Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Collabora Online (CODE)
  3. Allow List for WOPI requests

Allow List for WOPI requests

Scheduled Pinned Locked Moved Solved Collabora Online (CODE)
26 Posts 8 Posters 17.8k Views 8 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • girishG Offline
    girishG Offline
    girish
    Staff
    wrote on last edited by
    #7

    I made a note of the internal network atleast - https://docs.cloudron.io/networking/#internal-network .

    1 Reply Last reply
    3
    • nebulonN nebulon marked this topic as a question on
    • nebulonN nebulon has marked this topic as solved on
    • marcusquinnM Offline
      marcusquinnM Offline
      marcusquinn
      wrote on last edited by
      #8

      Hmmm, I thought I had this issue, as that value wasn't populated under: /settings/admin/richdocuments

      So populated it, and getting the all clear in the settings:

      2ce31a33-70ef-48bb-a067-def69938000f-image.png

      However, when trying to open a document, I'm getting this, still:

      05ef4fd1-d64f-41e7-9b09-d3caa9bcbedd-image.png

      Anyone else got or solved the same?

      Web Design & Development: https://www.evergreen.je
      Technology & Apps: https://www.marcusquinn.com

      M 1 Reply Last reply
      0
      • marcusquinnM marcusquinn

        Hmmm, I thought I had this issue, as that value wasn't populated under: /settings/admin/richdocuments

        So populated it, and getting the all clear in the settings:

        2ce31a33-70ef-48bb-a067-def69938000f-image.png

        However, when trying to open a document, I'm getting this, still:

        05ef4fd1-d64f-41e7-9b09-d3caa9bcbedd-image.png

        Anyone else got or solved the same?

        M Offline
        M Offline
        michaelpope
        wrote on last edited by
        #9

        @marcusquinn said in Allow List for WOPI requests:

        Hmmm, I thought I had this issue, as that value wasn't populated under: /settings/admin/richdocuments

        So populated it, and getting the all clear in the settings:

        2ce31a33-70ef-48bb-a067-def69938000f-image.png

        However, when trying to open a document, I'm getting this, still:

        05ef4fd1-d64f-41e7-9b09-d3caa9bcbedd-image.png

        Anyone else got or solved the same?

        Hey Marcus,

        Are you using the Cloudron app for CODE? If so, you need to swap it to 'Use your own server'. If you are using the built-in CODE (which requires a secondary app installed in Nextcloud), then I think the WOPI options might be different than the ones provided above (as it would be "inside" of the Nextcloud app).

        marcusquinnM 1 Reply Last reply
        0
        • M michaelpope

          @marcusquinn said in Allow List for WOPI requests:

          Hmmm, I thought I had this issue, as that value wasn't populated under: /settings/admin/richdocuments

          So populated it, and getting the all clear in the settings:

          2ce31a33-70ef-48bb-a067-def69938000f-image.png

          However, when trying to open a document, I'm getting this, still:

          05ef4fd1-d64f-41e7-9b09-d3caa9bcbedd-image.png

          Anyone else got or solved the same?

          Hey Marcus,

          Are you using the Cloudron app for CODE? If so, you need to swap it to 'Use your own server'. If you are using the built-in CODE (which requires a secondary app installed in Nextcloud), then I think the WOPI options might be different than the ones provided above (as it would be "inside" of the Nextcloud app).

          marcusquinnM Offline
          marcusquinnM Offline
          marcusquinn
          wrote on last edited by
          #10

          @michaelpope I used to use the other CLoudron App for Collabora, as "own server" but the splash screen coming up on every document loading annoyed me, so I switched to the same-container Nextcloud App called Nextcloud Office.

          The issue annoyingly remains. Not been able to work online with Collabora for that instance since posting this. Just working with the local synced files for now, but would be good to know what the issue is, especially since no-one else here seems to be having the same.

          Web Design & Development: https://www.evergreen.je
          Technology & Apps: https://www.marcusquinn.com

          M 1 Reply Last reply
          0
          • marcusquinnM marcusquinn

            @michaelpope I used to use the other CLoudron App for Collabora, as "own server" but the splash screen coming up on every document loading annoyed me, so I switched to the same-container Nextcloud App called Nextcloud Office.

            The issue annoyingly remains. Not been able to work online with Collabora for that instance since posting this. Just working with the local synced files for now, but would be good to know what the issue is, especially since no-one else here seems to be having the same.

            M Offline
            M Offline
            michaelpope
            wrote on last edited by michaelpope
            #11

            @marcusquinn said in Allow List for WOPI requests:

            @michaelpope I used to use the other CLoudron App for Collabora, as "own server" but the splash screen coming up on every document loading annoyed me, so I switched to the same-container Nextcloud App called Nextcloud Office.

            The issue annoyingly remains. Not been able to work online with Collabora for that instance since posting this. Just working with the local synced files for now, but would be good to know what the issue is, especially since no-one else here seems to be having the same.

