Comments (15)
seth586
commented on September 25, 2024
1
FIXED! 2 problems:
-
coolwsd is running with the
--use-env-varsflag, andecho $server_nameinside the docker container reveals the problem, its printing the domain with the backslashes. At some point in history docker compose YAML used to require escaping special characters just like you would when setting environment variables. But that must have changed. My old yaml had the.escaped with\. This would explain why there are many examples of this problem elsewhere. -
Editing the yaml and restarting the container did not result in docker compose reading the new YAML, until the following commands are run in the project directory:
docker stop collabora-code
docker-compose down
docker-compose up -d
A lot of old collabora self hosting guides floating around the internet suggested setting YAML environment variable server_name as office\.mydomain\.com
As a fix I suggest adding an example docker-compose YAML to the official documentation.
from richdocuments.
seth586
commented on September 25, 2024
Can reproduce problem.
Nextcloud 27.1.3
"Nextcloud Office" richdocuments 8.2.2
monitoring access logs on my reverse proxy for collabora, I see the following when I set the correct "URL (and Port) of Collabora Online-server" in nextcloud office settings "https://office.mydomain.com"
192.168.84.73 - - [12/Nov/2023:16:37:38 +0000] "GET /hosting/discovery HTTP/1.1" 200 31787 "-" "Nextcloud Server Crawler"
192.168.84.73 - - [12/Nov/2023:16:37:38 +0000] "GET /hosting/capabilities HTTP/1.1" 200 320 "-" "Nextcloud Server Crawler"
However there are no access logs when trying to edit documents. Browser console shows access errors due to the 'public_wopi_url' being miscoded:
The source list for the Content Security Policy directive 'img-src' contains an invalid source: 'https://office\.mydomain\.com'. It will be ignored.
The source list for the Content Security Policy directive 'frame-src' contains an invalid source: 'https://office\.mydomain\.com'. It will be ignored.
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression 'https://office\.mydomain\.com'
The source list for the Content Security Policy directive 'form-action' contains an invalid source: 'https://office\.mydomain\.com'. It will be ignored.
/ocs/v2.php/apps/text/workspace?path=%2F:1
Failed to load resource: the server responded with a status of 404 ()
The source list for the Content Security Policy directive 'img-src' contains an invalid source: 'https://office\.mydomain\.com'. It will be ignored.
The source list for the Content Security Policy directive 'frame-src' contains an invalid source: 'https://office\.mydomain\.com'. It will be ignored.
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression 'https://office\.mydomain\.com'
The source list for the Content Security Policy directive 'form-action' contains an invalid source: 'https://office\.mydomain\.com'. It will be ignored.
The source list for the Content Security Policy directive 'img-src' contains an invalid source: 'https://office\.mydomain\.com'. It will be ignored.
The source list for the Content Security Policy directive 'frame-src' contains an invalid source: 'https://office\.mydomain\.com'. It will be ignored.
The Content-Security-Policy directive 'frame-ancestors' does not support the source expression 'https://office\.mydomain\.com'
The source list for the Content Security Policy directive 'form-action' contains an invalid source: 'https://office\.mydomain\.com'. It will be ignored.
Refused to send form data to 'https://office/.mydomain/.com/browser/5093121/cool.html?WOPISrc=https%3A%2F%2Fcloud.mydomain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F4695_ockoxgfxl24y&title=%2FNew%20spreadsheet.ods&lang=en&closebutton=1&revisionhistory=1' because it violates the following Content Security Policy directive: "form-action 'self'".
richdocuments-viewer.js?v=a584c3c4-0:2 Refused to frame 'https://office/' because it violates the following Content Security Policy directive: "frame-src 'self' nc:".
