Collabora Online (using Docker) - Errors

Hi,

I have installed the Pydio Community Edition to test the features, and I think Pydio seems very nice for a locally hosted documentation server.

I want Pydio (ofcourse) to be able to edit office documents, and I want to use Collabora Online for that. But it fails hard.

The official Pydio installation instructions didn’t work so well and I had to resolve installation issues by Googling through and finding posts on nextcloud forums.

I’m running a Ubuntu Server 16.04 and have installed Pydio on apache2. I’m using a self-signed certificate for SSL.

I can see that Pydio opens Collabora Online, but it cannot access the document. It casts the error “Well, this is embarrassing, we cannot connect to your document. Please try again.”

When I look at the docker logs it keeps getting SSL errors.

Does anyone in here recently have installed Pydio with Collabora Online, and could perhaps share how they did?

Hi,
sorry to hear that, yes the docker installation is quite tricky.

could you link the guides that are not working well i’ll try to update them.

As for your issue i think you should take a look at this otherwise you could install the native version if the docker is giving you issues there’s a post that was kinda addressing this issue here.

I completely agree that it should be something related to reverse proxy.
Anyway a good check is also to have a look if collabora is correctly listening on port 9980

Hi,

Thanks for the response. I’ll give the description of what will make it work, once it does. There’s no real reason to tell what the errors are, as long as it doesn’t work. I just know that what I read to do, made the progress. I’ll give the full description later.

For now…

I get this error (from Docker logs):
wsd-00025-00043 09:21:28.921634 [ docbroker_003 ] ERR Cannot get file info from WOPI storage uri [http://xyz.xyz.com/wopi/files/1/xyzxyz.docx?access_token=xxxxxxxxx

This is after I try to open a Document using Collabora Online from inside Pydio. I see the editor and it pops up with the message “Well this is embarassing”…

That URI “http://xyz.xyz.com/wopi/files/1/xyzxyz.docx” <-- two things.

1. I’m using HTTPS and it tries to fetch over HTTP.
2. The URI /wopi/files is not something where Pydio stores anything, and it is not in the Proxy configuration.

Any ideas?

I will see if I can modify the docker image.

Did you flagged the Websockets uses TLS in collabora editor configuration inside pydio ?

Yeah, I tried both with and without that option. Gives the same error.

The option must be set and also you must set https in the url to libreoffice editor frame.
you must also be sure that lool is listening on the port that is specified for the websock.

Anyway I always prefer native installation to docker one.
Especially under ubuntu installing collabora natively is extremely simple.

Sounds like I should try the native install. Do you know anywhere I can find instructions for a native install?

Have a look to this thread:

Seems like there is a general issue with Collaboras signing key. According to their guide from native install you should issue the following command:

root@pydiotestserver:~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6CCEA47B2281732DF5D504D00C54D189F4BA284D

It simply never gets a response. Just hangs there. I wonder what can be done. I wonder how anyone makes this work

root@webdocs:~# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6CCEA47B2281732DF5D504D00C54D189F4BA284D
Executing: /tmp/tmp.CTs87wh5Og/gpg.1.sh --keyserver
keyserver.ubuntu.com
–recv-keys
6CCEA47B2281732DF5D504D00C54D189F4BA284D
gpg: requesting key F4BA284D from hkp server keyserver.ubuntu.com
gpg: key F4BA284D: “Collabora Productivity libreoffice@collabora.com” not changed
gpg: Total number processed: 1
gpg: unchanged: 1

Here it works without any issue… tested right now.

Thank you,

I realize there is an issue with my internetproxy and the keyserver. I managed to grab the key by using my cellphone internet connection.

I managed to install it natively using your script romoloman. Now I might be getting closer. I use the same proxy config, as I did with docker:

<VirtualHost *:443>
    ServerName xxxx.xxxx.xx:443

    # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
    SSLEngine on
    SSLCertificateFile /root/testkey.crt
    #SSLCertificateChainFile /path/to/intermediate_certificate
    SSLCertificateKeyFile /root/testkey.key
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
    SSLHonorCipherOrder on

    # Encoded slashes need to be allowed
    AllowEncodedSlashes NoDecode

    # Container uses a unique non-signed certificate
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off

    # keep the host
    ProxyPreserveHost On

    # static html, js, images, etc. served from loolwsd
    # loleaflet is the client part of LibreOffice Online
    ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
    ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

    # WOPI discovery URL
    ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
    ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

    # Main websocket
    ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

    # Admin Console websocket
    ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

    # Download as, Fullscreen presentation and Image upload operations
    ProxyPass           /lool https://127.0.0.1:9980/lool
    ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>

I get a new error this time. From the webinterface it says:

Failed to read document from storage.

And from the backend it says:

ERR WOPI::CheckFileInfo failed with 404 Not Found

I tried adding lool user to the apache2 user www-data’s group, for permissions to the files.

Any ideas? I run loolwsd with this command (taken from the docker image run command):

su -c “/usr/bin/loolwsd --version --o:sys_template_path=/opt/lool/systemplate --o:lo_template_path=/opt/collaboraoffice5.3 --o:child_root_path=/opt/lool/child-roots --o:file_server_root_path=/usr/share/loolwsd” -s /bin/bash lool

BTW I wonder that it looks in the URI /wopi/files (look below):
ERR Failed to add session to [/wopi/files/1/document.docx] with URI [https://xxxx.xxxx.xx/wopi/files/1/document.docx

Because that URI path does not exist. And is not used when pydio creates / uploads documents. Is it something I misunderstand here?

If you install libreoffice using my script you should already have a service loolwsd running
no need to pass any other parameter.
Only verify that you have correctly generated the ssl certificates for loolwsd

Lool doesn’t read the files directly form the filesystem but they are passed to lool using the web service.

