Collabora Setup Issues - Docker with Let's Encrypt Reverse Proxy

Hi. I am running NextCloud & Collabora in Docker with Let’s Encrypt handling the reverse proxy. I started with this guide. I can access https://host/loleaflet/dist/admin/admin.html and https://host/hosting/discovery. I’m at a loss here.

When I open a file in NextCloud I get an error message:

https://host/hosting/discovery resulted in a 404 not found response

I checked the nginx log in Let’s Encrypt and have the error message below.

[error] 387#387: 1 connect() failed (111: Connection refused) while connecting to upstream, client: ipAddr, server: office., request: “GET /hosting/discovery HTTP/2.0”, upstream: “http://ip:9980/hosting/discovery”, host: “office.example.com

If I go to https://office.example.com/loleaflet/97c4185/loleaflet.html I get an error message:

Oops, there is a problem connecting to LibreOffice Online: [Exception… “” nresult: “0x805e0006 ()” location: “JS frame :: https://office.example.com/loleaflet/97c4185/bundle.js :: connect :: line 41” data: no]
Wrong or missing WPISrc parameter, please contact support.

Docker Compose:

collabora:
image: collabora/code
container_name: collabora
ports:
- 9980:9980
environment:
- domain=office\.example\.com
- server_name=office\.example\.com
- extra_params=–o:ssl.enable=false
- VIRTUAL_PROTO=http
- username=username
- dns=192.168..
- password=password
restart: always
cap_add:
- MKNOD

Edit: if it helps I’m running DockStarter.

Let’s Encrypt Ngix Config:

server {

listen 443 ssl;
listen [::]:443 ssl;

server_name office.*;

include /config/nginx/ssl.conf;

resolver 127.0.0.11 valid=30s;
set $upstream_collabora collabora;

# static files
location ^~ /loleaflet {
    proxy_pass http://$upstream_collabora:9980;
    proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
    proxy_pass http://$upstream_collabora:9980;
    proxy_set_header Host $http_host;
}

# Capabilities
location ^~ /hosting/capabilities {
    proxy_pass http://$upstream_collabora:9980;
    proxy_set_header Host $http_host;
}

# main websocket
location ~ ^/lool/(.*)/ws$ {
    proxy_pass http://$upstream_collabora:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
}

# download, presentation and image upload
location ~ ^/lool {
    proxy_pass http://$upstream_collabora:9980;
    proxy_set_header Host $http_host;
}

# Admin Console websocket
location ^~ /lool/adminws {
    proxy_pass http://$upstream_collabora:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
}

}

did you try https:// ?

my working setup here:

Thanks for the reply and working example. I started out with HTTPS yesterday and moved to HTTP after I saw the docker setup disabling SSL at Quick tryout with Nextcloud docker. I get the same error message in nginx and my mobile app.

I’m not sure exactly where it is failing so hopefully sharing the docker IP from the nginx log helps. It looks like Let’s Encrypt is having trouble sending the request to the collabora container. This is weird because I have 5 other proxies working just fine using the same configuration.

[error] 387#387: 1 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.200 (my devices IP), server: office., request: “GET /hosting/discovery HTTP/2.0”, upstream: “http://172.18.0.10:9980/hosting/discovery”, host: “office.example.com

Edit: if it’s any help here’s the tail end of the collabora logs.

> wsd-00018-00018 2019-12-13 13:40:44.678255 [ loolwsd ] INF  Adding trusted WOPI host: [172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}].| wsd/Storage.cpp:106
> wsd-00018-00018 2019-12-13 13:40:44.678269 [ loolwsd ] INF  Adding trusted WOPI host: [192\.168\.[0-9]{1,3}\.[0-9]{1,3}].| wsd/Storage.cpp:106
> wsd-00018-00018 2019-12-13 13:40:44.678282 [ loolwsd ] INF  Adding blocked WOPI host: [192\.168\.1\.1].| wsd/Storage.cpp:111
> wsd-00018-00018 2019-12-13 13:40:44.678923 [ loolwsd ] INF  AdminModel ctor.| wsd/AdminModel.hpp:212
> wsd-00018-00018 2019-12-13 13:40:44.678943 [ loolwsd ] INF  Admin ctor.| wsd/Admin.cpp:365
> wsd-00018-00018 2019-12-13 13:40:44.679008 [ loolwsd ] TRC  Total system memory:  49445064 KB.| wsd/Admin.cpp:368
> wsd-00018-00018 2019-12-13 13:40:44.679130 [ loolwsd ] TRC  Total available memory: 39556051 KB (memproportion: 80%).| wsd/Admin.cpp:375
> wsd-00018-00018 2019-12-13 13:40:44.679986 [ loolwsd ] TRC  Total memory used: 20023 KB.| wsd/Admin.cpp:378
> wsd-00018-00018 2019-12-13 13:40:44.680037 [ loolwsd ] INF  Loolwsd version details: 4.0.9 - 97c4185| wsd/LOOLWSD.cpp:3127
> wsd-00018-00018 2019-12-13 13:40:44.680055 [ loolwsd ] INF  SSL Cert file: /etc/loolwsd/cert.pem| wsd/LOOLWSD.cpp:1193
> wsd-00018-00018 2019-12-13 13:40:44.680070 [ loolwsd ] INF  SSL Key file: /etc/loolwsd/key.pem| wsd/LOOLWSD.cpp:1196
> wsd-00018-00018 2019-12-13 13:40:44.680080 [ loolwsd ] INF  SSL CA file: /etc/loolwsd/ca-chain.cert.pem| wsd/LOOLWSD.cpp:1199
> wsd-00018-00018 2019-12-13 13:40:44.680089 [ loolwsd ] INF  SSL Cipher list: | wsd/LOOLWSD.cpp:1202
> wsd-00018-00018 2019-12-13 13:40:44.680426 [ loolwsd ] FTL  Cannot load CA file/directory at /etc/loolwsd/ca-chain.cert.pem (error:02001002:system library:fopen:No such file or directory)| wsd/LOOLWSD.cpp:3405
> Cannot load CA file/directory at /etc/loolwsd/ca-chain.cert.pem (error:02001002:system library:fopen:No such file or directory)
> wsd-00018-00018 2019-12-13 13:40:44.680543 [ loolwsd ] INF  ~Admin dtor.| wsd/Admin.cpp:38
> wsd-00018-00018 2019-12-13 13:40:44.680558 [ loolwsd ] TRC  History:
> { "documents" : [], "expiredDocuments" : []}
> | wsd/AdminModel.cpp:183
> wsd-00018-00018 2019-12-13 13:40:44.680568 [ loolwsd ] INF  AdminModel dtor.| wsd/AdminModel.cpp:184

I just learned about Only Office from your Github account. Only Office so far appears to be better documented. I’m going to change gears and try Only Office. Only thing is that I cannot find the difference between Document Server and Community Server. Is CS required for DS?