Some more error debugging:
https://cloud.techandme.se/lool works
https://cloud.techandme.se/loleaflet doesnāt exist??
https://cloud.techandme.se/hosting/discovery works
Same result if I run it locally with the portnumberā¦
I need your help guys
this is my nginx
server {
listen 443 ssl;
server_name hbloffie;
ssl_certificate /etc/nginx/ssl/hbloffice.crt;
ssl_certificate_key /etc/nginx/ssl/hbloffice.key;
# static files
location ^~ /loleaflet {
proxy_pass https://127.0.0.1:9980;
proxy_redirect off;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass https://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
i only see nginx index no redirect to collabora thx for the help
Anyone that have solved this yet?
Okay, so with the new Collabora app it just says āAccess forbiddenā. Like this:
cc @LukasReschke (at least this is not the IRC channel 
)
What should I do, does Collabora support this configuration?
In my case it was that docker was no longer starting on boot. Once I started it, the Access Forbidden went away.
Docker or the container? Cause the --restart always in the guide should take care of the container.
Docker. When Iāve gotten that message in the past, itās usually been because Docker either shut down for whatever reason and never started after a reboot.
Ok, progressā¦
I added 192.168.4.111 office.techandme.se to /etc/hosts and now I donāt get āAccess Deniedā anymore. Though it stalls when trying to connect.
Also running a tcpdump looks like this:
22:43:03.142260 IP 192.168.4.201.50424 > 172.17.0.2.9980: Flags [S], seq 2710338342, win 29200, options [mss 1460,sackOK,TS val 219377322 ecr 0,nop,wscale 7], length 0
22:43:03.142308 IP 172.17.0.2.9980 > 192.168.4.201.50424: Flags [S.], seq 2180839642, ack 2710338343, win 28960, options [mss 1460,sackOK,TS val 49643 ecr 219377322,nop,wscale 7], length 0
22:43:03.142378 IP 192.168.4.201.50424 > 172.17.0.2.9980: Flags [.], ack 1, win 229, options [nop,nop,TS val 219377322 ecr 49643], length 0
22:43:03.142439 IP 192.168.4.201.50424 > 172.17.0.2.9980: Flags [P.], seq 1:306, ack 1, win 229, options [nop,nop,TS val 219377322 ecr 49643], length 305
22:43:03.142454 IP 172.17.0.2.9980 > 192.168.4.201.50424: Flags [.], ack 306, win 235, options [nop,nop,TS val 49643 ecr 219377322], length 0
22:43:03.144566 IP 172.17.0.2.9980 > 192.168.4.201.50424: Flags [P.], seq 1:2190, ack 306, win 235, options [nop,nop,TS val 49644 ecr 219377322], length 2189
22:43:03.144645 IP 192.168.4.201.50424 > 172.17.0.2.9980: Flags [.], ack 1449, win 251, options [nop,nop,TS val 219377322 ecr 49644], length 0
Where does 172.17.0.2 come from, and do I need to add it somewhere in the Server block in Nginx?
Theese are my current configs:
APACHE
<VirtualHost 192.168.4.111:443>
ServerName office.techandme.se
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/ssl/techandme/techandme_wild.pem
SSLCertificateKeyFile /etc/ssl/techandme/techandme_wild.key
SSLProtocol all
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
# Encoded slashes need to be allowed
AllowEncodedSlashes On
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://192.168.4.111:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://192.168.4.111:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://192.168.4.111:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://192.168.4.111:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://192.168.4.111:9980/lool/$1/ws
# Admin Console websocket
ProxyPass /lool/adminws wss://192.168.4.111:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://192.168.4.111:9980/lool
ProxyPassReverse /lool https://192.168.4.111:9980/lool
</VirtualHost>
NGINX
server {
error_page 404 500 502 503 504 /office-error.html;
location = /office-error.html {
root /usr/share/nginx/html;
internal;
}
real_ip_header X-Forwarded-For;
real_ip_recursive on;
listen 192.168.4.201:443 ssl http2;
ssl on;
ssl_certificate /etc/nginx/ssl/techandme/techandme_wild.pem;
ssl_certificate_key /etc/nginx/ssl/techandme/techandme_wild.key;
# ssl_certificate /etc/letsencrypt/live/office.techandme.se/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/office.techandme.se/privkey.pem;
ssl_dhparam /etc/nginx/sites-available/cloudflare_ip/office.techandme/office-dhparams.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
# Only use safe chiphers
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
server_name office.techandme.se;
set $upstream 192.168.4.111;
## Collabora ##
location ^~ /loleaflet {
proxy_pass https://$upstream:9980;
proxy_set_header Host $http_host;
proxy_buffering off;
}
location ^~ /hosting/discovery {
proxy_pass https://$upstream:9980;
proxy_set_header Host $http_host;
proxy_buffering off;
}
location ^~ /lool {
proxy_pass https://$upstream:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_buffering off;
}
}
server {
listen 192.168.4.201:80;
server_name office.techandme.se;
return 301 https://office.techandme.se$request_uri;
}
NGINX main domain
server {
