Nextcloud integration fails after routine Collabora upgrade

cnic023 · April 27, 2024, 8:21pm

I have a nextcloud server in one box and a collabora and reverse proxy server in another. After a routine upgrade (apt upgrade) I can no longer edit rich text (docx etc). I have been running on this model successfully for several years.

“Failed to load Nextcloud Office - please try again later”

Initially I assumed the upgrade had altered my coolswsd.xml file but on checking it did not.

My setup is as follows:

Nextcloud-Version: Nextcloud Hub 4 (26.0.13)
Nextcloud Office: 8.0.10
Allow list for WOPI requests: “125.xxx.xxx.xx,192.168.0.xxx,127.0.0.1” (Static IP, IP of nextcloud server, localhost)
Does https://collabora-domain/hosting/discovery 21 show an xml File? answer=yes
Collabora error log (apache2):
"[Sat Apr 27 10:52:53.532736 2024] [proxy_http:error] [pid 4087283] (70014)End of file found: [client 192.168.0.1:51049] AH01102: error reading status line from remote server 127.0.0.1:9980"

Anonymized content of collabora-webinstance:

<VirtualHost>	
$$$$$$$$$$$$$$$
	SSLProxyEngine On
    
    # Keep the host
    ProxyPreserveHost On

    # Cert is issued for $$$$$ and then we proxy to localhost
    SSLProxyVerify none
    #SSLProxyCACertificatePath /etc/ssl
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    Protocols h2 http/1.1

    # static html, js, images, etc. served from coolwsd
    # loleaflet/browser is the client part of Collabora Online
    #ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
    #ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
    ProxyPass /browser https://127.0.0.1:9980/browser retry=0
    ProxyPassReverse /browser https://127.0.0.1:9980/browser 

    # WOPI discovery URL
    ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
    ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery

    # Capabilities
    ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
    ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

    # Main websocket
    ProxyPassMatch "/cool/(.*)/ws$" wss://127.0.0.1:9980/cool/$1/ws nocanon

    # Admin Console websocket
    ProxyPass /cool/adminws wss://127.0.0.1:9980/cool/adminws

    # Download as, Fullscreen presentation and Image upload operations
    ProxyPass /cool https://127.0.0.1:9980/cool
    ProxyPassReverse /cool https://127.0.0.1:9980/cool   
    
</VirtualHost>

Which SSL-Certs are being used self signed or from a recognized authority)? answer= both, CA to proxy server and Self-Signed to Collabora server on 9980 (all in same box). All certificates have been checked for expiry.
Result of “uname -a” = Linux xxx.xxx.nz 5.15.0-105-generic #115-Ubuntu SMP Mon Apr 15 09:52:04 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Date of the download of the collabora update (when things went wrong) = 25/4/24

From coolwsd.xml:

    <termination default="true" desc="Connection via proxy where coolwsd acts as 
    working via https, but actually uses http." type="bool">false</termination>
                <cert_file_path desc="Path to the cert file" 
    relative="false">/etc/coolwsd/cert.pem</cert_file_path>
                <key_file_path desc="Path to the key file" 
    relative="false">/etc/coolwsd/key.pem</key_file_path>
                <ca_file_path desc="Path to the ca file" relative="false">/etc/coolwsd/ca- 
   chain.cert.pem</ca_file_path>

Tex · May 2, 2024, 3:02am

Hey @cnic023. Welcome to the forum and thanks for the info.

(I’m moving this thread to the “Installation & Configuration” section for more visibility.)

Hmmm… I see you have:

Nextcloud 26.0.13
NextcloudOffice 8.0.10

Nextcloud 26 is currently listed as “Unsupported”.

Q1. Any chance you could update to Nextcloud 27+?

I see you also mentioned it broke on:

2024/04/25

Soo… According to these richdocuments release dates/notes, that may have landed you somewhere between:

Nextcloud Office 8.0.9 / 8.0.8

Q2. Do you happen to remember:

Which working version you had previously?

