Collabora setup with docker (linuxserver.io's letsencrypt)

Hi. I am trying to set up Nextcloud with Collabora, within Docker containers. I am using linuxserver.io’s letsencrypt container to easily expose my local services to the outside world.

I am having issues making Collabora work.

My Nextcloud is working well. This is my docker-compose.yml:

version: '3'

services:
  db:
    image: mariadb
    container_name: mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - /mnt/store/nextcloud/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=<my_root_password>
      - MYSQL_PASSWORD=<my_root_password>
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    networks:
      - db

  app:
    build: ./nextcloud
    container_name: nextcloud
    restart: always
    volumes:
      - /mnt/store/nextcloud/data:/var/www/html
    environment:
      - NEXTCLOUD_TRUSTED_DOMAINS=<my.domain.com>
    depends_on:
      - db
    networks:
      - letsencrypt_proxy
      - db

networks:
  letsencrypt_proxy:
    external: true
  db:

i adjusted the nginx revere proxy file according to linuxserver.io’s template for Nextcloud and it worked like a charm.

Now, Collabora. I add this to the earlier docker-compose.yml file:

  collabora:
    image: collabora/code
    container_name: collabora
    environment:
      - username=admin
      - password=<password>
      - server_name=<nextcloud\\.mydomain\\.com>
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
    volumes:
      - ./loolwsd.xml:/etc/loolwsd/loolwsd.xml
    cap_add:
      - MKNOD
    ports:
      - 9980:9980
    networks:
      - letsencrypt_proxy
    restart: always

My nginx reverse proxy is configured following https://www.collaboraoffice.com/code/nginx-reverse-proxy/ 2. SSL terminates at the proxy::

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name office.*;
    
    include /config/nginx/ssl.conf;
    
    # static files
    location ^~ /loleaflet {
        resolver 127.0.0.11 valid=30s;
        set $upstream_app collabora;
        set $upstream_port 9980;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Host $http_host;
    }

(and it goes on for all subfolders)

I can access to h_tps://office.mydomain.com/hosting/discovery or h_tps://office.mydomain.com/hosting/capabilities. I get a “Welcome to nginx!” for h_tps://office.mydomain.com. I see the admin console when I go to h_tps://office.bigdino.xyz/loleaflet/dist/admin/admin.html.

I can ping my collabora host from within the nextcloud container. I get a “OK” when I curl collabora:9980 from nextcloud.

Is my setup good so far?
How should I configure Nextcloud to make this work?
I have tried various combinations of h_tps://office.mydomain.com, h_tp://collabora:9980, with/without SSL ticked.
I then retrieve the automatically generated loolwsd.xml from collabora's /etc/loolwsd/ and tried to adjust it a bit. I tried to make it accept more IP ranges for good measures but that didn’t help. I tried to play with the ssl.enable and ssl.termination settings but that didn’t help, and I understand that false/true is what I need for my setup.

With these settings: using the external ht_ps://office.mydomain.com in the Nextcloud settings (with nothing else ticked), and the docker-compose.yml config given earlier, I see this in the logs when trying to open a libreoffice file in Nextcloud:
WRN Poco::Net::DNS::resolve("<my external home IP>") failed: Host not found: <my external home IP>| wsd/LOOLWSD.cpp:2161

Can you help me for what I think are my final steps please? Thank you.

as of the collabora container i only use this settings:

  collabora:
    image: collabora/code
    container_name: collabora
    environment:
      - domain=<nextcloud\\.mydomain\\.com>
    cap_add:
      - MKNOD
    networks:
      - letsencrypt_proxy
    restart: always

in the nginx conf of the nextcloud container (!) i insert

        location ^~ /loleaflet {
            proxy_pass https://collabora:9980;
             proxy_set_header Host $http_host;
        }
        
        location ^~ /hosting/discovery {
            proxy_pass https://collabora:9980;
            proxy_set_header Host $http_host;
        }
         
        location ^~ /lool {
            proxy_pass https://collabora:9980;
            proxy_set_header Host $http_host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        } 

and in the nextcloud collabora app i configure:

shell: '{{ docker_occ_cmd }} config:app:set richdocuments wopi_url --value https://{{ nextcloud_server_fqdn }}:443'

in this case you don’t need an extra domain for collabora. i assume that you run both container on the same host.

if you can read ansible/jinja2 you’ll find this settings here:

Thanks for the tip. I gave it a try, but the result was the same as before :confused:

https://github.com/nextcloud/richdocuments/issues/917#issuecomment-619104454 and below, that solved it for me (and other people too, apparently)