authelia collabora and nextcloud behind redirect

ℹ️ Support
1

i use docker for everything.
cloudflare-traefik-authelia-nextcloud/collabora
i do not use any interesting options on cloudflare other then hiding my ip.
authelia is setup to force anything incoming to login with redirect.

So users need to be able to access both of those, i have that handled.
the apps need to be able to communicate together, now here i have an issue.
despite nextcloud’s web ui pointing to https://nextcloudoffice:9980 when a client actually tries to open a file, the apps will not talk directly together and instead use public domain.

how do i get them to communicate without using the app1.example.tld and app2.example.tld and simply use https://nextcloudoffice:9980 and https://nextcloud:7010

the relevant collabora docker compose part is as following.

  nextcloudoffice:
    image: collabora/code:latest
    container_name: nextcloudoffice
    restart: unless-stopped
    cap_add: 
      - MKNOD
    ports:
      - 9980:9980
    networks:
       - traefikcore
    environment:
      - server_name=nextcloudoffice.${website}
      - extra_params=--o:ssl.enable=true --o:ssl.termination=true #i have no idea what this does
      - aliasgroup1=https://nextcloudoffice:9980 #also no idea what this does
      - aliasgroup2=https://nextcloud:7011 #also no idea what this does

i skipped the traefik labels,etc, they should be fine.

2

hello @thelostone welcome to the community :handshake:

Please review Collabora integration guide to understand how WOPI protocol works.

if you are using something like “forms based auth” in front of the applications this is not gonna work. Please use OIDC for Nextcloud login, CODE doesn’t need any login in front of it, it is secured by the aliasgroup and WOPI allow IP settings - use search both have been discussed often already

3

Ensure both containers are on the same Docker network. Set server_name=nextcloudoffice in Collabora and disable SSL with ssl.enable=false. In Nextcloud, use https://nextcloudoffice:9980 for Collabora in config.php or the admin UI. Configure traefik for internal routing, and test connectivity with curl. Check Collabora logs if issues persist.