The problem remains. I updated the application, made changes to the host configuration and restarted Apache.
I even compared character configuration of the host with the configuration on the site, the differences are only in the address of the site and the path to the certificates.
In the settings of the Collabora Online I enter the server address I click save it shows that everything is fine but it costs to refresh the page or re-enter the settings everything stops working.
Returned to version 3.5.3
I am using self-signed certificate for both cloud and office server. And those works fine just before update to 3.6.0, or after downgrade to 3.5.3.
The missing of "ProxyPass /hosting/capabilities " should not be the only reason.
In my system, those "ProxyPass /hosting/capabilities " always exist, and the docker Collabora Online server is the new installed one. The 2.5.3 works fine, however not for 3.6.0.
Hi,
I run a nextcloud installation via the same script.
What exactly did you do to get it working?
I tried appending the 2 lines at the end of office.mydomain.com.conf but that didnât work for me.
<Directory /var/www>
Options -Indexes
</Directory>
# TLS configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateChainFile /etc/letsencrypt/live/office.mydomain.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/office.mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/office.mydomain.com/privkey.pem
SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/office.mydomain.com/dhparam.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA38>
SSLHonorCipherOrder on
SSLCompression off
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
# Endpoint with information about availability of various features
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
</VirtualHost>
edit the /etc/apache2/sites-available/collabora.my-domain.net.conf with the content below.
then restart apache2.
The only differences seems to be the position of the 2 lines, not at the end for me, and the content of the SSLCipherSuite variable (yours seems to be cut at position 189 and end with >) :
<VirtualHost *:443>
ServerName collabora.my-domain.net:443
<Directory /var/www>
Options -Indexes
</Directory>
# TLS configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateChainFile /etc/letsencrypt/live/collabora.my-domain.net/chain.pem
SSLCertificateFile /etc/letsencrypt/live/collabora.my-domain.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/collabora.my-domain.net/privkey.pem
SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/collabora.my-domain.net/dhparam.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Endpoint with information about availability of various features
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
</VirtualHost>
I have found the right reason of why canât connect to my Collabora Online server, however donât know how to solve it.
Reason: in richdocument 3.6.0, canât set ports to others instead of 443 ?
In my wan network, port 443 is shielded. So that I set a port forwarding rule in my router.
External port: 54321, Internal Port: 443, Protocol: tcp , Ip: Ip of my centos server
and then using the External port ( https://office.domain.name:54321 ) to vist my Collabora Online server form internet. It works fine in richdocument 3.5.3.
Iâm running Collabora Office not in a container and Iâm getting this issue with the 3.6.0 app.
My reverse proxy conf is nearly identical (aside from some letsencrypt settings) to c.caterinaâs and one_playerâs settings.
Iâm not sure if itâs relevant, but Iâm also getting
May 26 09:15:15 myhost loolwsd[27300]: wsd-27300-27417 2020-05-26 13:15:15.625710 [ websrv_poll ] ERR Socket #22 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:291
May 26 09:15:15 myhost loolwsd[27300]: wsd-27300-27417 2020-05-26 13:15:15.625799 [ websrv_poll ] ERR Error while handling poll for socket #22 in websrv_poll: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request| net/Socket.cpp:308
May 26 09:15:15 myhost loolwsd[27300]: wsd-27300-27417 2020-05-26 13:15:15.699817 [ websrv_poll ] ERR Socket #22 SSL BIO error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (0: Success)| ./net/SslSocket.hpp:291
From loolwsd (journalctl | grep loolwsd).
Iâm debating keeping Collabora Online running given the issues I get updating loolwsd every time and having to watch the Nextcloud App version so closely.
@C.Catarina perhaps the version of collabora is an issue.
I also did the changes by the above users.
The most frustrating thing is , it forces to update the collabora package to 3.6.0 after detecting more than 100 users in setup.
The logs suggests the reverse proxy is getting 403 --> Access denied.
After snap was updated to the last version, Collabora stop work.
Get error - Could not establish a connection to the Collabora Online server.
No firewall. All worked fine before the update.