Support intro
Nextcloud version (12.0.10):
Operating system and version (CentOS 7):
Apache or nginx version (eg, Apache 2.4.27):
PHP version (5.6.25):
The issue you facing:
nextcloud user CAN create new rechdocumnets.
But documnets can NOT be opened with intenal server error.
Is this the first time you’ve seen this error? (Y/N):
N
Steps to replicate it:
1.Install nextcloud
2. Enable CollaboraOnline
3. Setting HttpPorxy and loolswd
The output of your Nextcloud log in Admin > Logging:
"url":"\/nextcloud\/index.php\/apps\/richdocuments\/index?fileId=12&requesttoken=nLUsYjfNa5ugmwoVHqeodUR%2Bn8Z7wXXEjUi3prK3enA%3D%3As%2BR%2BAUGJH83I4T9wV%2BXeIyou%2B%2FEi6jSD9C3Zw9%2BEDBU%3D","message":"Exception: {\"Exception\":\"GuzzleHttp\\\\Exception\\\\RequestException\",\"Message\":\"cURL error 51: Unable to communicate securely with peer: requested domain name does not match the server's certificate
I also captured https packet by wireshark and I can find a message TLSv1.2 73 Alert (Level: Fatal, Description: Bad Certificate)
I use same SSL related files for loolswd from nextcloud’s httpd which isn’t self certification file.
I also share SSL setting for httpd between loolwsd and nextcloud.
[ssl setting for httpd config]
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
#SSLProtocol all -SSLv2
SSLProtocol All -SSLv2 -SSLv3
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOWSSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
[porxy setting for httpd config]
AllowEncodedSlashes On
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
#ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
#ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws