Collabora: Invalid or unknown request

Two things:

  1. -e “domain=nextcloud.XXXX.com” is the double escape messed up by the forum? if not, i THINK its supposed to be
    -e "domain=nextcloud\\.XXXX\\.com"

  2. did you add the self signed certificate of collabora to the certficate chain of NC, like this (adapt to your paths): docker exec [containerID] cat /etc/loolwsd/ca-chain.cert.pem >> /var/www/html/nextcloud/resources/config/ca-bundle.crt

edit: regarding 1. its the forum messing with the escaping

just for fellow nginx users (with working collaboras), i think this could be relevant:

Each new SSL connection requires a full SSL handshake between the client and server, which is quite CPU-intensive. To have NGINX proxy previously negotiated connection parameters and use a so-called abbreviated handshake, include the proxy_ssl_session_reuse directive:

proxy_ssl_session_reuse on;

I’m using nginx through the letsencrypt docker from linuxserver for all of the SSL, so my config is the following (10.0.3.1 is because I am on a QNAP… it’s the right IP)

upstream collabora {
	server 10.0.3.1:9980;
	}

server {
    listen       443 ssl http2;
    server_name  collabora.domain.com;

   ssl_certificate /config/keys/letsencrypt/fullchain.pem;
   ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
   ssl_prefer_server_ciphers on;
	
   location ^~ /loleaflet {
        proxy_pass https://10.0.3.1:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://10.0.3.1:9980;
        proxy_set_header Host $http_host;
    }

    # websockets, download, presentation and image upload
    location ^~ /lool {
        proxy_pass https://10.0.3.1:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
    }

}

Regarding #1, I think its the forum messing it up… there are 2 backslashes on the domain

btw. the upstream part is leftover from my attempts to get this running, you can just delete it, it is not used:

upstream collabora {
server 10.0.3.1:9980;
}

i must admit i have no idea whats the problem with your setup, personally i would try to get rid of the nginx docker, since nginx is really quite simple to setup, as is letsencrypt nowadays. generally i think its easier to debug stuff when not in a docker. its only that i didnt find a good explanation how to setup collabora itself without docker…

dont know though if you can run stuff without dockers on a qnap. alternatively you could just run a VM with nextcloud, collabora and nginx, i think that exists (if qnap can run VM’s)

So i got it working (both word and excel files) by adding the following to my config:

location / {
proxy_pass https://10.0.3.1:9980;
}

Still getting the following error in the console though:
wsd-00025-00033 04:59:56.084523 [ websrv_poll ] ERR Socket #22 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (errno: Succes
./net/SslSocket.hpp:273

Something I need to be worried about?

I also have the SSL bio error but so far didn’t affect the usability…

Okay good to know, will just ignore for now… nextcloud redirects to https, so I am assuming there is no security issue since I am still reverse proxying the collabora subdomain as well?