Cannot connect to Collabora server

could have a lot of reasons.

it depends on your docker-compose file, the collabora app settings and the web server/proxy settings.

e.g. when you have a separate domain office.domain.com why the error messages cURL error 6: Could not resolve host: collabora appears?

This is my docker-compse.yml:

 nextcloud:
    image: linuxserver/nextcloud
    container_name: nextcloud
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Country/City
    volumes:
      - /opt/docker/config/nextcloud:/config
      - /opt/docker/data/nextcloud:/data
    restart: unless-stopped
  mariadb:
    image: linuxserver/mariadb
    container_name: mariadb
    environment:
      - PUID=1001
      - PGID=1001
      - MYSQL_ROOT_PASSWORD=super_secret_password
      - MYSQL_PASSWORD=nextcloud
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - TZ=Country/City
    volumes:
      - /opt/docker/config/mariadb:/config
    ports:
      - 3306:3306
    restart: unless-stopped
  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: letsencrypt
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Country/City
      - URL=mydomain.com
      - SUBDOMAINS=wildcard
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
    volumes:
      - /opt/docker/config/letsencrypt:/config
    ports:
      - 443:443
      - 80:80
    restart: unless-stopped
  collabora:
    image: collabora/code
    container_name: collabora
    hostname: office.mydomain.com
    ports:
      - 9980:9980
    cap_add:
      - MKNOD
    environment:
      - domain=<cloud.mydomain.com>
      - VIRTUAL_HOST=<office.mydomain.com>
      - VIRTUAL_PORT=9980
      - VIRTUAL_PROTO=https
      - LETSENCRYPT_HOST=<office.mydomain.com>
      - LETSENCRYPT_EMAIL=<poperigby@tuta.io>
    restart: unless-stopped

Collabora app settings:

nginx settings for Collabora subdomain:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name office.*;

    include /config/nginx/ssl.conf;

    # static files
    location ^~ /loleaflet {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto https;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

e.g. when you have a separate domain office.domain.com why the error messages cURL error 6: Could not resolve host: collabora appears?

I’m not really sure

collabora domain?

nextcloud domain?

but you use the nextcloud nginx proxy in front of collabora?

if you run nc and collabora on the same server - imho - you don’t need https between the nginx container and the collabora container. since the docker internal network is used.

and i think you put http here but configure the collabora container to use https.
grafik

so your nginx revers proxy is correct. you have to configure the collabora container to use http, dump the office domain stuff and put https://cloud.mydomain.com/ in the app config “URL of collabora online-server” field.

How would I do that?

i though you can do this with this environment. but this environment only controls the nginx/letsencrypt container. right?

then i think just try to put https://cloud.mydomain.com in the nextcloud app. grafik
or https://office.mydomain.com. it should be the url of the nginx proxy in front of collabora.

what is your aim to use different domains here?
grafik

Changing that to http gives the same timeout error

Doing that just makes it get stuck at “saving” when I click apply

Same error from before when doing that.

That URL should be just https://mydomain.com per this part of my docker-compose.yml:

letsencrypt:
    image: linuxserver/letsencrypt
    container_name: letsencrypt
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Country/City
      - URL=mydomain.com
      - SUBDOMAINS=wildcard
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
    volumes:
      - /opt/docker/config/letsencrypt:/config
    ports:
      - 443:443
      - 80:80 
    restart: unless-stopped

but setting it to that also gives the same error.

I was following this post.

according to the nginx.conf it’s office.* (don’t know if you put * to hide your domain.)

grafik

did you try to put “everywhere” office.mydomain.com? also here in the collabora container section:

grafik

in my playbook i setup collabora/nextcloud to run behind a traefik reverse proxy to handle letsencrypt certs and ingress routing.

the domain variable in the collabora container environment is the nextcloud public fqdn.

please note that the domainname must be <your-dot-escaped-domain> i don’t know if this applys also to docker compose files. you may try.

the app setting is also the nextcloud fqdn.

so if you setup your own fqdn for collabora these two settings have to be consistent .

the nginx web server in front of nextcloud is configured to redirect the incoming traffic to the collabora container. but is listening only to port 80. the traefik container handles https. but the proxy_pass settings should be equal to yours.

p.s. found it.

I didn’t. It already had office.* by default.

I thought domain was supposed to be my Nextcloud URL?

I actually did setup a CNAME for office.mydomain.com on Cloudflare, but I’m getting kind of confused. Am I supposed to enter the Nextcloud FQDN, or the Collabora FQDN in the Nextcloud settings.

I’ll change that and see if it does anything.

So should I be setting proxy_pass https://collabora_online: to a different port in my nginx config?

That test doesn’t seem to work unfortunately.

