Collabora server unreachable

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • v10.14.0
  • Operating system and version (e.g., Ubuntu 24.04):
    • debian 12
  • Is this the first time you’ve seen this error? (Yes / No):
    • Yes
  • When did this problem seem to first start?
    • from migration
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • AIO

Summary of the issue you are facing:

I migrated an instance of AIO that was running on a vps to a self-hosted server.
So far I can access it through my local network and from the outside through a domain name. I am using the AIO interface to have Collabora enabled, which was enough on my previous instance (if I’m not forgetting an extra step I might have done before), but on this one it seems the collabora server is not reachable. I tried to add the CODE app without result. The error seems to come from the mastercontainer not being able to reach the collabora one.

I pasted the log I have, but so far I’m confused, is this issue coming from my server configuration or rather from my home network ?

Log entries

Nextcloud

Failed to fetch discovery: cURL error 28: Connection timed out after 5002 milliseconds (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://my.domain/hosting/discovery 

Mastercontainer

sudo docker exec -it nextcloud-aio-nextcloud bash
Warning: You have logged in into the Nextcloud container as root user.
See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands if you want to run occ commands.
Apart from that, you can use 'sudo -E -u www-data php occ <your-command>' in order to run occ commands.
Of course <your-command> needs to be substituted with the command that you want to use.
35509d7bf977:/var/www/html# curl https://my.domain/hosting/discovery
curl: (35) TLS connect error: error:00000000:lib(0)::reason(0)

Any hint appreciated, thank you in advance :folded_hands:

Hii @worms

It looks like the Collabora container can’t reach your domain due to a TLS or network issue. This often happens after migrating AIO to a local setup where NAT loopback isn’t working.

Try the following:

  1. DNS check inside container:

    docker exec -it nextcloud-aio-nextcloud bash
    ping my.domain
    curl -v https://my.domain
    
  2. If it fails, add to /etc/hosts inside the container:

    192.168.x.x my.domain
    
  3. Check if your cert is valid:

    curl -Iv https://my.domain/hosting/discovery
    
  4. Access https://my.domain/hosting/discovery from browser – you should see XML. If not, something’s wrong with your SSL or routing.

  5. Check Traefik logs for errors:

    docker logs nextcloud-aio-traefik
    docker logs nextcloud-aio-collabora
    

Also, confirm Collabora is enabled in the AIO interface (https://my.domain:8080).

1 Like

Hi @Darshan , I tried what you suggested

  1. DNS check within the container
    ping goes well, IP is resolved
    curl results in
* Host my.domain:443 was resolved.
* IPv6: (none)
* IPv4: xx.xx.xx.xx
*   Trying xx.xx.xx.xx:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: /etc/ssl/certs
* TLS connect error: error:00000000:lib(0)::reason(0)
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to my.domain:443 
* closing connection #0
curl: (35) TLS connect error: error:00000000:lib(0)::reason(0)
  1. Works after adding the IP to /etc/hosts, and in the settings I have this status
Collabora Online server is reachable.

Collabora Online Development Edition 24.04.13.3 b7ba9a23ba

URL used by the browser: https://old.domain
Nextcloud URL used by Collabora: https://my.domain (Determined from the browser URL)
  1. Certificate check states * SSL certificate verify ok.
  2. I do have an XML file at https://my.domain/hosting/discovery
  3. I don’t have any traefik container, but the collabora one is full of timeout errors, which makes sense.

Collabora is indeed enabled in the AIO interface.

When I try to open a document I encounter a Failed to load Nextcloud Office - please try again later error and have this in the collabora container

wsd-00007-00029 2025-05-20 15:49:58.460236 +0000 [ websrv_poll ] WRN  #30: CheckTimeout: Timeout while requesting [GET my.domain/index.php/apps/richdocuments/wopi/files/106645_ocv4bgnvlopj?access_token=cbctXONghUl9nVFKzOW6lK5jVyrjE06k&access_token_ttl=0] after 34581ms| net/HttpRequest.hpp:1813
wsd-00007-00029 2025-05-20 15:49:58.460265 +0000 [ websrv_poll ] ERR  #30: WOPI::CheckFileInfo failed for URI [https://my.domain/index.php/apps/richdocuments/wopi/files/106645_ocv4bgnvlopj?access_token=cbctXONghUl9nVFKzOW6lK5jVyrjE06k&access_token_ttl=0]: 0 (Unknown) . Headers: 	Body: []| wsd/wopi/CheckFileInfo.cpp:102
wsd-00007-00029 2025-05-20 15:49:58.460271 +0000 [ websrv_poll ] ERR  #30: Invalid URI or access denied to [https://my.domain/index.php/apps/richdocuments/wopi/files/106645_ocv4bgnvlopj?access_token=cbctXONghUl9nVFKzOW6lK5jVyrjE06k&access_token_ttl=0]| wsd/wopi/CheckFileInfo.cpp:117

The status of collabora is weird, it still somehow reminds the old domain name from before I migrated to this server. And manual edits to /etc/hosts will be lost in case of reboot right ?

I’m facing a similar issue after changing routers that doesn’t support NAT hairpinning directly.

Since updating the hosts file inside nextcloud-aio-nextcloud does appear to make it work. What would be a better solution, since if you need to restart the containers all the way the changes would be lost?
Is there a better configuration?

Appreciate any help this issue took me a while to figure out after updating!

1 Like

you can implement “hairpin” dns aka splitbraindns using another DNS server like pihole or AdguardHome see 101: Split-Brain DNS (split-horizon). Beware some router also add rebind_protection which could brake things as well

1 Like

Hi @wwe

I tried to follow this tutorial before sending my request, but something is likely off. My home internet box allows me to redirect port 443 to my internal server’s port 443. I also have a pihole instance redirecting the domain to my server’s internal IP (192.168.xx.xx). Isn’t this what is described in the split-brain DNS tutorial ? I have the feeling I’m either missing something obvious or my box simply can’t be configured the appropriate way.