I have a nextcloud server in one box and a collabora and reverse proxy server in another. After a routine upgrade (apt upgrade) I can no longer edit rich text (docx etc). I have been running on this model successfully for several years.
“Failed to load Nextcloud Office - please try again later”
Initially I assumed the upgrade had altered my coolswsd.xml file but on checking it did not.
My setup is as follows:
Nextcloud-Version: Nextcloud Hub 4 (26.0.13)
Nextcloud Office: 8.0.10
Allow list for WOPI requests: “125.xxx.xxx.xx,192.168.0.xxx,127.0.0.1” (Static IP, IP of nextcloud server, localhost)
Does https://collabora-domain/hosting/discovery 21 show an xml File? answer=yes
Collabora error log (apache2): "[Sat Apr 27 10:52:53.532736 2024] [proxy_http:error] [pid 4087283] (70014)End of file found: [client 192.168.0.1:51049] AH01102: error reading status line from remote server 127.0.0.1:9980"
Anonymized content of collabora-webinstance:
<VirtualHost>
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
SSLProxyEngine On
# Keep the host
ProxyPreserveHost On
# Cert is issued for $$$$$$$$$$ and then we proxy to localhost
SSLProxyVerify none
#SSLProxyCACertificatePath /etc/ssl
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
Protocols h2 http/1.1
# static html, js, images, etc. served from coolwsd
# loleaflet/browser is the client part of Collabora Online
#ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
#ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
ProxyPass /browser https://127.0.0.1:9980/browser retry=0
ProxyPassReverse /browser https://127.0.0.1:9980/browser
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Capabilities
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
# Main websocket
ProxyPassMatch "/cool/(.*)/ws$" wss://127.0.0.1:9980/cool/$1/ws nocanon
# Admin Console websocket
ProxyPass /cool/adminws wss://127.0.0.1:9980/cool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /cool https://127.0.0.1:9980/cool
ProxyPassReverse /cool https://127.0.0.1:9980/cool
</VirtualHost>
Which SSL-Certs are being used self signed or from a recognized authority)? answer= both, CA to proxy server and Self-Signed to Collabora server on 9980. All certificates have been checked for expiry.
Result of “uname -a” = Linux xxx.xxx.nz 5.15.0-105-generic #115-Ubuntu SMP Mon Apr 15 09:52:04 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Date of the download of the collabora update (when things went wrong) = 25/4/24
From coolwsd.xml:
<termination default="true" desc="Connection via proxy where coolwsd acts as
working via https, but actually uses http." type="bool">false</termination>
<cert_file_path desc="Path to the cert file"
relative="false">/etc/coolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file"
relative="false">/etc/coolwsd/key.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/coolwsd/ca-
chain.cert.pem</ca_file_path>
For me it sounds there is an issue with Collabora CODE running native on the host. AFAIK best place to ask for support in such case is Collabora Forum.
this sounds your proxy can not access CODE backend (which makes no sense as you state /hosting/discovery shows XML content). Look at Collabora integration guide it will help you to understand mechanics of CODE integration.
I see your proxy is configured to use https:// and connect to :9980 of CODE. usually this port is plan http
Many thanks. I will try these possible solutions. However, for the upgrade:
A new version is available: Nextcloud 27.1.9 1 app has no compatible version for this Nextcloud version available.
I use Maps a lot but notice its development is not moving quickly as there are one or two bugs not resolved after a long time. Do you know if this app is alive or is it more or less obsolete?
Sorry, maybe didn’t explain setup well. Nextcloud is in a separate box (A) on the LAN. The CODE server is on another (B). B is also the reverse proxy server for all domains on the LAN (including nextcloud). I take your point about going with http rather than https but I could never get this to work - so on the existing setup everything should be encrypted. Hence, need for self-signed certificate. So, I suppose that’s marginally more secure.
For the upgrade, I get:
"A new version is available: Nextcloud 27.1.9 1 app has no compatible version for this Nextcloud version available.
I use Maps a lot but notice its development is not moving quickly as there are one or two bugs not resolved after a long time. Do you know if this app is alive or is it more or less obsolete?
Having said that I know I must upgrade. It’s just a shame I may lose Maps.
Maps was updated in the store to support nc28 and nc29
full SSL is more secure in theory but in turn adds many headaches - especially when security people at some point decide to “make you system more secure” custom things like self-signed certificates are first to brake e.g. because the reverse proxy doesn’t trust you CA anymore etc… if you host reverse proxy and application on the same host attack surface from missing tls is almost zero…
you have to follow different procedures for reverseproxy with or without SSL termination e.g.
you can keep your SSL setup running as long you are confident the issue does not result from there (use checks from the guide). your CODE problem will not go away itself. Proceed with troubleshooting according to Collabora integration guide.