P.S. Thank you for helping me :slightly_smiling_face:

no. collabora_online is the name of the collabora container in my setup.
yours is collabora. i only wanted to show you that you have to use in both places the same address.

in your case the collabora fqdn. since you have an nginx server sending all request for office.* to https://collabora:9980.

Setting the URL in the Nextcloud settings to office.mydomain.com didn’t work.

Hi

I’m not sure I can totally contribute as you’ve gone the complete docker route. I only have collabora setup within docker (although heck I’d love to do more actually).

Where is your nginx reverse proxy? It looks by the way you are referencing things its in the docker network, however I didn’t see any nginx container mentioned in your configuration.yml file. Is nginx part of the nextcloud container?

To best test your system initially its probably easiest to eliminate the SSL stuff and go without certs. I know when I was setting up my stuff adding certs into a running setup caused a few errors which I was eventually able to solve. I’m glad however I took a stepwise approach in implementing these things.

In terms of your docker-compose collabora stuff, mine looks like this:

version: '3.3'

networks:
  net:
   driver: bridge

services:

  collabora:
    restart: always
    image: collabora/code:latest
    container_name: collabora
    networks:
      - net
    ports:
#      - 127.0.0.1:9980:9980
      - 9980:9980
    cap_add:
      - MKNOD
    environment:
      - TZ=America/Chicago
      - username=admin
      - password=dockercol
      - domain=nextcloud\\.example\\.com
#      - cert_domain=office.example.com
      - DONT_GEN_SSL_CERT="True"
      - server_name=office.example.com
#      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
      - extra_params="--o:ssl.enable=true"
    volumes:
      - /etc/letsencrypt/office.example.com/privkey.pem:/etc/loolwsd/key.pem
      - /etc/letsencrypt/office.example.com/cert.pem:/etc/loolwsd/cert.pem
#      - /etc/ssl/certs/ca-certificates.crt:/etc/loolwsd/ca-chain.cert.pem
      - /etc/letsencrypt/office.example.com/chain.pem:/etc/loolwsd/ca-chain.cert.pem

The server name should be the name of the collabora server.
The domain name is the nextcloud FQDN and not the double \. Those need to be in there.
My setup is an nginx reverse proxy that terminates for the nextcloud.example.com connection but then re-encrypts to the upstream collabora VM/Docker container. If you don’t need this re-encryption to the upstream collabora server then go with the option:

  • extra_params=–o:ssl.enable=false --o:ssl.termination=true and not - extra_params="–o:ssl.enable=true". The mounted volumes are only needed for re-encryption to the upstream collabora server using Let’s Encrypt certificates — so no need for these volumes if not re-encrypting to the backend.

If your nextcloud and collabora are part of the same docker network, I believe the nextcloud setting should be http://collabora:9980 (or if you have SSL enabled upstream) it would be https://collabora:9980 (this might give you a certificate error however since your certificate is going to resolve to office.mydomain.com — I’m not sure the workaround for this however I think office.mydomain.com would need to be added to the internal DNS server of the docker network (internal DNS server located at 127.0.0.11) or you would add your local DNS resolver for hostname lookup – google how to do that)

You should be able within a webbrower to connect to the collabora server correctly at https://office.mydomain.com (or http depending on setup) . You should see within browser just an OK returned. This cuts the reverse proxy out of the loop.

better try: https://office.mydomain.com/loleaflet/dist/admin/admin.html or https://office.mydomain.com/hosting/discovery
because only these urls are configured in the nginx config for collabora.

My nginx reverse proxy is part of the letsencrypt image. I’m using the linuxserver.io one:
https://hub.docker.com/r/linuxserver/letsencrypt

I’m a bit confused what I need this part for.

Setting that gives me the Failed to load Collabora Online - please try again later error when I try to run a test document. Using http does the same thing. No certificate errors.

Going to that gives me this message:
image
…so I guess that’s good.


Out of curiosity, I checked the log for the Collabora container and it had this error:

SAXParseException: Tag mismatch in '/etc/loolwsd/loolwsd.xml', line 120 column 102

…not sure if that’s helpful

Going to both of those URLs gives me a 504

HTTP 504 Gateway Timeout
your collabora Container is not reachable from the nginx container.

do you know who to run a shell in your container and try curl from inside the nginx container?

@PopeRigby

Can you describe your setup to me? Whats in docker containers and what is not.
Your domain names involved, etc. This thread is getting pretty long and I don’t have a great picture of your setup.

