Any document for set the Collabora to work behind a reverse proxy?

Hi, I’mevaluating the Collabora as a tool for online editing with NextCloud. The goal is to have collabora and Nextclound in two distinct servers and both accessible from extern web usng a reverse proxy. I try many time to set it, but without any good results.
Netcloud work well, instead collabora was never work.
It work when call from internal users, but never work when the call are strted from external users through the reverse proxy.

There is some documentation to explain how work the Collabora and the setting for a reverse proxy to external web ?

Thx,
AP

I just finally got it working yesterday. (Took me three days of trying, it’s a lot of patience and trying.) Bare metal, no Docker or Snap stuff. Doesn’t help that most of the documentation out there is for Docker punks that can’t handle bare-metal and need someone else to script it for them. (Yes, I use docker daily at work, I’m sorta good at it, but it’s still a mind-limiting thing. I refuse to use it for any of my own stuff.)

Mine is slightly different, running NextCloud and Collabora on the same server, but still using Apache2’s reverse proxy to access Collabra from NextCloud. But same-server or two0server install should be very close to the same.

Have you checked your Nextcloud, Apache, and Collabra logs? Sometimes they will tell you what problems they are encountering.

Also, check the F12 menu in your browser and look at the Network tab of it when trying to open a Collabora document. (That one was the key for me, I was finding that I was not able to reverse proxy WebSocket requests, as I did not have Apache2’s proxy_wstunnel module installed.)

Try checking all that and come back with any errors you encounter. Can’t guarantee I can help, but I will try.

I’d be happy to help – I have an nginx reverse proxy that sits in front of a nginx/nextcloud installation and a docker collabora installation. nextcloud and collabora are on two different hosts.

You need to provide a starting point for help. I read your original post but it’s really light on the details.

Hi, thx for response.
I confirm the first trouble was to intercept and reverse correctly the wss request.
Totry to resolve it I set the reverse proxy conf as a copy of the local reverse proxy on the collabora machine. My server listen on 5246 port

This is my reverse proxy vhost:


<VirtualHost *:5246>
ProxyPreserveHost On
ProxyRequests Off
ServerName myservercollabora.domain.com
Options -Indexes

SSLProxyEngine on

SSLEngine on
SSLCertificateFile      /path-to-certificate
SSLCertificateKeyFile /path-to-key
SSLCertificateChainFile /path-to-chain

SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite xxxxxxxx

SSLHonorCipherOrder     on

AllowEncodedSlashes NoDecode

SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

ProxyPreserveHost On

ProxyPass           /loleaflet https://myservercollabora.domain.com:5246/loleaflet retry=0
ProxyPassReverse    /loleaflet https://myservercollabora.domain.com:5426/loleaflet

ProxyPass           /hosting/discovery https://myservercollabora.domain.com:5426/hosting/discovery retry=0
ProxyPassReverse    /hosting/discovery https://myservercollabora.domain.com:5426/hosting/discovery

ProxyPass           /hosting/capabilities https://myservercollabora.domain.com:5426/hosting/capabilities retry=0
ProxyPassReverse    /hosting/capabilities https://myservercollabora.domain.com:5426/hosting/capabilities

ProxyPassMatch "/lool/(.*)/ws$" wss://myservercollabora.domain.com:5426/lool/$1/ws nocanon

ProxyPass   /lool/adminws wss://myservercollabora.domain.com:5246/lool/adminws

ProxyPass           /lool https://myservercollabora.domain.com:5246/lool
ProxyPassReverse    /lool https://myservercollabora.domain.com:5246/lool

also I see the log of the collabora enhence it to debug level, and see that when the user is inside the local network , the flow of collabora is different rather than when the user is out of the network.