Q3. Also, would be helpful knowing:

Which OS you are running?
What Collabora Office version is installed?

Edit: While searching for your:

"error reading status line from remote server" Collabora

I also ran across a few other older topics with Apache + reverse proxy issues… perhaps something there might help too:

Collabora 22.05.12 with Nextcloud 25 and 24 at standalone Ubuntu server can't open any document - #2 by Tex

Hmmm… but since it was working fine, and broke within the past week… hmmm…

cnic023 · May 3, 2024, 1:55am

First, thanks for your attention to this problem. Much appreciated.
I upgraded to nextcloud 27.1.9 on about 30 April, also upgraded to php2.2 - same problem.
The nextcloud people said it was strange to proxy with https but I have been doing this for years too using self-signed certificates (see my config file). I will double check these but they don’t seem to have expired. I have a reverse proxy server (apache2) and the CODE server on the same box. This proxies to a nextcloud server on another box. The CODE server has its own domain certificate from Letsencrypt.
No, sorry I don’t know the previous upgrade of Nextclous but I was on 25.0.5.1 in August. 2023.As for nextcloud office I don’t know that either.
I am running ubuntu server 22.04, apache2 2.4.59.
Running dpkg -l |grep coolwsd gives:
ii coolwsd 24.04.1.4-1 amd64 Collabora Online WebSocket Daemon
Not sure if this is what you want.

cnic023 · May 5, 2024, 9:32pm

The following may be useful. I have this nextcloud log entry:
WOPI request denied from 192.168.0.xxx as it does not match the configured ranges: 125.236.230.32, 192.168.0.112, 127.0.0.1
Note: 192.168.0.xxx is the proxy server in the same box as the CODE server.
Perhaps I must configure this in coolwsd.xml (but I have never done so before):
host desc=“hostname to allow or deny.” allow=“true”>scheme://hostname:port
alias desc=“regex pattern of aliasname”>scheme://aliasname1:port
alias desc=“regex pattern of aliasname”>scheme://aliasname2:port

cnic023 · May 9, 2024, 1:34am

I am now running:
Nextcloud Hub 7 (28.0.5)
PHP8.3
Nextcloud Office 8.3.6

Still same problem.

cnic023 · May 9, 2024, 1:57am

I seem to have solved this problem by adding the ip address of my ISP provided router, its internal LAN address that is. I added this to the Nextcloud Office WOPI request whitelist within the admin settings in the Nextcloud GUI.
Rich documents are now available.
I had never had this entry there before. But there were no log complaints and everything worked fine. I would love to know what the change was but it is not a ‘bug’ now, if it ever was.

Tex · May 9, 2024, 3:15am

@cnic023 Absolutely fantastic hearing that you finally solved it.

Maybe the upgrades from Nextcloud 26->28 + Nextcloud Office 8.0->8.3 corrected many hidden issues too. (Usually lots of bugs are fixed in each version as well.)

Whenever anything goes very strange, usually one of the first steps I do is… to test the latest. Sometimes, the issue was already reported/squished (or made better) months ago.

Topic		Replies	Views
After update reverse proxy not working (AH01084 pass request body failed) Installation & Configuration	1	1707	September 26, 2022
Collabora 22.05.12 with Nextcloud 25 and 24 at standalone Ubuntu server can't open any document Installation & Configuration	1	822	May 2, 2024
Help debugging collabora + nextcloud on the same machine on Ubuntu 22.04 Installation & Configuration	2	1241	August 11, 2022
Failed to load Nextcloud office User Support	5	4627	April 2, 2023
Installation configs for Collabora with Nextcloud without Reverse Proxy Installation & Configuration	6	235	November 12, 2024

Nextcloud integration fails after routine Collabora upgrade

Anonymized content of collabora-webinstance:

From coolwsd.xml:

Related topics