Unfortunately activate-config changes the URL back to the miscoded URL:
php occ config:app:get richdocuments public_wopi_url
+ https://office\.mydomain\.com
php occ config:app:set richdocuments public_wopi_url --value https://office.mydomain.com:443
+ Config value public_wopi_url for app richdocuments set to https://office.mydomain.com:443
php occ config:app:get richdocuments public_wopi_url
+ https://office.mydomain.com:443
php occ richdocuments:activate-config
+ Activated any config changes
php occ config:app:get richdocuments public_wopi_url
+ https://office\.mydomain\.com
php occ config:list richdocuments
+{
+ "apps": {
+ "richdocuments": {
+ "enabled": "yes",
+ "installed_version": "8.2.2",
+ "public_wopi_url": "https:\/\/office\\.mydomain\\.com",
+ "types": "prevent_group_restriction",
+ "wopi_allowlist": "",
+ "wopi_url": "https:\/\/office.mydomain.com"
+ }
+ }
+}
nginx reverse proxy following official documentation at https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-with-nginx-webserver
results of curl -v https://office.mydomain.com:443/hosting/discovery:
https://pastebin.com/WtSWna7c
collalora/code is running in a docker container
docker-compose.yml:
version: '3.3'
networks:
net:
driver: bridge
services:
collabora:
image: collabora/code
ports:
- 9980:9980
container_name: collabora-code
cap_add:
- MKNOD
environment:
dictionaries: en_US
domain: cloud.mydomain.com
server_name: office.mydomain.com
username: "admin"
password: "password"
extra_params: --o:ssl.enable=false --o:ssl.termination=true
restart: always
shell command docker top collabora-code:
UID PID PPID C STIME TTY TIME CMD
systemd+ 3655 3632 0 Nov13 ? 00:00:10 /usr/bin/coolwsd --version --use-env-vars --o:sys_template_path=/opt/cool/systemplate --o:child_root_path=/opt/cool/child-roots --o:file_server_root_path=/usr/share/coolwsd --o:logging.color=false --o:stop_on_config_change=true --o:ssl.enable=false --o:ssl.termination=true
systemd+ 3741 3655 0 Nov13 ? 00:00:03 /usr/bin/coolforkit --systemplate=/opt/cool/systemplate --lotemplate=/opt/collaboraoffice --childroot=/opt/cool/child-roots/1-78d1c3d2/ --clientport=9980 --masterport=coolwsd-bt1xMO8z --rlimits=limit_virt_mem_mb:0;limit_stack_mem_kb:8000;limit_file_size_mb:0;limit_num_open_files:0 --version --ui=default
systemd+ 3743 3741 0 Nov13 ? 00:00:01 /usr/bin/coolforkit --systemplate=/opt/cool/systemplate --lotemplate=/opt/collaboraoffice --childroot=/opt/cool/child-roots/1-78d1c3d2/ --clientport=9980 --masterport=coolwsd-bt1xMO8z --rlimits=limit_virt_mem_mb:0;limit_stack_mem_kb:8000;limit_file_size_mb:0;limit_num_open_files:0 --version --ui=default
shell command inside docker container printenv:
extra_params=--o:ssl.enable=false --o:ssl.termination=true
HOSTNAME=c6b4c6f66b04
PWD=/
domain=cloud\.mydomain\.com
HOME=/opt/cool
TERM=xterm
username=admin
SHLVL=1
LC_CTYPE=C.UTF-8
password=password
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
server_name=office\.mydomain\.com
_=/usr/bin/printenv
coolwsd is running with the --use-env-vars flag. Isn't docker compose supposed to set the environment variables? Why is it adding the backslashes to server_name?
from richdocuments.
juliushaertl
commented on September 25, 2024
Thanks for the detailed steps. While I can reproduce the behaviour that activate-config switches the behaviour it would actually take the value from the /hosting/capabilities endpoint of the Collabora server configured in wopi_url.
occ config:list richdocuments
+ ...
+ "wopi_url": "http:\/\/collabora.local",
+ "public_wopi_url": "https:\/\/collabora.local"
+ ...
occ config:app:set richdocuments public_wopi_url --value https://office.mydomain.com:443
+ Config value public_wopi_url for app richdocuments set to +
occ richdocuments:activate-config
+ Activated any config changes
occ config:list richdocuments
+ ...
+ "public_wopi_url": "https:\/\/collabora.local",
+ "wopi_url": "http:\/\/collabora.local",
+ ...While I agree that it should not change the value if manually set, I would assume in your setup when the URL is the same it should also work without ever setting public_wopi_url manually.