Anyway the command user to start loolwsd is correct
In the service is specified as:
ExecStart=/usr/bin/loolwsd --version --o:sys_template_path=/opt/lool/systemplate --o:lo_template_path=/opt/collaboraoffice5.3 --o:child_root_path=/opt/lool/child-roots --o:file_server_root_path=/usr/share/loolwsd

Did you enabled the following modules in apache ?
rewrite
proxy
proxy_html
proxy_wstunnel

in apache2 ?

Is AllowOverride all enabled in the pydio directory
is the .htaccess in the pydio appropriate for your installation ?

I have all the modules mentioned enabled. The .htaccess file looks like this:

# Make sure to enable RewriteRule on your server, and the the RewriteBase is correctly set.
# If your install is accessible on https://yourdomain.tld/pydio, RewriteBase should be /pydio.
# If your install is accessible on https://yourdomain.tld/, RewriteBase should be /.

RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php [L]

#Following lines seem to be necessary if PHP is working
#with apache as CGI or FCGI. Just remove the #
#See http://doc.tiki.org/WebDAV#Note_about_Apache_with_PHP_as_fcgi_or_cgi

#RewriteCond %{HTTP:Authorization} ^(.*)
#RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

#Following lines may be necessary for a PHP-FPM setup
# to make sure that authorization is transmitted.
# Just remove the # at the beginning of the line

#SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

</IfModule>

AddType application/json .json

The location of pydio is this:
/var/www/pydio/

The apache2.conf looks like this:
Mutex file:${APACHE_LOCK_DIR} default

PidFile ${APACHE_PID_FILE}

Timeout 300

KeepAlive On

MaxKeepAliveRequests 100

KeepAliveTimeout 5


# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

HostnameLookups Off

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

<Directory />
        Options FollowSymLinks
        AllowOverride all
        Require all granted
</Directory>

<Directory /usr/share>
        AllowOverride all
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride all
        Require all granted
</Directory>

AccessFileName .htaccess

<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

<VirtualHost *:443>
    ServerName xxxx.xxxx.xx:443

    # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
    SSLEngine on
    SSLCertificateFile /root/testkey.crt
    #SSLCertificateChainFile /path/to/intermediate_certificate
    SSLCertificateKeyFile /root/testkey.key
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
    SSLHonorCipherOrder on

    # Encoded slashes need to be allowed
    AllowEncodedSlashes NoDecode

    # Container uses a unique non-signed certificate
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off

    # keep the host
    ProxyPreserveHost On

    # static html, js, images, etc. served from loolwsd
    # loleaflet is the client part of LibreOffice Online
    ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
    ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

    # WOPI discovery URL
    ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
    ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

    # Main websocket
    ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

    # Admin Console websocket
    ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

    # Download as, Fullscreen presentation and Image upload operations
    ProxyPass           /lool https://127.0.0.1:9980/lool
    ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>

I still get the same errors as mentioned above. Does anything look odd?

Here are the exact error logs:

loolwsd[1075]: wsd-01075-02630 11:11:32.975610 [ websrv_poll ] WRN  WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:540
loolwsd[1075]: wsd-01075-03368 11:11:33.828674 [ docbroker_004 ] ERR  WOPI::CheckFileInfo failed with 404 Not Found| wsd/Storage.cpp:520
loolwsd[1075]: wsd-01075-03368 11:11:33.829661 [ docbroker_004 ] ERR  Failed to add session to [/wopi/files/1/Untitled%20Document-4.docx] with URI [https://xxxx.xxxx.xx/wopi/files/1/Untitled%20Document-4.docx?acce
loolwsd[1075]: wsd-01075-03368 11:11:33.931853 [ docbroker_004 ] WRN  Attempted ping on non-upgraded websocket!| ./net/WebSocketHandler.hpp:280
loolwsd[1075]: wsd-01075-03368 11:11:34.258823 [ docbroker_004 ] WRN  Child session [0008] not found to forward message: load url=https://xxxx.xxxx.xx/wopi/files/1/Untitled%20Document-4.docx?access_token=eyJ0eXAiO
loolwsd[1075]: wsd-01075-03368 11:11:34.265783 [ docbroker_004 ] ERR  Invalid or unknown session [0008] to remove.| wsd/DocumentBroker.cpp:1067
loolwsd[1075]: wsd-01075-01668 11:11:34.832605 [ prisoner_poll ] WRN  Waking up dead poll thread [docbroker_004], started: true, finished: true| ./net/Socket.hpp:512
loolwsd[1075]: wsd-01075-01668 11:11:34.833372 [ prisoner_poll ] WRN  Waking up dead poll thread [docbroker_004], started: true, finished: true| ./net/Socket.hpp:512
loolwsd[1075]: wsd-01075-01668 11:11:34.837293 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/LOOLWSD.cpp:1541
loolwsd[1075]: wsd-01075-01668 11:11:34.838280 [ prisoner_poll ] WRN  Waking up dead poll thread [docbroker_004], started: false, finished: true| ./net/Socket.hpp:512
loolwsd[1075]: wsd-01075-01668 11:11:34.838947 [ prisoner_poll ] WRN  Waking up dead poll thread [docbroker_004], started: false, finished: true| ./net/Socket.hpp:512

you should add the directory also in the virtual host.
have a look to my config in this thread:

romoloman… you are the man!! Now it works!

Took all your settings from that post .htaccess and apache configuration file. Collabora opens and edits documents now.

Thank you very much.

remember to run apt-get upgrade.
collabora package distribution is often updated with improvements and bug fixes
I got latest loolwsd update today.

This might not directly related to this topic issue, but is there nginx config for the collabora guide?

Hi,
unfortunately there isn’t you could try to adapt the main parameters from the apache config to the nginx and then try with small steps until you figure it out.