Help Needed: Local Nextcloud Docker Integration with Collabora and Talk

Moad_Bannour · October 27, 2025, 12:36pm

Hello Nextcloud Community,

I hope you are doing well.

I have set up a Nextcloud AIO Docker environment including the following services:

Nextcloud + MariaDB
Redis
Collabora
Talk (HPB)
Traefik (as a reverse proxy with local SSL certificates)

Nextcloud itself is working correctly over Traefik with SSL. However, I cannot connect Collabora and Talk to Nextcloud. When I try to configure the URLs in the Nextcloud Administrator settings, they fail to connect.

Here is my docker-compose.yml configuration (simplified):

version: "3.8"

volumes:
  nextcloud_yt:
  db_yt:
  redis_data_yt:
  traefik_letsencrypt:

networks:
  nxnetwork_yt:
    driver: bridge

services:

  traefik:
    image: traefik:v3.1
    container_name: traefik
    restart: unless-stopped
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.filename=/etc/traefik_dynamic.yml"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls=true"
      - "--log.level=INFO"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/ssl/waf:/certs:ro
      - ./traefik/traefik_dynamic.yml:/etc/traefik_dynamic.yml:ro
    networks:
      - nxnetwork_yt

  db:
    image: mariadb:10.6
    container_name: nextcloud_db
    hostname: nextcloud_db
    restart: unless-stopped
    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    volumes:
      - db_yt:/var/lib/mysql
    networks:
      - nxnetwork_yt

  redis:
    image: redis:alpine
    container_name: nextcloud_redis_yt
    hostname: nextcloud_redis_yt
    restart: unless-stopped
    command: redis-server --requirepass ${REDIS_PASSWORD}
    environment:
      - REDIS_PASSWORD=${REDIS_PASSWORD}
    volumes:
      - redis_data_yt:/data
    networks:
      - nxnetwork_yt

  nextcloud:
    image: nextcloud:latest
    container_name: nextcloud
    hostname: masarat-cloud
    restart: unless-stopped
    depends_on:
      - db
      - redis
    environment:
      - MYSQL_HOST=nextcloud_db
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - REDIS_HOST=nextcloud_redis_yt
      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
      - PHP_UPLOAD_LIMIT=100G
      - NEXTCLOUD_UPLOAD_LIMIT=100G
      - PHP_MEMORY_LIMIT=512M
      - PHP_MAX_EXECUTION_TIME=3600
    volumes:
      - nextcloud_yt:/var/www/html
      - /var/log/nextcloud:/var/log
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.rule=Host(`masarat-cloud.mitt.ly`)"
      - "traefik.http.routers.nextcloud.entrypoints=websecure"
      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
    networks:
      - nxnetwork_yt

  collabora:
    image: collabora/code:latest
    container_name: collabora
    hostname: collabora
    restart: unless-stopped
    environment:
      - domain=masarat-cloud\\.mitt\\.ly|nextcloud
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.collabora.rule=Host(`collabora.mitt.ly`)"
    - "traefik.http.routers.collabora.entrypoints=websecure"
    - "traefik.http.routers.collabora.tls=true"
    - "traefik.http.services.collabora.loadbalancer.server.port=9980"
    networks:
      - nxnetwork_yt

  nc-talk:
    image: nextcloud/aio-talk:latest
    container_name: talk_hpb
    hostname: hpb_yt
    restart: unless-stopped
    init: true
    environment:
      - NC_DOMAIN=masarat-cloud.mitt.ly
      - TALK_HOST=talk.mitt.ly
      - NEXTCLOUD_URL=https://masarat-cloud.mitt.ly
      - TALK_PORT=3478            # UDP/TCP TURN/STUN port used by talk (RTC)
      - TALK_WEB_PORT=8081        # internal HTTP/WebSocket port used by talk web UI/backend
      - TURN_SECRET=${TURN_SECRET}
      - SIGNALING_SECRET=${SIGNALING_SECRET}
      - INTERNAL_SECRET=${INTERNAL_SECRET}
      - STUN_SERVERS=stun:stun.nextcloud.com:443
      - TZ=Africa/Tripoli
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.talk.rule=Host(`talk.mitt.ly`)"
      - "traefik.http.routers.talk.entrypoints=websecure"
      - "traefik.http.routers.talk.tls=true"
      - "traefik.http.services.talk.loadbalancer.server.port=8081"
    networks:
      - nxnetwork_yt

Notes:

All services are running locally; I do not need public access.
Collabora and Talk are intended to communicate internally with Nextcloud.
Traefik handles SSL termination, and I am using local certificates.

I would greatly appreciate guidance or best practices on:

Proper configuration for Collabora to work with a local Nextcloud domain.
Proper configuration for Talk HPB with WebSocket support behind Traefik.
Any internal networking tips to ensure the containers communicate properly.

Thank you very much for your help!

Best regards,
Muad Bannour

wwe · October 27, 2025, 1:56pm

Please review Collabora integration guide to understand how it works. tldr: as you need proper TLS certs local installation is really hard and requires installing your self-signed certs everywhere - “don’t do this at home!” but from your traefik config it seems you have LE in place and also use public domain - maybe you want to rephrase you requirements so we can better understand what you are looking for?

For Talk it’s even worse - what is the point running a video-conferencing system limited to a local network?

Moad_Bannour · October 27, 2025, 2:02pm

I want to run the setup locally first before launching it on the Internet.

I am not using Let’s Encrypt; the SSL certificate I have is local from our CA system.

After the launch, all domains will be secured using SSL via our WAF.

wwe · October 27, 2025, 7:38pm

It’s really hard or impossible to run integration like CODE locally. If you want to test something in advance just use some other domain for initial setup perform you testing and start with the production. I would even recommend to run another Nextcloud instance in parallel so you can test updates and apps without touching production.