Bad Gateway for Collabora with Nextcloud deployed via docker-compose

ā„¹ļø Support šŸ“„ Office
15

Iā€™m glad you got yours working. In fact I tried that same thing (without mentioning it earlier), but what I get in my Collabora logs is

$ docker logs collabora_app -f
...
wsd-00034-00040 2020-01-16 20:23:51.837183 [ websrv_poll ] ERR  Socket #20 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:291
wsd-00034-00040 2020-01-16 20:23:51.837638 [ websrv_poll ] ERR  Error while handling poll for socket #20 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| ./net/Socket.hpp:594

By searching for this error I found this discussion: Socket Error when accessing Collabora . For some reason I do not understand, the extra_params environment variable is ignored by my container! By using a volume mount for loolwsd.xml instead of using an environment variable as described in that post, I finally have a working configuration, where Traefik handles TLS certificate renewals and HTTPS and makes the Collabora server accessible at a standard URL https://collabora.example.com.

Thanks for your help @Typo_13 !

For reference for others frustrated by this configuration, here is my collabora docker-compose config:

collabora:
	image: collabora/code
	container_name: collabora_app
	networks:
		- web
	cap_add:
		- MKNOD
	expose:
		 - 9980
	environment:
		- domain=cloud.example.com
		- username=admin
		- password=pass
	volumes:
		- /opt/cloud.example.com/loolwsd.xml:/etc/loolwsd/loolwsd.xml
	restart: always
	labels:
		- "traefik.enable=true"
		- "traefik.docker.network=web"
		- "traefik.http.routers.ups_collabora-http.rule=Host(`collabora.ups.example.com`)"
		- "traefik.http.routers.ups_collabora-http.entrypoints=http"
		- "traefik.http.routers.ups_collabora-http.middlewares=default-http@file"
		- "traefik.http.routers.ups_collabora.entrypoints=https"
		- "traefik.http.routers.ups_collabora.rule=Host(`collabora.ups.example.com`)"
		- "traefik.http.routers.ups_collabora.tls=true"
		- "traefik.http.routers.ups_collabora.tls.certresolver=letsencrypt"

and here are the modified lines in loolwsd.xml (also I had to chown 105:106 loolwsd.xml):

...
    <ssl desc="SSL settings">
        <enable type="bool" desc="Controls whether SSL encryption between browser and loolwsd is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>
        <termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>
...

Note: To get loolwsd.xml I copied the default from the running container before including the volume in the docker-compose config:

docker cp collabora_app:/etc/loolwsd/loolwsd.xml loolwsd.xml
chown 105:106 loolwsd.xml
2 Likes