# Cloudflare IP that is masked by mod_real_ip
error_page 404 500 502 503 504 /cloud-error.html;
location = /cloud-error.html {
root /usr/share/nginx/html;
internal;
}
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 199.27.128.0/21;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
listen 192.168.4.201:443 ssl http2;
ssl on;
ssl_certificate /etc/nginx/ssl/techandme/techandme_wild.pem;
ssl_certificate_key /etc/nginx/ssl/techandme/techandme_wild.key;
# ssl_certificate /etc/letsencrypt/live/cloud.techandme.se/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/cloud.techandme.se/privkey.pem;
ssl_dhparam /etc/nginx/sites-available/cloudflare_ip/cloud.techandme/cloud-dhparams.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
# Only use safe chiphers
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
server_name cloud.techandme.se;
set $upstream 192.168.4.111;
## Spreed ME ##
location /webrtc/ws {
proxy_pass https://$upstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering on;
proxy_ignore_client_abort off;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
## Nextcloud ##
location / {
proxy_pass_header Authorization;
proxy_pass https://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_ssl_session_reuse off;
}
}
server {
listen 192.168.4.201:80;
server_name cloud.techandme.se;
return 301 https://cloud.techandme.se$request_uri;
}
APACHE main domain
<VirtualHost 192.168.4.111:443>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
SSLEngine on
### YOUR SERVER ADDRESS ###
ServerAdmin daniel@techandme.se
ServerName cloud.techandme.se
ServerAlias 192.168.4.111
### SETTINGS ###
DocumentRoot /var/www/nextcloud
<Directory /var/www/nextcloud>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Satisfy Any
</Directory>
<IfModule mod_dav.c>
Dav off
</IfModule>
<Directory "/var/ncdata">
# just in case if .htaccess gets disabled
Require all denied
</Directory>
### SSL CONFIG ###
SSLCertificateFile /etc/ssl/techandme/techandme_wild.pem
SSLCertificateKeyFile /etc/ssl/techandme/techandme_wild.key
# SSLCertificateChainFile /etc/ssl/techandme/certificate/certificate.ca.crt
</VirtualHost>
ISSUE SOLVED!
It was my firewall that blocked traffic on port 443 between Collabora and my Nextcloud.
Finally!
Hi
(First post so not used to the Markdown yet)
Solved it another way.
To make the docker take care of the incoming connection on the port bind it to 0.0.0.0 with this
docker -d -p 9980:9980 -e ādomain=sub\.domain\.tldā --restart always --cap-add MKNOD collabora/code
Then add the locations in the Nginx proxy and pass it to the NC host on the docker port using the defined upstream
location ^~ /loleaflet {
proxy_pass https://:9980$upstream;
proxy_set_header Host $http_host;
Hello i almost donde but now i have this error https://gyazo.com/fb26d63ab19987a15b0a4c58aebf2f60
WebSocket connection to 'wss://10.6.109.65/lool/https%3A%2F%2Fhblbox%2Fapps%2Frichdocuments%2Fwopi%2ā¦i7Q6qlguGdmrlZiufva5waEu7RbK%26access_token_ttl%3D0%26permission%3Dedit/ws' failed: Error during WebSocket handshake: Unexpected response code: 400
im using Nginx i can enter to admin sonsole of collabora but i can create or view document any ideas
Iām using Nginx Reverse Proxy to an Apache backend. Do you do the same?
It could be a firewall setting, Iām not 100% sure, but that solved it for me at least.
No im using only nginx conf
Then use the config files in this post. They should work out of the box.
i know but i have that error in the browser ,
this is my nginx conf
server {
listen 443 ssl;
server_name 10.6.109.65;
ssl_certificate /etc/nginx/ssl/10.6.109.65.crt;
ssl_certificate_key /etc/nginx/ssl/10.6.109.65.key;
proxy_buffering off;
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# Main websocket
location ~ /lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 86400s;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# Main websocket
location ~ /lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 86400s;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 86400s;
}
# download, presentation and image upload
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
}
Hi :
@enoch85 @SirNolaan
can we delpoy Collabora Online Server in Local Area Network Environment
I donāt have public IP, here domain must be access in WAN?
No, itās not possible afaik.
A virtual machine of CODE bundled with a demo ownCloud server: CODE VM (706 MB) (torrent file) and Setup Instructions.
but this CODE ļ¼¶ļ¼ can open doc on web in LAN , new Edition canāt support?
I donāt think that old release would be very efficient.
You could setup a CODE VPS online and use your internet connection for users to access the CODE app.
Never the less, CODE has a hard limit of 10 open documents and 20 connections per container and also youāll be limited on upload and download speed, since documents would have to transfer over the internet connection.
Could you share with us what is the motivation for using web applications on a LAN environment, instead of standalone LibreOffice installations?