Cannot get Collabora to work on seperate server with Nginx

Hello Folks!
I am desperately trying to get Collabora to work…
My Setup: I got a Server with multiple vms/ LXC container. The internet hits my EdgeProxy-LXC which is a nginx reverse proxy and forwards the traffic to the specified Container/ VM.
Ergo:

  1. LXC Ubuntu Edgeproxy with Nginx
  2. LXC TurnkeyLinux based on Debian Stretch for NC16 with Apache
  3. LXC Ubuntu Collabora with docker and Nginx
EdgeNGINX LXC Container based on Ubuntu /etc/nginx/conf.d/reverse_proxy.conf

############ Nextcloud ############
server {
client_max_body_size 50M;
listen 443 ssl;
server_name cloud.domain.com;

location / {
proxy_pass https://172.16.1.111:443;
proxy_redirect https://172.16.1.111:443 http://$host;
proxy_set_header HOST $host;
}
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
}
server {
listen 80;
server_name domain.com;
proxy_set_header Host cloud.domain.com;
location / {
rewrite ^(.*)$ https://cloud.domain.com$1 permanent;
}
}
########## COLLABORA ###############
server {
listen 443 ssl;
server_name office.domain.com;

location / {
proxy_pass https://172.16.1.112:443;
proxy_redirect https://172.16.1.112:443 http://$host;
proxy_set_header HOST $host;
proxy_set_header HTTP_Country-Code $geoip_country_code;
proxy_pass_request_headers on;
}
ssl_certificate /etc/letsencrypt/live/cloud.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud.domain.com/privkey.pem; # managed by Certbot

}

server {
listen 80;
server_name office.domain.com;
proxy_set_header Host office.domain.com;

location / {

rewrite ^(.*)$ https://office.domain.com$1 permanent;

}

location / {
proxy_pass http://172.16.1.112:80;
proxy_redirect http://172.16.1.113:80 http://$host;
proxy_set_header HOST $host;
proxy_set_header HTTP_Country-Code $geoip_country_code;
proxy_pass_request_headers on;
}

}

Collabora LXC Container based on Ubuntu - /etc/nginx/conf.d/collabora.conf

server {
listen 443 ssl;
server_name office.domain.com;

# static files
location ^~ /loleaflet {
    proxy_pass https://localhost:9980;
    proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
    proxy_pass https://localhost:9980;
    proxy_set_header Host $http_host;
}

main websocket

location ~ ^/lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}

download, presentation and image upload

location ~ ^/lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}

Admin Console websocket

location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}

ssl_certificate /etc/letsencrypt/live/office.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/office.domain.com/privkey.pem; # managed by Certbot

}

Let’s just ignore for a second, that I have 2 SSL certs on edge side and on the Collabora side :smiley:

Docker container is running and ran as described: https://icewind.nl/entry/collabora-online/

docker run -t -d -p 9980:9980 -e "domain=domain.com" --cap-add MKNOD collabora/code

I tried as well

docker run -t -d -p 9980:9980 -e "domain=office.domain.com" --cap-add MKNOD collabora/code

Anyone see’s the ( probably obvious ) mistake?
Cheers! :clinking_glasses:

why to you have a nginx conf in the collabora container?

for my understanding you should put this into your edgeproxy pointing to your collabora container.

you can put this code also into the nginx conf of your nextcloud (if it run’s on nginx). then you don’t need a second domain and certificate.

server {
listen 443 ssl;
server_name cloud.domain.com;


# static files
location ^~ /loleaflet {
    proxy_pass https://172.16.1.112:9980;
    proxy_set_header Host $http_host;
.....
}

I can try that - my goal was though to just forward the entire traffic, to have the specific configs in the actual connected container - Collabora. From my understanding this should be totally possible…somehow :smiley:

My Nextcloud uses an Apache2 to get served. - Sorry for not being clear.