Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

richdocuments isn't running in HTTPS mode #282

Open
purejosh opened this issue Sep 11, 2024 · 5 comments
Open

richdocuments isn't running in HTTPS mode #282

purejosh opened this issue Sep 11, 2024 · 5 comments

Comments

@purejosh
Copy link

Hello. I'm getting the following error (in the browser console) after installing the built-in CODE server, which happens whenever I try to open a document or spreadsheet:

Mixed Content: The page at 'https://cloud.mydomain.com/apps/files/files/1267?dir=/&openfile=true' was loaded over HTTPS, but requested an insecure resource 'http://cloud.mydomain.com/custom_apps/richdocumentscode/proxy.php?req=/browser/ca2ed20/cool.html?WOPISrc=https%3A%2F%2Fcloud.mydomain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1267_oclx7cmhqv9y&title=%2FNew%20document.odt&lang=en&closebutton=1&revisionhistory=1'. This request has been blocked; the content must be served over HTTPS.

This is also accompanied by other errors, and the following screenshot is what shows in the web page:

Refused to send form data to 'http://cloud.mydomain.com/custom_apps/richdocumentscode/proxy.php?req=/browser/ca2ed20/cool.html?WOPISrc=https%3A%2F%2Fcloud.mydomain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1267_oclx7cmhqv9y&title=%2FNew%20document.odt&lang=en&closebutton=1&revisionhistory=1' because it violates the following Content Security Policy directive: "form-action 'self' https://cloud.mydomain.com".

image
Document loading failed
Failed to load Nextcloud Office - please try again later

So, if I'm understanding this correctly, the built-in CODE isn't running in HTTPS mode, and because my site is running in HTTPS, it errors out. How can I force richdocuments' built-in CODE server to run in HTTPS?

@galandilias
Copy link

galandilias commented Sep 23, 2024

I am experiencing the same - some debuging at my end:

coolwsd.log

wsd-21988-21988 2024-09-23 21:25:22.062301 +0200 [ coolwsd ] INF  SSL support: SSL is disabled.| wsd/COOLWSD.cpp:2519
wsd-21988-21988 2024-09-23 21:25:22.062309 +0200 [ coolwsd ] INF  SSL support: termination is disabled.| wsd/COOLWSD.cpp:2520

Pretty disturbing because up to my understanding (and collabora proxy configuration documentation) either of above should be set to true...

and same file but output filtered by ERR and FTL:

host /tmp/coolwsd.tuLXHxPQ5Q # tail -n500 coolwsd.log | grep -e ERR -e FTL
wsd-21988-21988 2024-09-23 21:25:22.065891 +0200 [ coolwsd ] ERR  Failed to bind-mount [/tmp/coolwsd.tuLXHxPQ5Q/systemplate/] -> [/tmp/coolwsd.tuLXHxPQ5Q/jails/21988-0c0300ad/cool_test_mount]| common/JailUtil.cpp:156
wsd-21988-21988 2024-09-23 21:25:22.065904 +0200 [ coolwsd ] ERR  Bind-Mounting fails and will be disabled for this run. To disable permanently set mount_jail_tree config entry in coolwsd.xml to false.| common/JailUtil.cpp:451
frk-21999-21999 2024-09-23 21:25:22.980574 +0200 [ coolforkit-ns ] ERR  Security: Running without the capability to enter a chroot jail is ill advised.| kit/ForKit.cpp:737
frk-21999-21999 2024-09-23 21:25:22.980583 +0200 [ coolforkit-ns ] ERR  Security: Running without the ability to filter system calls is ill advised.| kit/ForKit.cpp:744
frk-21999-21999 2024-09-23 21:25:22.983073 +0200 [ coolforkit-ns ] FTL  Failed to load /tmp/appimage_extracted_5391669c29c12ee24f8c51f02e3288d7/opt/collaboraoffice/program/libmergedlo.so:
frk-21999-21999 2024-09-23 21:25:22.983091 +0200 [ coolforkit-ns ] FTL  Failed to preinit lokit.| kit/ForKit.cpp:789
frk-21999-21999 2024-09-23 21:25:22.983104 +0200 [ coolforkit-ns ] FTL  Forced Exit with code: 70| common/Util.cpp:822

@joshtrichards
Copy link
Contributor

joshtrichards commented Sep 30, 2024

  1. This URL is managed by the Nextcloud Office integration app, not CODE
  2. This likely a configuration matter, but it's possible the URL auto detection code is buggy.
  3. The URL is set via Administration settings->Nextcloud Office
  4. The URL generation is highly dependent on having a correct Nextcloud config for trusted_proxies and/or overwrite* and/or things like your web server sending "HTTPS on".

I suggest posting your config details on the Nextcloud Help Forum - https://help.nextcloud.com - to troubleshoot further.

@DallasHoff
Copy link

DallasHoff commented Dec 27, 2024

I attempted to install Nextcloud with the built-in CODE server, but found that it does not work for Nextcloud installations that are served over HTTPS, so I ended up having to set up my own separate Collabora service.

I am running Nextcloud and Collabora with Docker Compose behind an SSL-enabled reverse proxy, and I struggled a lot with getting it working while HTTPS was in use, but I ended up finding a solution. I was getting HTTP mixed content errors because Nextcloud (https://nextcloud.mydomain.app) was making requests to Collabora (https://collabora.mydomain.app) over HTTP, not HTTPS. I found out that this was because all of the URLs listed in the XML at https://collabora.mydomain.app/hosting/discovery started with http:// and Nextcloud was using those URLs, so I needed to get Collabora to generate those URLs with https://.

I finally got this working by adding --o:ssl.termination=true to the extra_params environment variable.

Then, I was able to enter https://collabora.mydomain.app in the Nextcloud settings, and it made the requests over HTTPS, removing the mixed content errors. (Side note: be sure to actually change the URL in the settings and re-save it; if you just refresh the settings page, the error message from previous connection attempts will still show).

Here is the Docker Compose config that I ended up with for the Collabora service.

  collabora:
    image: collabora/code
    restart: always
    ports:
      - '9980:9980'
    environment:
      - DONT_GEN_SSL_CERT=1
      - 'domain=nextcloud.mydomain.app'
      - 'extra_params=--o:ssl.enable=false --o:ssl.termination=true'

@typorian
Copy link

@DallasHoff Does the information about http mixed content error information refer to your separate collabora service? The built in code app does positively work with https-served Nextcloud, I have been running that for years. If what you're saying is about a separate CODE server, it has nothing to do with this issue, I would think.

@DallasHoff
Copy link

@DallasHoff Does the information about http mixed content error information refer to your separate collabora service? The built in code app does positively work with https-served Nextcloud, I have been running that for years. If what you're saying is about a separate CODE server, it has nothing to do with this issue, I would think.

I was getting mixed content errors with the built in CODE server after a new installation of the Nextcloud all-in-one container, which is the topic of this issue. After spending some time trying unsuccessfully to get the built in CODE server working, I felt forced to set up a separate CODE server container. I then ran into mixed content errors there also, but was able to solve it by adding the o:ssl.termination flag as I detailed above.

I could not find documentation describing that flag as a solution to this problem. I only stumbled upon it in a separate unrelated issue, so I thought it would be good to share that here for people who are also running into the built in CODE server not working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants