Collabora: issue apache2 when virtualhost of apache is on 443

Vestarija · November 27, 2020, 8:50pm

Hi,

I want to set a virtualhost in apache for Collabora (Nextcloud and Collabora are install in the same Ubuntu server)
NC work perfectly in https:

<VirtualHost *:80>
ServerName cloud.xxx.fr
Redirect permanent / https://cloud.xxx.fr/
</VirtualHost>
<VirtualHost _default_:443>
               DocumentRoot "/var/www/nextcloud"
               ServerName cloud.xxx.fr
               ServerAlias xxx.fr

               ErrorLog ${APACHE_LOG_DIR}/nextcloud.error
               CustomLog ${APACHE_LOG_DIR}/nextcloud.access combined

               SSLEngine on
               SSLCertificateFile /etc/ssl/xxx.cer
               SSLCertificateKeyFile /etc/ssl/xxx.key
               SSLCACertificateFile /etc/ssl/Intermediate-.xxx.fr.crt

               <Directory /var/www/nextcloud/>
                   Require all granted
                   Options FollowSymlinks MultiViews
                   AllowOverride All

#                  <IfModule mod_dav.c>
#                      Dav off
#                  </IfModule>
                  <IfModule mod_headers.c>
                      Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
                  </IfModule>
               SetEnv HOME /var/www/nextcloud
               SetEnv HTTP_HOME /var/www/nextcloud
               Satisfy Any

              </Directory>
</VirtualHost>

When Collabora virtualhost is set in port 80 I have this page:

But I need to set it in 443 if I want that it work with nextcloud:

<VirtualHost *:443>
  ServerName collabora.xxx.fr:443

  SSLEngine on
  SSLCertificateFile /etc/ssl/xxx.cer
  SSLCertificateKeyFile /etc/ssl/xxx.key
  SSLCACertificateFile /etc/ssl/Intermediate-.xxx.fr.crt
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256>
  SSLHonorCipherOrder     on

  AllowEncodedSlashes NoDecode

  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  ProxyPreserveHost On

  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>

I can not understand but I have the “apache2 ubuntu default page” with this 443 conf…

does anyone have an idea?

u_n_glaublich · November 27, 2020, 9:15pm

Are u able to open

https:// collabora.domain. fr/loleaflet/dist/admin/admin.html

Than your Server works.

Vestarija · November 27, 2020, 9:56pm

I have this:

Misdirected Request

The client needs a new connection for this request as the requested host name does not match the Server Name Indication (SNI) in use for this connection.

Apache/2.4.41 (Ubuntu) Server at collabora.xxx.fr Port 443

Vestarija · November 28, 2020, 3:00pm

when I check service: systemctl status loolwsd
I get this:

● loolwsd.service - Collabora Online WebSocket Daemon
Loaded: loaded (/lib/systemd/system/loolwsd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-11-27 15:46:23 UTC; 23h ago
Main PID: 729 (loolwsd)
Tasks: 7 (limit: 2281)
Memory: 293.3M
CGroup: /system.slice/loolwsd.service
├─ 729 /usr/bin/loolwsd --version --o:sys_template_path=/opt/lool/systemplate --o:child_root_path=/opt/lool/child-roots --o:file_server_root_path=/usr/share/loolwsd
├─1130 /usr/bin/loolforkit --losubpath=lo --systemplate=/opt/lool/systemplate --lotemplate=/opt/collaboraoffice6.4 --childroot=/opt/lool/child-roots/ --clientport=9980 --masterport=loolwsd-HbFS4cPV --r>
└─1443 /usr/bin/loolforkit --losubpath=lo --systemplate=/opt/lool/systemplate --lotemplate=/opt/collaboraoffice6.4 --childroot=/opt/lool/child-roots/ --clientport=9980 --masterport=loolwsd-HbFS4cPV --r>

Nov 27 20:01:22 vs-xxx loolwsd[729]: wsd-00729-01447 2020-11-27 20:01:22.684934 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2368
Nov 27 20:01:23 vs-xxx loolwsd[729]: wsd-00729-01447 2020-11-27 20:01:23.456797 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2368
Nov 27 20:01:24 vs-xxx loolwsd[729]: wsd-00729-01447 2020-11-27 20:01:24.147702 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2368
Nov 27 20:01:28 vs-xxx loolwsd[729]: wsd-00729-01447 2020-11-27 20:01:28.128768 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2368
Nov 27 20:01:32 vs-xxx loolwsd[729]: wsd-00729-01447 2020-11-27 20:01:32.434319 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2368
Nov 27 20:05:04 vs-xxx loolwsd[729]: wsd-00729-01447 2020-11-27 20:05:04.391890 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2368
Nov 27 20:35:00 vs-xxx loolwsd[729]: wsd-00729-01447 2020-11-27 20:35:00.088547 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2368
Nov 27 20:35:20 vs-xxx loolwsd[729]: wsd-00729-01447 2020-11-27 20:35:20.394199 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2368
Nov 27 20:35:21 vs-xxx loolwsd[729]: wsd-00729-01447 2020-11-27 20:35:21.398650 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2368
Nov 27 20:48:09 vs-xxx loolwsd[729]: wsd-00729-01447 2020-11-27 20:48:09.702794 [ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2368

Anyone have an idea? problem with port?

Vestarija · November 30, 2020, 5:50pm

I fixed this issue by going through docker.