I’m quite blocked on the final configuration of a collabora server and nextcloud. When I try to set my server I get this error:
[richdocuments] Error: GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: self signed certificate (see
libcurl - Error Codes) for https://collabora.server.com/hosting/capabilities at <>
0. /var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 158
GuzzleHttp\Handler\CurlFactory::createRejection("*** sensitive parameters replaced **
/var/www/html/3rdparty/guzzlehttp/guzzle/src/Handler/CurlFactory.php line 110*
GuzzleHttp\Handler\CurlFactory::finishError([“GuzzleHttp\Handler\CurlHandler”], "*** sensitive parameters replaced **
Nextcloud and Collabora are on a docker image behind a nginx proxy (manager), letsencrypt works ok and certificates are ok:
https://collabora-server.com. → I get: OK
I have a warning about WOPI:
You have not configured the allow-list for WOPI requests. Without this setting users may download restricted files via WOPI requests to the Nextcloud server. Click here for more info
but sincerely I have no idea what do.
Thanks for your help
May 24, 2023, 9:44pm
Are you running that cURL test from inside of the Nextcloud container?
Essentially, make sure that your Nextcloud container is not bypassing the reverse proxy to reach the Collabora container.
Depending on what instructions you followed, it is possible for the Collabora container to have HTTPS enabled on it as well, but it would not be using the LE certs deployed on your reverse proxy.
Edit: To test my theory: IIRC there’s also an app setting called
disable_certificate_verification or the like (in the richdocuments app in NC). I believe something for it appears in the web UI in the settings area when you’ve set NC Office to use your own server (rather than the built in one) so you don’t need even need to do it from the CLI.
This will turn off certificate validation at the NC server level for the capabilities check. If things work you can then decide whether you’re comfortable with the two internal containers talking to each other without verification of certificates or not. If so, you’re done. If not, you’ll have to make adjustment to your environment so that NC is not bypassing the proxy.
May 25, 2023, 5:25am
Have you added the chain certificate as well (three certificate files).
if collabobara is set to use port 443 make sure the port is not already bound to a server.
Thank you for answering.
I’ m not running the command inside the container. This was launched outside.
I also tried to disable the certificate as you suggested but I still getting the same error.
Thank you for the support.
This is my docker file. I’m using port 9980
# add this if the network is already existing!
- domain=cloud.euredomain.com #Gebt hier eure Seafile Domain an
- username=admin #Nutzername eingeben
- password=test #Passwort eingeben
- “extra_params=–o:ssl.enable=false --o:ssl.termination=true”
May 26, 2023, 6:30am
We had to change Ngnix port from 443 since it was already occupied
I had a similar issue, running Nextcloud on an Ubuntu server with Apache, reverse proxy, and an SSL certificate for Collabora on a Docker image. The trick for me was to add port 443.
Of course, you have to replace the nextcloud domain name with yours.
sudo docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=nextcloud\\.com:443' -e 'dictionaries=de en es sv ..' -e 'TZ=Europe/Stockholm' --restart always --cap-add MKNOD --privileged collabora/code
Thank you for all your help.
Unfortunately still getting the same error, also opening por 443 and adding “domain=nextcloud\.pippo\.com:443” in the docker-compose file.
Any other hint or debug flag that I can sue to understand better?
May 31, 2023, 5:34am
Could be a number of reasons.
If you are using Let’s Encrypt, have you installed three cert files, key, cert and chain.
You should use aliasgroup1 instead of domain.
What are your Nginx proxy manager settings.
if I launch
inside the next cloud container I get this error
curl: (60) SSL certificate problem: self signed certificate
outside the next cloud container I get:
May 31, 2023, 6:10pm
Shouldn’t proxy host settings ‘Scheme’ be set to https?
I changed but still same error. One question, why I do not get the lets encrypt certificate from inside the docker container?
June 1, 2023, 4:48pm
I have downloaded my domain cert and set it as a custom cert in the proxy manager.
I don’t need this string…