Collabora Code & Nextcloud in docker works - but doesn't

Hello There

I was sent here by our friends over at the nextcloud forum. See my post over there for additional info: Nextcloud & Collabora CODE docker compose almost everything is working - except it isn't - 📄 Collabora - Nextcloud community

I am running Docker on my Debian server and have a docker-compose containing the following services:

  • nextcloud → official image running 28.0.2
  • collabora/code → official image, latest version

In Addition I have the nginx-proxy-manager in another docker-compose file which is handling all the proxying.

I installed Collabora and was pleasantly surprised how easy and quick everything worked. I can Edit, Share and Create new documents. :tada:

[11:42:48] [~] ❱❱❱ curl https://office.mydomain.tld
OK%  

After my initial success, I wanted to visit the admin dashboard at https://office.mydomain.tld/browser/dist/admin/admin.html → a login prompt appears and I can’t log in using my defined credentials. Or any other credentials.

I’ve set the “username” and “password” in the environment variables in my docker-compose file as well as the commonly mentioned ssl extra_params (extra_params appear to be working).

In addition, I then tried to upload custom fonts via the Nextcloud Office Administration Settings and add the custom font json via extra_params as well. This also doesn’t work.
This appears to be working now after I removed the local DNS entry from my pi-hole instance.

Here is my docker-compose config for collabora:

  collabora:
    image: collabora/code
    hostname: nc-collabora
    privileged: true
    restart: unless-stopped
    environment:
      - TZ=Europe/Zurich
      - dictionaries=de_DE
      - VIRTUAL_HOST=office.mydomain.tld
      - aliasgroup1=https://cloud.mydomain.tld
      - server_name=office.mydomain.tld
      - username="${COLLABORA_USERNAME}"
      - password="${COLLABORA_PASSWORD}"
      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:remote_font_config.url=https://cloud.mydomain.tld/apps/richdocuments/settings/fonts.json"
    networks:
      - proxy
      - nextcloud

After some more digging I found that the coolwsd command inside of the docker container doesn’t work as well:

cool@nc-collabora:/$ coolwsd
Failed to initialize COOLWSD: Access to file denied: /usr/bin/jails
wsd-00081-00081 2024-02-27 11:51:11.752447 +0100 [ coolwsd ] INF  Initializing wsd. Local time: Tue 2024-02-27 11:51:11 +0100. Log level is [8]| common/Log.cpp:597
wsd-00081-00081 2024-02-27 11:51:11.752463 +0100 [ coolwsd ] INF  Setting log-level to [trace] and delaying setting to [warning] until after WSD initialization.| wsd/COOLWSD.cpp:2424
wsd-00081-00081 2024-02-27 11:51:11.752469 +0100 [ coolwsd ] INF  Initializing coolwsd server []. Experimental features are enabled.| wsd/COOLWSD.cpp:2435
wsd-00081-00081 2024-02-27 11:51:11.752478 +0100 [ coolwsd ] DBG  New SocketPoll [UnitWSD] owned by 0x7f07350da880| net/Socket.cpp:199
wsd-00081-00081 2024-02-27 11:51:11.752526 +0100 [ coolwsd ] INF  Anonymization of user-data is configurable.| wsd/COOLWSD.cpp:2504
wsd-00081-00081 2024-02-27 11:51:11.752534 +0100 [ coolwsd ] INF  Anonymization of user-data is disabled.| wsd/COOLWSD.cpp:2551
wsd-00081-00081 2024-02-27 11:51:11.752548 +0100 [ coolwsd ] INF  SSL support: SSL is enabled.| wsd/COOLWSD.cpp:2601
wsd-00081-00081 2024-02-27 11:51:11.752550 +0100 [ coolwsd ] INF  SSL support: termination is disabled.| wsd/COOLWSD.cpp:2602
wsd-00081-00081 2024-02-27 11:51:11.752554 +0100 [ coolwsd ] DBG  Setting envar PDFIMPORT_RESOLUTION_DPI=96 per config per_document.pdf_resolution_dpi| wsd/COOLWSD.cpp:2628
wsd-00081-00081 2024-02-27 11:51:11.752571 +0100 [ coolwsd ] INF  Creating childroot: /usr/bin/jails/81-b2a527db/| wsd/COOLWSD.cpp:2668
wsd-00081-00081 2024-02-27 11:51:11.752950 +0100 [ coolwsd ] INF  Cleaning up childroot directory [/usr/bin/jails/].| common/JailUtil.cpp:200
wsd-00081-00081 2024-02-27 11:51:11.752955 +0100 [ coolwsd ] TRC  Directory [/usr/bin/jails/] is not a jail directory or doesn't exist.| common/JailUtil.cpp:205
wsd-00081-00081 2024-02-27 11:51:11.752956 +0100 [ coolwsd ] INF  Cleaning up childroot directory [/usr/bin/jails/81-b2a527db/].| common/JailUtil.cpp:200
wsd-00081-00081 2024-02-27 11:51:11.752958 +0100 [ coolwsd ] TRC  Directory [/usr/bin/jails/81-b2a527db/] is not a jail directory or doesn't exist.| common/JailUtil.cpp:205
wsd-00081-00081 2024-02-27 11:51:11.752960 +0100 [ coolwsd ] INF  Creating jail path (if missing): /usr/bin/jails/81-b2a527db//tmp/incoming| common/JailUtil.cpp:279
wsd-00081-00081 2024-02-27 11:51:11.753028 +0100 [ coolwsd ] FTL  Failed to initialize COOLWSD: Access to file denied: /usr/bin/jails| wsd/COOLWSD.hpp:534
Access to file denied: /usr/bin/jails
cool@nc-collabora:/$ 

Also, the WOPI allow list field in the Administration settings can’t be filled in, although apparently that is a nextcloud bug that is already being worked on ([Bug]: Unable to Enter IP in 'Allow List for WOPI Requests' in Nextcloud Admin Settings · Issue #3377 · nextcloud/richdocuments · GitHub).
Is there a workaround to add IP Addresses to the WOPI allow list without editing the coolwsd.xml?

I’d be happy to provide additional logs or infos if it helps.

Thanks in advance :smiling_face:

Hey @scorewinner. Welcome to the forum + thanks for the questions. :slight_smile:

Which exact version is this?

  • And even better, the exact Help > About info.

(Remember, someone can stumble upon this a week from now, and the “latest version” can be different.)

Hmmm, looks like that specific richdocuments #3377 was fixed last week, so hopefully your next update will take care of that specific issue.

I don’t believe so.

I think you’d have to manually edit your lok_allow + <host desc=""></host> lines in your coolwsd.xml.

Hmmm… and what if you try to temporarily set the username/password to something super easy.

Then see if you can login to the admin console fine.

Thanks for the warm welcome :slight_smile:

I’m running Collabora Version: 23.05.9.2. Not sure where Htlp > About is supposed to be, in Nextcloud?

I’ve tried setting it to “admin” and “password” still nothing :confused: I also tried replacing the env variables with the actual values…

1 Like

In Collabora Online itself. (Once you successfully get in there that is.)

But version “23.05.9.2” is good enough for some basic debugging. Thanks. :slight_smile: