Nextcloud connects fine to CODE docker container but can't open any documents

I am having an issue getting my collabora code server running properly.

In a nutshell : CODE installed with docker and Nextcloud connects fine to it. But when trying to open a docuement, I get this error : Failure to establish a per-socket connection or an unexpected closing of the per-socket connection. The reverse proxy could be misconfigured, please contact the administrator. For more information on how to configure the proxy, please see https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html

Context

The nextcloud server is running with the apache php module and php8.2 on Debian 12. It is under ongoing migration and the data directory hasn’t been completely copied yet because of slow networks.

The code server is installed as a docker container running under the user docker with the group docker.

Here are my configurations :

Nextcloud apache :

<VirtualHost *:443>
  DocumentRoot "/var/www/nextcloud"
  ServerName mynextcloudserver.com

  <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  </IfModule>

  RewriteCond %{HTTP:Authorization} ^(.*)
  RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

  <Directory "/var/www/nextcloud/">
    Options MultiViews FollowSymlinks
    AllowOverride All
    Order allow,deny
    Allow from all
    RewriteEngine on RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  </Directory>

  TransferLog /var/log/apache2/nextcloud_access.log
  ErrorLog /var/log/apache2/nextcloud_error.log

  <IfModule mod_dav.c>
    Dav off
  </IfModule>

  SSLEngine on
  Include /etc/letsencrypt/options-ssl-apache.conf

  SSLCertificateFile /etc/letsencrypt/live/mynextcloudserver.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/mynextcloudserver.com/privkey.pem

</VirtualHost>

Collabora apache :

<IfModule mod_ssl.c>
<VirtualHost *:443>

    ServerName collabora.mynextcloudserver.com

    AllowEncodedSlashes NoDecode

    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off

    ProxyPreserveHost On

    ProxyPass           /browser https://127.0.0.1:9980/browser retry=0
    ProxyPassReverse    /browser https://127.0.0.1:9980/browser

    ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
    ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

    ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
    ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

    ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
    ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

    ProxyPassMatch      "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

    ProxyPass           /lool/adminws wss://127.0.0.1:9980/lool/adminws

    ProxyPass           /cool https://127.0.0.1:9980/cool
    ProxyPassReverse    /cool https://127.0.0.1:9980/cool

    ProxyPass           /lool https://127.0.0.1:9980/lool
    ProxyPassReverse    /lool https://127.0.0.1:9980/lool

SSLCertificateFile /etc/letsencrypt/live/collabora.mynextcloudserver.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/collabora.mynextcloudserver.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Docker compose file for collabora :

version: '3.8'
services:
  collabora:
    dns:
      - 1.1.1.1
    container_name: code
    image: collabora/code
    restart: always
    network_mode: host
#   ports:
#     - 9980:9980
    environment:
      - domain=mynextcloudserver.com
      - server_name=collabora.mynextcloudserver.com
      - dictionaries=fr_FR
      - username=code
      - password=password123
      - extra_params=--o:ssl.enable=true --o:ssl.termination=true
    cap_add:
      - MKNOD

The error

The nextcloud instance connects properly to the collabora server, however, when I try to open a document, I get the following error :

Failure to establish a per-socket connection or an unexpected closing of the per-socket connection. The reverse proxy could be misconfigured, please contact the administrator. For more information on how to configure the proxy, please see Proxy settings — SDK https://sdk.collaboraonline.com/ documentation

Docker log

code  | wsd-00001-00031 2024-02-26 14:49:59.409152 +0000 [ websrv_poll ] WRN  convert-to: Requesting address is denied: IPADDRESS_REDACTED | wsd/COOLWSD.cpp:4185
code  | wsd-00001-00031 2024-02-26 15:01:12.926421 +0000 [ websrv_poll ] ERR  #25: #25 bad request: [GET /cool/https:%2F%2Fmynextcloudserver.com%2F%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F3158364_oca6y7gp13ne%3Faccess_token=kzooMcHfuIxh2RUgIn3LNlLm6I96ztzv&access_token_ttl=0/ws?WOPISrc=https%3A%2F%2Fmynextcloudserver.com%2F%2Findex.php%2Fapps%2Fric...]: Invalid or unknown request.| wsd/COOLWSD.cpp:4443=/ws HTTP/1.1
code  | wsd-00001-00031 2024-02-26 15:01:13.503693 +0000 [ websrv_poll ] ERR  #25: #25 bad request: [GET /cool/https:%2F%2Fmynextcloudserver.com%2F%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F3158364_oca6y7gp13ne%3Faccess_token=kzooMcHfuIxh2RUgIn3LNlLm6I96ztzv&access_token_ttl=0&permission=edit/ws?WOPISrc=https%3A%2F%2Fmynextcloudserver.com%2F%2Findex....]: Invalid or unknown request.| wsd/COOLWSD.cpp:44436y7gp13ne&compat=/ws HTTP/1.1

What I already tried

  • using a multitude of combinaisons of --o:ssl.enable=true/false --o:ssl.termination=true/false while changing the options in the apache config file accordingly
  • using port mapping / host mode for the docker vm
  • running the vm as root instead of unprivileged user
  • disabling all firewall rules

Hypothesis

Because the instance is under a migration and we are not able to fully copy the original data directory as of now, there might be an issue with the appdata folder? However, because the user testing this has been created after the migration, I think his files in the appdata directory should be fine right?

