1. Error
I’m running nextcloud and collabora in docker, but when I go to the nextcloud settings and point my server collabora it can’t connect. And only the message “Could not connect to the Collabora Online server.”
2. Configs
I use caddy for reverse proxy, nextcloud fpm and collabora/code.
docker-compose
version: '3.8'
# Docs ########################################################################
# https://github.com/nextcloud/docker
# Volumes #####################################################################
volumes:
nextcloud_caddy_data:
external: true
nextcloud_data:
external: true
nextcloud_db_data:
external: true
# Networks ####################################################################
networks:
net:
# Services ####################################################################
services:
# Caddy ---------------------------------------------------------------------
caddy:
image: caddy:alpine
restart: unless-stopped
ports:
- 80:80
- 443:443
environment:
DOMAIN: "${DOMAIN:?DOMAIN not set}"
ADMIN_EMAIL: "${ADMIN_EMAIL:?ADMIN_EMAIL not set}"
networks:
- net
volumes:
- nextcloud_caddy_data:/data
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
volumes_from:
- app
# Postgres ------------------------------------------------------------------
db:
image: postgres:${POSTGRES_VERSION:?POSTGRES_VERSION not set}
restart: unless-stopped
networks:
- net
volumes:
- nextcloud_db_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:?POSTGRES_USER not set} -d ${POSTGRES_DB:?POSTGRES_DB not set}"]
interval: 10s
timeout: 5s
retries: 5
start_period: 5s
environment:
POSTGRES_DB: ${POSTGRES_DB:?POSTGRES_DB not set}
POSTGRES_USER: ${POSTGRES_USER:?POSTGRES_USER not set}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set}
# command:
# postgres
# -c max_connections=100
# -c shared_buffers=1GB
# -c effective_cache_size=3GB
# -c maintenance_work_mem=256MB
# -c checkpoint_completion_target=0.9
# -c wal_buffers=16MB
# -c default_statistics_target=100
# -c random_page_cost=1.1
# -c effective_io_concurrency=200
# -c work_mem=10485kB
# -c min_wal_size=2GB
# -c max_wal_size=8GB
# -c max_worker_processes=2
# -c max_parallel_workers_per_gather=1
# -c max_parallel_workers=2
# -c max_parallel_maintenance_workers=1
# Redis ---------------------------------------------------------------------
redis:
image: redis:alpine
networks:
- net
restart: unless-stopped
# Nextcloud -----------------------------------------------------------------
app:
image: nextcloud:${NEXTCLOUD_VERSION:?NEXTCLOUD_VERSION not set}
networks:
- net
restart: unless-stopped
volumes:
- nextcloud_data:/var/www/html
environment:
NEXTCLOUD_TRUSTED_DOMAINS: ${DOMAIN:?DOMAIN not set}
NEXTCLOUD_ADMIN_USER: ${NEXTCLOUD_ADMIN_USER:?NEXTCLOUD_ADMIN_USER not set}
NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD:?NEXTCLOUD_ADMIN_PASSWORD not set}
REDIS_HOST: redis
POSTGRES_HOST: db
POSTGRES_DB: ${POSTGRES_DB:?POSTGRES_DB not set}
POSTGRES_USER: ${POSTGRES_USER:?POSTGRES_USER not set}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD not set}
PHP_MEMORY_LIMIT: '512M'
PHP_UPLOAD_LIMIT: '16G'
TZ: 'America/SaoPaulo'
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
# Cron ----------------------------------------------------------------------
cron:
image: nextcloud:${NEXTCLOUD_VERSION:?NEXTCLOUD_VERSION not set}
networks:
- net
restart: unless-stopped
volumes_from:
- app
entrypoint: /cron.sh
depends_on:
db:
condition: service_healthy
app:
condition: service_started
redis:
condition: service_started
# Collabora ---------------------------------------------------------------------
collabora:
image: collabora/code
restart: unless-stopped
networks:
- net
ports:
- "9980:9980"
volumes:
- /etc/localtime:/etc/localtime
- /etc/timezone:/etc/timezone
environment:
- username=admin
- password=${COLLABORA_PASSWORD}
- server_name=${DOMAIN:?DOMAIN not set}
- dictionaries=en_US
- extra_params=--o:ssl.enable=true --o:ssl.termination=false # Set SSL options
cap_add:
- MKNOD
tty: true
Caddyfile
{
# SSL
email {$ADMIN_EMAIL}
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
# Enable to see header set by upstream
debug
}
{$DOMAIN} {
#acme_server
#tls internal
# Static content
root * /var/www/html
file_server
# PHP fast cgi
php_fastcgi app:9000 {
env front_controller_active true
}
# Redirects for DAV apps
redir /.well-known/carddav /remote.php/carddav 301
redir /.well-known/caldav /remote.php/caldav 301
respond /.well-known/acme-challenge 404
respond /.well-known/pki-validation 404
# redir /.well-known/* /index.php/.well-known/webfinger 301
# redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
redir /.well-known/* /index.php{uri} 301
# Headers
header {
# If staging acme_ca is enabled, this needs to be commented out!
# Otherwise, it is not possible to add exception
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# More security hardening headers
Referrer-Policy "no-referrer"
X-Content-Type-Options "nosniff"
X-Download-Options "noopen"
X-Frame-Options "SAMEORIGIN"
X-Permitted-Cross-Domain-Policies "none"
X-Robots-Tag "none"
X-XSS-Protection "1; mode=block"
Permissions-Policy "interest-cohort=()"
# Remove X-Powered-By header, which is an information leak
-X-Powered-By
# Replace http with https in any Location header
Location http:// https://
}
# Cache control
@static {
file
path *.css *.js *.svg *.gif
}
header @static {
Cache-Control "max-age=360"
}
@fonts {
path /core/fonts
}
header @fonts {
Cache-Control "max-age=604800"
}
# gzip encoding
encode {
gzip 4
minimum_length 256
match {
header Content-Type text/*
header Content-Type application/json*
header Content-Type application/javascript*
header Content-Type application/xhtml+xml*
header Content-Type application/atom+xml*
header Content-Type application/rss+xml*
header Content-Type image/svg+xml*
header Content-Type application/ld+json*
header Content-Type application/manifest+json*
header Content-Type application/vnd.geo+json*
header Content-Type application/vnd.ms-fontobject*
header Content-Type application/x-font-ttf*
header Content-Type application/x-web-app-manifest+json*
header Content-Type application/xml*
header Content-Type font/opentype*
header Content-Type image/bmp*
header Content-Type image/x-icon*
header Content-Type text/cache-manifest*
}
}
@collabora {
path /browser/* # Loleaflet is the client part of LibreOffice Online
path /hosting/discovery # WOPI discovery URL
path /hosting/capabilities # Show capabilities as json
path /cool/* # Main websocket, uploads/downloads, presentations
}
reverse_proxy @collabora collabora:9980 {
header_up Host "maraujo.rio.br"
transport http {
tls_insecure_skip_verify
}
}
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /build/*
path /tests/*
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
path /autotest
path /issue
path /indie
path /db_
path /console
}
respond @forbidden 404
}
3. Questions
How can I debug this problem? I can’t find in any log what is happening when it tries to connect.