I am currently setting up a document server for my Nextcloud.
This has worked quite well so far. The server is accessible via the internal IP and gives the desired output.
However, when I try to access the server via my domain, I only get the default Apache2 page from my reverse proxy instead of the page that opens when I access it via the internal IP. This also prevents me from adding the server to Nextcloud.
I worked completely according to this tutorial.
If there is any additional info missing, feel free to contact me anytime.
That’s my Reverse Proxy Config.
<VirtualHost *:80>
ServerName office.domain.de
Options -Indexes
ErrorLog "/var/log/apache2/collabora_error"
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from coolwsd
# loleaflet/browser is the client part of Collabora Online
ProxyPass /loleaflet http://192.168.178.134:9980/loleaflet retry=0
ProxyPassReverse /loleaflet http://192.168.178.134:9980/loleaflet
ProxyPass /browser http://192.168.178.134:9980/browser retry=0
ProxyPassReverse /browser http://192.168.178.134:9980/browser
# WOPI discovery URL
ProxyPass /hosting/discovery http://192.168.178.134:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery http://192.168.178.134:9980/hosting/discovery
# Capabilities
ProxyPass /hosting/capabilities http://192.168.178.134:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities http://192.168.178.134:9980/hosting/capabilities
# Main websocket
ProxyPassMatch "/cool/(.*)/ws$" ws://192.168.178.134:9980/cool/$1/ws nocanon
# Admin Console websocket
ProxyPass /cool/adminws ws://192.168.178.134:9980/cool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /cool http://192.168.178.134:9980/cool
ProxyPassReverse /cool http://192.168.178.134:9980/cool
</VirtualHost>
For those who are wondering, I have already asked the same question in German in this forum but unfortunately received no answer. Therefore I ask it here again.
did you check your reverse proxy logs? maybe you need to raise a log level to find out what happens there. sounds like the proxy doesn’t understand the request is targeting Collabora. do you access it using right hostname http://office.domain.de or maybe reverse proxy IP or other hostname?
BTW I’m pretty sure you need TLS (https) for working WOPI integration.
I understand that SSL is needed to connect the CODE server to the Nextcloud. That would also be my next step once the redirection is running through the RP.
I just tried to find the logs. When I search Collabora_logs as it says in the Apache Config I only find entries from 3-4 days ago. That doesn’t make sense because I just tried again to access the server via the domain. That should have created a log entry as well. So I can’t find the correct logs unfortunately.
I can’t get to the server via http://office.domain.de unfortunately, that’s my problem. Over the internal IP it works. There comes the black screen with the “OK” in the upper left corner.
Also two things about the logs. First, if Apache loads the default page, that means it used the wrong site config, and may have logged to a different file.
Second, I think you may be missing a log directive in your config. Seems like maybe you are only logging errors, in which case it may not log access attempts.
I have now tried this with the Apache Config. Unfortunately, even after deleting the browser cache, I am still redirected to the Apache default page. In the error logs I find the following:
[Tue Oct 04 06:59:20.295278 2022] [ssl:warn] [pid 11227:tid 140103831936064] AH01909: office.domain.eu:443:0 server certificate does NOT include an ID which matches the server name
[Tue Oct 04 06:59:20.295377 2022] [ssl:error] [pid 11227:tid 140103831936064] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=ReverseProxyName / issuer: CN=sReverseProxyName / serial: 35601253703682FB7572AB34>
[Tue Oct 04 06:59:20.295389 2022] [ssl:error] [pid 11227:tid 140103831936064] AH02604: Unable to configure certificate office.domain.eu:443:0 for stapling
[Tue Oct 04 06:59:20.296167 2022] [mpm_event:notice] [pid 11227:tid 140103831936064] AH00489: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Tue Oct 04 06:59:20.296186 2022] [core:notice] [pid 11227:tid 140103831936064] AH00094: Command line: '/usr/sbin/apache2'
[Tue Oct 04 06:59:23.185629 2022] [mpm_event:notice] [pid 11227:tid 140103831936064] AH00493: SIGUSR1 received. Doing graceful restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Tue Oct 04 06:59:23.200333 2022] [mpm_event:notice] [pid 11227:tid 140103831936064] AH00489: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Tue Oct 04 06:59:23.200347 2022] [core:notice] [pid 11227:tid 140103831936064] AH00094: Command line: '/usr/sbin/apache2'
[Tue Oct 04 06:59:26.465407 2022] [mpm_event:notice] [pid 11227:tid 140103831936064] AH00493: SIGUSR1 received. Doing graceful restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
[Tue Oct 04 06:59:26.479488 2022] [mpm_event:notice] [pid 11227:tid 140103831936064] AH00489: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Tue Oct 04 06:59:26.479505 2022] [core:notice] [pid 11227:tid 140103831936064] AH00094: Command line: '/usr/sbin/apache2'
[Tue Oct 04 06:59:44.931601 2022] [authz_core:error] [pid 11835:tid 140102797862656] [client 139.59.159.130:48690] AH01630: client denied by server configuration: /var/www/html/server-status
Unfortunately, I can’t do very much with it.
What do I have to do now?
Judging from your logs it looks like you are trying to access office.domain.eu over HTTPS (port 443), which does not match with the apache configuration (port 80).
Its possible your browser is trying to redirect you to use HTTPS.
Could you try accessing the COOL server directly via cURL:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://office.domain.eu/hosting/discovery">here</a>.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at office.domain.eu Port 80</address>
</body></html>
So I have set an automatic redirection from HTTP to HTTPS when creating the SSL certificate. Therefore, the proxy should automatically redirect to HTTPS. Is this not correct?
Because as far as I know the Document Server needs the same protocol as the Nextcloud.
This is my current Apache2 Config which I created after the tutorial from wwe
it’s not wrong you have this redirection in place. but you must focus on what you configured in Nextcloud - your Nextcloud must “know” Collabora runs on https so the client access https URL and no reverse proxy redirection is required.
what happens if you check https://office.domain.eu/hosting/discovery especially curl https://office.domain.eu/hosting/discovery from Nextcloud`s system?
your last apache conf shows /lool multiple times which not correct for newer CODE versions - you should use /cool for everything newer than CODE 6.4
Please read and understand threads and references I shared initially!
That’s the Output of the Command from my Nextcloud Server
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Unavailable</title>
</head><body>
<h1>Service Unavailable</h1>
<p>The server is temporarily unable to service your
request due to maintenance downtime or capacity
problems. Please try again later.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at office.domain.eu Port 443</address>
</body></html>
I will make the changes in the Reverse Proxy Config in a moment. Thanks for the hint