This is an extract of the log when the user work internally:

   wsd-03219-03224 2020-05-23 15:57:06.919887 [ accept_poll ] DBG  Accepted socket #19, creating socket object.| net/Socket.cpp:642
wsd-03219-03224 2020-05-23 15:57:06.919982 [ accept_poll ] DBG  #19 Thread affinity set to 0x7f23b3fff700.| ./net/Socket.hpp:325
wsd-03219-03224 2020-05-23 15:57:06.919997 [ accept_poll ] DBG  StreamSocket ctor #19| ./net/Socket.hpp:784
wsd-03219-03224 2020-05-23 15:57:06.920009 [ accept_poll ] DBG  SslStreamSocket ctor #19| ./net/SslSocket.hpp:30
wsd-03219-03224 2020-05-23 15:57:06.920055 [ accept_poll ] DBG  Accepted socket has family 10 address ::ffff:127.0.0.1| net/Socket.cpp:669
wsd-03219-03224 2020-05-23 15:57:06.920067 [ accept_poll ] DBG  Accepted client #19| net/ServerSocket.hpp:88
wsd-03219-03224 2020-05-23 15:57:06.920097 [ accept_poll ] DBG  Inserting socket #19 into websrv_poll| ./net/Socket.hpp:626
wsd-03219-03224 2020-05-23 15:57:06.920107 [ accept_poll ] DBG  #19 Thread affinity set to 0 (was 0x7f23b3fff700).| ./net/Socket.hpp:285
wsd-03219-03225 2020-05-23 15:57:06.920179 [ websrv_poll ] DBG  #19 Thread affinity set to 0x7f23b37fe700 (was 0).| ./net/Socket.hpp:285
wsd-03219-03225 2020-05-23 15:57:06.924722 [ websrv_poll ] INF  #19: Client HTTP Request: POST /loleaflet/6144a6c/loleaflet.html?WOPISrc=https%3A%2F%2Fnextcloudserver.domain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6470_ocrn105h6r4e&title=Andrea-4.odt&lang=en&closebutton=1&revisionhistory=1 HTTP/1.1 / Host: myservercollabora.domain.com:5246 / User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0 / Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 / Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3 / Accept-Encoding: gzip, deflate, br / Content-Type: application/x-www-form-urlencoded / Origin: null / Cookie: __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true / Upgrade-Insecure-Requests: 1 / X-Forwarded-For: 192.168.72.94 / X-Forwarded-Host: myservercollabora.domain.com:5246 / X-Forwarded-Server: myservercollabora.domain.com / Connection: Keep-Alive / Content-Length: 45| net/Socket.cpp:818
wsd-03219-03225 2020-05-23 15:57:06.924759 [ websrv_poll ] INF  Handling request: /loleaflet/6144a6c/loleaflet.html?WOPISrc=https%3A%2F%2Fnextcloudserver.domain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6470_ocrn105h6r4e&title=Andrea-4.odt&lang=en&closebutton=1&revisionhistory=1| wsd/LOOLWSD.cpp:2245
wsd-03219-03225 2020-05-23 15:57:06.924867 [ websrv_poll ] DBG  Preprocessing file: /loleaflet/dist/loleaflet.html| wsd/FileServer.cpp:704
wsd-03219-03225 2020-05-23 15:57:06.924921 [ websrv_poll ] INF  WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:737
wsd-03219-03225 2020-05-23 15:57:06.925121 [ websrv_poll ] DBG  Captured cookies: __Host-nc_sameSiteCookielax=true:__Host-nc_sameSiteCookiestrict=true| wsd/FileServer.cpp:817
wsd-03219-03225 2020-05-23 15:57:06.925599 [ websrv_poll ] DBG  Sent file: /loleaflet/dist/loleaflet.html: 

And this is the same extract when the user is out of the network (internet)

