Collabora Document Server unavailable

Hello,

I am currently setting up a document server for my Nextcloud.
This has worked quite well so far. The server is accessible via the internal IP and gives the desired output.

However, when I try to access the server via my domain, I only get the default Apache2 page from my reverse proxy instead of the page that opens when I access it via the internal IP. This also prevents me from adding the server to Nextcloud.
I worked completely according to this tutorial.

If there is any additional info missing, feel free to contact me anytime.

That’s my Reverse Proxy Config.

<VirtualHost *:80> 
 ServerName office.domain.de 
 Options -Indexes 
 ErrorLog "/var/log/apache2/collabora_error" 
 # Encoded slashes need to be allowed 
 AllowEncodedSlashes NoDecode 
 # keep the host 
 ProxyPreserveHost On 
 # static html, js, images, etc. served from coolwsd 
 # loleaflet/browser is the client part of Collabora Online 
 ProxyPass           /loleaflet http://192.168.178.134:9980/loleaflet retry=0 
 ProxyPassReverse    /loleaflet http://192.168.178.134:9980/loleaflet 
 ProxyPass           /browser http://192.168.178.134:9980/browser retry=0 
 ProxyPassReverse    /browser http://192.168.178.134:9980/browser 
 # WOPI discovery URL 
 ProxyPass           /hosting/discovery http://192.168.178.134:9980/hosting/discovery retry=0 
 ProxyPassReverse    /hosting/discovery http://192.168.178.134:9980/hosting/discovery 
 # Capabilities 
 ProxyPass           /hosting/capabilities http://192.168.178.134:9980/hosting/capabilities retry=0 
 ProxyPassReverse    /hosting/capabilities http://192.168.178.134:9980/hosting/capabilities 
 # Main websocket 
 ProxyPassMatch "/cool/(.*)/ws$" ws://192.168.178.134:9980/cool/$1/ws nocanon 
 # Admin Console websocket 
 ProxyPass   /cool/adminws ws://192.168.178.134:9980/cool/adminws 
 # Download as, Fullscreen presentation and Image upload operations 
 ProxyPass           /cool http://192.168.178.134:9980/cool 
 ProxyPassReverse    /cool http://192.168.178.134:9980/cool 
</VirtualHost>

For those who are wondering, I have already asked the same question in German in this forum but unfortunately received no answer. Therefore I ask it here again.

did you check your reverse proxy logs? maybe you need to raise a log level to find out what happens there. sounds like the proxy doesn’t understand the request is targeting Collabora. do you access it using right hostname http://office.domain.de or maybe reverse proxy IP or other hostname?

BTW I’m pretty sure you need TLS (https) for working WOPI integration.

Hello,

I understand that SSL is needed to connect the CODE server to the Nextcloud. That would also be my next step once the redirection is running through the RP.

I just tried to find the logs. When I search Collabora_logs as it says in the Apache Config I only find entries from 3-4 days ago. That doesn’t make sense because I just tried again to access the server via the domain. That should have created a log entry as well. So I can’t find the correct logs unfortunately.

I can’t get to the server via http://office.domain.de unfortunately, that’s my problem. Over the internal IP it works. There comes the black screen with the “OK” in the upper left corner.

take a look at this post:

the setup is different but Apache config might help you. focus on Apache config and logs to isolate the problem.

That sounds to me like either:

  • The ServerName on the Apache config does not match what you type in the URL (SNI doesn’t match so it loads the wrong site)
  • The FQDN does not resolve to the IP address of the reverse proxy

For best results, you’ll want to use the FQDN to connect to it both internally and externally, and this will mean setting up split-horizon DNS.

Also two things about the logs. First, if Apache loads the default page, that means it used the wrong site config, and may have logged to a different file.

Second, I think you may be missing a log directive in your config. Seems like maybe you are only logging errors, in which case it may not log access attempts.

1 Like

I have now tried this with the Apache Config. Unfortunately, even after deleting the browser cache, I am still redirected to the Apache default page. In the error logs I find the following:

[Tue Oct 04 06:59:20.295278 2022] [ssl:warn] [pid 11227:tid 140103831936064] AH01909: office.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Tue Oct 04 06:59:20.295377 2022] [ssl:error] [pid 11227:tid 140103831936064] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=ReverseProxyName / issuer: CN=sReverseProxyName / serial: 35601253703682FB7572AB34>
[Tue Oct 04 06:59:20.295389 2022] [ssl:error] [pid 11227:tid 140103831936064] AH02604: Unable to configure certificate office.domain.eu:443:0 for stapling
[Tue Oct 04 06:59:20.296167 2022] [mpm_event:notice] [pid 11227:tid 140103831936064] AH00489: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Tue Oct 04 06:59:20.296186 2022] [core:notice] [pid 11227:tid 140103831936064] AH00094: Command line: '/usr/sbin/apache2'
[Tue Oct 04 06:59:23.185629 2022] [mpm_event:notice] [pid 11227:tid 140103831936064] AH00493: SIGUSR1 received.  Doing graceful restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Tue Oct 04 06:59:23.200333 2022] [mpm_event:notice] [pid 11227:tid 140103831936064] AH00489: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Tue Oct 04 06:59:23.200347 2022] [core:notice] [pid 11227:tid 140103831936064] AH00094: Command line: '/usr/sbin/apache2'
[Tue Oct 04 06:59:26.465407 2022] [mpm_event:notice] [pid 11227:tid 140103831936064] AH00493: SIGUSR1 received.  Doing graceful restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Tue Oct 04 06:59:26.479488 2022] [mpm_event:notice] [pid 11227:tid 140103831936064] AH00489: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Tue Oct 04 06:59:26.479505 2022] [core:notice] [pid 11227:tid 140103831936064] AH00094: Command line: '/usr/sbin/apache2'
[Tue Oct 04 06:59:44.931601 2022] [authz_core:error] [pid 11835:tid 140102797862656] [client 139.59.159.130:48690] AH01630: client denied by server configuration: /var/www/html/server-status

