Hi all,

I’m using Nextcloud 27.1.4 with the Apache server 2.4.58-1.mga9 (Mageia distribution) and I try to use Nextcloud Office. I’ve installed the 2 applications :
- Nextcloud Office
- Collabora Online - Built-in CODE Server

ksnip_20231216-1656471249×441 29.6 KB

ksnip_20231216-165704619×510 22.9 KB

Till now, I was using the “Community Document server” application without problem but since one or 2 Nextcloud updates, it does not work anymore.

I get the error in the picture below :

ksnip_20231216-1700181876×121 11.3 KB

In the logs, I get the following errors, but I think they are not “real” errors and that the previous one is the one to debug.

My apache configuration is the following :

AllowEncodedSlashes NoDecode
SSLProxyEngine On
ProxyPreserveHost On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

# static html, js, images, etc. served from coolwsd
# browser is the client part of Collabora Online
ProxyPass           /nextcloud/browser https://192.168.0.14:9980/nextcloud/browser retry=0
ProxyPassReverse    /nextcloud/browser https://192.168.0.14:9980/nextcloud/browser

# WOPI discovery URL
ProxyPass           /nextcloud/hosting/discovery https://192.168.0.14:9980/nextcloud/hosting/discovery retry=0
ProxyPassReverse    /nextcloud/hosting/discovery https://192.168.0.14:9980/nextcloud/hosting/discovery

# Capabilities
ProxyPass           /nextcloud/hosting/capabilities https://192.168.0.14:9980/nextcloud/hosting/capabilities retry=0
ProxyPassReverse    /nextcloud/hosting/capabilities https://192.168.0.14:9980/nextcloud/hosting/capabilities

# Main websocket
ProxyPassMatch      "/nextcloud/cool/(.*)/ws$"      wss://192.168.0.14:9980/nextcloud/cool/$1/ws nocanon

# Admin Console websocket
ProxyPass           /nextcloud/cool/adminws wss://192.168.0.14:9980/nextcloud/cool/adminws

# Download as, Fullscreen presentation and Image upload operations
ProxyPass           /nextcloud/cool https://192.168.0.14:9980/nextcloud/cool
ProxyPassReverse    /nextcloud/cool https://192.168.0.14:9980/nextcloud/cool

# Compatibility with integrations that use the /lool/convert-to endpoint
ProxyPass           /nextcloud/lool https://192.168.0.14:9980/nextcloud/cool
ProxyPassReverse    /nextcloud/lool https://192.168.0.14:9980/nextcloud/cool

Note that I do NOT run ONLY the nextcloud application on this server, so my “DocumentRoot” cannot be nextcloud (nor nextcloud office or any other nextcloud stuff).
This is the reason why I’ve modified the apache config I’ve found in different forums.

Could you help me to debug this issue ?

Regards.

Xuo.

take a look at this working Apache config

provide the logs as per required support template.

If you use the Built-in CODE Server as you wrote, you don’t need no reverse proxy settings in your apache2 config at all. That is only needed in some cases if you are running the Collabora Online Websocket Daemon (coolwsd) as standalone server.
The complete proxy work is done by the app. It is designed to work “Out Of The Box”

Much luck,
ernolf

Hi,

I’ve removed the proxy setting. My Apache nextcloud.conf file looks like the following :

Alias /nextcloud /var/www/html/nextcloud

<Directory /var/www/html/nextcloud>
Options +FollowSymlinks
AllowOverride All

Header always set Strict-Transport-Security “max-age=15768000; includeSubDomains; preload”

But I get the same error message (from the file nextcloud.log) :

From my apache error log file (after a systemctl restart httpd + trying to access a .ods file) :

# php --version
PHP 8.2.13 (cli) (built: Nov 23 2023 14:03:11) (ZTS)

I get “access denied” for :
https://nextcloud.my_domain.fr/settings/admin/serverinfo
https://nextcloud.my_domain.fr/settings/admin/support
(not debugged yet).

So, if the error does not come from the proxy settings, then it “could really come” from the errors above in the nextcloud.log such :
OCA\Encryption\Exceptions\PrivateKeyMissingException: Private Key missing for user: please try to log-out and log-in again

I’ve forgotten to give my config.php

And I’ve noticed, that I can create a new odt or ods file. But once I’ve saved it, if I try to open it again, I get the same error message :

ksnip_20231217-1413261849×118 11.4 KB

And another error from my Apache error log :

Regards.

