Collabora can't open documents. Nextcloud 29 AIO; Apache Reverse Proxy

At some point in the past Nextcloud office could open documents. But now I get the error:

Failed to establish socket connection or socket connection closed unexpectedly. The reverse proxy might be misconfigured, please contact the administrator. For more info on proxy configuration please checkout https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html

I have used Nextcloud AIO, with AIO running behind a reverse proxy on an Apache server. I have followed the instructions for troubleshooting collabora. I verified that my etc/hosts/ file doesn’t map 127.0.0.1 or 127.0.1.1 to my domain. I tried adding ,0.0.0.0/0 to the allow list for WOPI requests, but this didn’t fix the problem.

I have also checked that my reverse proxy consideration supports the websocket.

Here is the output of curl -vvv https://$NC_DOMAIN:443/hosting/discovery in the nextcloud-aio-nextcloud docker container.

Here is my collabora log from AIO. (It’s too big for pastebin.com, so I used pastebin.mozilla.org, which will expire in 21 days).

as the system complains about websocket I would focus on this area first.

Review if your reverse proxy config (from: https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html):

Enable proxy of websockets: a2enmod proxy_wstunnel

the config file should have similar line

 # Main websocket
 ProxyPassMatch      "/cool/(.*)/ws$"      wss://127.0.0.1:9980/cool/$1/ws nocanon

Hi, did you compare the apache config with this one? all-in-one/reverse-proxy.md at main · nextcloud/all-in-one · GitHub

1 Like

I’m using AIO. Proxy of websockets is enabled in the host server. The line is in the /etc/apache2/conf-available/coolwsd.conf file in the collabora docker container. But I’m having trouble following how the container is set up compared to collabora documentation. So I would appreciate some more detailed instructions about how to check if the container is setup correct.

I followed that page when I configured my apache. The only difference is that I have specified ports in the ServerName i.e.,:

ServerName https://cloud.mydomain.site:8080

Can you post the apache config here that you are using?

1 Like
<VirtualHost *:80>
    ServerName http://cloud.mydomain.site:80

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    RewriteCond %{SERVER_NAME} =cloud.mydomain.site
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
    ServerName https://cloud.mydomain.site:8080

    # Reverse proxy based on https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
    RewriteEngine On
    ProxyPreserveHost On
    RequestHeader set X-Real-IP %{REMOTE_ADDR}s
    AllowEncodedSlashes NoDecode
    ProxyPass / http://localhost:11000/ nocanon
    ProxyPassReverse / http://localhost:11000/


    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
    RewriteRule .? "ws://localhost:11000/%1" [P,L]

    # Enable h2, h2c and http1.1
    Protocols h2 h2c http/1.1
    
    # Solves slow upload speeds caused by http2
    H2WindowSize 5242880

    # TLS

    SSLEngine               on
    SSLProtocol             -all +TLSv1.2 +TLSv1.3
    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
    SSLHonorCipherOrder     off
    SSLSessionTickets       off
    ## END ReCOMENT
    # If running apache on a subdomain (eg. nextcloud.example.com) of a domain that already has an wildcard ssl certificate from certbot on this machine, 
    # the <your-nc-domain> in the below lines should be replaced with just the domain (eg. example.com), not the subdomain. 
    # In this case the subdomain should already be secured without additional actions
    # SSLCertificateFile /etc/letsencrypt/live/mydomain.site/fullchain.pem
    # SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.site/privkey.pem

    # Disable HTTP TRACE method.
    TraceEnable on
    <Files ".ht*">
        Require all denied
    </Files>

    # Support big file uploads
    LimitRequestBody 0
</VirtualHost>

I think this is actually the problem.

Have you tried ServerName cloud.mydomain.site

1 Like

That was the issue. I forgot why I put the port there in the first place. But after removing it and restarting apache collabora works again.

1 Like