            So if you are using the Nextcloud app, you wouldn't be able to use 172.18.0.0/16 as your WOPI allow list - that's a Cloudron IP, and since you are running Collabora in the same app as Nextcloud, using a Cloudron IP would not make sense in this case. I think you'll need to look at what the app suggests for WOPI - they probably have a section for it.

            marcusquinnM 1 Reply Last reply
            0
            • M michaelpope

              @marcusquinn said in Allow List for WOPI requests:

              @michaelpope I used to use the other CLoudron App for Collabora, as "own server" but the splash screen coming up on every document loading annoyed me, so I switched to the same-container Nextcloud App called Nextcloud Office.

              The issue annoyingly remains. Not been able to work online with Collabora for that instance since posting this. Just working with the local synced files for now, but would be good to know what the issue is, especially since no-one else here seems to be having the same.

              So if you are using the Nextcloud app, you wouldn't be able to use 172.18.0.0/16 as your WOPI allow list - that's a Cloudron IP, and since you are running Collabora in the same app as Nextcloud, using a Cloudron IP would not make sense in this case. I think you'll need to look at what the app suggests for WOPI - they probably have a section for it.

              marcusquinnM Offline
              marcusquinnM Offline
              marcusquinn
              wrote on last edited by
              #12

              @michaelpope Well, the issues is it was working for a couple of months, then just stopped. Absolutely no settings changed, so I expect something in the Nextcloud Cloudron App update or restart changed something.

              The screenshot above shows that Nextcloud can access Collabora using that address, so it is difficult to know if this is a causation issue or just coincidence that it also wanted a WOPI value recently, something I'd not seen before.

              Web Design & Development: https://www.evergreen.je
              Technology & Apps: https://www.marcusquinn.com

              M 1 Reply Last reply
              0
              • marcusquinnM marcusquinn

                @michaelpope Well, the issues is it was working for a couple of months, then just stopped. Absolutely no settings changed, so I expect something in the Nextcloud Cloudron App update or restart changed something.

                The screenshot above shows that Nextcloud can access Collabora using that address, so it is difficult to know if this is a causation issue or just coincidence that it also wanted a WOPI value recently, something I'd not seen before.

                M Offline
                M Offline
                michaelpope
                wrote on last edited by
                #13

                @marcusquinn said in Allow List for WOPI requests:

                @michaelpope Well, the issues is it was working for a couple of months, then just stopped. Absolutely no settings changed, so I expect something in the Nextcloud Cloudron App update or restart changed something.

                The screenshot above shows that Nextcloud can access Collabora using that address, so it is difficult to know if this is a causation issue or just coincidence that it also wanted a WOPI value recently, something I'd not seen before.

                Hmmm... not sure what's up then...

                This is going to sound weird... but have you tried a loopback address for the WOPI? Like 127.0.0.1?

                marcusquinnM 1 Reply Last reply
                0
                • M michaelpope

                  @marcusquinn said in Allow List for WOPI requests:

                  @michaelpope Well, the issues is it was working for a couple of months, then just stopped. Absolutely no settings changed, so I expect something in the Nextcloud Cloudron App update or restart changed something.

                  The screenshot above shows that Nextcloud can access Collabora using that address, so it is difficult to know if this is a causation issue or just coincidence that it also wanted a WOPI value recently, something I'd not seen before.

                  Hmmm... not sure what's up then...

                  This is going to sound weird... but have you tried a loopback address for the WOPI? Like 127.0.0.1?

                  marcusquinnM Offline
                  marcusquinnM Offline
                  marcusquinn
                  wrote on last edited by marcusquinn
                  #14

                  @michaelpope Thanks for the creative thinking, we never know, huh! I just went to test this idea, and saw the 26.0.2 update has run — and guess what? It's just working again, all by itself. Nothing I did. So, maybe just something an app restart fixed.

                  I have some minor customisations, just in having the LibreSign bits installed, but nothing unofficial running.

                  I like to be verbose on issues in these forums, as they are like a Wiki for my future self and the Cloudron hive-mind, for if anything happens again, we have notes.

                  Web Design & Development: https://www.evergreen.je
                  Technology & Apps: https://www.marcusquinn.com

                  1 Reply Last reply
                  3
                  • N Offline
                    N Offline
                    ntnsndr
                    wrote on last edited by ntnsndr
                    #15

                    Using 172.18.0.0/16 worked for me on the WOPI whitelist when using built-in CODE server.

                    osoboO 1 Reply Last reply
                    3
                    • N ntnsndr

                      Using 172.18.0.0/16 worked for me on the WOPI whitelist when using built-in CODE server.

                      osoboO Offline
                      osoboO Offline
                      osobo
                      wrote on last edited by
                      #16

                      @ntnsndr said in Allow List for WOPI requests:

                      Using 172.18.0.0/16 worked for me on the WOPI whitelist when using built-in CODE server.

                      Thank you. I think this is worth mentioning in the CODE setup documentation (https://docs.cloudron.io/apps/collabora/)

                      1 Reply Last reply
                      0
                      • nebulonN Offline
                        nebulonN Offline
                        nebulon
                        Staff
                        wrote on last edited by
                        #17

                        Not sure if this applies to the collabora app we have on Cloudron, I think @ntnsndr is referring to the Nextcloud app which has some built-in code server? Although I wasn't aware that this works on Cloudron at all.