Xuo

Hi,
I’m not willing to read your post if you don’t format properly and don’t put log file echoes and configuration files in fenced code blocks. This is Markdown syntax, so anyone who has a Nextcloud server should be able to use it as if it were their native language.

There’s even a preview window on the right, so this shouldn’t be that difficult.

Much luck,
ernolf

Hi,

I don’t understand what you don’t like.
I just try to prevent long error messages to be displayed in the post. So, it is the reason why some of them are masked. And I’ve just replaced the commas in the long lines from the nextcloud logs with carriage return as I think it is more readable.
You just have to click to display the contents. It shouldn’t be that difficult.

I can try another way. Not sure this is what you are looking for.

{"reqId":"ZX7rBqk7jJzEEMDmhH0BDwAAAAE","level":3,"time":"2023-12-17T12:35:18+00:00","remoteAddr":"192.168.0.254","user":"nextCloudAdmin","app":"PHP","method":"POST","url":"/index.php/apps/richdocuments/token","message":"Trying to access array offset on value of type null at /usr/share/nextcloud-27.1.2/apps/richdocuments/lib/WOPI/DiscoveryManager.php#132","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0","version":"27.1.5.1","data":{"app":"PHP"}}<br>
{"reqId":"ZX7rBqk7jJzEEMDmhH0BDwAAAAE","level":1,"time":"2023-12-17T12:35:26+00:00","remoteAddr":"192.168.0.254","user":"nextCloudAdmin","app":"richdocuments","method":"POST","url":"/index.php/apps/richdocuments/token","message":"Fetched discovery endpoint from https://nextcloud.my_domain.fr/apps/richdocumentscode/proxy.php?req=/hosting/discovery in 8.077 seconds","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0","version":"27.1.5.1","data":{"app":"richdocuments"}}<br>
{"reqId":"ZX7rDgwROImwtl5CN8L4AAAAAAU","level":3,"time":"2023-12-17T12:35:27+00:00","remoteAddr":"192.168.0.254","user":"--","app":"richdocuments","method":"GET","url":"/index.php/apps/richdocuments/wopi/files/161373_oc70b3n1ast2/contents?access_token=kqu6AE2oi8CnDp7MvI0fpnov0pxv7itx&access_token_ttl=0%2Fws%3FWOPISrc%3Dhttps%3A%2F%2Fnextcloud.my_domain.fr%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F161373_oc70b3n1ast2&compat=","message":"getFile failed","userAgent":"COOLWSD HTTP Agent 23.05.6.2","version":"27.1.5.1","exception":{"Exception":"OCA\\Encryption\\Exceptions\\PrivateKeyMissingException","Message":"Private Key missing for user: please try to log-out and log-in again","Code":0,"Trace":[{"file":"/usr/share/nextcloud-27.1.2/apps/encryption/lib/KeyManager.php","line":478,"function":"getPrivateKey","class":"OCA\\Encryption\\Session","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/apps/encryption/lib/Crypto/Encryption.php","line":212,"function":"getFileKey","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/Stream/Encryption.php","line":284,"function":"begin","class":"OCA\\Encryption\\Crypto\\Encryption","type":"->"},{"function":"stream_open","class":"OC\\Files\\Stream\\Encryption","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/Stream/Encryption.php","line":212,"function":"fopen"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/Stream/Encryption.php","line":187,"function":"wrapSource","class":"OC\\Files\\Stream\\Encryption","type":"::"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/Storage/Wrapper/Encryption.php","line":483,"function":"wrap","class":"OC\\Files\\Stream\\Encryption","type":"::"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/Storage/Wrapper/Wrapper.php","line":298,"function":"fopen","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/View.php","line":1159,"function":"fopen","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/View.php","line":987,"function":"basicOperation","class":"OC\\Files\\View","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/Node/File.php","line":116,"function":"fopen","class":"OC\\Files\\View","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/apps/richdocuments/lib/Controller/WopiController.php","line":401,"function":"fopen","class":"OC\\Files\\Node\\File","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/AppFramework/Http/Dispatcher.php","line":230,"function":"getFile","class":"OCA\\Richdocuments\\Controller\\WopiController","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/AppFramework/Http/Dispatcher.php","line":137,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/usr/share/nextcloud-27.1.2/lib/base.php","line":1068,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/index.php","line":38,"function":"handleRequest","class":"OC","type":"::"}],"File":"/usr/share/nextcloud-27.1.2/apps/encryption/lib/Session.php","Line":90,"Hint":"Private Key missing for user: please try to log-out and log-in again","message":"getFile failed","CustomMessage":"getFile failed"}}
{"reqId":"ZX7rD79Xl_9gczcB7Ze0jwAAAAo","level":3,"time":"2023-12-17T12:35:27+00:00","remoteAddr":"192.168.0.254","user":"--","app":"richdocuments","method":"GET","url":"/index.php/apps/richdocuments/wopi/files/161373_oc70b3n1ast2/contents?access_token=kqu6AE2oi8CnDp7MvI0fpnov0pxv7itx&access_token_ttl=0&permission=edit%2Fws%3FWOPISrc%3Dhttps%3A%2F%2Fnextcloud.my_domain.fr%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F161373_oc70b3n1ast2&compat=","message":"getFile failed","userAgent":"COOLWSD HTTP Agent 23.05.6.2","version":"27.1.5.1","exception":{"Exception":"OCA\\Encryption\\Exceptions\\PrivateKeyMissingException","Message":"Private Key missing for user: please try to log-out and log-in again","Code":0,"Trace":[{"file":"/usr/share/nextcloud-27.1.2/apps/encryption/lib/KeyManager.php","line":478,"function":"getPrivateKey","class":"OCA\\Encryption\\Session","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/apps/encryption/lib/Crypto/Encryption.php","line":212,"function":"getFileKey","class":"OCA\\Encryption\\KeyManager","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/Stream/Encryption.php","line":284,"function":"begin","class":"OCA\\Encryption\\Crypto\\Encryption","type":"->"},{"function":"stream_open","class":"OC\\Files\\Stream\\Encryption","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/Stream/Encryption.php","line":212,"function":"fopen"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/Stream/Encryption.php","line":187,"function":"wrapSource","class":"OC\\Files\\Stream\\Encryption","type":"::"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/Storage/Wrapper/Encryption.php","line":483,"function":"wrap","class":"OC\\Files\\Stream\\Encryption","type":"::"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/Storage/Wrapper/Wrapper.php","line":298,"function":"fopen","class":"OC\\Files\\Storage\\Wrapper\\Encryption","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/View.php","line":1159,"function":"fopen","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/View.php","line":987,"function":"basicOperation","class":"OC\\Files\\View","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Files/Node/File.php","line":116,"function":"fopen","class":"OC\\Files\\View","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/apps/richdocuments/lib/Controller/WopiController.php","line":401,"function":"fopen","class":"OC\\Files\\Node\\File","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/AppFramework/Http/Dispatcher.php","line":230,"function":"getFile","class":"OCA\\Richdocuments\\Controller\\WopiController","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/AppFramework/Http/Dispatcher.php","line":137,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/usr/share/nextcloud-27.1.2/lib/base.php","line":1068,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/usr/share/nextcloud-27.1.2/index.php","line":38,"function":"handleRequest","class":"OC","type":"::"}],"File":"/usr/share/nextcloud-27.1.2/apps/encryption/lib/Session.php","Line":90,"Hint":"Private Key missing for user: please try to log-out and log-in again","message":"getFile failed","CustomMessage":"getFile failed"}}

