Error opening files with collaboration after starting connection

log collabora trace.pdf (119,3 Ko)
docker/portainer installation with multiple stacks (IP host

1 SWAG (Nginx reverse proxy) which is the only point available on the internet via port 443. swag network + all other container networks
2 SSL letsencrypt * network duckdns+swag
3 NEXTCLOUD (proxy.conf no open port on the outside.
4 COLLABORA port 9980 nextcloud network + swag + collabora. proxy.conf listen 443 => with all headers.

SSL termination. without a server name. storage:

In my collaborator logs I can see a start of communication but for a reson that I don’t know I don’t get the file to open. see pdf log

In addition to the logs of my first message, here is the following which includes new elements. several errors including:

frk-00030-00030 2023-01-04 01:27:32.635150 +0100 [ forkit ] TRC ppoll start, timeoutMicroS: 1000000 size 1| net/Socket.cpp:337 frk-00030-00030 2023-01-04 01:36:31.382636 +0100 [ forkit ] DBG Unmounting [/opt/cool/child-roots/jm7CY48Gf2XiKZpu]| common/JailUtil.cpp:85 frk-00030-00030 2023-01-04 01:36:31.382560 +0100 [ forkit ] DBG Failed to unmount [/opt/cool/child-roots/jm7CY48Gf2XiKZpu/lo]| common/JailUtil.cpp:98 frk-00030-00030 2023-01-04 01:36:31.382651 +0100 [ forkit ] TRC Executing coolmount command: /usr/bin/coolmount -u /opt/cool/child-roots/jm7CY48Gf2XiKZpu| common/JailUtil.cpp:36 sh: 1: /usr/bin/coolmount: Operation not permitted
_collabora_logs 2.pdf (270,5 Ko)


I finally managed to find my problem (at least I think).

All my attempts didn’t work. I succeeded by installing a private DNS which provides TLS + SNI transcriptions. in my case I chose Adguard Home on another VM. I installed letsencrypt certificates on AdGH(via web interface) and set my nginx as trusted_proxies as container environment variable.
I added the instructions in my proxy-confs (collabora+nextcloud):
location /dns-query {
proxy_set_header X-Real-IP ‘’;
proxy_bind; #IPAdguardHome


I defined a rewrite in the filters with =>

I changed my coolwsd.xml: no name-server/ SSL=true and termination SSL=default. I also set frame_ancestors with “https://*”. of course the storage is set to

And this way it worked for me