Collabora via second reverse proxy

Hey guys!

I have a problem with my Nextcloud instance in connection with Collabora. My Nextcloud is in the network behind another computer that acts as a reverse proxy with apache. So my nextcloud cannot be reached directly from the outside but via the reverse proxy.

Now I have installed collabora as a docker container on the same host where the nextcloud is running. Everything works wonderfully in the internal network and collabora can be reached. Unfortunately, when I access it from the outside, I get a

“Not Found The requested URL was not found on this server.”

I think it has to do with my reverse proxy config.
I attach the two configs.

10.0.0.4 is the Nextcloud server on which collabora also runs in docker - ( only internal reachable ) - running apache

10.0.0.6 is the server accessible from the WWW (via port forwarding) - running apache

The Docker container was started with the following command:
sudo docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain = cloud \\. domain \\. com' -e "extra_params = - o: ssl.enable = false --o: ssl .termination = true "-e 'username = admin' -e 'password = admin' -e 'dictionaries = de en es ..' --restart always --cap-add MKNOD collabora / code

Can someone help me how to configure the reverse proxy correctly?
In the settings, the collabora server is displayed as reachable both externally and internally (even after saving again)

Greetings!

vHost file on nextcloud/collabora server:

<VirtualHost *:443>

ServerName office.spacyal.com

# Encoded slashes need to be allowed

SSLEngine on

SSLCertificateFile /home/office/ssl.cert

SSLCertificateKeyFile /home/office/ssl.key

SSLProtocol +TLSv1.2 +TLSv1.3

SSLCACertificateFile /home/office/ssl.ca

# keep the host

# static html, js, images, etc. served from loolwsd

# loleaflet is the client part of LibreOffice Online

SetEnvIf Host "^(.*)$" THE_HOST=$1

RequestHeader setifempty X-Forwarded-Proto https

RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e

ProxyAddHeaders Off

ProxyPassMatch (.*)(\/websocket)$ "ws://[10.0.0.4/$1$2](http://10.0.0.4/$1$2)"

ProxyPass / "http://10.0.0.4/"

ProxyPassReverse / "http://10.0.0.4/"

</VirtualHost>

inspired by: document-server-proxy/apache at master · ONLYOFFICE/document-server-proxy · GitHub

vHost file on external reachable server

 <VirtualHost 10.0.0.4:80> 

ServerName office.domain.com

ServerAdmin webmaster@domain.com

</VirtualHost>

<VirtualHost 10.0.0.4:443>

ServerAdmin webmaster@domaincom

ServerName office.domain.com

Options -Indexes

# Container uses a unique non-signed certificate

SSLProxyEngine On

SSLProxyVerify None

SSLProxyCheckPeerCN Off

SSLProxyCheckPeerName Off

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/ssloffice.cert

SSLCertificateKeyFile /etc/apache2/ssl/ssloffice.key

SSLProtocol +TLSv1.2 +TLSv1.3

SSLCACertificateFile /etc/apache2/ssl/ssloffice.ca

# Encoded slashes need to be allowed

AllowEncodedSlashes NoDecode

# Container uses a unique non-signed certificate

SSLProxyEngine On

SSLProxyVerify None

SSLProxyCheckPeerCN Off

SSLProxyCheckPeerName Off

# keep the host

ProxyPreserveHost On

# static html, js, images, etc. served from loolwsd

# loleaflet is the client part of Collabora Online

ProxyPass /loleaflet http://127.0.0.1:9980/loleaflet retry=0

ProxyPassReverse /loleaflet http://127.0.0.1:9980/loleaflet

# WOPI discovery URL

ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0

ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery

# Capabilities

ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0

ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities

# Main websocket

ProxyPassMatch "/lool/(.*)/ws$" ws://127.0.0.1:9980/lool/$1/ws nocanon

# Admin Console websocket

ProxyPass /lool/adminws ws://127.0.0.1:9980/lool/adminws

# Download as, Fullscreen presentation and Image upload operations

ProxyPass /lool http://127.0.0.1:9980/lool

ProxyPassReverse /lool http://127.0.0.1:9980/lool

</VirtualHost>