From my apache error log file (after a systemctl restart httpd + trying to access a .ods file) :

frk-3490501-3490501 2023-12-17 13:43:31.522499 +0100 [ forkit ] TST  UnitBase [uninit] (+0ms): Uninitializing unit-tests: SUCCESS| common/Unit.cpp:351
frk-3490501-3490501 2023-12-17 13:43:31.522554 +0100 [ forkit ] TST  UnitKit [~UnitBase] (+0ms): UnitKit: ~UnitBase: SUCCESS| common/Unit.cpp:410
Security: coolmount incorrect user-name, other than 'cool'
Aborting.
wsd-3490470-3490470 2023-12-17 13:43:31.552712 +0100 [ coolwsd ] TST  UnitBase [uninit] (+0ms): Uninitializing unit-tests: SUCCESS| common/Unit.cpp:351
wsd-3490470-3490470 2023-12-17 13:43:31.552756 +0100 [ coolwsd ] TST  UnitWSD [~UnitBase] (+0ms): UnitWSD: ~UnitBase: SUCCESS| common/Unit.cpp:410
[Sun Dec 17 13:43:31.683794 2023] [ssl:warn] [pid 3491714] AH01909: office.nextcloud.com:443:0 server certificate does NOT include an ID which matches the server name
[Sun Dec 17 13:43:31.724860 2023] [ssl:warn] [pid 3491714] AH01909: office.nextcloud.com:443:0 server certificate does NOT include an ID which matches the server name
[Sun Dec 17 13:43:31.730637 2023] [lbmethod_heartbeat:notice] [pid 3491714] AH02282: No slotmem from mod_heartmonitor
[Sun Dec 17 13:43:31.779760 2023] [mpm_prefork:notice] [pid 3491714] AH00163: Apache/2.4.58 (Unix) OpenSSL/3.0.12 mod_fcgid/2.3.9 mod_perl/2.0.12 Perl/v5.36.0 configured -- resuming normal operations
[Sun Dec 17 13:43:31.779878 2023] [core:notice] [pid 3491714] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

