Collabora does not work behind reverse proxy

Hello dear community,
I currently have a small problem with Collabora or I can’t find my error.

I have a newly set up Nextcloud instance (everything worked here without any errors).
This has now been refined a little using a custom theme and connected to the Internet via Nginx reverse proxy manager. I also had some initial complications here, but I was able to resolve them relatively quickly. (I followed these instructions: Reverse proxy — Nextcloud latest Administration Manual latest documentation → I had to set overwrite.cli.url and overwriteprotocol here).

Since then the cloud has been running quite well. It also passed the test run.

But now that other friends/acquaintances also want to use the cloud (and Office here too), Nextcloud Office was the obvious choice. (In this case with the Build-In CODE Server)

My Probelem:
The server is accessible purely via https, but the CODE server always wants to use http://[SERVER_URL]. This of course leads to a security warning in the client browser (which is good) and if the client “clicks away” this warning, my reverse proxy rejects the http request.
Unfortunately, after a long search I couldn’t find anything that exactly applies to my problem, so I opened a new topic here. I have not found anything about whether it is possible to change the settings so that it uses https://? etc.

Thank you very much for your help

About my setup:
Proxmox Server contains 2 VM´s → one is the reverse proxy and one is the cloud-server
All VM´s are on a seperate Network.

On the Reverse Proxy is Nginx Proxy Manager (NPM) installed.
IP of the Proxy:
(Sadly the forum dont let me post more than 2 pic´s in my first thread so i have to text out my npm config)

Under “Details”:
Domain-Names: []
Scheme: http
Forward Hostname/IP:
Forward Port: 80
Cache Assets: No
Block Common Exploits: Yes
Websockets Support: Yes
Publicly Accessible

Under “Custom Locations”:
Location “/”: http - - 80
Location “/.well-known/caldav”: http - - 80
Location “/.well-known/carddav”: http - - 80

For all Locations i have following additional headers configured:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;

Under “SSL”:
SSL-Certificate → [domain-name] (it´s a Let´s Encrypt Cert Autogenerated)
Force-SSL: yes
HTTP/2 Support: yes
HSTS Enabled: yes
HSTS Subdomains: no (because i have no subdomains)

Under “Advanced” there are some timeout parameters like “proxy_connect_timeout” etc. but they are not intressting.

Setup of the Cloud-Server:
Ubuntu 22.04 Container
Apache2 Webserver
Nextcloud install located in /var/www/html/nextcloud

The Apache2 Webserver Root is the same directory. Also the Apache2 Server only listens on Port 80 because the Reverse-Proxy handles all the SSL-Stuff

My Config-File:

$CONFIG = array (
  'instanceid' => '[ID]',
  'passwordsalt' => '[XY]',
  'secret' => '[XYZ]',
  'trusted_domains' =>
  array (
    0 => '',
    1 => '',
  'trusted_proxies' =>
  array (
    0 => '',
  'datadirectory' => '/nextcloud_mount/data',
  'dbtype' => 'mysql',
  'version' => '',
  'overwriteprotocol' => 'https',
  'overwrite.cli.url' => '',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '[USERNAME]',
  'dbpassword' => '[PASSWORD]',
  'installed' => true,
  'defaultapp' => 'dashboard',
  'theme' => '[CUSTOM_THEME_NAME]',
  'mail_smtpmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => '[some_name]',
  'mail_smtpauth' => 1,
  'mail_domain' => '[some_email_domain]',
  'mail_smtpname' => '[Some_email]',
  'mail_smtppassword' => '[Some_email_password]',
  'mail_smtphost' => '[some_email_hostserver]',
  'mail_smtpport' => '[port]',
  'maintenance' => false,
  'maintenance_window_start' => 1,
  'loglevel' => 2,
  'simpleSignUpLink.shown' => false,
  'default_language' => 'de',
  'default_locale' => 'de',
  'default_timezone' => 'Europe/Berlin',
  'templatedirectory' => '',
  'default_phone_region' => 'DE',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => 'localhost',
    'port' => 6379,
    'dbindex' => 0,
    'timeout' => 1.5,
    'read_timeout' => 1.5,
  'updater.secret' => '[xy]',

If Nextcloud Office was configured prior to using your reverse proxy where your HTTPS terminates it may have auto-configured itself based on those (pre-HTTPS) parameters at the time.

To trigger reconfiguration, try going to Nextcloud Office (under Admin settings) and choosing something other than your Built-in CODE. Then switch it back to the built-in CODE.

If it still appears broken:

  • Show browser console Network output to find the first HTTP transaction
  • Insert the output of ./occ config:list richdocuments (or equivalent adapted for your runtime environment).