Nextcloud and collabora up, still cant edit documets

Installation & Configuration
1

I have added Collabora to my current Nextcloud instance. It answers with an “Ok” on the domain I have for it (office.mydomain.tld).
I can add the URL to the Office settings in Nextcloud and everything checks out.
I am running Nextcloud v31.0.6 and Collabora v25.04.3.2.
I did add my CIDR to the Office settings.
I must have missed something simple, I have searched and atm it is leaning towards the labels for collabora and Nextcloud. So if anyone has input I will be happy!

When trying to create/edit a document I get an error saying “Unauthorized WOPI host. Please try again later and report to your administrator if the issue persists”

Here’s the docker compose setup wth the Traefik labels.

    nextcloud:
    image: lscr.io/linuxserver/nextcloud:latest
    container_name: nextcloud
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=${TZ}
      - MYSQL_DATABASE=${MYSQL_DB}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PW}
      - MYSQL_HOST=${MYSQL_HOST}
      - MYSQL_PORT=${MYSQL_PORT}
      - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN}
      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PW}
      - REDIS_HOST=${REDIS_HOST}
      - REDIS_PORT=${REDIS_PORT}
      - REDIS_HOST_PASSWORD=${REDIS_PW}
    depends_on:
      - mariadb
      - redis
    volumes:
      - ./appdata/nextcloud:/config
      - /amsvartnir/nextcloudstorage/:/data
    #ports:
    #  - 11100:80
    #  - 12100:443
    labels:
        - "traefik.enable=true"
        - "traefik.http.routers.nextcloud.entrypoints=websecure"
        - "traefik.http.routers.nextcloud.rule=Host(`cloud.${DOMAIN}`)"
        - "traefik.http.routers.nextcloud.tls=true"
        - "traefik.http.routers.nextcloud.tls.certresolver=letencrypt"
        - "traefik.http.routers.nextcloud.middlewares=nextcloud_redirectregex@docker"
        - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.permanent=true"
        - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.regex=https://(.*)/.well-known/(?:card|cal)dav"
        - "traefik.http.middlewares.nextcloud_redirectregex.redirectregex.replacement=https://$${1}/remote.php/dav"
        - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
    networks:
        - frontend
    restart: unless-stopped
    
  collabora:
    image: collabora/code
    container_name: collabora
    restart: unless-stopped
    environment:
      - TZ=${TZ}
      - aliasgroup1=https://cloud.${DOMAIN}
      - dictionaries=en_US,sv_SE
      - username=officeadmin
      - password=JEqSPSH0fTBgyFjCJl8BJDFJ
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
    labels:
        - "traefik.enable=true"
        - "traefik.http.routers.collabora.rule=Host(`office.${DOMAIN}`)"
        - "traefik.http.routers.collabora.entrypoints=websecure"
        - "traefik.http.routers.collabora.tls=true"
        - "traefik.http.routers.collabora.tls.certresolver=letencrypt"
        - "traefik.http.services.collabora.loadbalancer.server.port=9980"
    networks:
        - frontend
2

hii @ratnose welcome to collabora online forum

The error you’re seeing (“Unauthorized WOPI host”) is coming straight out of the Collabora‐CODE host-whitelist. By default CODE will only accept WOPI hand-offs from hostnames you’ve explicitly allowed (as a regular-expression). In your compose you tried to set that with– aliasgroup1=https://cloud.${DOMAIN}but:

  1. CODE doesn’t know “aliasgroup1”
  2. Even if it did, you must not include the https:// in the hostname
  3. CODE expects a single env-var called domain (a regex) not alias*

What you need to do is replace your aliasgroup1 line with a proper domain regex. For example, if your Nextcloud runs on cloud.example.tld, then:• in your collabora service stanza, drop aliasgroup1=… and add instead – domain=cloud.example.tld (that is a regexp matching exactly cloud.example.tld)

Thanks
Darshan