Logging at warning level to file: /tmp/coolwsd.xnIHqNKnFG/coolwsd.log
Security: coolforkit incorrect user-name, other than 'cool'
Init vcl
preload: xsec_xmlsec merged ucpchelp1 wpftwriter wpftcalc wpftimpress wpftdraw writerfilter msforms ucppkg1 ucpcmis1 cached1 vbaswobj swd sw ucpdav1 smd sm pdfimport PresentationMinimizer sd scriptframe protocolhandler dlgprov date analysis vbaobj scfilt scd xmlsecurity sc expwrap oox LanguageTool ldapbe2 pcr storagefd log chartcore pdffilter migrationoo3 deploymentgui scn cui sdbt mozbootstrap bootstrap flat io animcore svgfilter embobj t602filter dbaxml stocservices chartcontroller namingservice cairocanvas invocadapt introspection migrationoo2 dbpool2 binaryurp mysql_jdbc pricing proxyfac calc invocation dba uuresolver solver reflection writer textconversiondlgs hwp msword graphicfilter emboleobj sdd slideshow dbase bib
Disabled: ucpftp1 rptxml rptui rpt dbp abp sdbc2 cmdmail PresenterScreen dbu odbc 
Allowlisted languages: de_DE el en_GB en_US es_ES fr_FR hu it nl pt_BR pt_PT ru 
Preloading dictionaries: de-DE en-US fr-FR it-IT nl-NL pt-BR ru-RU en-GB nl-BE pt-PT es-ES 
Preloading thesauri: de-DE en-US fr-FR it-IT nl-NL pt-BR ru-RU en-GB nl-BE pt-PT es-ES 
Preload icons
Preload short cut accelerators
Preload languages
Preload fonts
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Fontconfig error: No writable cache directories
Preload config
Ready to accept connections on port 9983.

my config.php

<?php
$CONFIG = array (
  'instanceid' => 'OC instance id',
  'passwordsalt' => 'passwordsalt',
  'secret' => 'my_secret',
  'trusted_domains' => 
  array (
    0 => 'nextcloud.my_domain.fr',
    1 => '192.168.0.14',
    2 => 'ip address 2',
  ),
  'datadirectory' => '/export2/nextcloudData',
  'overwrite.cli.url' => 'https://nextcloud.my_domain.fr',
  'dbtype' => 'mysql',
  'version' => '27.1.5.1',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'oc_nextCloudAdmi',
  'dbpassword' => 'my_password',
  'logfile' => '/var/log/nextcloud/nextcloud.log',
  'logtimezone' => 'UTC',
  'loglevel' => 1,
  'installed' => true,
  'mail_from_address' => 'my_email_address',
  'mail_smtpmode' => 'smtp',
  'mail_domain' => 'free.fr',
  'maintenance' => false,
  'dbport' => '',
  'theme' => '',
  'mail_sendmailmode' => 'smtp',
  'app_install_overwrite' => 
  array (
    0 => 'keeweb',
    1 => 'templateeditor',
    2 => 'nextant',
    3 => 'files_texteditor',
    4 => 'passwords',
    5 => 'documentserver_community',
  ),
  'mysql.utf8mb4' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'cache_path' => '/export2/nextcloudData/cache',
  'mail_smtphost' => 'smtp.free.fr',
  'mail_smtpport' => '465',
  'mail_smtpsecure' => 'ssl',
  'mail_smtpauth' => 1,
  'mail_smtpname' => 'my_email_address',
  'mail_smtppassword' => 'my_password',
  'twofactor_enforced' => 'true',
  'twofactor_enforced_groups' => 
  array (
    0 => 'admin',
    1 => 'famille',
  ),
  'twofactor_enforced_excluded_groups' => 
  array (
  ),
  'encryption.legacy_format_support' => false,
  'encryption.key_storage_migrated' => false,
  'default_phone_region' => 'FR',
  'tempdirectory' => '/usr/share/nextcloud/tmp',
  'updater.secret' => 'my_secret',
);

I’ve noticed, that I can create a new odt or ods file. But once I’ve saved it, if I try to open it again, I get the same error message :

ksnip_20231217-1413261849×118 11.4 KB

Xuo.