wsd-03219-03224 2020-05-23 16:25:21.514728 [ accept_poll ] DBG  Accepted socket #19, creating socket object.| net/Socket.cpp:642
wsd-03219-03224 2020-05-23 16:25:21.514840 [ accept_poll ] DBG  #19 Thread affinity set to 0x7f23b3fff700.| ./net/Socket.hpp:325
wsd-03219-03224 2020-05-23 16:25:21.514855 [ accept_poll ] DBG  StreamSocket ctor #19| ./net/Socket.hpp:784
wsd-03219-03224 2020-05-23 16:25:21.514871 [ accept_poll ] DBG  SslStreamSocket ctor #19| ./net/SslSocket.hpp:30
wsd-03219-03224 2020-05-23 16:25:21.514913 [ accept_poll ] DBG  Accepted socket has family 10 address ::ffff:127.0.0.1| net/Socket.cpp:669
wsd-03219-03224 2020-05-23 16:25:21.514924 [ accept_poll ] DBG  Accepted client #19| net/ServerSocket.hpp:88
wsd-03219-03224 2020-05-23 16:25:21.514935 [ accept_poll ] DBG  Inserting socket #19 into websrv_poll| ./net/Socket.hpp:626
wsd-03219-03224 2020-05-23 16:25:21.514946 [ accept_poll ] DBG  #19 Thread affinity set to 0 (was 0x7f23b3fff700).| ./net/Socket.hpp:285
wsd-03219-03225 2020-05-23 16:25:21.515034 [ websrv_poll ] DBG  #19 Thread affinity set to 0x7f23b37fe700 (was 0).| ./net/Socket.hpp:285
wsd-03219-03225 2020-05-23 16:25:21.519459 [ websrv_poll ] INF  #19: Client HTTP Request: GET /hosting/discovery HTTP/1.1 / Host: myservercollabora.domain.com:5246 / User-Agent: Nextcloud Server Crawler / X-Forwarded-For: 192.168.61.100 / X-Forwarded-Host: myservercollabora.domain.com:5246 / X-Forwarded-Server: myservercollabora.domain.com / Connection: Keep-Alive| net/Socket.cpp:818
wsd-03219-03225 2020-05-23 16:25:21.519496 [ websrv_poll ] INF  Handling request: /hosting/discovery| wsd/LOOLWSD.cpp:2245
wsd-03219-03225 2020-05-23 16:25:21.519514 [ websrv_poll ] DBG  Wopi discovery request: /hosting/discovery| wsd/LOOLWSD.cpp:2500
wsd-03219-03225 2020-05-23 16:25:21.519960 [ websrv_poll ] INF  Sent discovery.xml successfully.| wsd/LOOLWSD.cpp:2528
wsd-03219-03225 2020-05-23 16:25:21.519978 [ websrv_poll ] DBG  SslStreamSocket::closeConnection() #19| ./net/SslSocket.hpp:77
wsd-03219-03225 2020-05-23 16:25:21.520010 [ websrv_poll ] DBG  Removing socket #19 (of 1) from websrv_poll| net/Socket.cpp:316
wsd-03219-03225 2020-05-23 16:25:21.520023 [ websrv_poll ] DBG  SslStreamSocket dtor #19| ./net/SslSocket.hpp:63
wsd-03219-03225 2020-05-23 16:25:21.520046 [ websrv_poll ] DBG  StreamSocket dtor #19 with pending write: 0, read: 0| ./net/Socket.hpp:794
wsd-03219-03224 2020-05-23 16:25:22.296448 [ accept_poll ] DBG  Accepted socket #19, creating socket object.| net/Socket.cpp:642
wsd-03219-03224 2020-05-23 16:25:22.296518 [ accept_poll ] DBG  #19 Thread affinity set to 0x7f23b3fff700.| ./net/Socket.hpp:325
wsd-03219-03224 2020-05-23 16:25:22.296531 [ accept_poll ] DBG  StreamSocket ctor #19| ./net/Socket.hpp:784
wsd-03219-03224 2020-05-23 16:25:22.296541 [ accept_poll ] DBG  SslStreamSocket ctor #19| ./net/SslSocket.hpp:30
wsd-03219-03224 2020-05-23 16:25:22.296581 [ accept_poll ] DBG  Accepted socket has family 10 address ::ffff:127.0.0.1| net/Socket.cpp:669
wsd-03219-03224 2020-05-23 16:25:22.296591 [ accept_poll ] DBG  Accepted client #19| net/ServerSocket.hpp:88
wsd-03219-03224 2020-05-23 16:25:22.296601 [ accept_poll ] DBG  Inserting socket #19 into websrv_poll| ./net/Socket.hpp:626
wsd-03219-03224 2020-05-23 16:25:22.296610 [ accept_poll ] DBG  #19 Thread affinity set to 0 (was 0x7f23b3fff700).| ./net/Socket.hpp:285
wsd-03219-03225 2020-05-23 16:25:22.296676 [ websrv_poll ] DBG  #19 Thread affinity set to 0x7f23b37fe700 (was 0).| ./net/Socket.hpp:285
wsd-03219-03225 2020-05-23 16:25:22.301146 [ websrv_poll ] INF  #19: Client HTTP Request: POST /loleaflet/6144a6c/loleaflet.html?WOPISrc=https%3A%2F%2Fnextcloudserver.domain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6470_ocrn105h6r4e&title=Andrea-4.odt&lang=en&closebutton=1&revisionhistory=1 HTTP/1.1 / Host: myservercollabora.domain.com:5246 / User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0 / Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 / Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3 / Accept-Encoding: gzip, deflate, br / Content-Type: application/x-www-form-urlencoded / Origin: null / Cookie: __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true / Upgrade-Insecure-Requests: 1 / X-Forwarded-For: xx.xx.xx.xx, 192.168.61.100 / X-Forwarded-Host: myservercollabora.domain.com:5246, myservercollabora.domain.com:5246 / X-Forwarded-Server: myservercollabora.domain.com, myservercollabora.domain.com / Connection: Keep-Alive / Content-Length: 45| net/Socket.cpp:818
wsd-03219-03225 2020-05-23 16:25:22.301183 [ websrv_poll ] INF  Handling request: /loleaflet/6144a6c/loleaflet.html?WOPISrc=https%3A%2F%2Fnextcloudserver.domain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6470_ocrn105h6r4e&title=Andrea-4.odt&lang=en&closebutton=1&revisionhistory=1| wsd/LOOLWSD.cpp:2245
wsd-03219-03225 2020-05-23 16:25:22.301286 [ websrv_poll ] DBG  Preprocessing file: /loleaflet/dist/loleaflet.html| wsd/FileServer.cpp:704
wsd-03219-03225 2020-05-23 16:25:22.301368 [ websrv_poll ] INF  WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:737
wsd-03219-03225 2020-05-23 16:25:22.301558 [ websrv_poll ] DBG  Captured cookies: __Host-nc_sameSiteCookielax=true:__Host-nc_sameSiteCookiestrict=true| wsd/FileServer.cpp:817
wsd-03219-03225 2020-05-23 16:25:22.301989 [ websrv_poll ] DBG  Sent file: /loleaflet/dist/loleaflet.html:

