Failed to connect to Collabora Online

#1

Hello. I’m completely new to both NextCloud and Collabora. I’m trying to set this up for the first time. I seem to have the NextCloud part down, but I’m having trouble with Collabora. When I click on a doc, it spins for about 10 seconds and then gives me “Failed to connect to Collabora Online. Please try again later or contact your server administrator.” Here’s a breakdown of what I’ve done.

Sorry for the spaces below, the forum is telling me I can’t post more than 4 links…

I’m running a single Ubuntu 18.04 server dedicated to this. I’ve installed NextCloud via snap and changed the listening ports to 8080 and 8443. This seems to be fine.

nextcloud.enable-https self-signed
snap set nextcloud ports.http=8080 ports.https=8443

Then I installed Collabora with Docker as per their instructions. This also appears to be running as far as I can tell. It’s listening on TCP 9980. This is what I did specifically:

docker run -t -d -p 192.168.1.20:9980:9980 -e 'domain=nextcloud\\.example\\.net' --restart always --cap-add MKNOD collabora/code

I have DNS names set up for both, let’s say nextcloud.example.net and collabora.example.net. Collabora is a CNAME for nextcloud and they resolve correctly.

At first I tried with no proxy before changing the snap ports. I set up Collabora Online to connect several different ways such as https ://127.0.0.1:9980 and https://192.168.1.20:9980 and https ://collabora.example.net:9980. All had the same result. It spins opening a document and then times out with the aforementioned error.

Seeing all the talk of reverse proxies, I thought maybe this was really needed, so I changed the nextcloud listen ports and installed apache2 from apt. I enabled the apache2 modules as listed at https ://nextcloud.com/collaboraonline but used a different site config since I’m also passing nextcloud through it. Here is my full site config:

# NextCloud HTTP
<VirtualHost *:80>
        ServerName nextcloud.example.net
        ProxyPreserveHost On
        ProxyPass / http ://nextcloud.example.net:8080/
        ProxyPassReverse / http ://nextcloud.example.net:8080/
        AllowEncodedSlashes NoDecode
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
        # NextCloud HTTPS
        <VirtualHost *:443>
                ServerName nextcloud.example.net
                ProxyPreserveHost On
                ProxyPass / https ://nextcloud.example.net:8443/
                ProxyPassReverse / https ://nextcloud.example.net:8443/
                AllowEncodedSlashes NoDecode
                SSLEngine On
                # SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                # SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
                SSLCertificateFile /etc/ssl/certs/_.example.net.pem
                SSLCertificateKeyFile /etc/ssl/private/_.example.net.key
                SSLProxyEngine on
                SSLProxyVerify none
                SSLProxyCheckPeerCN off
                SSLProxyCheckPeerName off
                SSLProxyCheckPeerExpire off
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
        </VirtualHost>
        # Collabora HTTPS
        <VirtualHost *:443>
                ServerName collabora.example.net
                ProxyPreserveHost On
                ProxyPass / https ://collabora.example.net:9980/
                ProxyPassReverse / https ://collabora.example.net:9980/
                AllowEncodedSlashes NoDecode
                SSLEngine On
                # SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                # SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
                SSLCertificateFile /etc/ssl/certs/_.example.net.pem
                SSLCertificateKeyFile /etc/ssl/private/_.example.net.key
                SSLProxyEngine On
                SSLProxyVerify none
                SSLProxyCheckPeerCN off
                SSLProxyCheckPeerName off
                SSLProxyCheckPeerExpire off
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
        </VirtualHost>
</IfModule>

This also seems to be working, as far as I can tell. NextCloud and Collabora servers are using whatever self-signed SSL they came with. When I go to https ://nextcloud.example.net I reach my nextcloud interface and see my Let’s Encrypt wildcard cert from Apache. When I go to https ://collabora.example.net I get “OK” and that’s all, but according to some references I’ve seen to people pulling it with curl, that seems to be the expected response. I went to the Collabora Online config in NextCloud and set it to https://collabora.example.net (removed port number so it defaults to 443).

But, at the end of all that, I’m still in the same spot. When I click on a doc, it spins for a few seconds and them times out. I ran tshark on port 9980, and I can see them talking. They go back and forth for about 650 packets, then pause, and then about another 650 packets when the connection errors out. It’s all SSL so I can’t really see what was said. Although one of the IPs in the conversation is 172.17.0.2 which isn’t one of mine. I assume that’s a Docker NAT or something since it’s on the port 9980 end of the conversation? I’m new to Docker too.

