Collabora and Onlyoffice in conjunction with Nextcloud no longer work since the last update (dnf update) from Rocky

NethServer Version: 8
Module: Nextcloud, Collabora and Onlyoffice

Hello developers of NS 8,

Here is a list of the updates that are offered to me for installation and that I have already installed on a physical and a virtual machine. The result is that Onlyoffice on the physical machine and Collabora on the virtual machine no longer work. I was able to restore the virtual machine thanks to Proxmox Backup. Unfortunately, this is not possible with the physical machine. And a previous attempt to reinstall Onlyoffice was also unsuccessful. @mrmarkuz is informed and is working on a solution for the Onlyoffice app. But I can imagine that he also likes to spend his free time differently.

I pay almost 300 euros a year for two subscriptions and I seriously wonder why updates are released that result in NS 8 no longer working properly in parts. Why can this not checked in advance?

Regards

Uwe




4 Likes

3 posts were split to a new topic: In the ‘old’ days

When the cluster is registered with a subscription, the community repositories are disabled.
https://docs.nethserver.org/projects/ns8/en/latest/subscription.html#scheduled-updates

If someone re-enables them, the automatic update procedure does not distinguish which repository the update comes from; it simply applies it.

@mrmarkuz what do you think?

2 Likes

Both, Collabora and Onlyoffice on Rocky are not able to connect to Nextcloud anymore if Nextcloud is on the same server/node.

As regards Onlyoffice, It could also be an upstream bug, see also NS8 Nextcloud - Onlyoffice error - #4 by mrmarkuz

For both, access to Nextcloud isn’t working anymore. I didn’t find a solution yet.

runagent -m onlyoffice1 podman exec -ti onlyoffice-app curl https://<YOURNEXTCLOUDURL>

gives back

Connection refused

and

runagent -m collabora1 podman exec -ti collabora curl https://<YOURNEXTCLOUDURL>

returns

Couldn't connect to server

Collabora logs:

2024-12-03T10:49:24+01:00 [1:collabora1:collabora] WOPI::CheckFileInfo failed for URI [https://cloud.mrmarkuz.ddnss.eu/index.php/apps/richdocuments/wopi/files/7_ocsfe3gzcnko?access_token=Eh3IQGbzI6lxR2P40LoNN7f9qqRedGQs&access_token_ttl=0]: 0 (Unknown) . Headers: 	Body: []| wsd/wopi/CheckFileInfo.cpp:95
2024-12-03T10:49:24+01:00 [1:collabora1:collabora] wsd-00001-00031 2024-12-03 09:49:24.267576 +0000 [ websrv_poll ] ERR  #45: Invalid URI or access denied to [https://cloud.mrmarkuz.ddnss.eu/index.php/apps/richdocuments/wopi/files/7_ocsfe3gzcnko?access_token=Eh3IQGbzI6lxR2P40LoNN7f9qqRedGQs&access_token_ttl=0]| wsd/wopi/CheckFileInfo.cpp:109
2024-12-03T10:49:24+01:00 [1:collabora1:collabora] wsd-00001-00031 2024-12-03 09:49:24.320817 +0000 [ websrv_poll ] ERR  #45: CheckFileInfo failed for [https%3A%2F%2Fcloud.mrmarkuz.ddnss.eu%3A443%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F7_ocsfe3gzcnko], State::Fail| wsd/RequestVettingStation.cpp:265
2024-12-03T10:49:24+01:00 [1:traefik1:traefik] 192.168.3.133 - - [03/Dec/2024:09:49:24 +0000] "GET /cool/https%3A%2F%2Fcloud.mrmarkuz.ddnss.eu%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F7_ocsfe3gzcnko%3Faccess_token%3DEh3IQGbzI6lxR2P40LoNN7f9qqRedGQs%26access_token_ttl%3D0/ws?WOPISrc=https%3A%2F%2Fcloud.mrmarkuz.ddnss.eu%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F7_ocsfe3gzcnko&compat=/ws HTTP/1.1" 0 0 "-" "-" 16545 "collabora1-https@file" "http://127.0.0.1:20000" 0ms
2024-12-03T10:49:24+01:00 [1:collabora1:collabora] WOPI::CheckFileInfo failed for URI [https://cloud.mrmarkuz.ddnss.eu/index.php/apps/richdocuments/wopi/files/7_ocsfe3gzcnko?access_token=Eh3IQGbzI6lxR2P40LoNN7f9qqRedGQs&access_token_ttl=0&permission=edit]: 0 (Unknown) . Headers: 	Body: []| wsd/wopi/CheckFileInfo.cpp:95
2024-12-03T10:49:24+01:00 [1:collabora1:collabora] wsd-00001-00031 2024-12-03 09:49:24.414419 +0000 [ websrv_poll ] ERR  #48: Invalid URI or access denied to [https://cloud.mrmarkuz.ddnss.eu/index.php/apps/richdocuments/wopi/files/7_ocsfe3gzcnko?access_token=Eh3IQGbzI6lxR2P40LoNN7f9qqRedGQs&access_token_ttl=0&permission=edit]| wsd/wopi/CheckFileInfo.cpp:109
2024-12-03T10:49:25+01:00 [1:nextcloud3:nextcloud-app] 127.0.0.1 -  03/Dec/2024:09:49:25 +0000 "GET /index.php" 200
2024-12-03T10:49:25+01:00 [1:traefik1:traefik] 192.168.3.133 - - [03/Dec/2024:09:49:25 +0000] "GET /index.php/apps/files/preview-service-worker.js HTTP/2.0" 200 5337 "-" "-" 16547 "nextcloud3-https@file" "http://127.0.0.1:20011" 19ms