Now you did it even worse. Now you made quotations from it.
Read the website I linked in my post before spamming around! Please

And you do not have to post it again, you can edit your post as much as you want!

Much luck,
ernolf

Hi,

I’ve modifed my previous post to escape all special characters.
If this is still not convenient, could you please add a screenshot that will explain what is wrong.

Xuo.

A → fenced codeblock ← is created with three backticks in one line to open and again three backticks in one line to close or with “Ctrl + e” or with this button: .
… with the text/code/log-echo in between those marks (three backticks) That content will stay unformatted, not interpreted by the markdown parser.

This is the usual Markdown syntax that is also used in the Nextcloud editors. That’s why I’m very surprised that people operating a Nextcloud server are not familiar with such fundamental things that are part of the DNA in every corner of the Internet.
As soon as a logecho goes through the Markdown interpreter, it is changed so much, e.g. changes

• Straight quotation marks: " "
  into
• Curved or typographic quotation marks: “ ”

(just one example, there is much more) that it is no longer easily readable by machine. It should be clear to everyone that when I help, I also check the log output automatically.
I can convert that back, I have developed my own scripts for it, but it is simply a matter of you looking for help and I am happy to help you, but then one simply can expect that one make an effort to prepare their information properly.

You can run this occ command to create proper information about your system:

occ support:report

the output of that command is completely pre-formatted including the fenced codeblocks and the <details>-tags and can be copied 1 to 1 here in the forum.

Much luck,
ernolf

Hi,

I’ve added the logs with the triple ticks in my previous post.

Xuo.

Can it be, that you have (or had) the encryption enabled?

Collabora Online doesn’t work with Encryption.

Much luck,
ernolf

@Xuo again please review working Apache config your Apache config from the first post looks more like it’s created for stand-alone collabora-online. please adopt for collabora-built-in as shown above and post fresh config and new logs.

this is a good point - likely Apache tries https because of ProxyPass directive pointing to https://

collabora-built-in should not be exposed directly with port 9980 but via richdocumentsproxy as visible from the logs:

hi,

Sorry for the late answer.
@ernolf : Yes, I have encryption enabled. If Collabora Online does not support encryption, then the job is done.
It was working just a few months ago (I don’t use it very often) with, if I remember properly, the Community Document Server application.
This week-end, I can try to remove encryption and see what happens. But I’d really prefer to have encryption enabled.

@wwe : currently, as suggested by ernolf, I’ve removed all the reverse proxy declaration from my apache config file. I can try with the collabora-built-in Apache config.

Regards.

Xuo.

it is a common config when you perform TLS encryption on the reverse proxy and have no TLS to the back-end(called “SSL offloading”). Usually there is no value using TLS inside of protected network (especially for small setups). You can definitely have TLS for internal leg behind reverse proxy as well but then you should do it right and configure TLS cert in your Nextcloud webserver and access it with proper DNS names. In terms of CODE I think there is no way to add an own certificate to built-in CODE - you should use stand-alone CODE installation which can utilize TLS as well.

Dear Willi, I’m afraid we’re talking about two different things here. I mean Server Side Encryption:

… since the use of server side encryption could be recognized from the log files (take another look at my post), while - if I’m not completely mistaken - you are talking about encrypted (TLS) connection.

ernolf

Why?
Can you give me a good reason to use encryption that outweighs the loss of performance and the limitation of many apps? I don’t see any. There are only a few use cases where this may be necessary if I have an external storage provider, but these cases are fairly rare.

ernolf

@ernolf you are right - but in my eyes I’m still under impression using https:// address in a ProxyPass(Reverse) directive is wrong

Hello,

@ernolf : why do you think server-side encryption is not useful ? To me , the goal is to protect what is located on the server. I agree that my desktop can be hacked and my local Nextcloud repository as well. But this is better than nothing.

Xuo.

Protect for/against what?

Did you read other posts about encryption like

Did you read and understand the Admin manual about encryption and its purpose:

The primary purpose of the Nextcloud server-side encryption is to protect users’ files on remote storage, such as Dropbox and Google Drive, and to do it easily and seamlessly from within Nextcloud.

I guess that your idea of security is based more on gut feeling than on a carefully planned strategy. Otherwise you would have read the manuals that describe incompatibility with the individual apps etc.

Much luck,
ernolf

Hi,

No I didn’t read these docs. And yes, my security idea was based on gut feeling.

Xuo.