Any help would be greatly appreciated ! :slight_smile:

I am in the process of migrating a Nextcloud server with a Collabora server. I migrated the Nextcloud and the Nextcloud Office (richdocuments) app is able to connecte to the Collabora server in docker.

However, no documents can be opened.

In the Collabora docker container, I have the following error (multiple times, for multiple files) :

code  | wsd-00001-00031 2024-02-27 12:21:28.566096 +0000 [ websrv_poll ] ERR  FileServerRequestHandler: File not found: Invalid URI request: [/browser/619c3e6/images/savemodified_large.svg].| wsd/FileServer.cpp:748

The way I see it is that the Nextcloud office app is using the wrong path to access the static files of Collabora. But how can I solve this issue? Where can I tell nextcloud to use another path in the collabora server. Or, how can I tell the Collabora server to use another path?

Hi @nicolas_thg. Welcome to the forums + thanks for the question and all the info.


Since your first topic had more info, I:

  • Merged both “duplicate” topics together.

(And sorry about that, your very first post was stuck in the mod queue. It’s all approved now.)


Hmmm…

Q1. Did you check out the helpful “checklist” on the Nextcloud forums?

And:

Q2. What version of Nextcloud + richdocuments are you running?

So you have:

  • Debian 12
  • PHP 8.2
  • Nextcloud ??.??
  • richdocuments ??.??
  • Collabora ??.??
1 Like

I did what is on the “Collabora Integration Guide”. Both Nextcloud (lamp) and Collabora (docker) are served via apache with letsencrypt properly configured. My documentserver dashboard indicates that there is a good connecion to the collabora server.

I’m running Nextcloud version 28.0.2.5 and collabora version 23.05.9.1.
For the richdocuments app, it’s the 8.3.1.

The issue that actually comes up the most (on another test server as well as previously on the migration server) and seems to me to be the final obstacle is this one :

code  | wsd-00001-00032 2024-02-29 15:52:51.186120 +0100 [ websrv_poll ] WRN  convert-to: Requesting address is denied: 45.45.45.45| wsd/COOLWSD.cpp:4186
code  | wsd-00001-00032 2024-02-29 15:52:51.224700 +0100 [ websrv_poll ] ERR  Poco::Net::DNS::resolve("45.45.45.45") failed: Host not found: 45.45.45.45| wsd/COOLWSD.cpp:4180

Here is the full log :