Another point where the two logs flow are different is this:

For the user inside the local network (when the collabora is working)

wsd-03219-03224 2020-05-23 15:57:07.153557 [ accept_poll ] DBG  #19 Thread affinity set to 0 (was 0x7f23b3fff700).| ./net/Socket.hpp:285
wsd-03219-03225 2020-05-23 15:57:07.153652 [ websrv_poll ] DBG  #19 Thread affinity set to 0x7f23b37fe700 (was 0).| ./net/Socket.hpp:285
wsd-03219-03225 2020-05-23 15:57:07.158141 [ websrv_poll ] INF  #19: Client HTTP Request: GET /lool/https%3A%2F%2Fnextcloudserver.domain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6470_ocrn105h6r4e%3Faccess_token%3DHSCnYZPN1KcMyawmPTtB98OVBFp5WEP8%26access_token_ttl%3D0/ws?WOPISrc=https%3A%2F%2Fnextcloudserver.domain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6470_ocrn105h6r4e&compat=/ws HTTP/1.1 / Host: myservercollabora.domain.com:5246 / User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0 / Accept: */* / Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3 / Accept-Encoding: gzip, deflate, br / Sec-WebSocket-Version: 13 / Origin: https://myservercollabora.domain.com:5246 / Sec-WebSocket-Extensions: permessage-deflate / Sec-WebSocket-Key: TsxNIlBonlxcSbHEYcvCWQ== / Cookie: __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true / Pragma: no-cache / Cache-Control: no-cache / X-Forwarded-For: 192.168.72.94 / X-Forwarded-Host: myservercollabora.domain.com:5246 / X-Forwarded-Server: myservercollabora.domain.com / Upgrade: WebSocket / Connection: Upgrade| net/Socket.cpp:818
wsd-03219-03225 2020-05-23 15:57:07.158175 [ websrv_poll ] INF  Handling request: /lool/https%3A%2F%2Fnextcloudserver.domain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6470_ocrn105h6r4e%3Faccess_token%3DHSCnYZPN1KcMyawmPTtB98OVBFp5WEP8%26access_token_ttl%3D0/ws?WOPISrc=https%3A%2F%2Fnextcloudserver.domain.com%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6470_ocrn105h6r4e&compat=/ws| wsd/LOOLWSD.cpp:2245
wsd-03219-03225 2020-05-23 15:57:07.158219 [ websrv_poll ] INF  #19: WebSocket version: 13, key: [TsxNIlBonlxcSbHEYcvCWQ==], protocol: [chat].| ./net/WebSocketHandler.hpp:718
wsd-03219-03225 2020-05-23 15:57:07.158285 [ websrv_poll ] INF  URL [https://nextcloudserver.domain.com/index.php/apps/richdocuments/wopi/files/6470_ocrn105h6r4e?access_token=HSCnYZPN1KcMyawmPTtB98OVBFp5WEP8&access_token_ttl=0].| wsd/LOOLWSD.cpp:3050
wsd-03219-03225 2020-05-23 15:57:07.158308 [ websrv_poll ] INF  URI [/index.php/apps/richdocuments/wopi/files/6470_ocrn105h6r4e].| wsd/LOOLWSD.cpp:3052

