Docker Compose Nextcloud / Traefik / Collabora. WOPI Unauthorized, but Allow list empty

Installation & Configuration
1

Hi,

I have been running a docker compose version of Collabore CODE for a long time. I used to have my Nextcloud instance in a TrueNAS Core jail, and everything worked fine.

Now, as I am moving my whole Nextcloud installation to the same docker host (still using Compose), I´ve created a new stack (using Portainer) that has everything, both Nextcloud (tag latest), Collabora (tag latest) and Traefik for a reverse proxy. Everything starts properly, certificates (one for Nextcloud, one for Collabora) get issued, the Collabora admin panel works fine, and no problems in Nextcloud.

Then, I installed the Nextcloud Office app, and connected it to my Collabora, using the FQDN the Collabora cert is issued to, with SSL. It connects, turns green, and everything seems fine.

But when I try to open a document in my browser, I get “WOPI Host Unauthorized error”. I have no WOPI allow list configured. That box in Nextcloud (Settings, Office) is empty. Shouldn´t it accept a connection from anywhere then?

I also discovered that I cannot curl Nextcloud from my Collabora container on port 443, only port 80 works. Nextcloud container → Collabora container works fine though. In docker compose, they are on the same network.

How can I make this work? What haven´t I thought of? Happy to give more specifics and details, but as I don´t know where to start, I can´t really tell what´s relevant. If anyone could point me in the right direction, that would make me happy :slight_smile:

2

hii @dnilgreb welcome to collabora forums.

Interesting scenario !

Can you please try to restart the docker container and then check if CODE server is a reachable by NC or not ?

  • To confirm this you need check that green mark in admin settings of NC

If still not working, Can you provide your XML configuration details of CODE and NC instance ?

Also, if you can provide me logs so i can analyze it

There is a thread in NC forum that also be helpful in your case. Unauthorized WOPI host - #5 by randmin - 📄 Collabora - Nextcloud community

Thanks,
Darshan

3

I have tried restarting the Nextcloud, Collabora and Traefik containers multiple times. I´ve even rebooted the docker host.
From the nextcloud container curl to the Collabora container works, both protocols (http, https)
From the Collabora container, curl works to the nextcloud container, but only on http.
https gets error “curl: (7) Failed to connect to cloud.example.com port 443 after 1 ms: Couldn’t connect to server”. I don´t understand why.
Both containers are in the same Docker network. I tried putting Collabora in its own network, but that didn´t help.

I do get the green mark in Nexcloud admin settings for Office in NC.

It´s still not working. What XML config should I post, and where would I find it?

Absolutley. What logs should I post, and where would I find them?

I have seen this before.
I am using docker images, and this seems to be primarily about problems when not using docker. I´ll take another look.

4

Holy smokes, I think I solved it.

I found this page:
https://github.com/nextcloud/server/issues/45184

On there I found this post by someone called jiriks74:

The setup I used as a base had a hostname defined and that’s why it resolved to the container and not the proxy.

I too had a hostname defined for my Nextcloud container. Once I commented that out, it worked. I can now open documents in Collabora.

Next question, of course, is how to configure the WOPI host list. Any pointers as to what should be included and what shouldn´t be?

5

@dnilgreb awesome :tada:

This might help for allowed wopi host list>
https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html?highlight=wopi%20allow

6

Great. Now I have it. Thanks for the help!

7

Your most welcome! Thanks for the report and for the solution :slight_smile: