Firefox can’t establish a connection to the server at wss://collabora.domain.fr/

ℹ️ Support 📄 Collabora
1

Introduction

I had installed nextcloud in a personal server (which run in Debian Linux and apache 2) and with a reverse proxy server (a RPI 3). So for access in my server, I enter my link. I enter in my reverse proxy server and I access in my nextcloud server. We can say that link is https://cloud.domain.fr.

I had created a reverse proxy server with Apache 2 for can host several web server (or server with port 80 or 443). So when I want go to one of my website, for example example1.domain.fr, I communicate to the DNS server, next I go to my reverse proxy server and I go in my web server.

enter image description here

My configuration

Now I want to install in this nextcloud server, Collabora Online Server with docker. For that I run this server with the command:

docker run -t -d -p 9980:9980 -e "domain=.\\*.\\.domain\\.fr" -e "username=admin" -e "password=xxxxxxxxxxx" -e "extra_params=--o:ssl.enable=false --o:ssl.termination=true" --restart always --cap-add MKNOD collabora/code

In my reverse proxy server (the RPI 3) I create a new site with the name collabora.domain.fr, and I enter this in this configuration file:

<IfModule mod_ssl.c>                                                                                              
<VirtualHost *:443>                                                                                               
        ServerName collabora.domain.fr:443                                                                  
                                                                                                                  
        Options -Indexes                                                                                          
                                                                                                                  
        ErrorLog "/var/log/apache2/collabora_error"                                                               
  # Encoded slashes need to be allowed                                                                            
        AllowEncodedSlashes NoDecode                                                                              
                                                                                                                  
  # keep the host                                                                                                 
        ProxyPreserveHost On                                                                                      
                                                                                                                  
        ProxyPass / http://192.168.1.48:9980/                                                                     
        ProxyPassReverse / http://192.168.1.48:9980/                                                              
                                                                                                                  
  # static html, js, images, etc. served from loolwsd                                                             
  # loleaflet is the client part of Collabora Online                                                              
        ProxyPass           /loleaflet http://192.168.1.48:9980/loleaflet retry=0                                 
        ProxyPassReverse    /loleaflet http://192.168.1.48:9980/loleaflet                                         
                                                                                                                  
  # WOPI discovery URL                                                                                            
        ProxyPass           /hosting/discovery http://192.168.1.48:9980/hosting/discovery retry=0                 
        ProxyPassReverse    /hosting/discovery http://192.168.1.48:9980/hosting/discovery                         
                                                                                                                  
  # Capabilities                                                                                                  
        ProxyPass           /hosting/capabilities http://192.168.1.48:9980/hosting/capabilities retry=0           
        ProxyPassReverse    /hosting/capabilities http://192.168.1.48:9980/hosting/capabilities                   
                                                                                                                  
  # Main websocket                                                                                                
        ProxyPassMatch "/lool/(.*)/ws$" ws://192.168.1.48:9980/lool/$1/ws nocanon                                 
                                                                                                                  
  # Admin Console websocket
        ProxyPass   /lool/adminws ws://192.168.1.48:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
        ProxyPass           /lool http://192.168.1.48:9980/lool
        ProxyPassReverse    /lool http://192.168.1.48:9980/lool

SSLEngine on

SSLCertificateFile /etc/letsencrypt/live/collabora.domain.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/collabora.domain.fr/privkey.pem
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder     on

SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Errors

But when I want open a file I have this page :

errorcollab
errorcollab1920×914 14.7 KB

This error in firefox console :

Firefox can’t establish a connection to the server at wss://collabora.domain.fr/lool/https%3A%2F%2Fcloud.domain.fr%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F12_ocgvk4xu3jvw%3Faccess_token%3D6poP1poijOVZQ7QAo72wlqhrDfBkubh3%26access_token_ttl%3D0%26reuse_cookies%3Dnc_sameSiteCookielax%253Dtrue%253Anc_sameSiteCookiestrict%253Dtrue/ws?WOPISrc=https%3A%2F%2Fcloud.domain.fr%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F12_ocgvk4xu3jvw&compat=/ws.

And this error in docker logs :

kit-00044-00038 2020-11-08 21:24:18.589248 [ kit_spare_002 ] ERR  Failed to get the realpath of [/etc/timezone] (ENOENT: No such file or directory)| common/FileUtil.cpp:256                                                        
kit-00044-00038 2020-11-08 21:24:18.590239 [ kit_spare_002 ] ERR  Failed to get the realpath of [/etc/localtime] (ENOENT: No such file or directory)| common/FileUtil.cpp:256

Do you have any solution ?

Progress

The error in docker log is fixable with collabora version 6.4.0.7, but it doesn’t fix the error with WSS.

docker run -t -d -p 9980:9980 -e "domain=.\\*.\\.cookiehacker\\.me" -e "username=admin" -e "password=q9JfAAzQM7Rp" -e "extra_params=--o:ssl.enable=false --o:ssl.termination=true" --restart always --cap-add MKNOD collabora/code:6.4.0.7