I decided to post about my situation after many days of troubleshooting. I recently installed NextCloud as snap on Ubuntu 18.04 and everything worked fine. I did the port forwarding and used Let’s Encrypt (from snap commands) to create the certificates for NC.
Then I decided to install Collabora server on the same machine to use the office functionality. I used the official Collaboration guides for installation mentioned here. However, in this guide, it is assumed that NC is installed manually (not snap). According to guides, I had to install Apache (or any other proxy/web server) to proxy the traffic to whether NC or Collabora.
I think there is a problem with my proxy configuration or something wrong with SSL certificates. When both Apache and snap are running, I can get to Apache page and Collabora should be running, but cannot get to NC page.
I can go to (port 443) link below and get to the page (meaning Collabora is responding?)
But when accessing the NC domain, the browser says “Did Not Connect: Potential Security Issue” and complain that the certificates are not for that NC domain I am trying to connect but the certificate is for Collabora domain. If I stop the Apache and let Snap running, I can access the NC domain with no issues (except I need to set the ports to 443 and 80 again! Is this problematic)
My Apache proxy config file (located under /etc/apache2/sites-available/) is as follows:
<VirtualHost *:444> ServerName nextcloud.domain.com:444 ProxyPreserveHost On ProxyPass / https://192.168.1.50/ ProxyPassReverse / https://192.168.1.50/ SSLProxyEngine on SSLCertificateFile /etc/letsencrypt/live/nextcloud.domain.com/cert.pem SSLCertificateChainFile /etc/letsencrypt/live/nextcloud.domain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.domain.com/privkey.pem </VirtualHost> <VirtualHost *:443> ServerName collabora.domain.com:443 # SSL configuration, you may want to take the easy route instead and use Lets Encrypt! SSLEngine on SSLCertificateFile /etc/letsencrypt/live/collabora.domain.com/cert.pem SSLCertificateChainFile /etc/letsencrypt/live/collabora.domain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/collabora.domain.com/privkey.pem SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-$ SSLHonorCipherOrder on # Encoded slashes need to be allowed AllowEncodedSlashes NoDecode # Container uses a unique non-signed certificate SSLProxyEngine On SSLProxyVerify None SSLProxyCheckPeerCN Off SSLProxyCheckPeerName Off # keep the host ProxyPreserveHost On # static html, js, images, etc. served from loolwsd # loleaflet is the client part of LibreOffice Online ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0 ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet # WOPI discovery URL ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery$ ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery # Main websocket ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon # Admin Console websocket ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws # Download as, Fullscreen presentation and Image upload operations ProxyPass /lool https://127.0.0.1:9980/lool ProxyPassReverse /lool https://127.0.0.1:9980/lool # Endpoint with information about availability of various features ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0 ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities </VirtualHost>
To be honest, this is first time I am setting up proxy server that do not know how it works. Most of my config file is copied and think that is the issue If someone can have a look at it and guide me to the right direction, that would save me lots of headache and time.