Hello! I am having the damndest time with this. I want to get it finished so I can start writing an inspirational book for people and other brain injury survivors here and there when I have time. I have a brain injury with short-term memory loss (like Dory from finding Nemo) from a near fatal car accident in 2007 and have recovered extremely well. I don’t want to use Google drive or other cloud solutions owned by other companies because any information uploaded to something like Google drive belongs to Google and they can redistribute as they please. Anyways, I digress.
I installed Nextcloud 12 on Apache, and it works great! I’d like to do live document editing for reasons above. Following instructions at Collabora CODE Documentation. I am using the Docker CODE image (collabora/code). I start the image with the code below as explained in documentation. I have apache running without error, at least no obvious ones that I have seen. I have the Collabora Online app installed, and set the Collabora online server under Admin to https://collabra.X.com:9980 and I just created the DNS entry so the change not fully propagating may be an issue that would get fixed in time. When I go to Files and try to open a new, previously created yesterday, blank .odt document it gives me an error, shown in the block below.
The 9980 port IS open. Selinux is on as well but I’d like to keep it on. I have tried many things over the past week or two here and there when I had time. I don’t recall every thing I have done but I know I have tried to make a custom Docker file to copy over the old certs used with my website’s “Let’s Encrypt” cert. I do not recall if I then passed in the right env variable to prevent creating the self-signed cert and using the one on the filesystem, does anyone know the steps to do this? I reverted this back to using the self-signed cert because so many tutorials available use the self-signed cert without issue. So maybe it is my special setup? With the cert manipulations I have tried, I have tested against https://127.0.0.1:8890 with curl. I have run into cURL error 35 Encountered end of file, and cURL error 60 Peer’s certificate has been marked as untrusted.
Does anyone know how I could use my own let’s encrypt certificate from my website in the container successfully for the loolwsl service running inside it? Please let me know if I neglected to mention anything! Thank you very much for reading, and for your help!
Apache error when I open a document, not sure if related or if it happens coincidentally
[authz_core:error] [pid 17373] [client 167.142.215.1:37986] AH01630: client denied by server configuration: /var/www/nextcloud/data/.ocdata
Apache config
==> /etc/httpd/conf.d/nextcloud.conf <==
Alias /nextcloud “/var/www/nextcloud/”
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
==> /etc/httpd/conf.d/collaboraonlineCODE.conf <==
<VirtualHost *:443>
ServerName collabora.nerd-exchange.com:443
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/nerd-exchange.com-0002/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nerd-exchange.com-0002/privkey.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AE
S256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES12
8-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
ServerAlias collabora.nerd-exchange.com
SSLCertificateChainFile /etc/letsencrypt/live/nerd-exchange.com-0002/chain.pem
</VirtualHost>