Collabora not accessible over vHost

I followed this tutorial: Start to Finish Nextcloud+Collabora Step-by-Step Guide

I created a vHost like:

<VirtualHost *:80>
   ServerAdmin s13bfe@umwelt-campus.de
   ServerName other-40.umwelt-campus.de
   ...

And added a self-signed certificate. When starting collabora I use:

docker pull collabora/code
docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=other-40\\.umwelt-campus\\.de' -e 'dictionaries=de en' --restart always --cap-add MKNOD collabora/code

But visiting other-40.umwelt-campus.de just shows the Apache2 Debian Default Page.

sudo apache2ctl -S

VirtualHost configuration:
*:443 other-40.umwelt-campus. de (/etc/apache2/sites-enabled/default-ssl.conf:2)
*:80 is a NameVirtualHost
default server myDigitalHome.umwelt-campus. de (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost myDigitalHome.umwelt-campus. de (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost other-40.umwelt-campus. de (/etc/apache2/sites-enabled/office.conf:1)

the howto is rather old. isn’t it?

if you are looking for an actual version: https://www.c-rieger.de/

or to safe you all the typing choose one of my playbooks:

the docker once should also work with selfsigned certificates. the one without docker might not work. i have to check it.


in your vhost definiton the reverse proxy config to redirect from port 80 to 9980 is missing. why you add a selfsigned certificate to port 80?
do you run everything on one box or two different?

1 Like

Okay, thank you. I’ll try this out later.

I was just following some howtos. All told me to add a certificate.
I’m running everything on one box. Well, everything is just Collabora.

btw: please note that there is an issue with self signed certificates in my “no-docker” playbook which I didn’t fix yet.

but it seems that now you can disable ssl encryption. (which I would only do if nextcloud and collabora run on the same box or in a home environment.)

@Reiner_Nippes Well I’m sure I got some problems with the vhost or domain. If I saw it correctly your guide is with nginx. I’m using apache2.

You should use Letsencrypt for securing your vHost if possible. First of all be sure your DNS Provider supports ACME if you use Letsencrypt.

I’m using a self-signed certificate and that works just fine for me. Letsencrypt threw an error. But the main problem is, as described, the collabora start page ain’t showing.

Okay, so you should enable logging for your lool container and take a look in the nc error log and the lool error log.

For your lool container access the bash shell and modify /etc/loolwsd/loolwsd.xml as needed. For your nc instance you can find this in data/nextcloud.log.

1 Like

@ralfi Well, i can’t run sudo nano inside the collabora container to modify the files.

Nano is not installed inside the container. You can use “edit” instead but if you have root rights - i assumed this - you should install a coupled of packages for help testing and modify you favoured.

Modify /etc/loolwsd/loolwsd.xml should also be do this way:

cp /etc/loolwsd/loolwsd.xml /etc/loolwsd/loolwsd.xml.edit
edit /etc/loolwsd/loolwsd.xml.edit
cp /etc/loolwsd/loolwsd.xml.edit /etc/loolwsd/loolwsd.xml

Do NOT forget to restarting the container.

1 Like

@ralfi No, I don’t have root permissions also using docker exec -u root -it "b0e3f0618f64" /bin/bash didn’t help. I couldn’t edit the xml file.

@ralfi Okay, I got an Idea where my problem is. I now can access the collabora-service but Nextcloud can’t connect to it. “Collabora cant be loaded”. So there must be a problem with my vHost settings?

<VirtualHost *:80>
   ServerAdmin mail@example.de
   ServerName other-40.umwelt-campus.de

   # Encoded slashes need to be allowed
   AllowEncodedSlashes NoDecode

   # Container uses a unique non-signed certificate
   SSLProxyEngine On
   SSLProxyVerify None
   SSLProxyCheckPeerCN Off
   SSLProxyCheckPeerName Off

   # keep the host
   ProxyPreserveHost On

   # static html, js, images, etc. served from loolwsd
   # loleaflet is the client part of LibreOffice Online
   ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
   ProxyPassReverse /loleaflet https://localhost:9980/loleaflet

   # WOPI discovery URL
   ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
   ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery

   # Main websocket
   ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

   # Admin Console websocket
   ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws

   # Download as, Fullscreen presentation and Image upload operations
   ProxyPass /lool https://127.0.0.1:9980/lool
   ProxyPassReverse /lool https://127.0.0.1:9980/lool
</VirtualHost>

I also can access Nextcloud over localhost:8080 and 127.0.0.1:8080 but not over https://other-40.umwelt-campus.de:8080

Please paste a little bit (first 3-4 lines of output) from http://127.0.0.1:9980/hosting/discovery
And take a look at the nextcloud log file, it must be there. Please take a deeper look at the docs.