And for the user outside (when collabora with reverse proxy don’t work)

wsd-03219-03224 2020-05-23 16:25:22.582697 [ accept_poll ] DBG  #19 Thread affinity set to 0 (was 0x7f23b3fff700).| ./net/Socket.hpp:285
wsd-03219-03225 2020-05-23 16:25:22.582788 [ websrv_poll ] DBG  #19 Thread affinity set to 0x7f23b37fe700 (was 0).| ./net/Socket.hpp:285
wsd-03219-03225 2020-05-23 16:25:22.587393 [ websrv_poll ] INF  #19: Client HTTP Request: GET /loleaflet/6144a6c/images/lc_view100_branding.svg HTTP/1.1 / Host: mycollaboraserver.domain.com:5246 / User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0 / Accept: image/webp,*/* / Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3 / Accept-Encoding: gzip, deflate, br / Referer: https://mycollaboraserver.domain.com:5246/loleaflet/6144a6c/branding.css / Cookie: __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true / X-Forwarded-For: 95.245.215.138, 192.168.61.100 / X-Forwarded-Host: mycollaboraserver.domain.com:5246, mycollaboraserver.domain.com:5246 / X-Forwarded-Server: mycollaboraserver.domain.com, mycollaboraserver.domain.com / Connection: Keep-Alive| net/Socket.cpp:818
wsd-03219-03225 2020-05-23 16:25:22.587446 [ websrv_poll ] INF  Handling request: /loleaflet/6144a6c/images/lc_view100_branding.svg| wsd/LOOLWSD.cpp:2245
wsd-03219-03225 2020-05-23 16:25:22.587693 [ websrv_poll ] DBG  SslStreamSocket::closeConnection() #19| ./net/SslSocket.hpp:77
wsd-03219-03225 2020-05-23 16:25:22.587787 [ websrv_poll ] DBG  Removing socket #19 (of 1) from websrv_poll| net/Socket.cpp:316
wsd-03219-03225 2020-05-23 16:25:22.587802 [ websrv_poll ] DBG  SslStreamSocket dtor #19| ./net/SslSocket.hpp:63
wsd-03219-03225 2020-05-23 16:25:22.587828 [ websrv_poll ] DBG  StreamSocket dtor #19 with pending write: 0, read: 0| ./net/Socket.hpp:794
wsd-03219-03224 2020-05-23 16:25:22.587850 [ accept_poll ] DBG  Accepted socket #20, creating socket object.| net/Socket.cpp:642
wsd-03219-03224 2020-05-23 16:25:22.587888 [ accept_poll ] DBG  #20 Thread affinity set to 0x7f23b3fff700.| ./net/Socket.hpp:325

Maybe this will help, this is my apache config file (nextcloud.domain.com.conf) from /etc/apache2/sites-enabled/

(I changed my domain to nextcloud.domain.com, but everything else is as-is.)

Note again this is for reverse proxy to Collabora running on same server as nextcloud, so that’s different from your two-server approach.

