Invalid SSL certificate on cloudflare

ℹ️ Support 📄 Collabora
,
1

I’ve setup correctly collabora. It’s accesible from the local network (self signed certificate error but work). When I setup it using nginx reverse proxy manager after adding the required config on the advanced tab, the reverse proxy goes offline and cloudflare gives me an error 526 (invalid ssl certificate).
image

image
image501Ă—932 33.2 KB

I have setup --o:ssl.enable=true

2

This is a matter between Cloudflare and your Cloudflare facing HTTPS server:

https://community.cloudflare.com/t/community-tip-fixing-error-526-invalid-ssl-certificates/44273

3

But how can I change the certificate if it’s self signed by the docker container?

4

Did you read the links I provided? Cloudflare has different levels security for the link between them and your proxy. The 526 error is specifically about self-signed certificates. Did you try their option (in their control panel) for when you have a self-signed certificate?

I’m not suggesting you have to permanently run things that way, but seeing if that addresses the Cloudflare error will help you continue to increment through the troubleshooting process.

e.g.:

Error 526 occurs when these two conditions are true:

  1. Cloudflare cannot validate the SSL certificate at your origin web server, and
  2. Full SSL (Strict) SSL is set in the Overview tab of your Cloudflare SSL/TLS app.

Resolution

For a potential quick fix, set SSL to Full instead of Full (strict) in the Overview tab of
your Cloudflare SSL/TLS app for the domain.

–from Troubleshooting Cloudflare 5XX errors · Cloudflare Support docs

Which Docker container? All of your TLS ( HTTPS) termination is on your nginx reverse proxy, correct? Nginx Proxy Manager supports Lets Encrypt so there shouldn’t be any self-signed certificates involved.

Typically, if colocated with your reverse proxy, your Collabora container doesn’t need an SSL certificate installed on it, will have SSL disabled on it and will SSL termination enabled. This means your proxy handles the HTTPS connectivity on behalf of Collabora. And your proxy is where you end up doing all your certificate management.

5

I’m using collabora/code docker img. And I already set SSL/TLS to full but didn’t do anything.

In NGINX Proxy manager the Collabora proxy shows as offline

image
image875Ă—72 1.77 KB

This only happens when I add the specific code for the proxy to work.

6

Your code uses http://HOSTNAME:9980 but your main entry is https://HOSTNAME:9980.

From the sounds of it you’ve:

  • got SSL termination enabled on the Collabora container
  • (maybe) generated a self-signed certificate on the Collabora container
  • specified the use of a custom SSL certificate to NPM (not sure why?)
  • provided conflicting configuration to NPM (http and https both being specified to access the Collabora :9980 service)

Try setting…

Collabora:

ssl.enable: false
ssl.termination: true

In NPM (for the Collabora external URL)

Domain names: collabora.example.com
Scheme: http
Forward Hostname/IP: localhost
Forward Port: 9980
SSL: Set-up Let’s Encrypt SSL (not custom)

To confirm, is the 192.168.1.135 from in your last screen shot from testing/troubleshooting, correct? Previously it was localhost, correct? Unless I misunderstood your environment.

7

My docker config is
image

And the code on npm is using https. And the ip of the machine is 192.168.1.135 since it changed.

And the certificate is custom because is one I generated with Cloudflare

EDIT: I tried changing the npm config but still offline and 526 error in cloudflare.

image
image845Ă—81 1.86 KB