code  | Ready to accept connections on port 9980.                                                                                                                                           code  |                                                                                                                                                                                     code  | wsd-00001-00001 2024-02-29 15:51:40.540130 +0100 [ coolwsd ] TRC  Have 1 new children.| wsd/COOLWSD.cpp:6136                                                                        code  | wsd-00001-00001 2024-02-29 15:51:40.540164 +0100 [ coolwsd ] INF  WSD initialization complete: setting log-level to [warning] as configured.| wsd/COOLWSD.cpp:6151                  code  | wsd-00001-00001 2024-02-29 15:51:40.540732 +0100 [ coolwsd ] WRN  Waking up dead poll thread [main], started: false, finished: false| net/Socket.hpp:716                            code  | wsd-00001-00032 2024-02-29 15:52:13.620387 +0100 [ websrv_poll ] ERR  Poco::Net::DNS::resolve("45.45.45.45") failed: Host not found: 45.45.45.45| wsd/COOLWSD.cpp:4180      code  | wsd-00001-00032 2024-02-29 15:52:13.620415 +0100 [ websrv_poll ] WRN  convert-to: Requesting address is denied: 45.45.45.45| wsd/COOLWSD.cpp:4186                               code  | wsd-00001-00032 2024-02-29 15:52:38.106770 +0100 [ websrv_poll ] ERR  Poco::Net::DNS::resolve("45.45.45.45") failed: Host not found: 45.45.45.45| wsd/COOLWSD.cpp:4180      code  | wsd-00001-00032 2024-02-29 15:52:38.106894 +0100 [ websrv_poll ] WRN  convert-to: Requesting address is denied: 45.45.45.45| wsd/COOLWSD.cpp:4186                               code  | wsd-00001-00032 2024-02-29 15:52:38.225464 +0100 [ websrv_poll ] ERR  Poco::Net::DNS::resolve("50") failed: Host not found: 50.50.50.50| wsd/COOLWSD.cpp:4180        code  | wsd-00001-00032 2024-02-29 15:52:38.225572 +0100 [ websrv_poll ] WRN  convert-to: Requesting address is denied: 50.50.50.50| wsd/COOLWSD.cpp:4186                                code  | wsd-00001-00032 2024-02-29 15:52:51.186098 +0100 [ websrv_poll ] ERR  Poco::Net::DNS::resolve("45.45.45.45") failed: Host not found: 45.45.45.45| wsd/COOLWSD.cpp:4180
code  | wsd-00001-00032 2024-02-29 15:52:51.186120 +0100 [ websrv_poll ] WRN  convert-to: Requesting address is denied: 45.45.45.45| wsd/COOLWSD.cpp:4186
code  | wsd-00001-00032 2024-02-29 15:52:51.224700 +0100 [ websrv_poll ] ERR  Poco::Net::DNS::resolve("45.45.45.45") failed: Host not found: 45.45.45.45| wsd/COOLWSD.cpp:4180
code  | wsd-00001-00032 2024-02-29 15:52:51.224804 +0100 [ websrv_poll ] WRN  convert-to: Requesting address is denied: 45.45.45.45| wsd/COOLWSD.cpp:4186
code  | wsd-00001-00032 2024-02-29 15:52:51.246493 +0100 [ websrv_poll ] ERR  Poco::Net::DNS::resolve("45.45.45.45") failed: Host not found: 45.45.45.45| wsd/COOLWSD.cpp:4180
code  | wsd-00001-00032 2024-02-29 15:52:51.246578 +0100 [ websrv_poll ] WRN  convert-to: Requesting address is denied: 45.45.45.45| wsd/COOLWSD.cpp:4186
code  | wsd-00001-00032 2024-02-29 15:52:53.118173 +0100 [ websrv_poll ] ERR  Poco::Net::DNS::resolve("50.50.50.50") failed: Host not found: 50.50.50.50| wsd/COOLWSD.cpp:4180
code  | wsd-00001-00032 2024-02-29 15:52:53.118286 +0100 [ websrv_poll ] WRN  convert-to: Requesting address is denied: 50.50.50.50| wsd/COOLWSD.cpp:4186
code  | wsd-00001-00032 2024-02-29 15:53:02.934089 +0100 [ websrv_poll ] ERR  #25: #25 bad request: [GET /cool/https:%2F%2Fnctest.mynextcloudserver.net%2F%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F302_oco2ovvbxilv%3Faccess_token=krWYJsqSs7XssSmo4R7yiKEIwHDijTbF&access_token_ttl=0/ws?WOPISrc=https%3A%2F%2Fnctest.mynextcloudserver.net%2F%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%...]: Invalid or unknown request.| wsd/COOLWSD.cpp:4444
code  | wsd-00001-00032 2024-02-29 15:53:06.498659 +0100 [ websrv_poll ] ERR  #57: Error while handling poll at 0 in websrv_poll: #57 (read): unknown. BIO error: 167772454, rc: 0: error:0A000126:SSL routines::unexpected eof while reading:
code  | C0F6B0F62B7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:307:
code  | | net/Socket.cpp:470
code  | wsd-00001-00032 2024-02-29 15:53:07.361138 +0100 [ websrv_poll ] ERR  FileServerRequestHandler: File not found: Invalid URI request: [/browser/9831402/images/lc_cellvertbottom.svg].| wsd/FileServer.cpp:748
code  | wsd-00001-00032 2024-02-29 15:53:07.361364 +0100 [ websrv_poll ] ERR  FileServerRequestHandler: File not found: Invalid URI request: [/browser/9831402/images/lc_cellvertcenter.svg].| wsd/FileServer.cpp:748

In this log where some info has been replaced, 45.45.45.45 is the ip of the virtual machine with Nextcloud (lamp installation) and docker with the collabora container. 50.50.50.50 is my personal ip address.

So it looks like the container is unable to reach the nextcloud server and I suspect there is an issue in my reverse proxy configuration (althoug I followed the documentation).

Perhaps I should make sure that the hostname is being kept properly between the proxy and the docker container. But I thouht ProxyPreserveHost On took care of that already…

1 Like

Using nginx instead of apache solved the issue.

If anyone can reproduce the issue and provide some feedback or some indications on how to fix it in apache, it would be more than welcome.

I’m not sure I would mark this thread as solved yet until someone can give us some tips on fixing / consolidating the apache proxy configuration.

1 Like

Nice! Thanks for testing+finding a solution. :slight_smile:

Yep, agree. If we can narrow it down to the exact apache problem, then perhaps the documentation can be updated. (Maybe a recent update changed things?)