Apache reverse proxy issues (collabora no docker, arch linux, letsencrypt NC14.1)

Hey all, I’ve been scratching my head all weekend trying to get collabora working with my nextcloud. First off let me point out that I am using collabora a bit unconventionally by avoiding docker. But collabora appears to be running correctly, I can correctly access the admin pannel by going to http://office.mydomain.com:9980/loleaflet/dist/admin/admin.html, which at least makes me think it’s more or less working. However I get dead in the water when attempting to get the reverse proxy to go to the same page via https://office.mydomain.com:9980/loleaflet/dist/admin/admin.html

in the browser I get

[an error occurred while processing this directive] The proxy server received an invalid response from an upstream server. [an error occurred while processing this directive] The proxy server could not handle the request *[GET /loleaflet/dist/admin/admin.html]

Reason: Error reading from remote server

[an error occurred while processing this directive]

my apache reverse proxy


error I get when I try to connect to it in the apache log

[proxy_http:error] [pid 17771] (103) Software caused connection abort: [client ...:44368] AH01102: error reading status line from remote server office.eaglecomputerrepairsc.com:9980

[proxy:error] [pid 17771] [client ...:44368] AH00898: Error reading from remote server returned by /loleaflet/dist/admin/admin.html

in case it’s relevant here’s my loolwsd.xml for collabora

To my knowledge collabora is set correctly it seems to respond fine so long as I’m not trying to reach it through the reverse proxy. There’s no firewall on the server,

In case it’s relevant, my full apache configuration




woo. ok so the whole weekend I’ve been troubleshooting it, I somehow got it working.

For anyone with similar problems who stumbles on this, I gave lool user access to the security certificates in /etc/letsencrypt/live/

then I switched the loolwsd’s enable ssl to true, and the terminator (what it says to use if using a proxy) to false. then set the certificate paths in the loolwsd to


left the reverse proxy as it was… and everything magically came to life… seems counter to everything I read of what I was supposed to do (as just about everything read implied the point of the reverse proxy was an alternative, and that the terminator thing was for if you were using the reverse proxy).

maybe this isn’t the best way to do it but it worked

did you do this by creating a group then adding that group to lets encrypt?