Cannot get Collabora to work on seperate server with Nginx

Hello Folks!
I am desperately trying to get Collabora to work…
My Setup: I got a Server with multiple vms/ LXC container. The internet hits my EdgeProxy-LXC which is a nginx reverse proxy and forwards the traffic to the specified Container/ VM.
Therefor:

  1. LXC Ubuntu Edgeproxy with Nginx
  2. LXC TurnkeyLinux based on Debian Stretch for NC16 with Apache
  3. LXC Ubuntu Collabora with docker and Nginx
EdgeNGINX LXC Container based on Ubuntu /etc/nginx/conf.d/reverse_proxy.conf

############ Nextcloud ############
server {
client_max_body_size 50M;
listen 443 ssl;
server_name cloud.domain.com;

location / {
proxy_pass https://172.16.1.111:443;
proxy_redirect https://172.16.1.111:443 http://$host;
proxy_set_header HOST $host;
}
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
}
server {
listen 80;
server_name domain.com;
proxy_set_header Host cloud.domain.com;
location / {
rewrite ^(.*)$ https://cloud.domain.com$1 permanent;
}
}
########## COLLABORA ###############
server {
listen 443 ssl;
server_name office.domain.com;

location / {
proxy_pass https://172.16.1.112:443;
proxy_redirect https://172.16.1.112:443 http://$host;
proxy_set_header HOST $host;
proxy_set_header HTTP_Country-Code $geoip_country_code;
proxy_pass_request_headers on;
}
ssl_certificate /etc/letsencrypt/live/cloud.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud.domain.com/privkey.pem; # managed by Certbot

}

server {
listen 80;
server_name office.domain.com;
proxy_set_header Host office.domain.com;

location / {

rewrite ^(.*)$ https://office.domain.com$1 permanent;

}

location / {
proxy_pass http://172.16.1.112:80;
proxy_redirect http://172.16.1.113:80 http://$host;
proxy_set_header HOST $host;
proxy_set_header HTTP_Country-Code $geoip_country_code;
proxy_pass_request_headers on;
}

}

Collabora LXC Container based on Ubuntu - /etc/nginx/conf.d/collabora.conf

server {
listen 443 ssl;
server_name office.domain.com;

# static files
location ^~ /loleaflet {
    proxy_pass https://localhost:9980;
    proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
    proxy_pass https://localhost:9980;
    proxy_set_header Host $http_host;
}

main websocket

location ~ ^/lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}

download, presentation and image upload

location ~ ^/lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}

Admin Console websocket

location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}

ssl_certificate /etc/letsencrypt/live/office.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/office.domain.com/privkey.pem; # managed by Certbot

}

Let’s just ignore for a second, that I have 2 SSL certs on edge side and on the Collabora side :smiley:

Docker container is running and ran as described: https://icewind.nl/entry/collabora-online/

docker run -t -d -p 9980:9980 -e "domain=domain.com" --cap-add MKNOD collabora/code

I tried as well

docker run -t -d -p 9980:9980 -e "domain=office.domain.com" --cap-add MKNOD collabora/code

Anyone see’s the ( probably obvious ) mistake?
Cheers! :clinking_glasses:

why to you have a nginx conf in the collabora container?

for my understanding you should put this into your edgeproxy pointing to your collabora container.

you can put this code also into the nginx conf of your nextcloud (if it run’s on nginx). then you don’t need a second domain and certificate.

server {
listen 443 ssl;
server_name cloud.domain.com;


# static files
location ^~ /loleaflet {
    proxy_pass https://172.16.1.112:9980;
    proxy_set_header Host $http_host;
.....
}

I can try that - my goal was though to just forward the entire traffic, to have the specific configs in the actual connected container - Collabora. From my understanding this should be totally possible…somehow :smiley:

My Nextcloud uses an Apache2 to get served. - Sorry for not being clear.

I went back to this problem and even tried to change the configuration as such:
Deploy an nginx on the collabora node and set config to localhost and port 80 (no ssl) and tried to curl form the collabora host itself:
curl localhost:80/hosting/discovery or
curl localhost:80/dist/admin/admin.html (i provided user and password with the -e key while deploying the docker image)
didn’t work. I get a not found error.

