Hello Folks!
I am desperately trying to get Collabora to work…
My Setup: I got a Server with multiple vms/ LXC container. The internet hits my EdgeProxy-LXC which is a nginx reverse proxy and forwards the traffic to the specified Container/ VM.
Therefor:
- LXC Ubuntu Edgeproxy with Nginx
- LXC TurnkeyLinux based on Debian Stretch for NC16 with Apache
- LXC Ubuntu Collabora with docker and Nginx
EdgeNGINX LXC Container based on Ubuntu /etc/nginx/conf.d/reverse_proxy.conf
############ Nextcloud ############
server {
client_max_body_size 50M;
listen 443 ssl;
server_name cloud.domain.com;
location / {
proxy_pass https://172.16.1.111:443;
proxy_redirect https://172.16.1.111:443 http://$host;
proxy_set_header HOST $host;
}
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
}
server {
listen 80;
server_name domain.com;
proxy_set_header Host cloud.domain.com;
location / {
rewrite ^(.*)$ https://cloud.domain.com$1 permanent;
}
}
########## COLLABORA ###############
server {
listen 443 ssl;
server_name office.domain.com;
location / {
proxy_pass https://172.16.1.112:443;
proxy_redirect https://172.16.1.112:443 http://$host;
proxy_set_header HOST $host;
proxy_set_header HTTP_Country-Code $geoip_country_code;
proxy_pass_request_headers on;
}
ssl_certificate /etc/letsencrypt/live/cloud.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud.domain.com/privkey.pem; # managed by Certbot
}
server {
listen 80;
server_name office.domain.com;
proxy_set_header Host office.domain.com;
location / {
}
location / {
proxy_pass http://172.16.1.112:80;
proxy_redirect http://172.16.1.113:80 http://$host;
proxy_set_header HOST $host;
proxy_set_header HTTP_Country-Code $geoip_country_code;
proxy_pass_request_headers on;
}
}
Collabora LXC Container based on Ubuntu - /etc/nginx/conf.d/collabora.conf
server {
listen 443 ssl;
server_name office.domain.com;
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
download, presentation and image upload
location ~ ^/lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
Admin Console websocket
location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
ssl_certificate /etc/letsencrypt/live/office.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/office.domain.com/privkey.pem; # managed by Certbot
}
Let’s just ignore for a second, that I have 2 SSL certs on edge side and on the Collabora side …
Docker container is running and ran as described: https://icewind.nl/entry/collabora-online/
docker run -t -d -p 9980:9980 -e "domain=domain.com" --cap-add MKNOD collabora/code
I tried as well
docker run -t -d -p 9980:9980 -e "domain=office.domain.com" --cap-add MKNOD collabora/code
Anyone see’s the ( probably obvious ) mistake?
Cheers!
why to you have a nginx conf in the collabora container?
for my understanding you should put this into your edgeproxy pointing to your collabora container.
you can put this code also into the nginx conf of your nextcloud (if it run’s on nginx). then you don’t need a second domain and certificate.
server {
listen 443 ssl;
server_name cloud.domain.com;
# static files
location ^~ /loleaflet {
proxy_pass https://172.16.1.112:9980;
proxy_set_header Host $http_host;
.....
}
I can try that - my goal was though to just forward the entire traffic, to have the specific configs in the actual connected container - Collabora. From my understanding this should be totally possible…somehow
My Nextcloud uses an Apache2 to get served. - Sorry for not being clear.
I went back to this problem and even tried to change the configuration as such:
Deploy an nginx on the collabora node and set config to localhost and port 80 (no ssl) and tried to curl form the collabora host itself:
curl localhost:80/hosting/discovery
or
curl localhost:80/dist/admin/admin.html
(i provided user and password with the -e key while deploying the docker image)
didn’t work. I get a not found error.
The config I was talking about
server {
listen 80;
# server_name localhost;
# static files
location ^~ /loleaflet {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass http://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass http://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
I guess there must be a different kind of error somewhere…but where?
I tried Onlyoffice and it worked for me out of the box. I don’t know whats happening with Collabora. Anyway, I mark this as solved.
Hello! I have the following config, the thing is that i don’t use docker image/
1st server LXC Nginx, looking to local network and internet, serving requests as reverse proxy 10.9.11.47
2nd server LXC with NextCloud 10.9.11.234
3rd server LXC with Collabora installed from Ubuntu repos 10.9.11.238
Sorry for spaces in links, new users cant add links
I can open collabora admin console htt ps://o ffice.vsks.ru/loleaflet/dist/admin/admin.html
I can connect to collabora from nextcloud config with internal ip (htt p://10.9.11.238:9980). Surely, i can’t open any file because using internal IP is incorrect way, but it shows me that collabora server is working…
I cant connect to collabora from nextcloud with external domain name (htt ps://office.vsks.ru:443).
Here is my configs - nginx virtualhost, and collabora xml loolwsd
server {
server_name office.vsks.ru;
error_log /var/log/nginx/collabora.error;
# static files
location ^~ /loleaflet {
proxy_pass http://10.9.11.238:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://10.9.11.238:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://10.9.11.238:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass http://10.9.11.238:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass http://10.9.11.238:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass http://10.9.11.238:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/office.vsks.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/office.vsks.ru/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = office.vsks.ru) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name office.vsks.ru;
return 404; # managed by Certbot
}
de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru
1
4
5
false
3600
30
300
false
0
8000
0
0
100
100
10000
60
300
3072
85
120
900
loleaflet.html
true
warning
false
-INFO-WARN
/var/log/loolwsd.log
never
timestamp
true
10 days
10
true
false
false
82589933
false
false
all
any
192\.168\.[0-9]{1,3}\.[0-9]{1,3}
::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}
127\.0\.0\.1
::ffff:127\.0\.0\.1
::1
172\.17\.[0-9]{1,3}\.[0-9]{1,3}
::ffff:172\.17\.[0-9]{1,3}\.[0-9]{1,3}
false
true
/etc/loolwsd/cert.pem
/etc/loolwsd/key.pem
/etc/loolwsd/ca-chain.cert.pem
1000
true
true
true
false
classic
cloud.vsks.ru
10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}
172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}
172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}
192\.168\.[0-9]{1,3}\.[0-9]{1,3}
192\.168\.1\.1
0
false
900
localhost
true
true
true
false
manager
pbkdf2.sha512.10000.21daccf1b4b5b170522e43ba47edcbcb2dce97ce2ea41e1d71f2fc3438529dd2a7fec7be3c6ffbe0288867bbe24e5b4305e62b65a9f9480c5fcb100eec0176d87b4e8bd4360660c6688cf29d6e24c893035686eb7e560b28fc90fa0a8df137dfe90c883e46f19ff738d0cda80049c1e501f173590857790d262a6ca8074b3da6.e46ce92ee722e9bf5aa50648a61e1069b26a2d2210ef6b5409fad747f3ae8d01dc71d77b07fb2d1f5ff51efde18fc5272f3613b6186dfda8a74e6a09fe15f863d19b21c67dcb7feb83f311a43c8698df0e6070b6b59d0e3c676de1c1a8ebf589ba2bd5eca7dafde6c32dea2122e53f83874c1d2253e84dfe7fd1ee981461d1aa