Allow List for WOPI requests
-
Hey all, just a question.
Nextcloud Office (which connects with CODE) requires an allow list for WOPI requests in it's Admin Settings section. Sticking in the IP address of the CODE server doesn't seem to work. Just wondering what each of you put in there since Nextcloud Office tends to indicate it's an important security setting.
Thanks.
-
@michaelpope I haven't investigated deeply. But I found https://help.nextcloud.com/t/in-nextcloud-office-i-can-t-make-wopi-allowlist-work/152004 and from there https://github.com/nextcloud/richdocuments/issues/2685 . Maybe you get some hints from those posts.
-
@girish Thanks, that did the trick. For anybody who wants to know what IP address to use, use the following steps:
- SSH into your machine
- Use
docker psto list the images on your machine. Grab the Container ID of the collabora container. - Use
docker inspect <Container ID>to take a look at the container's IP address. It should be down at the bottom, located under Networks, under the field 'IPAddress'. - I think it might be wise to generalize things in case of a container restart by changing the last digit of the IP address to
0, and adding/24to the end (eg.127.0.0.19->127.0.0.0/24), although you might need to go one subnet further... not sure yet. - Add that to the WOPI field specified above.
I'm pretty sure these settings are okay... but not 100% sure. If any of you think it's off, let me know :).
-
@michaelpope Thanks!
The internal network uses a hardcoded network address - https://git.cloudron.io/cloudron/box/-/blob/master/src/constants.js#L36 . So,
172.18.0.0/16. -
@girish said in Allow List for WOPI requests:
@michaelpope Thanks!
The internal network uses a hardcoded network address - https://git.cloudron.io/cloudron/box/-/blob/master/src/constants.js#L36 . So,
172.18.0.0/16.This sould be addes to the Cloudron Docs
-
N nebulon marked this topic as a question on
-
N nebulon has marked this topic as solved on
-
Hmmm, I thought I had this issue, as that value wasn't populated under:
/settings/admin/richdocumentsSo populated it, and getting the all clear in the settings:
However, when trying to open a document, I'm getting this, still:
Anyone else got or solved the same?
-
@marcusquinn said in Allow List for WOPI requests:
Hmmm, I thought I had this issue, as that value wasn't populated under:
/settings/admin/richdocumentsSo populated it, and getting the all clear in the settings:
However, when trying to open a document, I'm getting this, still:
Anyone else got or solved the same?
Hey Marcus,
Are you using the Cloudron app for CODE? If so, you need to swap it to 'Use your own server'. If you are using the built-in CODE (which requires a secondary app installed in Nextcloud), then I think the WOPI options might be different than the ones provided above (as it would be "inside" of the Nextcloud app).
-
@michaelpope I used to use the other CLoudron App for Collabora, as "own server" but the splash screen coming up on every document loading annoyed me, so I switched to the same-container Nextcloud App called Nextcloud Office.
The issue annoyingly remains. Not been able to work online with Collabora for that instance since posting this. Just working with the local synced files for now, but would be good to know what the issue is, especially since no-one else here seems to be having the same.
-
@marcusquinn said in Allow List for WOPI requests:
@michaelpope I used to use the other CLoudron App for Collabora, as "own server" but the splash screen coming up on every document loading annoyed me, so I switched to the same-container Nextcloud App called Nextcloud Office.
The issue annoyingly remains. Not been able to work online with Collabora for that instance since posting this. Just working with the local synced files for now, but would be good to know what the issue is, especially since no-one else here seems to be having the same.
So if you are using the Nextcloud app, you wouldn't be able to use 172.18.0.0/16 as your WOPI allow list - that's a Cloudron IP, and since you are running Collabora in the same app as Nextcloud, using a Cloudron IP would not make sense in this case. I think you'll need to look at what the app suggests for WOPI - they probably have a section for it.
-
@michaelpope Well, the issues is it was working for a couple of months, then just stopped. Absolutely no settings changed, so I expect something in the Nextcloud Cloudron App update or restart changed something.
The screenshot above shows that Nextcloud can access Collabora using that address, so it is difficult to know if this is a causation issue or just coincidence that it also wanted a WOPI value recently, something I'd not seen before.
-
@marcusquinn said in Allow List for WOPI requests:
@michaelpope Well, the issues is it was working for a couple of months, then just stopped. Absolutely no settings changed, so I expect something in the Nextcloud Cloudron App update or restart changed something.
The screenshot above shows that Nextcloud can access Collabora using that address, so it is difficult to know if this is a causation issue or just coincidence that it also wanted a WOPI value recently, something I'd not seen before.
Hmmm... not sure what's up then...
This is going to sound weird... but have you tried a loopback address for the WOPI? Like 127.0.0.1?
-
@michaelpope Thanks for the creative thinking, we never know, huh! I just went to test this idea, and saw the 26.0.2 update has run — and guess what? It's just working again, all by itself. Nothing I did. So, maybe just something an app restart fixed.
I have some minor customisations, just in having the LibreSign bits installed, but nothing unofficial running.
I like to be verbose on issues in these forums, as they are like a Wiki for my future self and the Cloudron hive-mind, for if anything happens again, we have notes.
-
-
@ntnsndr said in Allow List for WOPI requests:
Using 172.18.0.0/16 worked for me on the WOPI whitelist when using built-in CODE server.
Thank you. I think this is worth mentioning in the CODE setup documentation (https://docs.cloudron.io/apps/collabora/)
-
