Nextcloud

How to enable Collabora for multiple domains using docker-compose

In our previous post How to run Collabora office for Nextcloud using docker-compose we investigated how to configure your Collabora office server using docker-compose.yml.

If you want to use multiple domains, you need to change this line in .env:

COLLABORA_DOMAIN=collabora.mydomain.com

By reading the source code I found out that COLLABORA_DOMAIN is interpreted as a regular expression. Therefore you can use a (...|...|...) syntax.

COLLABORA_DOMAIN=(nextcloud.mydomain.com|nextcloud.myseconddomain.com)

After that, restart collabora.

Posted by Uli Köhler in Docker, Nextcloud

How to run Collabora office for Nextcloud using docker-compose

Create this docker-compose.yml, e.g. in /opt/collabora-mydomain:

version: '3'
services:
  code:
    image: collabora/code:latest
    restart: always
    environment:
      - password=${COLLABORA_PASSWORD}
      - username=${COLLABORA_USERNAME}
      - domain=${COLLABORA_DOMAIN}
      - extra_params=--o:ssl.enable=true
    ports:
      - 9980:9980

Now create this .env with the configuration. You need to change the password and the domain!

COLLABORA_USERNAME=admin
COLLABORA_PASSWORD=veecheit0Phophiesh1fahPah0Wue3
COLLABORA_DOMAIN=collabora.mydomain.com

Now you can create a systemd service to autostart by using our script from Create a systemd service for your docker-compose project in 10 seconds.

Run from inside your directory (e.g. /opt/collabora-mydomain)

curl -fsSL https://techoverflow.net/scripts/create-docker-compose-service.sh | sudo bash /dev/stdin

Now you need to configure your reverse proxy to point to port 9980. Here’s an example nginx config:

server {
    server_name collabora.mydomain.com;

    access_log /var/log/nginx/collabora.mydomain.com.access_log;
    error_log /var/log/nginx/collabora.mydomain.com.error_log info;

    location / {
        proxy_pass https://127.0.0.1:9980;
        proxy_http_version 1.1;
        proxy_read_timeout 3600s;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host            $host;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header X-Frontend-Host $host;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    }

    listen [::]:80; # managed by Certbot
}

Now open your browser and open collabora.mydomain.com. If collabora is running correctly, you should see:

OK

In Nextcloud, goto https://nextcloud.mydomain.com/settings/admin/richdocuments and set the

https://admin:[email protected]

Ensure to use your custom password from .env and your custom domain!

Click Save and you should see Collabora Online server is reachable:

Posted by Uli Köhler in Container, Docker, Nextcloud

How to run Nextcloud cron job manually using docker-compose

For docker-compose based Nextcloud installations, this is the command to run the cron job manually:

docker-compose exec -u www-data nextcloud php cron.php

You need to run this from the directory where docker-compose.yml is located.

Posted by Uli Köhler in Linux, Nextcloud

How to fix Nextcloud nextcloudcmd CLI “skipped due to earlier error, trying again in …”

Problem:

Your Nextcloud CLI client fails for some files (upload or download) with an error message like this

"Server replied "413 Request Entity Too Large" to "PUT https://example.com/remote.php/dav/uploads/username/XXXXXXXX/YYYYYY" (skipped due to earlier error, trying again in 6 hour(s))
PATH/TO/FILE.bmp

Solution:

The nextcloud CLI client nextcloudcmd stores the sync SQLite database in ~/.local/share/nextcloudcmd/._sync_############.db where ############ is a hex code. If you have multiple such files in ~/.local/share/nextcloudcmd, try out this procedure for each of them:

While nextcloudcmd is not running, use the SQLite3 command line tool to open the database, for example:

sqlite3 ~/.local/share/nextcloudcmd/._sync_bf15278da518.db

Then run this SQL command:

DELETE FROM 'blacklist';

and exit using Ctrl-D. Now try re-running nextcloudcmd, it should immediately retry syncing the file.

Posted by Uli Köhler in Nextcloud

How to fix Nextcloud upgrade Migration step ‘…’ is unknown

Problem:

When upgrading your Nextcloud instance, you see an error message like

Migration step 'OCA\Files\Migration\Version11301Date20191205150729' is unknown

Solution:

This error occurs because you just copied over multiple versions of the apps directory, which resulted in

First, make a backup of your apps directory (located inside your Nextcloud folder).

Then delete your current apps directory and replace it by the apps directory from the new version of Nextcloud you want to upgrade to.

After that, retry the upgrade.

Posted by Uli Köhler in Nextcloud

How to fix NextCloud OnlyOffice MixedContent or ‘Refused to frame ‘http://…’ because it violates the following Content Security Policy directive: “frame-src https://…”.

Problem:

In reverse-proxy setups  forwarding requests to OnlyOffice like our reference setup there you might encounter issues like

Refused to frame 'http://onlyoffice.mydomain.com/' because it violates the following Content Security Policy directive: "frame-src https://onlyoffice.mydomain.com/".

Solution:

Just add

proxy_set_header X-Forwarded-Proto $scheme;

directly after your proxy_pass clause in your nginx config, then run sudo service nginx reload.

The reason for this issue is that OnlyOffice thinks it’s being loaded using HTTP, but the Nextcloud page prevents insecure content from being loaded.

Using a proxy other than nginx? Just ensure that every proxied request (i.e. every request directed towards the OnlyOffice instance) has the X-Forwarded-Proto header set to the protocol of the original request – which should be https.

Posted by Uli Köhler in Nextcloud, nginx

How to fix Nextcloud Refused to send form data to /login/v2/grant because it violates the following Content Security Policy directive: form-action ‘self’

Problem:

When trying to connect using the Nextcloud client, during the Flow v2 authorization step where you open a page in the browser to authorize the client, you see an error message in the JS console like

Refused to send form data to 'http://nextcloud.mydomain.com/login/v2/grant' because it violates the following Content Security Policy directive: "form-action 'self'".

Solution:

Add

'overwriteprotocol' => 'https',

after this line:

'version' => '18.0.0.10',

in your nextcloud/config/config.php.

Posted by Uli Köhler in Nextcloud, PHP

How I fixed Nextcloud PHP Fatal error: Class contains 1 abstract method and must therefore be declared abstract

 

Recently my Nextcloud 16 instance (running via PHP 7.2 FPM on Nginx) return HTTP status 500 (internal server error) when trying to access it.

Analyzin the webserver log revealed this error message:

FastCGI sent in stderr: "PHP message: PHP Fatal error:  Class OC\Authentication\Token\PublicKeyToken contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (OC\Authentication\Token\IToken::setExpires) in /var/sites/nextcloud.mydomain.com/lib/private/Authentication/Token/PublicKeyToken.php on line 47" while reading response header from upstream, client: 2003:ea:b747:ee00:7491:f492:480:57a9, server: nextcloud.mydomain.com, request: "PROPFIND /remote.php/dav/files/admin/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.2-fpm.sock:", host: "nextcloud.mydomain.com"

After some research, I found out that – at least in my case – the issue could be fixed by flushing the PHP opcache:

sudo service php7.2-fpm reload

After that, nextcloud started to work properly again.

Posted by Uli Köhler in Nextcloud, PHP