Not really

Pretty much everything is running through Docker Compose. I can’t think of anything that isn’t. Here’s my docker-compose.yml:

---
version: "3.6"
services:
  nextcloud:
    image: linuxserver/nextcloud
    container_name: nextcloud
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Country/City
    volumes:
      - /opt/docker/config/nextcloud:/config
      - /opt/docker/data/nextcloud:/data
    restart: unless-stopped
  mariadb:
    image: linuxserver/mariadb
    container_name: mariadb
    environment:
      - PUID=1001
      - PGID=1001
      - MYSQL_ROOT_PASSWORD=super_secret_password
      - MYSQL_PASSWORD=nextcloud
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - TZ=Country/City
    volumes:
      - /opt/docker/config/mariadb:/config
    ports:
      - 3306:3306
    restart: unless-stopped
  ddclient:
    image: linuxserver/ddclient
    container_name: ddclient
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Country/City
    volumes:
      - /opt/docker/config/ddclient:/config
    restart: unless-stopped
  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: letsencrypt
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Country/City
      - URL=mydomain.com
      - SUBDOMAINS=wildcard
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
    volumes:
      - /opt/docker/config/letsencrypt:/config
    ports:
      - 443:443
      - 80:80
    restart: unless-stopped
  postfix:
    hostname: "mail"
    image: "boky/postfix"
    container_name: postfix
    restart: always
    healthcheck:
      test: [ "CMD", "sh", "-c", "netstat -an | fgrep 587 | fgrep -q LISTEN" ]
      interval: 10s
      timeout: 5s
      start_period: 10s
      retries: 2
    ports:
      - 1587:587
    volumes:
      - /opt/docker/config/postfix:/etc/opendkim/keys
    environment:
      - ALLOWED_SENDER_DOMAINS=mydomain.com
      - INBOUND_DEBUGGING=1
      - MASQUERADED_DOMAINS=mydomain.com
  clamav:
    image: mkodockx/docker-clamav:alpine
    container_name: clamav
    restart: unless-stopped
  jellyfin:
    image: linuxserver/jellyfin
    container_name: jellyfin
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=Country/City
    volumes:
      - /opt/docker/config/jellyfin:/config
      - /opt/media/tvshows:/data/tvshows
      - /opt/media/movies:/data/movies
    ports:
      - 8096:8096
restart: unless-stopped
  collabora:
    image: collabora/code
    container_name: collabora
    hostname: office.mydomain.com
    ports:  
      - 9980:9980
    cap_add:    
      - MKNOD    
    environment: 
      - domain=<cloud\\.mydomain\\.com>
      - VIRTUAL_HOST=<office.mydomain.com>
      - VIRTUAL_PORT=9980  
      - VIRTUAL_PROTO=https
      - LETSENCRYPT_HOST=<office.mydomain.com>
      - LETSENCRYPT_EMAIL=<me@email.com>
    restart: unless-stopped

The Let’s Encrypt container also contains the nginx reverse proxy.

Ok awesome

Thats a lot of Docker Containers
So where is the Collabora Docker image? I don’t see that in the docker-compose file? Is that on a different VM?

sudo docker exec -it <container_name> /bin/sh with the container_name from your compose file.

just start with ping collabora

@PopeRigby

My setup is a little bit different than yours. I have my reverse proxy running natively on FreeBSD. Nextcloud also is installed on same machine as the the reverse proxy. Because I wanted originally to use Collabora, I needed a linux machine in the mix which I could either do a direct installation or go the docker route. I chose the docker method, so I have an Ubuntu Virtualized Installation with a docker collabora. Nextcloud has its own domain as well as Collabora similar to your setup.

It sounds like you’ve done things correct up to this point, but just make sure the router on your network can resolved the domain names to the internal LAN addresses. I usually have to create DNS Host Overrides at the router level to help me with this. An alternative would be to modify the /etc/hosts file on each VM/Machine/etc where you would add the domain name and associate it with an internal LAN address.

You need to make sure that each VM/Machine/Container/etc can see the other VM’s/Containers/etc. You can do this by doing the ping statement from each VM/Machine/Container to the other. You want to ping by domain name although you could check by IP address as well. It’s important to make sure you can ping by domain name since the domain name is attached to your SSL certficate. During the SSL handshake the domain names need to be resolved, so hence its important computers in your LAN be able to resolved each other by domain name. Docker has its own internal DNS resolver but I think if it doesn’t find the domain name within the its Docker LAN it uses the resources of the host machine.

You seem like you know what you’re doing with the Docker Images.
I’m not trying to dissuade you from what you’re trying to accomplish. I recently had the Docker Collabora setup and functioning within my Ubuntu VM/Docker setup. On a whim I wanted to compare Collabora to OnlyOffice and I installed OnlyOffice Docker last night on the same machine as Collabora. In terms of speed and overall features, OnlyOffice (OO) was a clear winner. I’m not trying to dissuade you from Collabora since setting up the OO Docker container was nearly the exact same steps as Collabora – so basically if you get one working you can get the other working as well. Honestly however I’d be hard pressed to recommend Collabora over OO based on features and just execution speed.