Nextcloud + Collabora installation: Getting a 'Document loading failed'

[cdog89]

Thanks to anyone that can help. I appreciate you. The issue is that I get a 'Document loading failed - Failed to load Nextcloud Office - please try again later' when I try to open any .docx, .xlsx, etc.

Here's the current status:
- TrueNAS Core 13 with Nextcloud successfully running
- VM with Ubuntu 18.X successfully running (IP is 192.168.86.26)
- Docker with Collabora inside VM successfully running
- At my ISP, I have subdomain collabora.XXXX.com pointing to my public IP
- Internally, I've forwarded port 9980 to the IP address of the Ubuntu installation.
- Going to collabora.XXX.com goes to a blank screen, but it is showing as a secure connection
- Going to http://192.168.86.26:9980 results in 'OK'
- Going to my local IP at http://xx.xx.xx.xx:9980/browser/dist/admin/adminSettings.html successfully takes me to the Collabora server login page and the basic menu. Starting with 'https://' , however, gives me errors.
- In the Nextcloud Office settings, I've set my own server as 'https://collabora.XXXX.com and checked 'Disable certification verification (insecure)'. I get a green checkmark that the Collabora Online server is reachable.
- Here's my Caddyfile code if it's important:

Code:

{
        # debug
#       acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
        email XXXXX@gmail.com
         default_sni nextcloud.XXXX.com
}

nextcloud.XXXX.com {
        root * /usr/local/www/nextcloud
        file_server
        log {
                output file /var/log/www.XXXX.com.log
        }

        php_fastcgi 127.0.0.1:9000 {
                env front_controller_active true
        }

#       tls {
#               dns cloudflare XXXX
#       }

        header {
                 enable HSTS
                 Strict-Transport-Security max-age=31536000;
        }

        # client support (e.g. os x calendar / contacts)
        redir /.well-known/carddav /remote.php/dav 301
        redir /.well-known/caldav /remote.php/dav 301
        redir /.well-known/webfinger /index.php/.well-known/webfinger 301
        redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301

        # .htaccess / data / config / ... shouldn't be accessible from outside
        @forbidden {
                path /.htaccess
                path /data/*
                path /config/*
                path /db_structure
                path /.xml
                path /README
                path /3rdparty/*
                path /lib/*
                path /templates/*
                path /occ
                path /console.php
        }

        respond @forbidden 404
}

collabora.XXXX.com {
  encode gzip
  @collabora {
    path /loleaflet/*          # Loleaflet is the client part of LibreOffice Online
    path /hosting/discovery    # WOPI discovery URL
    path /hosting/capabilities # Show capabilities as json
    path /lool/*               # Main websocket, uploads/downloads, presentations
  }
  reverse_proxy @collabora http://192.168.86.26:9980
}

So, I can't type in 'https://' then my local IP address and get a connection. I can only type is 'http://' to access the collabora server. I've been working on this most of the day and fear there is a very small issue in a config somewhere which will have me slapping my forehead, lol.

Any assistance would be fantastic.

Thanks!

 

[victort]

Could I interest you in an OnlyOffice script I created specifically for nextcloud that runs in a jail? Or do you prefer Collabora?
See my signature for the link.

The domain should be forwarded to your nextcloud server, not the Ubuntu VM. That way, whenever you visit the URL, Caddy will proxy it to your VM running Collabora.

 

[cdog89]

Could I interest you in an OnlyOffice script I created specifically for nextcloud that runs in a jail? Or do you prefer Collabora?
See my signature for the link.

The domain should be forwarded to your nextcloud server, not the Ubuntu VM. That way, whenever you visit the URL, Caddy will proxy it to your VM running Collabora.

I am most certainly interested in installing using your script! Based on my limited experience, I would much prefer OnlyOffice to run in a jail versus the office server running in a VM. I will give it a go and respond. Thank you for your help!

 

[victort]

I am most certainly interested in installing using your script! Based on my limited experience, I would much prefer OnlyOffice to run in a jail versus the office server running in a VM. I will give it a go and respond. Thank you for your help!

If you do, add your domain block to reverse proxy to the OnlyOffice jail, and point the domain to your Nextcloud jail.

