Hi!
Iāve succesfully installed NextCloud as a snap on my Ubuntu Server 18.04. It works perfectly over https on a public domain cloud.chiara.org (not the real one ! ).
Now I want to integrate the Collabora application. Iāve installed it with the following command:
docker pull collabora/code
docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=cloud\\.chiara\\.org' --restart always --cap-add MKNOD collabora/code
The container is up and running.
docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8398beb8a077 collabora/code "/bin/sh -c 'bash stā¦" 2 hours ago Up 2 hours 127.0.0.1:9980->9980/tcp infallible_allen
Collabora should be on listening on port 9980, but if I try
curl 127.0.0.1:9980/hosting/discovery
curl: (52) Empty reply from server
uhm, thatās strange, maybe because it doesnāt reply to ip address. So I go to setup the reverse proxy.
I have a dedicated machine in my internal network that works as a reverse proxy of all the traffic coming from outside.
Below a schema of the network:
So the ReverseProxy is on the machine 192.168.1.132 which routes the traffic, accordingly to the domain name, to the server 192.168.1.30 which contains a NextCloud SNAP and the Docker container of CollaboraOnline.
There is no Apache service on 192.168.1.30, I mean outside the SNAP.
I write the virtual host, on 192.168.1.132 reverseProxy server, setting for Collabora in addition to what I already have for NextCloud:
<VirtualHost *:443>
ServerName cloud.chiara.org
ProxyPreserveHost On
ProxyPass / https://192.168.1.30/
ProxyPassReverse / https://192.168.1.30/
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/cloud.chiara.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.chiara.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:443>
ServerName docs.chiara.org:443
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://192.168.1.30:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://192.168.1.30:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://192.168.1.30:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://192.168.1.30:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://192.168.1.30:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://192.168.1.30:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://192.168.1.30:9980/lool
ProxyPassReverse /lool https://192.168.1.30:9980/lool
SSLProxyEngine on
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# Let's Encrypt Certificate
SSLCertificateFile /etc/letsencrypt/live/docs.chiara.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/docs.chiara.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
</VirtualHost>
The certificate for cloud.chiara.org has been generated both on the ReverseProxy Server and on the Cloud Server using CertBot and Letās Encrypt.
The certificate for docs.chiara.org has been generated only on the ReverseProxy Server using CertBot and Letās Encrypt.
The problem is that CollaboraOnline is not responding at all, not reachable.
I have configured in the NextCloud app, under settings, by inserting the URL āhttps://docs.chiara.orgā but when I try to edit an odt doc, I get the error āunable to complete the requestā¦blablablaā¦ remote address: 192.168.1.132ā¦ā
Why 192.168.1.132??? Itās the ReverseProxy Server!!
I check the ReverseProxy Apache log and I find the following:
[Thu Nov 08 13:27:25.297531 2018] [socache_shmcb:debug] [pid 16524] mod_socache_shmcb.c(491): AH00831: socache_shmcb_store (0xdf -> subcache 31)
[Thu Nov 08 13:27:25.297561 2018] [socache_shmcb:debug] [pid 16524] mod_socache_shmcb.c(728): AH00842: expiring 1 and reclaiming 0 removed socache entries
[Thu Nov 08 13:27:25.297567 2018] [socache_shmcb:debug] [pid 16524] mod_socache_shmcb.c(747): AH00843: we now have 0 socache entries
[Thu Nov 08 13:27:25.297572 2018] [socache_shmcb:debug] [pid 16524] mod_socache_shmcb.c(845): AH00847: insert happened at idx=0, data=(0:32)
[Thu Nov 08 13:27:25.297576 2018] [socache_shmcb:debug] [pid 16524] mod_socache_shmcb.c(850): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/207
[Thu Nov 08 13:27:25.297584 2018] [socache_shmcb:debug] [pid 16524] mod_socache_shmcb.c(512): AH00834: leaving socache_shmcb_store successfully
[Thu Nov 08 13:27:25.298306 2018] [ssl:debug] [pid 16524] ssl_engine_kernel.c(354): [client 2.231.118.170:54518] AH02034: Initial (No.1) HTTPS request received for child 10 (server docs.chiara.org:443)