Your config never do work because you have a reverse proxy for the lool server but no https access to your nextcloud instance. I dont know the environment of your instance so you must give us a little more info, such as LAN / IP structure pic.

The output is:

<wopi-discovery>
<net-zone name="external-http">
<app name="application/vnd.lotus-wordpro">
 <action ext="lwp" name="view" urlsrc="https://127.0.0.1:9980/loleaflet/305832f/loleaflet.html?"/>
</app>

<app name="image/svg+xml">
 <action ext="svg" name="view" urlsrc="https://127.0.0.1:9980/loleaflet/305832f/loleaflet.html?"/>
</app>

<app name="application/vnd.ms-powerpoint">       
 <action ext="pot" name="edit" urlsrc="https://127.0.0.1:9980/loleaflet/305832f/loleaflet.html?"/>
</app>

If I look at “nextcloud/data/nextcloud.log” it is empty. If I type docker logs --details nextcloudcontainername I get just something like:

 127.0.0.1 - - [23/May/2019:11:11:17 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.25 (Debian) PHP/7.3.5 (internal dummy connection)"
 172.25.0.1 - - [23/May/2019:11:11:34 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2116 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36"
 172.25.0.1 - - [23/May/2019:11:12:04 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2116 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36"
 143.93.46.40 - - [23/May/2019:11:12:25 +0000] "\x16\x03\x01\x02" 400 0 "-" "-"
 143.93.46.40 - - [23/May/2019:11:12:25 +0000] "\x16\x03\x01" 400 0 "-" "-"
 143.93.46.40 - - [23/May/2019:11:12:25 +0000] "\x16\x03\x01\x02" 400 0 "-" "-"
 143.93.46.40 - - [23/May/2019:11:12:25 +0000] "\x16\x03\x01\x02" 400 0 "-" "-"
 172.25.0.1 - - [23/May/2019:11:12:34 +0000] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 2116 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36"
 [Thu May 23 11:12:49.461813 2019] [mpm_prefork:notice] [pid 1] AH00169: caught SIGTERM, shutting down
 AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.25.0.3. Set the 'ServerName' directive globally to suppress this message
 AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.25.0.3. Set the 'ServerName' directive globally to suppress this message
 [Thu May 23 16:03:22.268078 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.25 (Debian) PHP/7.3.5 configured -- resuming normal operations
 [Thu May 23 16:03:22.268115 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'

So my “other-40.umwelt-campus.de” is running on my server on " 143.93.46.40". When trying to access nextcloud over other-40.umwelt-campus.de:8080 I get an denied access cause of safety.
The domain is maintaiend externally. Could it be a not opened port on the domain?

use a “volume”: -v /host/path/blabla.xml:/container/path/blubbschwaetz.xml then you can edit /host/path/blabla.xmlon the host.

never ever edit a file “inside” the container. :wink:

Could the problem be, that I’m not accessing nextcloud over https but I do access collabora over it?

And is it possible to call collabora on localhost over nextcloud by handling:
“URL (and Port) of Collabora Online-Server” to https://localhost:9980 ?
Atm I’m getting: Collabora Online should use the same protocol as the server installation.

@Reiner_Nippes: Okay, a user volume for one file only, nice idea for the loolwsd.xml in lool…

I can open https://www.umwelt-campus.de/ but no sub-domain.
Are you really sure that this sub dom ist work? Ask your it service.

It is working on my server, yea. I also can reach it and it’s giving an “ok” response on port 9980. The problem is just the connection with nextcloud as I mentioned a oost above.

If it is possible to connect it with localhost:9980 I’d do that too.

It works for you but not for me?
No answer to a sub domain with access from outside (internet)?
Is it wanted like that?

At first, yes. That’s wanted. I just want to test everything first.