Is there a guide how to setup Collabora/Code docker if the reverse proxy is on a different machine?

@basil – Thanks for that bug report – I never knew that the bug report existed but I was having the issue described in item #1.

Couple of things as I understand thing
If you use the option ssl.enable=true - then collabora docker is going to create self signed certificates using the cert_domain as the name of the certificate. I’ve verified this does this – its basically having collabora auto generate self-signed certs. You can use ssl.enable=true, but also tell collabora to use your own certs rather than self signed. This is what the DONT_GEN_SSL_CERT variable does. This is useful if you want to use for example Let’s encrypt certificates rather than self signed.

Honestly I don’t know the difference between ssl.enable=false/ssl.termination=true and ssl.enable=false/ssl.termintation=false. I’ve yet to figure out the difference for these two scenarios since all communication or proxy_pass statements to the container are going to be over http rather than https.

To address your points specifically, I went ahead and modified my collabora docker compose file with the following ENV variables:

environment:
  - TZ=America/Chicago
  - username=admin
  - password=dockercol
  - domain=nextcloud\.domain\.com
#      - cert_domain=office.domain.com
#      - DONT_GEN_SSL_CERT="True"
  - server_name=test.domain.com

I’m curious if you put the name of the docker host or the reverse proxy as the server name. In what I posted above I used the reverse proxy name.

Anyway it appears you MIGHT have solved my problem – by removed those two lines in the compose file – it appears right now my problem appears to be solved when I used the Reverse proxy URL within the Nextcloud->Settings->CODE settings. Hot damn!! – I’m going to test a few things and before declaring victory here, but it appears to work!! OMG!!!

Anyway I took things a step further and installed my own LE certs within the collabora container (via mounted volumes as read-only), set ssl-enable=true and changed all the proxy_pass http://… statements to proxy_pass httts://… and damn, that worked as well.

So hat’s off and thanks for the tip!! Yeah.

- server_name=test\.domain\.com

This is exactly the problem I am having. Can you please post a guide?

Hi – I’ve been away for awhile. Do you still need help on this issue?

i found something that help me get this resolved. thanks

https://blog.hackzenwerk.org/2019/08/23/integration-of-collabora-online-on-a-nextcloud-behind-nat-on-a-kvm-hypervisor/

Glad you found a solution. I looked at that link – I didn’t find anything that stood out to me. Hopefully you’ve taken the information however and made a docker-compose file however. I in general find that works a lot easier if you need to start/stop/restart docker containers.

After the last update, the cloud stopped seeing the collabora … Collabora located on another virtual machine in a docker container! I don’t understand where to look for the problem. Collabora is on another subdomain and the admin panel is available on it as well as it is accessible from the network! The docker logs show errors so I don’t understand what kind of errors!

wsd-00006-00035 2020-07-09 12:29:04.366658 [ websrv_poll ] ERR Socket #25 SSL BIO error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca (0: Success)| ./net/SslSocket.hpp:291
wsd-00006-00035 2020-07-09 12:29:04.366838 [ websrv_poll ] ERR Error while handling poll for socket #25 in websrv_poll: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca| net/Socket.cpp:308
wsd-00006-00035 2020-07-09 12:29:05.760848 [ websrv_poll ] ERR Socket #25 SSL BIO error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca (0: Success)| ./net/SslSocket.hpp:291
wsd-00006-00035 2020-07-09 12:29:05.760973 [ websrv_poll ] ERR Error while handling poll for socket #25 in websrv_poll: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca| net/Socket.cpp:308

Nginx server proxy configuration file

server {

listen 443  ;
server_name collabora.esjf-cloud.org;


ssl_certificate /etc/letsencrypt/live/collabora.esjf-cloud.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/collabora.esjf-cloud.org/privkey.pem; # managed by Certbot


 access_log /var/log/nginx/collabora.esjf-cloud.org-access.log;
 error_log /var/log/nginx/collabora.esjf-cloud.org-error.log;



# static files
location ^~ /loleaflet {
    proxy_pass https://192.168.1.217:9980;
    proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
    proxy_pass https://192.168.1.217:9980;
    proxy_set_header Host $http_host;
}

# Capabilities
location ^~ /hosting/capabilities {
    proxy_pass https://192.168.1.217:9980;
    proxy_set_header Host $http_host;
}

# main websocket
location ~ ^/lool/(.*)/ws$ {
    proxy_pass https://192.168.1.217:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
}

# download, presentation and image upload
location ~ ^/lool {
    proxy_pass https://192.168.1.217:9980;
    proxy_set_header Host $http_host;
}

# Admin Console websocket
location ^~ /lool/adminws {
    proxy_pass https://192.168.1.217:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
}

}

Great thread. See same posters addressing this issue on several threads. I am also running pfSense with haproxy and acme certs that works great. I can access https://collabora.mydomain.com and https://nextcloud.mydomain.com. But Nextcloud even though shows in the collabora app as connected to the server. When trying to open any file that should open it does not. I have emulated the docker-compose file here and have the server=haproxy.mydomain.com… Keep up the good work. Maybe time will sort this out.