Allow List for WOPI requests
-
This setting is locking down the nextcloud host to only accept WOPI requests from collabora on that subnet, which is the local docker network on Cloudron. I have tried this here and setting
172.18.0.0/16
works as expected. Do you have any more information about the issue? -
-
I digged a bit deeper in and here are the logs for two requests for the same document. The first one is with the WOPI adress as documented and the second one it with my external real ipv4 adress. Withe the external real ipv4 adress it works and i can open the documents. i found that here "https://github.com/nextcloud/richdocuments/issues/2685"
With Wopi Adress 172.18.0.0/16:
"GET /index.php/apps/richdocuments/wopi/files/542576_oc2a6lhu6gbc?access_token=vmAdhoDd9DnOnITRqNn235KjCmxEUwjp&access_token_ttl=0 HTTP/1.1" 403 2 "-" "COOLWSD HTTP Agent 24.04.7.1"
"GET /index.php/apps/richdocuments/wopi/files/542576_oc2a6lhu6gbc?access_token=vmAdhoDd9DnOnITRqNn235KjCmxEUwjp&access_token_ttl=0&permission=edit HTTP/1.1" 403 2 "-" "COOLWSD HTTP Agent 24.04.7.1"With Wopi Adress real IPv4 Adress :
"GET /index.php/apps/richdocuments/wopi/files/542576_oc2a6lhu6gbc?access_token=YGfINlPRSbkt7OLGw3VHMxuFSE19cX1v&access_token_ttl=0 HTTP/1.1" 200 853 "-" "COOLWSD HTTP Agent 24.04.7.1"
"GET /index.php/apps/richdocuments/wopi/files/542576_oc2a6lhu6gbc/contents?access_token=YGfINlPRSbkt7OLGw3VHMxuFSE19cX1v&access_token_ttl=0 HTTP/1.1" 200 6345 "-" "COOLWSD HTTP Agent 24.04.7.1" -
I am no WOPI expert and also cannot reproduce this still. A 403 status code would to me more look like the accesstoken (which is different in both requests you pasted) is invalid. But could be that Nextcloud does return a 403 also for blocked IPs. You have to ask the upstream developers for such details.
One idea, can you double check which IP range your local
cloudron
docker network uses? You can do this via SSHdocker network inspect cloudron