Collabora without a domain name (self-signed)

Hi there,

I need some help installing Collabora. I am hosting on a VPS and I did not buy a domain name, so I am using only self-signed certificates.

I launch Collabora like this:

sudo docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=<my ip>/nextcloud' --restart always --cap-add MKNOD collabora/code

Yet, when I go to <my ip>/collabora:9980 or <my ip>:9980, I get a 404 error.

Below are my vhosts.

Thanks and happy new year!

/etc/apache2/sites-available/nextcloud.conf:

Alias /nextcloud "/var/www/nextcloud/"

<Directory /var/www/nextcloud/>
  Require all granted
  Options FollowSymlinks MultiViews
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud

</Directory>

/etc/apache2/sites-available/collabora.conf:

<VirtualHost *:443>
  ServerName <my ip>/collabora:443

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile    /etc/ssl/private/collabora-cert-file.crt
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool

  # Endpoint with information about availability of various features
  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
</VirtualHost>

That won’t work. Only 127.0.0.1:9980/collabora. because of -p 127.0.01:9980:9980 the service in the container is listening only to that up address.

BTW: Are you sure port 9980 speaks https?
If not you have to change this in your Apache config.

e.g. here

I have changed it to docker run -t -d -p <my ip>:9980:9980 ... and now I get a simple “OK” when I go to <my ip>:9980. Anything else in the forn <my ip>:9980/foo gets me a white page (no error, though).

I’m sorry, but I’m not familiar with apache configuration, can you be a little more specific what you mean?

Thanks

you should revered this to 127.0.0.1. Otherwise your collabora server would be reachable from outside. (if the firewall port is open.)
I only wanted to express that your test is wrong.

me too. up to now I have only a working nginx config in my playbooks to setup nc&collabora. sorry. if you don’t mind nginx instead of apache you may try:

Thanks, that worked! The only thing I had to change was to check option Disable certificate verification (insecure) in the admin panel (in the Collabora Online section).