Onlyoffice logs:

2024-12-03T10:35:41+01:00 [1:onlyoffice2:onlyoffice-app] [2024-12-03T09:35:41.420] [ERROR] [localhost] [1935751640] [userId] nodeJS - error downloadFile:url=https://cloud.mrmarkuz.ddnss.eu/apps/onlyoffice/download?doc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJkb3dubG9hZCIsImZpbGVJZCI6NDQsInVzZXJJZCI6ImFkbWluIn0.fwmvWlgPpOJ9rqvnGjkYFxVKe1aC1jjA0AMnwLDFoA4;attempt=1;code:ECONNREFUSED;connect:null Error: connect ECONNREFUSED 192.168.3.144:443

I think I found a workaround @transocean @Tiago . It seems that Collabora and Onlyoffice don’t like internal Nextcloud IPs anymore, even if there are configuration options for both but they didn’t work in my tests.

In my network setup both ports 80 and 443 are forwarded to the NS8. Hairpin NAT may need to be enabled on the firewall for the port forwardings to get connected correctly to Nextcloud instead of the firewall on the NS8…

So I added a DNS entry for my public IP (11.22.33.44 in the example) to the public Nextcloud FQDN on the Rocky host in /etc/hosts:

11.22.33.44 mynextcloud.example.com

Both services need to be restarted to apply the new hosts:

runagent -m collabora1 systemctl --user restart collabora

runagent -m onlyoffice1 systemctl --user restart onlyoffice

After saving the settings for both apps in the Nextcloud admin settings they should be able to open documents again.

I’m going to dig deeper to find a better solution…

EDIT:

Maybe it has to do with the recent podman changes: Rockylinux basic update, app on webserver does not start - #49 by stephdl

1 Like

Hi Markus, the upgrade to Podman 5 with Rocky Linux 9.5 introduces some breaking changes. This article describes what’s happening in detail Podman 5.0 breaking changes in detail.

In short, with the new default rootless network implementation (Pasta) of Rocky Linux 9.5, your containers cannot contact the host’s IP address directly because it is already assigned to the container’s network stack.

It is a rare use case in our platform, because containers are usually servers, not clients. However, if a container wants to reach a service running on the local node, like Ldapproxy, our docs suggests:

--network=slirp4netns:allow_host_loopback=true

Then, there are many other alternatives to fix the issue.

  • As Steph’s pointed out in another MariaDB-related thread, the VPN IP address is a good choice to reach both the local node and other cluster nodes, e.g. “10.5.4.1”
  • You could run the container with the old implementation --network=slirp4netns. It seems it is available also in new installations (but we must check).

IMO, we should avoid the automatic update of applications with Certification Level 1 and 2, in case custom repositories are enabled in a cluster with an active subscription.

4 Likes

Thanks @davidep for the clarification.
Onlyoffice update will be released in the evening…

EDIT:

The update should be available in Software Center.
Onlyoffice was updated to version 8.2.2.

This one just worked.

EDIT2:

As expected, it works for Collabora too.
Should I open a PR for Collabora?

5 Likes

14 posts were split to a new topic: Nethesis makes money out of this