无法连接到Collabora预览office文件,如何解决?


#1

大家好,最近在部署Seafile和collabora遇到无法连接到文件的问题,查了很多论坛、网站都没能找到解决办法,因此想向大家求助一下。

我是参考官方中文文档 - 用 Docker 部署 Seafile 专业版,做了一些小调整,下面是我的docker-compose.yml文件,我把collabora也写进docker-compose里了。

version: '2.0'
services:
  db:
    image: mariadb:10.1
    restart: always
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=XXXXXX  # Requested, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - /opt/seafile-mysql/db:/var/lib/mysql  # Requested, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net

  memcached:
    image: memcached:1.5.6
    restart: always
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net

  elasticsearch:
    image: seafileltd/elasticsearch-with-ik:5.6.16
    restart: always
    container_name: seafile-elasticsearch
    environment:
      - discovery.type=single-node
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 2g
    volumes:
      - /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data  # Requested, specifies the path to Elasticsearch data persistent store.
    networks:
      - seafile-net

  collabora:
    image: collabora/code
    restart: always
    container_name: collabora-online
    ports:
      - "9980:9980"
    environment:
      - domain=pan\\.callmsn\\.top
      - username=admin
      - password=XXXXXXXXXXX
      - TIME_ZONE=Asia/Shanghai # Optional, default is UTC. Should be uncomment and set to your local time zone.
    cap_add:
      - MKNOD
    networks:
      - seafile-net

  seafile:
    image: docker.seafile.top/seafileltd/seafile-pro-mc:latest
    restart: always
    container_name: seafile
    ports:
      - "8000:80"
      - "8080:8080"
#     - "443:443"  # If https is enabled, cancel the comment.
    volumes:
      - /opt/seafile-data:/shared   # Requested, specifies the path to Seafile data persistent store.
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=XXXX # Requested, the value shuold be root's password of MySQL service.
      - TIME_ZONE=Asia/Shanghai # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - SEAFILE_ADMIN_EMAIL=XXXXXXXX@outlook.com # Specifies Seafile admin user, default is 'me@example.com'
      - SEAFILE_ADMIN_PASSWORD=XXXXXXX     # Specifies Seafile admin password, default is 'asecret'
      - SEAFILE_SERVER_LETSENCRYPT=false   # Whether to use https or not
#      - SEAFILE_SERVER_HOSTNAME=pan.callmsn.top # Specifies your host name if https is enabled
    depends_on:
      - db
      - memcached
      - elasticsearch
      - collabora
    networks:
      - seafile-net

networks:
  seafile-net:

下面是我的Collabora nginx配置文件,nginx没有跟seafile官网一致,跟Collabora官方教程一致:

server {
    listen       80;
    server_name  collabora-online.callmsn.top;
    rewrite ^ https://$http_host$request_uri? permanent;    #强制将http重定向到https
    server_tokens off;
}

server {
    listen       443 ssl;
    server_name  collabora-oneline.callmsn.top;

    ssl_certificate /etc/nginx/ssl/collabora-online/collabora-online.pem;
    ssl_certificate_key /etc/nginx/ssl/collabora-online/collabora-online.key;

    # static files
    location ^~ /loleaflet {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

下面是我的seafile nginx文件:

server {
    listen       80;
    server_name  pan.callmsn.top;
    rewrite ^ https://$http_host$request_uri? permanent;    #强制将http重定向到https
    server_tokens off;
}
server {
    listen 443;
    ssl on;
    ssl_certificate /etc/nginx/ssl/pan/pan.pem;        #pem 文件路径
    ssl_certificate_key /etc/nginx/ssl/pan/pan.key;    #key 文件路径
    server_name pan.callmsn.top;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    # secure settings (A+ at SSL Labs ssltest at time of writing)
    # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
    ssl_prefer_server_ciphers on;

    proxy_set_header X-Forwarded-For $remote_addr;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    server_tokens off;

    location / {
        proxy_pass         http://127.0.0.1:8000;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto https;