I tried it again using the VirtualHost configuration as it is on https ://nextcloud.com/collaboraonline/ minus the names and certs. Same thing.

I’m not sure where to go from here since I’m new to these programs. Any help is much appreciated.

#2

I tried deleting the docker container and image and reloading it. No change. I also tried deleting the Collabora Online app in NextCloud and reinstalling. Didn’t fix the problem, but it did introduce a new one. Now under both Personal and Administration settings, the menu item formerly known as Collabora Online is now simly “1”. The error messages after clicking on a document has now changed to: “Failed to connect to {productName}. Please try again later or contact your server administrator.” Seems it forgot its name…

#3

I could really use some help with this if anyone has any ideas.

#4

Is there a change when you make this “domain” a capital “DOMAIN”? I don’t use Docker version now, but when I tried on Docker version before, there were changes depending on the case of environment variables.

#5

Hallo!

I have the same problem.
I used this manual https://nextcloud.com/collaboraonline/

Here is my config:
Nextcloud: 15.0.7
Collabora online: 3.3.2
Apache: 2.4.25

<IfModule mod_ssl.c>
<VirtualHost *:443>
Protocols h2 h2c http/1.1
ServerName cloud.example.org
Options -Indexes

LogLevel debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
CustomLog ${APACHE_LOG_DIR}/o.mm13_443_access.log combined
ErrorLog ${APACHE_LOG_DIR}/o.mm13_443_error.log
Header always set Strict-Transport-Security "max-age=15768000; includeSubdomains; preload"

Include /etc/letsencrypt/options-ssl-apache.conf

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/cloud.example.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.example.org/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/cloud.example.org/chain.pem
SSLHonorCipherOrder     on

# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode

# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

# keep the host
ProxyPreserveHost On

# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

# WOPI discovery URL
ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

# Admin Console websocket
ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

# Download as, Fullscreen presentation and Image upload operations
ProxyPass           /lool https://127.0.0.1:9980/lool
ProxyPassReverse    /lool https://127.0.0.1:9980/lool

# Endpoint with information about availability of various features
ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
</VirtualHost>

</IfModule>

And Docker

Containers: 7
 Running: 1
 Paused: 0
 Stopped: 6
Images: 1
Server Version: 18.09.6
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.0-9-amd64
Operating System: Debian GNU/Linux 9 (stretch)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 9.769GiB
Name: web
ID: VAMA:SOPQ:UCFO:Z3QC:QCM2:PQ4L:XFPQ:54J3:KIAS:U54W:PRX5:4QN5
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
#6

mmmm, are you also able to reach both of your services successfully? If you go to your FQDN for Nextcloud you get Nextcloud, and if you go to your FQDN for Collabora I think it’s supposed to say “OK”.

From your Apache config it looks like you might have your Nextcloud FQDN proxying to Collabora.

#7

Hi KarlF12,

if you just try NC/LOOL you can get a quick setup if you search
“Quick tryout with ownCloud docker”

But this is only for the first view and do not work whithout extensive extension to setup.
If you wont to get a productive work environment there are many steps neccessary. If you want to do so i will try to help you.

FYI, i do a lot of work in the last weeks to set this but now its works like a charm and i never will miss it … :wink:

#8

I have the same issue: i have nextcloud running in apache, installed the collabora docker and configured the apache reverse proxy for it. At first i tried it on the same domain but a different port, got the same loading and then failed to connect, then I got it on a second domain and thought it would fix it but it didn’t.

#9

Ok, so I got rid of the snap and installed from the zip archive. Got it up and running, now on version 16.0.1. And I’m having the exact same problem with Collabora Online. The only difference I see is NextCloud now says “Failed to connect to Collabora Online Development Edition.” Not sure where the Development Edition came from? I’m using the same docker image as before.

Any ideas?

#10

I tried rolling back the docker snap from the current stable version 18.06.1-ce to the previous stable 17.06.2-ce. Still does not work. I also tried running the Collabora docker using both the loopback 127.0.0.1 and the actual local IP. Neither worked.

Having tried this with two major Nextcloud versions and two major Docker versions as well as various other configuration changes, I’m stumped at this point and have about given up on Collabora unless anyone knows anything else to try.