Nextcloud 21 with Collabora issues

Forum home -> Tech Talk -> View topic

Post

Posted
Rating:
#601 (In Topic #139)
Avatar
Standard member

Unauthorized WOPI host and proxy header issue

I recently watched the YT video tutorial for installing NC 21 with Collabora and followed all those instructions.



I have used Nextcloud since it branched from Owncloud, but I don't pretend to be an expert.  My previous install was Nextcloud version 13 and upgraded to version 17.  When the upgrade from version 17 to 18 broke, I could not upgrade anymore.

When I found this video, this is exactly what I needed.  I own my own server and installed Ubuntu 20.04 in a new virtual machine then proceed to install and setup nextcloud 21 on apache2 with Collabora.  The instructions were basically flawless and everything worked.  The Nextcloud and Collabora services run HTTPS on port 443.  After setup was done and I tested the TLS security to make sure it was an A+ rating, Next, I poke a hole in my router to tunnel Nextcloud traffic from the external port 8443 to 443 internally because I also run a standard web-server on another system through the router on port 443.  My router tunnels external requests on port 8443 to port 443 on the internal network to the Nextcloud server.  The Collabora traffic is also tunneled over the same port address of 8443 to 443.  One minor change was made on the Nextcloud system to add a trusted address in the config.php file that reads:  nextcloud.mydomain.com:8443.  The only thing that doesn't work when I tunnel this manner is that port 80 will not redirect to port 443 so you must type HTTPS when you want to visit the website, like https://nextcloud.mydomain.com:8443.  This is fine because the Nextcloud client software will be set up with the correct URL and port.  I've been running my Nextcloud 17 install like this for years.

After this is set up, I open nextcloud in the web-browser using port 8443 and login.  I go to Settings then Overview to make sure everything looks clean.  Where I had the green checkmark prior to the router tunnel, I now see this warning:

There are some warnings regarding your setup.
  • The reverse proxy header configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If not, this is a security issue and can allow an attacker to spoof their IP address as visible to the Nextcloud. Further information can be found in the documentation.
Next, I click around and everything seems to be working, except when I create a document with Collabora.  When the new document opens, I get a popup dialog message that says.

"Unauthorized WOPI host.  Please try again later and report to your administrator if the issue persists."

The Nextcloud server is running in a virtual machine on Ubuntu 20.04.  There is no docker or anything like that.  Just plain vanilla Apache2 with Collabora.  I would really appreciate any suggestions as to how to correct the proxy header configuration and the unauthorized WOPI host issue.

Best regards,

Ray


 
Online now: No Back to the top

Post

Posted
Rating:
#602
Avatar
Standard member
I was able to fix this.  There was an external IP address in the config.php file in the trusted proxy section.  After removing that,  all went back to normal.
Online now: No Back to the top
1 guest and 0 members have just viewed this.