [ coolwsd ] INF Anonymization of user-data is disabled.| wsd/COOLWSD.cpp:2551
wsd-00081-00081 2024-02-27 11:51:11.752548 +0100 [ coolwsd ] INF SSL support: SSL is enabled.| wsd/COOLWSD.cpp:2601
wsd-00081-00081 2024-02-27 11:51:11.752550 +0100 [ coolwsd ] INF SSL support: termination is disabled.| wsd/COOLWSD.cpp:2602
wsd-00081-00081 2024-02-27 11:51:11.752554 +0100 [ coolwsd ] DBG Setting envar PDFIMPORT_RESOLUTION_DPI=96 per config per_document.pdf_resolution_dpi| wsd/COOLWSD.cpp:2628
wsd-00081-00081 2024-02-27 11:51:11.752571 +0100 [ coolwsd ] INF Creating childroot: /usr/bin/jails/81-b2a527db/| wsd/COOLWSD.cpp:2668
wsd-00081-00081 2024-02-27 11:51:11.752950 +0100 [ coolwsd ] INF Cleaning up childroot directory [/usr/bin/jails/].| common/JailUtil.cpp:200
wsd-00081-00081 2024-02-27 11:51:11.752955 +0100 [ coolwsd ] TRC Directory [/usr/bin/jails/] is not a jail directory or doesn't exist.| common/JailUtil.cpp:205
wsd-00081-00081 2024-02-27 11:51:11.752956 +0100 [ coolwsd ] INF Cleaning up childroot directory [/usr/bin/jails/81-b2a527db/].| common/JailUtil.cpp:200
wsd-00081-00081 2024-02-27 11:51:11.752958 +0100 [ coolwsd ] TRC Directory [/usr/bin/jails/81-b2a527db/] is not a jail directory or doesn't exist.| common/JailUtil.cpp:205
wsd-00081-00081 2024-02-27 11:51:11.752960 +0100 [ coolwsd ] INF Creating jail path (if missing): /usr/bin/jails/81-b2a527db//tmp/incoming| common/JailUtil.cpp:279
wsd-00081-00081 2024-02-27 11:51:11.753028 +0100 [ coolwsd ] FTL Failed to initialize COOLWSD: Access to file denied: /usr/bin/jails| wsd/COOLWSD.hpp:534
Access to file denied: /usr/bin/jails
cool@nc-collabora:/$
Also, the WOPI allow list field in the Administration settings can’t be filled in, although apparently that is a nextcloud bug that is already being worked on ([Bug]: Unable to Enter IP in 'Allow List for WOPI Requests' in Nextcloud Admin Settings · Issue #3377 · nextcloud/richdocuments · GitHub).
Is there a workaround to add IP Addresses to the WOPI allow list without editing the coolwsd.xml?
I’d be happy to provide additional logs or infos if it helps.
Thanks in advance 
I also tried replacing the env variables with the actual values…