[Thu Nov 08 13:27:25.298330 2018] [authz_core:debug] [pid 16524] mod_authz_core.c(835): [client 2.231.118.170:54518] AH01628: authorization result: granted (no directives)
[Thu Nov 08 13:27:25.298358 2018] [proxy:debug] [pid 16524] mod_proxy.c(1160): [client 2.231.118.170:54518] AH01143: Running scheme https handler (attempt 0)
[Thu Nov 08 13:27:25.298368 2018] [proxy:debug] [pid 16524] proxy_util.c(2160): AH00942: HTTPS: has acquired connection for (192.168.1.30)
[Thu Nov 08 13:27:25.298378 2018] [proxy:debug] [pid 16524] proxy_util.c(2213): [client 2.231.118.170:54518] AH00944: connecting https://192.168.1.30:9980/hosting/discovery to 192.168.1.30:9980
[Thu Nov 08 13:27:25.298440 2018] [proxy:debug] [pid 16524] proxy_util.c(2422): [client 2.231.118.170:54518] AH00947: connected /hosting/discovery to 192.168.1.30:9980
[Thu Nov 08 13:27:25.298618 2018] [proxy:error] [pid 16524] (111)Connection refused: AH00957: HTTPS: attempt to connect to 192.168.1.30:9980 (192.168.1.30) failed
[Thu Nov 08 13:27:25.298642 2018] [proxy:error] [pid 16524] AH00959: ap_proxy_connect_backend disabling worker for (192.168.1.30) for 0s
[Thu Nov 08 13:27:25.298649 2018] [proxy_http:error] [pid 16524] [client 2.231.118.170:54518] AH01114: HTTP: failed to make connection to backend: 192.168.1.30
[Thu Nov 08 13:27:25.298656 2018] [proxy:debug] [pid 16524] proxy_util.c(2175): AH00943: HTTPS: has released connection for (192.168.1.30)
[Thu Nov 08 13:27:25.298752 2018] [ssl:debug] [pid 16524] ssl_engine_io.c(1017): [client 2.231.118.170:54518] AH02001: Connection closed to child 10 with standard shutdown (server docs.chiara.org:443)
[Thu Nov 08 13:27:25.395640 2018] [socache_shmcb:debug] [pid 16511] mod_socache_shmcb.c(491): AH00831: socache_shmcb_store (0x1b -> subcache 27)
[Thu Nov 08 13:27:25.395670 2018] [socache_shmcb:debug] [pid 16511] mod_socache_shmcb.c(845): AH00847: insert happened at idx=0, data=(0:32)
[Thu Nov 08 13:27:25.395676 2018] [socache_shmcb:debug] [pid 16511] mod_socache_shmcb.c(850): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/207
[Thu Nov 08 13:27:25.395681 2018] [socache_shmcb:debug] [pid 16511] mod_socache_shmcb.c(512): AH00834: leaving socache_shmcb_store successfully
[Thu Nov 08 13:27:25.396624 2018] [ssl:debug] [pid 16511] ssl_engine_kernel.c(354): [client 2.231.118.170:53990] AH02034: Initial (No.1) HTTPS request received for child 2 (server docs.chiara.org:443)
[Thu Nov 08 13:27:25.396649 2018] [authz_core:debug] [pid 16511] mod_authz_core.c(835): [client 2.231.118.170:53990] AH01628: authorization result: granted (no directives)
[Thu Nov 08 13:27:25.396678 2018] [proxy:debug] [pid 16511] mod_proxy.c(1160): [client 2.231.118.170:53990] AH01143: Running scheme https handler (attempt 0)
[Thu Nov 08 13:27:25.396688 2018] [proxy:debug] [pid 16511] proxy_util.c(2160): AH00942: HTTPS: has acquired connection for (192.168.1.30)
[Thu Nov 08 13:27:25.396697 2018] [proxy:debug] [pid 16511] proxy_util.c(2213): [client 2.231.118.170:53990] AH00944: connecting https://192.168.1.30:9980/hosting/discovery to 192.168.1.30:9980
[Thu Nov 08 13:27:25.396757 2018] [proxy:debug] [pid 16511] proxy_util.c(2422): [client 2.231.118.170:53990] AH00947: connected /hosting/discovery to 192.168.1.30:9980
[Thu Nov 08 13:27:25.396988 2018] [proxy:error] [pid 16511] (111)Connection refused: AH00957: HTTPS: attempt to connect to 192.168.1.30:9980 (192.168.1.30) failed
[Thu Nov 08 13:27:25.397007 2018] [proxy:error] [pid 16511] AH00959: ap_proxy_connect_backend disabling worker for (192.168.1.30) for 0s
[Thu Nov 08 13:27:25.397014 2018] [proxy_http:error] [pid 16511] [client 2.231.118.170:53990] AH01114: HTTP: failed to make connection to backend: 192.168.1.30
[Thu Nov 08 13:27:25.397021 2018] [proxy:debug] [pid 16511] proxy_util.c(2175): AH00943: HTTPS: has released connection for (192.168.1.30)
[Thu Nov 08 13:27:25.397112 2018] [ssl:debug] [pid 16511] ssl_engine_io.c(1017): [client 2.231.118.170:53990] AH02001: Connection closed to child 2 with standard shutdown (server docs.chiara.org:443)
So the error is that the connection is refused because the attempt to connect to 192.168.1.30:9980 failed.
Please note that all firewalls are temporarily disabled!
Have I missed something during the installation and configuration?
How can I debug better why Collabora is not responding on 9980?
Many many thanks for your help
Chiara