The config I was talking about

server {
listen       80;
# server_name localhost;

# static files
location ^~ /loleaflet {
    proxy_pass http://localhost:9980;
    proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
    proxy_pass http://localhost:9980;
    proxy_set_header Host $http_host;
}

# Capabilities
location ^~ /hosting/capabilities {
    proxy_pass http://localhost:9980;
    proxy_set_header Host $http_host;
}

# main websocket
location ~ ^/lool/(.*)/ws$ {
    proxy_pass http://localhost:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
}

# download, presentation and image upload
location ~ ^/lool {
    proxy_pass http://localhost:9980;
    proxy_set_header Host $http_host;
}

# Admin Console websocket
location ^~ /lool/adminws {
    proxy_pass http://localhost:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
}

}

I guess there must be a different kind of error somewhere…but where?

I tried Onlyoffice and it worked for me out of the box. I don’t know whats happening with Collabora. Anyway, I mark this as solved.

Hello! I have the following config, the thing is that i don’t use docker image/

1st server LXC Nginx, looking to local network and internet, serving requests as reverse proxy 10.9.11.47
2nd server LXC with NextCloud 10.9.11.234
3rd server LXC with Collabora installed from Ubuntu repos 10.9.11.238

Sorry for spaces in links, new users cant add links
I can open collabora admin console htt ps://o ffice.vsks.ru/loleaflet/dist/admin/admin.html

I can connect to collabora from nextcloud config with internal ip (htt p://10.9.11.238:9980). Surely, i can’t open any file because using internal IP is incorrect way, but it shows me that collabora server is working…

I cant connect to collabora from nextcloud with external domain name (htt ps://office.vsks.ru:443).

Here is my configs - nginx virtualhost, and collabora xml loolwsd

server {
server_name office.vsks.ru;

error_log /var/log/nginx/collabora.error;



# static files
location ^~ /loleaflet {
    proxy_pass http://10.9.11.238:9980;
    proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
    proxy_pass http://10.9.11.238:9980;
    proxy_set_header Host $http_host;
}

# Capabilities
location ^~ /hosting/capabilities {
    proxy_pass http://10.9.11.238:9980;
    proxy_set_header Host $http_host;
}

# main websocket
location ~ ^/lool/(.*)/ws$ {
    proxy_pass http://10.9.11.238:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
}

# download, presentation and image upload
location ~ ^/lool {
    proxy_pass http://10.9.11.238:9980;
    proxy_set_header Host $http_host;
}

# Admin Console websocket
location ^~ /lool/adminws {
    proxy_pass http://10.9.11.238:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
}

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/office.vsks.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/office.vsks.ru/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = office.vsks.ru) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80;
listen [::]:80;
server_name  office.vsks.ru;
return 404; # managed by Certbot

}

de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru 1 4 5 false 3600 30 300 false 0 8000 0 0 100 100 10000 60 300 3072 85 120 900 loleaflet.html true warning false -INFO-WARN /var/log/loolwsd.log never timestamp true 10 days 10 true false false 82589933 false false all any 192\.168\.[0-9]{1,3}\.[0-9]{1,3} ::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3} 127\.0\.0\.1 ::ffff:127\.0\.0\.1 ::1 172\.17\.[0-9]{1,3}\.[0-9]{1,3} ::ffff:172\.17\.[0-9]{1,3}\.[0-9]{1,3} false true /etc/loolwsd/cert.pem /etc/loolwsd/key.pem /etc/loolwsd/ca-chain.cert.pem 1000 true true true false classic cloud.vsks.ru 10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} 172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3} 172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3} 172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3} 192\.168\.[0-9]{1,3}\.[0-9]{1,3} 192\.168\.1\.1 0 false 900 localhost true true true false manager pbkdf2.sha512.10000.21daccf1b4b5b170522e43ba47edcbcb2dce97ce2ea41e1d71f2fc3438529dd2a7fec7be3c6ffbe0288867bbe24e5b4305e62b65a9f9480c5fcb100eec0176d87b4e8bd4360660c6688cf29d6e24c893035686eb7e560b28fc90fa0a8df137dfe90c883e46f19ff738d0cda80049c1e501f173590857790d262a6ca8074b3da6.e46ce92ee722e9bf5aa50648a61e1069b26a2d2210ef6b5409fad747f3ae8d01dc71d77b07fb2d1f5ff51efde18fc5272f3613b6186dfda8a74e6a09fe15f863d19b21c67dcb7feb83f311a43c8698df0e6070b6b59d0e3c676de1c1a8ebf589ba2bd5eca7dafde6c32dea2122e53f83874c1d2253e84dfe7fd1ee981461d1aa