                        osoboO 1 Reply Last reply
                        1
                        • nebulonN nebulon

                          Not sure if this applies to the collabora app we have on Cloudron, I think @ntnsndr is referring to the Nextcloud app which has some built-in code server? Although I wasn't aware that this works on Cloudron at all.

                          osoboO Offline
                          osoboO Offline
                          osobo
                          wrote on last edited by
                          #18

                          @nebulon FYI I use Cloudron's Collabora app. I needed to use the 172.18.0.0/16 WOPI whitelist setting just to remove the warning.
                          CODE-WOPI-Warning.jpg

                          1 Reply Last reply
                          1
                          • nebulonN Offline
                            nebulonN Offline
                            nebulon
                            Staff
                            wrote on last edited by
                            #19

                            Thanks, I've added a note about this in the docs https://docs.cloudron.io/apps/collabora/

                            1 Reply Last reply
                            1
                            • S Offline
                              S Offline
                              SebGG
                              wrote on last edited by SebGG
                              #20

                              hi, i have a problem with the wopi adress i think. With wopi blank everything works as assumed. But with the wopi 172.18.0.0/16 not.

                              what could be wrong?

                              cloudron apps nextcloud and collabora online are installed at the same domain

                              1 Reply Last reply
                              0
                              • nebulonN Offline
                                nebulonN Offline
                                nebulon
                                Staff
                                wrote on last edited by
                                #21

                                This setting is locking down the nextcloud host to only accept WOPI requests from collabora on that subnet, which is the local docker network on Cloudron. I have tried this here and setting 172.18.0.0/16 works as expected. Do you have any more information about the issue?

                                1 Reply Last reply
                                0
                                • nebulonN Offline
                                  nebulonN Offline
                                  nebulon
                                  Staff
                                  wrote on last edited by
                                  #22

                                  @SebGG maybe your system is connecting via ipv6 only there so can you try to use fd00:c107:d509::/64 instead of the ipv4 one?

                                  1 Reply Last reply
                                  0
                                  • S Offline
                                    S Offline
                                    SebGG
                                    wrote on last edited by
                                    #23

                                    Hi, no, the ipv6 adress also doesnt work. Is there a way to check this in a deeper way?

                                    1 Reply Last reply
                                    0
                                    • nebulonN Offline
                                      nebulonN Offline
                                      nebulon
                                      Staff
                                      wrote on last edited by
                                      #24

                                      Do you see any errors to work with?

                                      For explanation, the collabora app backend will contact the Nextcloud instance. So Nextcloud can then only allow incoming requests on those routes by limiting to local connections with setting this netmask.

                                      1 Reply Last reply
                                      0
                                      • S Offline
                                        S Offline
                                        SebGG
                                        wrote on last edited by
                                        #25

                                        I digged a bit deeper in and here are the logs for two requests for the same document. The first one is with the WOPI adress as documented and the second one it with my external real ipv4 adress. Withe the external real ipv4 adress it works and i can open the documents. i found that here "https://github.com/nextcloud/richdocuments/issues/2685"

                                        With Wopi Adress 172.18.0.0/16:

                                        "GET /index.php/apps/richdocuments/wopi/files/542576_oc2a6lhu6gbc?access_token=vmAdhoDd9DnOnITRqNn235KjCmxEUwjp&access_token_ttl=0 HTTP/1.1" 403 2 "-" "COOLWSD HTTP Agent 24.04.7.1"
                                        "GET /index.php/apps/richdocuments/wopi/files/542576_oc2a6lhu6gbc?access_token=vmAdhoDd9DnOnITRqNn235KjCmxEUwjp&access_token_ttl=0&permission=edit HTTP/1.1" 403 2 "-" "COOLWSD HTTP Agent 24.04.7.1"

                                        With Wopi Adress real IPv4 Adress :

                                        "GET /index.php/apps/richdocuments/wopi/files/542576_oc2a6lhu6gbc?access_token=YGfINlPRSbkt7OLGw3VHMxuFSE19cX1v&access_token_ttl=0 HTTP/1.1" 200 853 "-" "COOLWSD HTTP Agent 24.04.7.1"
                                        "GET /index.php/apps/richdocuments/wopi/files/542576_oc2a6lhu6gbc/contents?access_token=YGfINlPRSbkt7OLGw3VHMxuFSE19cX1v&access_token_ttl=0 HTTP/1.1" 200 6345 "-" "COOLWSD HTTP Agent 24.04.7.1"

                                        1 Reply Last reply
                                        0
                                        • nebulonN Offline
                                          nebulonN Offline
                                          nebulon
                                          Staff
                                          wrote on last edited by
                                          #26

                                          I am no WOPI expert and also cannot reproduce this still. A 403 status code would to me more look like the accesstoken (which is different in both requests you pasted) is invalid. But could be that Nextcloud does return a 403 also for blocked IPs. You have to ask the upstream developers for such details.

                                          One idea, can you double check which IP range your local cloudron docker network uses? You can do this via SSH docker network inspect cloudron

                                          1 Reply Last reply
                                          0
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                          • Login

                                          • Don't have an account? Register

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Bookmarks
                                          • Search