Also at the bottom I’m going to add the installed Apache modules and PHP modules…

<VirtualHost *:80>
    RewriteEngine On
    RewriteRule ^(.*)$ https://%{HTTP_HOST} [R=301,L]
</VirtualHost>

<VirtualHost *:443>

    Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
    SSLEngine on
    SSLCompression off
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    SSLHonorCipherOrder on
    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    SSLSessionTickets off
   
### YOUR SERVER ADDRESS ###

    ServerAdmin admin@nextcloud.domain.com
    ServerName nextcloud.domain.com

### SETTINGS ###

    DocumentRoot /var/www/html/nextcloud

    <Directory /var/www/html/nextcloud>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
    Satisfy Any
    </Directory>

    <IfModule mod_dav.c>
    Dav off
    </IfModule>

    SetEnv HOME /var/www/html/nextcloud
    SetEnv HTTP_HOME /var/www/html/nextcloud

    # The following lines prevent .htaccess and .htpasswd files from being
    # viewed by Web clients.
    <Files ".ht*">
    Require all denied
    </Files>

    # Disable HTTP TRACE method.
    TraceEnable off
    # Disable HTTP TRACK method.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACK
    RewriteRule .* - [R=405,L]

    # Avoid "Sabre\DAV\Exception\BadRequest: expected filesize XXXX got XXXX"
    <IfModule mod_reqtimeout.c>
    RequestReadTimeout body=0
    </IfModule>

### LOCATION OF CERT FILES ###

    SSLCertificateFile /etc/letsencrypt/live/nextcloud.domain.com/cert.pem
    SSLCertificateChainFile /etc/letsencrypt/live/nextcloud.domain.com/chain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.domain.com/privkey.pem
    SSLOpenSSLConfCmd DHParameters  etc/letsencrypt/live/nextcloud.domain.com/dhparam.pem

# reverse proxy port 9980 collabora online
    AllowEncodedSlashes NoDecode
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    ProxyPreserveHost On

    ProxyPass /loleaflet https://localhost:9980/loleaflet retry=0
    ProxyPassReverse /loleaflet https://localhost:9980/loleaflet

    ProxyPass /collaboraoffice https://localhost:9980
    ProxyPassReverse /collaboraoffice https://localhost:9980

    ProxyPass /hosting/discovery https://localhost:9980//hosting/discovery
    ProxyPassReverse /hosting/discovery https://localhost:9980/hosting/discovery

# Main websocket
    ProxyPassMatch "/lool/(.*)/ws$" wss://localhost:9980/lool/$1/ws nocanon
# Admin Console websocket
    ProxyPass   /lool/adminws wss://localhost:9980/lool/adminws

# Download as, Fullscreen presentation and Image upload operations
    ProxyPass           /lool https://localhost:9980/lool
    ProxyPassReverse    /lool https://localhost:9980/lool

    ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
    ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

</VirtualHost>

### EXTRAS ###
    SSLUseStapling On
    SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

Here are the Apache modules I have installed:

sudo apachectl -M

Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
filter_module (shared)
headers_module (shared)
mime_module (shared)
mpm_prefork_module (shared)
negotiation_module (shared)
php7_module (shared)
proxy_module (shared)
proxy_connect_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
socache_shmcb_module (shared)
ssl_module (shared)
status_module (shared)


PHP Modules installed:

php -m

[PHP Modules]
calendar
Core
ctype
curl
date
dom
exif
FFI
fileinfo
filter
ftp
gd
gettext
hash
iconv
imagick
intl
json
libxml
mbstring
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
readline
Reflection
session
shmop
SimpleXML
sockets
sodium
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zip
zlib

[Zend Modules]
Zend OPcache

This is my setup

https://paste.dasnetzundich.de/view/3f7c0e9f

you have two, ssl protected server blocks (and adress ) nextcloud.domain.com & collabora.domain.com ?
How do you run collabora ? docker ?

Yes runs in Docker Collabora

Both are VM with Debian 10 . Collabora is installed from packages for Linux x86-64 platform.

Hi,
I solve it !
There was another virtualhost with the same servername that collide with the servername in my reverse proxy virtualhost. Resolved this I found also that miss the proxy_wstunnel module needed to support the reverse roxy of the wss protocol.

Thx to all again.
:smile:

Awesome! Glad to hear it!