        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;

        proxy_read_timeout  1200s;

        client_max_body_size 0;
    }
#
#    location /seafhttp {
#        rewrite ^/seafhttp(.*)$ $1 break;
#        proxy_pass http://127.0.0.1:8082;
#        client_max_body_size 0;
#        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
#        proxy_connect_timeout  36000s;
#        proxy_read_timeout  36000s;
#        proxy_send_timeout  36000s;
#        send_timeout  36000s;
#    }
#    location /media {
#        root /root/pan/seafile-server-latest/seahub;
#    }
#
    location /seafdav {
        proxy_pass http://127.0.0.1:8080;
        proxy_set_header HOST $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;

        client_max_body_size 0;
        proxy_connect_timeout 36000s;
        proxy_read_timeout 36000s;
        proxy_send_timeout 36000s;
        send_timeout 36000s;

        # This option is only available for Nginx >= 1.8.0. See more details below.
        access_log /var/log/nginx/seafdav.access.log;
        error_log /var/log/nginx/seafdav.error.log;
    }
}

目前可以正常登录seafile,同时访问https://collabora-online.callmsn.top/hosting/discovery可以出现xml配置文件,访问https://collabora-online.callmsn.top/loleaflet/dist/admin/admin.html可以进入管理员页面,说明seafile和Collabora都是正常工作的,无法访问的问题应该是Nginx配置问题、或者Seafile和Collabora之间的通信问题

我从seafile打开office文件,显示“很抱歉,无法连接到您的文档。请重试。”:

下面是docker logs --tail 10 collabora-online的错误信息:

wsd-00029-00030 2019-08-30 08:19:17.815373 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/LOOLWSD.cpp:1795
wsd-00029-00064 2019-08-30 08:19:20.657871 [ docbroker_007 ] ERR  Cannot get file info from WOPI storage uri [http://pan.callmsn.top/api2/wopi/files/44f5ec7a41898ab5552370326a703dd7baac4e24?access_token=779094d540444fa499c1e023b57d8d56&access_token_ttl=1567154903088&permission=edit]. Error: SSL Exception: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol| wsd/Storage.cpp:474
wsd-00029-00064 2019-08-30 08:19:20.658287 [ docbroker_007 ] ERR  loading document exception: SSL Exception| wsd/DocumentBroker.cpp:1158
wsd-00029-00064 2019-08-30 08:19:20.658336 [ docbroker_007 ] ERR  Failed to add session to [/api2/wopi/files/44f5ec7a41898ab5552370326a703dd7baac4e24] with URI [http://pan.callmsn.top/api2/wopi/files/44f5ec7a41898ab5552370326a703dd7baac4e24?access_token=779094d540444fa499c1e023b57d8d56&access_token_ttl=1567154903088&permission=edit]: SSL Exception| wsd/DocumentBroker.cpp:1120
wsd-00029-00064 2019-08-30 08:19:20.658366 [ docbroker_007 ] ERR  Error while loading : SSL Exception| wsd/LOOLWSD.cpp:2699
wsd-00029-00064 2019-08-30 08:19:20.666126 [ docbroker_007 ] WRN  Child session [000f] not found to forward message: load url=http://pan.callmsn.top/api2/wopi/files/44f5ec7a41898ab5552370326a703dd7baac4e24?access_token=779094d540444fa499c1e023b57d8d56&access_token_ttl=1567154903088&permission=edit readonly=0 lang=zh-CN| wsd/DocumentBroker.cpp:1770
wsd-00029-00064 2019-08-30 08:19:21.659685 [ docbroker_007 ] ERR  Invalid or unknown session [000f] to remove.| wsd/DocumentBroker.cpp:1194
wsd-00029-00064 2019-08-30 08:19:21.659748 [ docbroker_007 ] ERR  No socket associated with WebSocketHandler 0x7f5b28018490| ./net/WebSocketHandler.hpp:125
kit-00061-00031 2019-08-30 08:19:21.660043 [ loolkit ] WRN  Kit connection lost without exit arriving from wsd. Setting TerminationFlag| kit/Kit.cpp:2236
wsd-00029-00030 2019-08-30 08:19:21.663458 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/LOOLWSD.cpp:1795

看错误信息应该就是两个容器之间的通信出了问题,或者是SSL没配置好(我的ssl都是申请的阿里云证书,放在nginx文件夹下),请问如何解决?谢谢。