Failed to load Nextcloud office

Im using nextcloud and collabora behind an nginx proxy in a single docker network. I keep getting errors and cant connect collabora to nextcloud.

nginx.conf

server {
    listen 443 ssl http2;
    server_name office.${GLOBAL_DOMAIN};

    ssl_certificate /etc/letsencrypt/live/office.${GLOBAL_DOMAIN}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/office.${GLOBAL_DOMAIN}/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    add_header Strict-Transport-Security "max-age=63072000" always;
    ssl_stapling on;
    ssl_stapling_verify on;

    

    # main websocket
    location ~ ^/cool/(.*)/ws$ {
        proxy_pass http://collabora:9980;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_read_timeout 36000s;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    # # Admin Console websocket
    location ^~ /cool/adminws {
        proxy_pass http://collabora:9980;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
        proxy_buffering off;
        proxy_read_timeout 36000s;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
        proxy_pass http://collabora:9980;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

docker-compose.yml

version: '3.7'

services:
    collabora:
        container_name: collabora
        image: collabora/code
        env_file:
            - /docker-nas/docker-templates/collabora/.env
        environment:
            - TZ=America/New_York
            - 'extra_params=--o:ssl.enable=false --o:net.proto=IPv4 --o:ssl.termination=true --o:net.post_allow.host[0]=172\.[0-9\.]+ --o:storage.wopi.host[0]=172\.[0-9\.]+'
            - DONT_GEN_SSL_CERT=true
            - server_name=office.${GLOBAL_DOMAIN}
            - aliasgroup1=https://cloud\.example\.com:443
            - username=${GLOBAL_COLLABORA_USERNAME}
            - password=${GLOBAL_COLLABORA_PASSWORD}
        cap_add:
            - MKNOD
        networks:
            - backend
        restart: unless-stopped
        privileged: true