Like this…

Code:

onlyoffice.xxx.com {
    reverse_proxy 192.168.1.xx
}

 

[cdog89]

I ran the script. Installation looks good. Local access at http://192.168.86.201/welcome shows 'server is running'. However, I can't get secure access to the server using https. My domain onlyoffice.xxxx.com has been forwarded to my public IP. Caddyfile was updated according to your directions. In nextcloud admin settings, I get an error when I enter the server address (error is: Error when trying to connect (cURL error 35: OpenSSL/1.1.1t: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://onlyoffice.XXXX.com/healthcheck)). I'm also unsure if I need to enter the secret key? If so, I can't seem to find the json file referenced - I'm not as proficient with Linux OS - so have been navigating aimlessly around the file system. So, I'm not sure where to go from here.

I think I need a crash course in SSL set up and technology in general.

Thank you @victort!

 

[victort]

I ran the script. Installation looks good. Local access at http://192.168.86.201/welcome shows 'server is running'. However, I can't get secure access to the server using https. My domain onlyoffice.xxxx.com has been forwarded to my public IP. Caddyfile was updated according to your directions. In nextcloud admin settings, I get an error when I enter the server address (error is: Error when trying to connect (cURL error 35: OpenSSL/1.1.1t: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://onlyoffice.XXXX.com/healthcheck)). I'm also unsure if I need to enter the secret key? If so, I can't seem to find the json file referenced - I'm not as proficient with Linux OS - so have been navigating aimlessly around the file system. So, I'm not sure where to go from here.

I think I need a crash course in SSL set up and technology in general.

Thank you @victort!

The referenced file is at /usr/local/etc/onlyoffice/documentserver/local.json

The script doesn’t alter the value for the token, which by default is “secret” and you should probably change it in the future to a random string. It will need to changed in all three locations in the above mentioned file, and this value is the “secret” field in Nextcloud OnlyOffice settings.

What happens when you visit onlyoffice.xxx.com?
That domain should be forwarded to your Nextcloud jail internally, not your public IP.

 

[cdog89]

OK, I'll change the secret key.

When I go to the domain onlyoffice.xxxx.com I get an error 'This site can't provide a secure connection'.

I had to forward ports for the collabora.xxxx.com to obtain a secure connection (port 9980). Oddly, the VM doesn't even boot up now, just hangs on the Ubuntu screen - but that isn't important now. Do I need to forward any ports to my internal IP address for the jail?

In the nextcloud admin settings: If I input 'https://onlyoffice.xxx.com', check 'disable certificate validation', and enter value 'http://192.168.86.201' into only the 'ONLYOFFICE Docs address for internal requests from the server' section, I get what appears to be a successful settings save (it says 'Settings have been successfully updated (version 7.4.1.36)'. But then when I go to open an appropriate file (.docx, e.g.), I get an error ('ONLYOFFICE cannot be reached. Please contact admin')

Any other variation in the above settings results in some sort of error in saving the settings.

Just curious: Would any of this be made easier if I downloaded the SSL cert and installed on my TrueNAS installation locally?

Caddyfile currently:
{
onlyoffice.xxxx.com
reverse_proxy http://192.168.86.201
}

Thanks!

 

[victort]

So let’s just make things clear.

1 . When you visit both domains internally, you get the nextcloud jail IP. Try a ping command from you PC for both.
2. When you visit https://onlyoffice.xxx.com you get a secure connection, and the page says the server is running.

Can you confirm these?

As far as SSL, Caddy does all that automatically for you.

 

[cdog89]

Well. I'll be darned. Yes, 1. and 2. are confirmed. But it seems that the problem has gone away! I restarted the entire system and now everything works! I can view and edit files directly from my nextcloud server. Is there a server restart necessary anytime the Caddyfile changes?

This is fantastic. I'll need to do some more testing and develop a full system-wide backup procedure, but I can move away from Google Drive and Dropbox with this. Thanks a million for all of your help in getting this working! It's people like you that renew my hope in this world, seriously.

 

[victort]

Well. I'll be darned. Yes, 1. and 2. are confirmed. But it seems that the problem has gone away! I restarted the entire system and now everything works! I can view and edit files directly from my nextcloud server. Is there a server restart necessary anytime the Caddyfile changes?

service caddy reload will do

This is fantastic. I'll need to do some more testing and develop a full system-wide backup procedure, but I can move away from Google Drive and Dropbox with this. Thanks a million for all of your help in getting this working! It's people like you that renew my hope in this world, seriously.

Glad you got it sorted out.