Hello,
Iāve been finding many issues similar to mine on this forum, but none has been able to resolve mine so here goes -
Running a nextcloud + collabora instance via docker-compose from an Ubuntu 20.04 system. Both NC and collabora are meant to run behind a reverse proxy (which is running on another machine). NC runs fine, but -
- when I enter the collabora fqdn into āuse your own serverā option, I get a ācould not establish connectionā error
- instead, when I enter the collabora local ip + port instead, the server becomes reachable but I get an ssl error if i try to create a doc.
I know that its some kind of ssl setup issue, but I canāt get to the root of it. Here is my docker-compose.yml -
version: '3.7'
networks:
nextcloud:
services:
nextcloud:
image: nextcloud
container_name: nextcloud
networks:
- nextcloud
ports:
- "192.168.0.150:8080:80"
volumes:
- ${NEXTCLOUD_ROOT}/html:/var/www/html
- ${NEXTCLOUD_ROOT}/data:/srv/nextcloud/data
extra_hosts:
- "${NEXTCLOUD_FQDN}:${NEXTCLOUD_IPADDRESS}"
- "${COLLABORA_FQDN}:${NEXTCLOUD_IPADDRESS}"
depends_on:
- mariadb
- redis
environment:
- NEXTCLOUD_TRUSTED_DOMAINS='${NEXTCLOUD_FQDN}'
- NEXTCLOUD_DATA_DIR=/srv/nextcloud/data
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_HOST=nextcloud-mariadb
- REDIS_HOST=nextcloud-redis
restart: always
mariadb:
image: mariadb
container_name: nextcloud-mariadb
restart: always
volumes:
- ${NEXTCLOUD_ROOT}/mariadb:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
networks:
- nextcloud
redis:
image: redis
container_name: nextcloud-redis
networks:
- nextcloud
restart: always
coturn:
image: instrumentisto/coturn
container_name: nextcloud-coturn
restart: always
ports:
- "3478:3478/tcp"
- "3478:3478/udp"
networks:
- nextcloud
command:
- -n
- --log-file=stdout
- --min-port=49160
- --max-port=49200
- --realm=${NEXTCLOUD_FQDN}
- --use-auth-secret
- --static-auth-secret=${COTURN_SECRET}
collabora:
image: collabora/code
container_name: nextcloud-collabora
restart: always
networks:
- nextcloud
ports:
- "192.168.0.150:9980:9980"
extra_hosts:
- "${NEXTCLOUD_FQDN}:${NEXTCLOUD_IPADDRESS}"
- "${COLLABORA_FQDN}:${NEXTCLOUD_IPADDRESS}"
environment:
- 'domain=${NEXTCLOUD_FQDN}'
- 'dictionaries=en'
- "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
cap_add:
- MKNOD
tty: true
Iāve added the āextra_params=āo:ssl.enable=false --o:ssl.termination=trueā line to reflect that the ssl for my collabora fqdn terminates at the reverse proxy, which communicates with the local ip and port of collabora
This is my conf file for the collabora fqdn reverse proxy. Note that this conf file resides on another machine that acts as a proxy server -
server {
if ($host = scribble.domain.name) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name scribble.domain.name;
return 404; # managed by Certbot
}
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.name/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.name/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
access_log /var/log/nginx/scribble.access.log;
error_log /var/log/nginx/scrib.error.log;
# static files
location ^~ /loleaflet {
proxy_pass http://192.168.0.150:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://192.168.0.150:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://192.168.0.150:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass http://192.168.0.150:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass http://192.168.0.150:9980;
scribble.domain.name redirects to nextcloud access to untrusted domain page. Essentially, collabora is set up and good to go locally but is unreachable by its fqdn.
Also, /var/log/nginx/scribble.access.log and scribble.error.log are virtually empty.
Please help me out! Iāll post other debug logs as required