Collabora Docker + Nextcloud Docker + NGINX Proxy Manager

Hello,

I’m surely missing something obvious, hopefully someone can point it out! I have the green checkmark in Nextcloud’s Collabora settings - but get “document loading failed” when trying to create or open any document. This is on a VPS running Ubuntu 20.04. Nextcloud and Collabora are behind NGINX Proxy Manager, all are on the same machine/VPS and Docker network.

Configurations:

Nextcloud:

version: '2'

services:
  db:
    image: mariadb:10.5
    container_name: nextcloud-db
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - ./db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password
      - MYSQL_PASSWORD_FILE=/run/secrets/mysql_user_password
      - MYSQL_DATABASE_FILE=/run/secrets/mysql_db
      - MYSQL_USER_FILE=/run/secrets/mysql_user
    secrets:
      - mysql_root_password
      - mysql_user_password
      - mysql_db
      - mysql_user
  app:
    image: nextcloud
    container_name: nextcloud
    restart: always
    hostname: cloud.example.com
    links:
      - db
    volumes:
      - ./data:/var/www/html
    environment:
      - MYSQL_PASSWORD_FILE=/run/secrets/mysql_user_password
      - MYSQL_DATABASE_FILE=/run/secrets/mysql_db
      - MYSQL_USER_FILE=/run/secrets/mysql_user
      - MYSQL_HOST=db
      - REDIS_HOST=redis
      - NEXTCLOUD_TRUSTED_DOMAINS=cloud.example.com
      - OVERWRITEPROTOCOL=https
    secrets:
      - mysql_user_password
      - mysql_db
      - mysql_user

  redis:
    image: redis
    container_name: nextcloud-redis
    restart: always

secrets:
  mysql_root_password:
    file: /etc/docker/secrets/mysql_root_password
  mysql_user_password:
    file: /etc/docker/secrets/mysql_user_password
  mysql_db:
    file: /etc/docker/secrets/mysql_db
  mysql_user:
    file: /etc/docker/secrets/mysql_user

networks:
  default:
    external:
      name: npm-network

Collabora:

version: '3.7'
services:
  collabora:
    image: collabora/code
    container_name: collabora
    restart: always
    cap_add:
      - MKNOD
    environment:
      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
      - "domain=cloud.example.com"
      - "username=admin"
      - "password=12345"

networks:
  default:
    external:
      name: npm-network

Here is the complete Collabora log, from a fresh launch until the error is produced in Nextcloud.

Here is a snippet from the log:

Ready to accept connections on port 9980.

wsd-00001-00042 2022-03-04 18:57:29.915841 +0000 [ docbroker_001 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| ./net/Socket.hpp:722
wsd-00001-00042 2022-03-04 18:57:29.915983 +0000 [ docbroker_001 ] ERR  #29: Socket read returned -1 (EPIPE: Broken pipe)| ./net/Socket.hpp:1126
wsd-00001-00042 2022-03-04 18:57:29.916066 +0000 [ docbroker_001 ] ERR  #29: Socket write returned -1 (EPIPE: Broken pipe)| ./net/Socket.hpp:1389
wsd-00001-00042 2022-03-04 18:57:29.916111 +0000 [ docbroker_001 ] ERR  #29: Socket write returned -1 (EPIPE: Broken pipe)| ./net/Socket.hpp:1389
wsd-00001-00042 2022-03-04 18:57:29.916196 +0000 [ docbroker_001 ] ERR  WOPI::CheckFileInfo failed for URI [https://cloud.example.com/index.php/apps/richdocuments/wopi/files/32_oc7g6uezt6np?access_token=gYxnz0DRDhEPO6pb3QPe6vk99JqsbnZg&access_token_ttl=0]: 0 . Headers: 	Body: []| wsd/Storage.cpp:692
wsd-00001-00042 2022-03-04 18:57:29.916295 +0000 [ docbroker_001 ] ERR  loading document exception: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2091
wsd-00001-00042 2022-03-04 18:57:29.916326 +0000 [ docbroker_001 ] ERR  Failed to add session to [/index.php/apps/richdocuments/wopi/files/32_oc7g6uezt6np] with URI [https://cloud.example.com/index.php/apps/richdocuments/wopi/files/32_oc7g6uezt6np?access_token=gYxnz0DRDhEPO6pb3QPe6vk99JqsbnZg&access_token_ttl=0]: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2053
wsd-00001-00042 2022-03-04 18:57:29.916361 +0000 [ docbroker_001 ] ERR  Storage error while starting session on /index.php/apps/richdocuments/wopi/files/32_oc7g6uezt6np for socket #24. Terminating connection. Error: WOPI::CheckFileInfo failed: | wsd/COOLWSD.cpp:3716
wsd-00001-00042 2022-03-04 18:57:29.916621 +0000 [ docbroker_001 ] WRN  Ignoring attempted read from 24| ./net/Socket.hpp:1100
wsd-00001-00042 2022-03-04 18:57:29.916944 +0000 [ docbroker_001 ] ERR  Invalid or unknown session [008] to remove.| wsd/DocumentBroker.cpp:2136
wsd-00001-00040 2022-03-04 18:57:31.815048 +0000 [ websrv_poll ] WRN  DocBroker with docKey [/index.php/apps/richdocuments/wopi/files/32_oc7g6uezt6np] that is marked to be destroyed. Rejecting client request.| wsd/COOLWSD.cpp:2297
wsd-00001-00040 2022-03-04 18:57:31.815411 +0000 [ websrv_poll ] ERR  Error while handling Client WS Request: Failed to create DocBroker with docKey [/index.php/apps/richdocuments/wopi/files/32_oc7g6uezt6np].| wsd/COOLWSD.cpp:3746