Could you maybe share some details about your setup (coolwsd config and involved reverse proxy/webservers) as well as the output of the following curl:
curl -v https://office.mydomain.com:443/hosting/discovery
from richdocuments.
UltraBlackLinux
commented on September 25, 2024
Hey there,
the public_wopi_url is also set incorrectly for me, but it did save. I see the correct values in the config, but when I try to open a presentation, it still uses the old public_wopi_url
I'm using the collabora extension and /hosting/capabilities is a 404 for me (?)
(Sometimes it doesn't even get there and instead shows a 500 internal server error for the token request. When I tried to have a look at the logs, it immediately went away. Now taht I stopped that, it's returned. quantum stuff from physics class all over again)
from richdocuments.
juliushaertl
commented on September 25, 2024
I'm using the collabora extension and /hosting/capabilities is a 404 for me (?)
This probably means you are lacking to pass it through in your web server / reverse proxy config.
from richdocuments.
UltraBlackLinux
commented on September 25, 2024
I have no idea what you mean. I'm using the official unofficial nextcloud docker image, which has almost everything set up
from richdocuments.
645340633
commented on September 25, 2024
Have you solved it? I met the same problem
from richdocuments.
juliushaertl
commented on September 25, 2024
I have no idea what you mean. I'm using the official unofficial nextcloud docker image, which has almost everything set up
Can you provide more details (which image, how do you start it, are you running the richdocumentscode app or a separate container for Collabora CODE).
from richdocuments.
UltraBlackLinux
commented on September 25, 2024
Nextcloud image: https://hub.docker.com/_/nextcloud/
richdocuments and collabora both as nextcloud apps, but I had previously tried the standalone collabora container, with the same result.
not really anything special as to how I'm running it, just docker compose up, which sets username and password for redis and the database
from richdocuments.
juliushaertl
commented on September 25, 2024
Interesting, maybe that is something that could be catched in the docker container of Collabora to strip such escapings
from richdocuments.
juliushaertl
commented on September 25, 2024
Wondering if this is just recently happening with CollaboraOnline/online@2e86ea4
from richdocuments.
juliushaertl
commented on September 25, 2024
@timar Given the problems described in #3262 (comment) would it make sense to sanitize the server_name passed in to not contain backslash escaping?
from richdocuments.
JoeHaenf
commented on September 25, 2024
I can confirm that #3262 (comment) works for me, too.
Omitting the server_name variable and using only the newer aliasgroup variable does the trick. After rebooting the Collabora server with this new config, I had to reconfigure the Richdocuments app once again, of course.
from richdocuments.
juliushaertl
commented on September 25, 2024
We could probably have a workaround for that case in richdocuments as well as in str_replace('\.', '.', $domain)
from richdocuments.
juliushaertl
commented on September 25, 2024
Added a workaround to avoid failures in case of such escaped urls to #3315
from richdocuments.
Related Issues (20)
- Integrate Nextcloud Assistant HOT 2
- Theme logo not appearing, top left navigation HOT 1
- Development Edition stops after a few hours? HOT 2
- Errors during template field extraction
- Smart picker not working for document sections HOT 2
- Nextcloud office | cant open any of my documents HOT 2
- tab stops are difficult to see and click on in ruler HOT 3
- Nextcloud AIO | Office | External Storage | Popup: "Can't save document, please check permissions HOT 7
- Add draw functionality HOT 1
- Guest name dialog can't submit guest name with `Enter` key
- Cannot open PDF shared with another user if download disabled HOT 1
- Nextcloud AIO latest fresh install not working 500 error HOT 5
- Localization of "Enter Guest name" field don't work for German, Russian, French HOT 1
- Not enough storage error on save HOT 4
- Welcome to Nextcloud Hub.docx should be prepared for Dark mode HOT 1
- Nextcloud timeouts when trying to open documents with collabora HOT 4
- AppData API for settings ... HOT 2
- AI integration Collabora HOT 1
- calc - "To paste outside Nextcloud Office, please first click the 'download' button" HOT 2
- Enable startPresentation parameter
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from richdocuments.