errors

frk-00025-00025 2022-08-21 12:37:23.297835 -0400 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:400
wsd-00001-00033 2022-08-21 12:37:23.300058 -0400 [ docbroker_001 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:727
wsd-00001-00033 2022-08-21 12:37:23.300117 -0400 [ docbroker_001 ] ERR  #35: Read failed, have 0 buffered bytes (EPIPE: Broken pipe)| net/Socket.hpp:1133
wsd-00001-00033 2022-08-21 12:37:23.300195 -0400 [ docbroker_001 ] ERR  #35: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00033 2022-08-21 12:37:23.300226 -0400 [ docbroker_001 ] ERR  #35: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00033 2022-08-21 12:37:23.300331 -0400 [ docbroker_001 ] ERR  loading document exception: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2243
wsd-00001-00033 2022-08-21 12:37:23.300363 -0400 [ docbroker_001 ] ERR  Failed to add session to [https://cloud.example.com:443/index.php/apps/richdocuments/wopi/files/936707_oczddki0ydli] with URI [https://cloud.example.com/index.php/apps/richdocuments/wopi/files/936707_oczddki0ydli?access_token=tokenhere&access_token_ttl=0]: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2205
wsd-00001-00033 2022-08-21 12:37:23.300384 -0400 [ docbroker_001 ] ERR  Storage error while starting session on https://cloud.example.com:443/index.php/apps/richdocuments/wopi/files/936707_oczddki0ydli for socket #30. Terminating connection. Error: WOPI::CheckFileInfo failed: | wsd/COOLWSD.cpp:4607
wsd-00001-00033 2022-08-21 12:37:23.300540 -0400 [ docbroker_001 ] ERR  Invalid or unknown session [013] to remove.| wsd/DocumentBroker.cpp:2288
wsd-00001-00029 2022-08-21 12:37:23.656351 -0400 [ websrv_poll ] WRN  DocBroker with docKey [https://cloud.example.com:443/index.php/apps/richdocuments/wopi/files/936707_oczddki0ydli] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:3157
wsd-00001-00029 2022-08-21 12:37:23.656443 -0400 [ websrv_poll ] ERR  Error while handling Client WS Request: Failed to create DocBroker with docKey [https://cloud.example.com:443/index.php/apps/richdocuments/wopi/files/936707_oczddki0ydli].| wsd/COOLWSD.cpp:4637
wsd-00001-00029 2022-08-21 12:37:23.656457 -0400 [ websrv_poll ] ERR  #34: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00029 2022-08-21 12:37:23.656472 -0400 [ websrv_poll ] ERR  #34: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00029 2022-08-21 12:37:23.656478 -0400 [ websrv_poll ] WRN  #34 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:826
wsd-00001-00029 2022-08-21 12:37:23.656491 -0400 [ websrv_poll ] ERR  #34: Attempted to remove: 919 which is > size: 0 clamped to 0| net/Socket.hpp:1234
wsd-00001-00029 2022-08-21 12:37:23.656510 -0400 [ websrv_poll ] ERR  #34: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00029 2022-08-21 12:37:24.120175 -0400 [ websrv_poll ] WRN  DocBroker with docKey [https://cloud.example.com:443/index.php/apps/richdocuments/wopi/files/936707_oczddki0ydli] is unloading. Rejecting client request to load.| wsd/COOLWSD.cpp:3157
wsd-00001-00029 2022-08-21 12:37:24.120273 -0400 [ websrv_poll ] ERR  Error while handling Client WS Request: Failed to create DocBroker with docKey [https://cloud.example.com:443/index.php/apps/richdocuments/wopi/files/936707_oczddki0ydli].| wsd/COOLWSD.cpp:4637
wsd-00001-00029 2022-08-21 12:37:24.120287 -0400 [ websrv_poll ] ERR  #34: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00029 2022-08-21 12:37:24.120300 -0400 [ websrv_poll ] ERR  #34: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00029 2022-08-21 12:37:24.120307 -0400 [ websrv_poll ] WRN  #34 is shutting down but 64 bytes couldn't be flushed and still remain in the output buffer.| net/WebSocketHandler.hpp:826
wsd-00001-00029 2022-08-21 12:37:24.120321 -0400 [ websrv_poll ] ERR  #34: Attempted to remove: 919 which is > size: 0 clamped to 0| net/Socket.hpp:1234
wsd-00001-00029 2022-08-21 12:37:24.120338 -0400 [ websrv_poll ] ERR  #34: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
Forced Exit with code: 70
wsd-00001-00024 2022-08-21 12:37:25.301189 -0400 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3242
kit-00027-00025 2022-08-21 12:37:25.301206 -0400 [ kit_spare_001 ] FTL  Forced Exit with code: 70| common/Util.cpp:1096
wsd-00001-00024 2022-08-21 12:37:25.301220 -0400 [ prisoner_poll ] WRN  An unassociated Kit disconnected.| wsd/COOLWSD.cpp:3257
wsd-00001-00024 2022-08-21 12:37:25.301238 -0400 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/COOLWSD.cpp:3242
wsd-00001-00024 2022-08-21 12:37:25.301244 -0400 [ prisoner_poll ] WRN  An unassociated Kit disconnected.| wsd/COOLWSD.cpp:3257
wsd-00001-00035 2022-08-21 12:37:26.173548 -0400 [ docbroker_002 ] WRN  Waking up dead poll thread [HttpSynReqPoll], started: false, finished: false| net/Socket.hpp:727
wsd-00001-00035 2022-08-21 12:37:26.173601 -0400 [ docbroker_002 ] ERR  #35: Read failed, have 0 buffered bytes (EPIPE: Broken pipe)| net/Socket.hpp:1133
wsd-00001-00035 2022-08-21 12:37:26.173622 -0400 [ docbroker_002 ] ERR  #35: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00035 2022-08-21 12:37:26.173631 -0400 [ docbroker_002 ] ERR  #35: Socket write returned -1 (EPIPE: Broken pipe)| net/Socket.hpp:1431
wsd-00001-00035 2022-08-21 12:37:26.173712 -0400 [ docbroker_002 ] ERR  loading document exception: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2243
wsd-00001-00035 2022-08-21 12:37:26.173730 -0400 [ docbroker_002 ] ERR  Failed to add session to [https://cloud.example.com:443/index.php/apps/richdocuments/wopi/files/936707_oczddki0ydli] with URI [https://cloud.example.com/index.php/apps/richdocuments/wopi/files/936707_oczddki0ydli?access_token=tokenhere&access_token_ttl=0&permission=edit]: WOPI::CheckFileInfo failed: | wsd/DocumentBroker.cpp:2205
wsd-00001-00035 2022-08-21 12:37:26.173751 -0400 [ docbroker_002 ] ERR  Storage error while starting session on https://cloud.example.com:443/index.php/apps/richdocuments/wopi/files/936707_oczddki0ydli for socket #22. Terminating connection. Error: WOPI::CheckFileInfo failed: | wsd/COOLWSD.cpp:4607
wsd-00001-00035 2022-08-21 12:37:26.173887 -0400 [ docbroker_002 ] ERR  Invalid or unknown session [01d] to remove.| wsd/DocumentBroker.cpp:2288
frk-00025-00025 2022-08-21 12:37:26.271691 -0400 [ forkit ] WRN  The systemplate directory [/opt/cool/systemplate] is read-only, and at least [/opt/cool/systemplate//etc/hosts] is out-of-date. Will have to copy sysTemplate to jails. To restore optimal performance, make sure the files in [/opt/cool/systemplate/etc] are up-to-date.| common/JailUtil.cpp:400

Hitting https://office.exampe.com responds with OK so i can tell its working. Also the admin logs in but I never get any logs from that.

it looks your Collabora can’t reach Nextcloud using the URL above.
Nextcloud provides good troubleshooting guide:

https://docs.nextcloud.com/server/latest/admin_manual/office/troubleshooting.html

This is a good link. Thank you. Going to take a look later tonight. It would be odd that it cant reach nextcloud as i have been using it for years. But it may be some internal container network stuff going on

Ok so i took a look at the doc, Im writting down the commands i used so that it may help others. I already sorta knew it would be collabora trying to reach nextcloud as you mentioned so i skipped checking the other way around.

docker exec -it collabora bash
 curl -v https://cloud.example.com/status.php
*   Trying 172.33.0.10...
* TCP_NODELAY set
* connect to 172.33.0.10 port 443 failed: Connection refused
* Failed to connect to cloud.example.com port 443: Connection refused
* Closing connection 0
curl: (7) Failed to connect to cloud.example.com port 443: Connection refused

This means its trying to connect internally and bypassing the nginx container which handles ssl on 443. Just have to find a way to make it route through nginx in the container.

1 Like

I have figured it out I actually had hostname: cloud.example.com in the nextcloud compose and it was using that internally instead of routing out through nginx. I removed that and it now works.

1 Like