These bits stand out to me:

ERR #29: Socket read returned -1 (EPIPE: Broken pipe)

and:

ERR WOPI::CheckFileInfo failed for URI

and:

ERR Storage error while starting session

and:

ERR Error while handling Client WS Request: Failed to create DocBroker with docKey

I have a working instance of Nextcloud+Collabora on another machine (except it’s the Snap version of Nextcloud and they’re behind Traefik instead of NGINX Proxy Manager there), and on that one, I don’t see those errors. When I point this instance of Nextcloud to the other server’s Collabora, that works.

I’ve been frustrated for a number of hours trying to figure out what I’m missing on this one, or how exactly to debug this. Any advice would be greatly appreciated! Thanks in advance.

The important part is the following error:
ERR WOPI::CheckFileInfo failed for URI [https://cloud.example.com/index.php/apps/richdocuments/wopi/files/32_oc7g6uezt6np?access_token=gYxnz0DRDhEPO6pb3QPe6vk99JqsbnZg&access_token_ttl=0]: 0 . Headers: Body: []| wsd/Storage.cpp:692

This means CODE hasn’t been able to contact the NC server. You could troubleshoot the problem by trying to curl the same URL from your CODE container. My guess is that something might be wrong with the reverse proxy config.

Thank you so much! Your tip helped me dig in the right direction.

When doing curl from Collabora to https://cloud.example.com: connection refused. curl to http://cloud.example.com: successful. I noticed that the Nextcloud log shows the curl request comes from the internal Docker network IP address of the Collabora container.

I enabled host network mode for the Collabora container, and in that circumstance it can curl the https URL - but then Nextcloud cannot reach Collabora.

I put Collabora back on the Docker network, but this time on a different subnet than the Nextcloud container - Collabora container can then curl the https URL, but Nextcloud again can’t reach Collabora.

I modified the NGINX Proxy Manager configuration to be part of both subnets - and now it works!! I really don’t know if this is a correct sort of configuration though.

For anyone that finds this thread and is stuck getting Collabora Docker + Nextcloud Docker + NGINX Proxy Manager (also Docker) working on the same machine, here are the updated configurations that worked for me.

NGINX Proxy Manager docker-compose:

version: '3'
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    container_name: nginx-proxy-manager
    restart: always
    ports:
      - '80:80'
      - '81:81'
      - '443:443'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    networks:
      - collabora-network
      - npm-network

networks:
  collabora-network:
    name: collabora-network
    ipam:
      config:
        - subnet: 172.26.0.0/16
  npm-network:
    name: npm-network
    ipam:
      config:
        - subnet: 172.25.0.0/16

Collabora docker-compose:

version: '3.7'
services:
  collabora:
    image: collabora/code
    container_name: collabora
    restart: always
    cap_add:
      - MKNOD
    environment:
      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
      - "domain=cloud.example.com"
      - "username=admin"
      - "password=12345"

networks:
  default:
    external:
      name: collabora-network

Nextcloud docker remains as above, on npm-network. I’m not sure why exactly it works this way, but not when they’re all on the same subnet. When I check the Nextcloud log now, I still see the local docker IP from the collabora container when doing curl to the nextcloud https URL.

Anyway, I hope this thread can help anyone, and if anyone has other insight, please share! Thanks.