Unfortunately, I can’t do very much with it.
What do I have to do now?

Hi DerLeon,

Judging from your logs it looks like you are trying to access office.domain.eu over HTTPS (port 443), which does not match with the apache configuration (port 80).

Its possible your browser is trying to redirect you to use HTTPS.

Could you try accessing the COOL server directly via cURL:

curl http://office.domain.eu/hosting/discovery

Hello, sorry for my Late answer.

Here is the output of the command:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://office.domain.eu/hosting/discovery">here</a>.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at office.domain.eu Port 80</address>
</body></html>

So I have set an automatic redirection from HTTP to HTTPS when creating the SSL certificate. Therefore, the proxy should automatically redirect to HTTPS. Is this not correct?
Because as far as I know the Document Server needs the same protocol as the Nextcloud.

This is my current Apache2 Config which I created after the tutorial from wwe

<VirtualHost *:80>
  ServerName office.domain.eu
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  AllowEncodedSlashes NoDecode
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off
  ProxyPreserveHost Off
  ProxyPass           /loleaflet https://192.168.178.134:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://192.168.178.134:9980/loleaflet
  ProxyPass           /hosting/discovery https://192.168.178.134:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://192.168.178.134:9980/hosting/discovery
  ProxyPassMatch "/lool/(.*)/ws$" wss://192.168.178.134:9980/lool/$1/ws nocanon
  ProxyPass   /lool/adminws wss://192.168.178.134:9980/lool/adminws
  ProxyPass           /lool https://192.168.178.134:9980/lool
  ProxyPassReverse    /lool https://192.168.178.134:9980/lool
  ProxyPass           /hosting/capabilities https://192.168.178.134:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://192.168.178.134:9980/hosting/capabilities
RewriteEngine on
RewriteCond %{SERVER_NAME} =office.domain.eu
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
  ServerName office.domain.eu
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  SSLEngine on
  AllowEncodedSlashes NoDecode
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off
  ProxyPreserveHost On
  ProxyPass /loleaflet https://192.168.178.134:9980/loleaflet retry=0
  ProxyPassReverse /loleaflet https://192.168.178.134:9980/loleaflet
  ProxyPass /hosting/discovery https://192.168.178.134:9980/hosting/discovery retry=0
  ProxyPassReverse /hosting/discovery https://192.168.178.134:9980/hosting/discovery
  ProxyPassMatch "/lool/(.*)/ws$" wss://192.168.178.134:9980/lool/$1/ws nocanon
  ProxyPass /lool/adminws wss://192.168.178.134:9980/lool/adminws
  ProxyPass /lool https://192.168.178.134:9980/lool
  ProxyPassReverse /lool https://192.168.178.134:9980/lool
  ProxyPass /hosting/capabilities https://192.168.178.134:9980/hosting/capabilities retry=0
  ProxyPassReverse /hosting/capabilities https://192.168.178.134:9980/hosting/capabilities
  SSLCertificateFile      /etc/letsencrypt/live/office.domain.eu/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/office.domain.eu/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

When I access the domain via http://office.domain.eu/hosting/discovery I get a proxy error “Error during SSL Handshake with remote server”.

Is anything missing?

it’s not wrong you have this redirection in place. but you must focus on what you configured in Nextcloud - your Nextcloud must “know” Collabora runs on https so the client access https URL and no reverse proxy redirection is required.

what happens if you check https://office.domain.eu/hosting/discovery especially curl https://office.domain.eu/hosting/discovery from Nextcloud`s system?

your last apache conf shows /lool multiple times which not correct for newer CODE versions - you should use /cool for everything newer than CODE 6.4

Please read and understand threads and references I shared initially!

That’s the Output of the Command from my Nextcloud Server

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Unavailable</title>
</head><body>
<h1>Service Unavailable</h1>
<p>The server is temporarily unable to service your
request due to maintenance downtime or capacity
problems. Please try again later.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at office.domain.eu Port 443</address>
</body></html>

I will make the changes in the Reverse Proxy Config in a moment. Thanks for the hint