Two things:
-e ādomain=nextcloud.XXXX.comā is the double escape messed up by the forum? if not, i THINK its supposed to be
-e "domain=nextcloud\\.XXXX\\.com"
did you add the self signed certificate of collabora to the certficate chain of NC, like this (adapt to your paths): docker exec [containerID] cat /etc/loolwsd/ca-chain.cert.pem >> /var/www/html/nextcloud/resources/config/ca-bundle.crt
edit: regarding 1. its the forum messing with the escaping
just for fellow nginx users (with working collaboras), i think this could be relevant:
Each new SSL connection requires a full SSL handshake between the client and server, which is quite CPU-intensive. To have NGINX proxy previously negotiated connection parameters and use a so-called abbreviated handshake, include the proxy_ssl_session_reuse directive:
proxy_ssl_session_reuse on;
Iām using nginx through the letsencrypt docker from linuxserver for all of the SSL, so my config is the following (10.0.3.1 is because I am on a QNAPā¦ itās the right IP)
upstream collabora {
server 10.0.3.1:9980;
}
server {
listen 443 ssl http2;
server_name collabora.domain.com;
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
location ^~ /loleaflet {
proxy_pass https://10.0.3.1:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://10.0.3.1:9980;
proxy_set_header Host $http_host;
}
# websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass https://10.0.3.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
Regarding #1, I think its the forum messing it upā¦ there are 2 backslashes on the domain
btw. the upstream part is leftover from my attempts to get this running, you can just delete it, it is not used:
upstream collabora {
server 10.0.3.1:9980;
}
i must admit i have no idea whats the problem with your setup, personally i would try to get rid of the nginx docker, since nginx is really quite simple to setup, as is letsencrypt nowadays. generally i think its easier to debug stuff when not in a docker. its only that i didnt find a good explanation how to setup collabora itself without dockerā¦
dont know though if you can run stuff without dockers on a qnap. alternatively you could just run a VM with nextcloud, collabora and nginx, i think that exists (if qnap can run VMās)
So i got it working (both word and excel files) by adding the following to my config:
location / {
proxy_pass https://10.0.3.1:9980;
}
Still getting the following error in the console though:
wsd-00025-00033 04:59:56.084523 [ websrv_poll ] ERR Socket #22 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (errno: Succes
./net/SslSocket.hpp:273
Something I need to be worried about?
I also have the SSL bio error but so far didnāt affect the usabilityā¦
Okay good to know, will just ignore for nowā¦ nextcloud redirects to https, so I am assuming there is no security issue since I am still reverse proxying the collabora subdomain as well?