I have an outward facing reverse proxy server (proxy.wan.com) in one box. It proxies Nextcloud and Collabora Online (no docker). These are together in another box. All are apache2 and Ubuntu 20.04. Collabora is set up with its own reverse proxy on localhost with LAN virtual host (office.lan.com:4435). Proxy.wan.com uses a letsencrypt cert. Office.lan.com:4435 uses a self-signed cert which is accepted by proxy.wan.com because its self-signed cert is in the proxy’s ca store.
When I point my browser at https://proxy.wan.com/hosting/discovery it says:
"
<!-- Writer documents -->
<app favIconUrl="https://office.lan.com:4435/loleaflet/3a048ea/images/x-office-document.svg" name="writer">
<action default="true" ext="sxw" name="view" urlsrc="https://office.lan.com:4435/loleaflet/3a048ea/loleaflet.html?"/>"
etc etc
It should say: “…… https://proxy.wan.com ….” Etc. This is why on Nextcloud I get an error message that the IP for office.lan.com can’t be found so I can’t integrate Nextcloud. However, proxy.wan.com in my Nextcloud config for own WOPI server does not complain.
I’ve tried a few mod_proxy variations but nothing works. Any suggestions? Do I need ReWrite stuff? Does ProxyPassReverse need adjusting? I feel the problem should be easy to solve (but not for me so far)!
Proxy virtual host configs and office virtual host configs follow.
<VirtualHost *:443>
ServerName proxy.wan.com:443
<Directory /var/www/html/proxy-ssl>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/proxy-ssl-error.log
CustomLog ${APACHE_LOG_DIR}/proxy-ssl-access.log combined
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/ proxy.wan.com /fullchain.pem
SSLCertificateChainFile /etc/letsencrypt/live/ proxy.wan.com /fullchain. pem
SSLCertificateKeyFile /etc/letsencrypt/live/ proxy.wan.com /privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLProxyEngine On
ProxyPreserveHost Off
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://office.xxx:4435/loleaflet retry=0
ProxyPassReverse /loleaflet https://office.xxx:4435/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://officexxx:4435/hosting/di scovery retry=0
ProxyPassReverse /hosting/discovery https://office.xxx:4435/hos ting/discovery
# Capabilities
ProxyPass /hosting/capabilities https://office.xxx:4435/hosting /capabilities retry=0
ProxyPassReverse /hosting/capabilities https://office.xxx:4435/ hosting/capabilities
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://office.xxx:4435/lool/$1/w s nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://office.xxx:4435/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://office.xxx:4435/lool
ProxyPassReverse /lool https://office.xxx:4435/lool
</VirtualHost>
<VirtualHost *:4435>
ServerName office.lan.com
Options -Indexes
ErrorLog “/var/log/apache2/collabora_error”
SSLEngine On
SSLCertificateFile /etc/ssl/certs/office.crt
SSLCertificateKeyFile /etc/ssl/private/office.key
SSLVerifyClient optional
AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyPass /loleaflet http://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet http://127.0.0.1:9980/loleaflet
ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery
ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry =0
ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilitie s
ProxyPassMatch “/lool/(.*)/ws$” ws://127.0.0.1:9980/lool/$1/ws nocanon
t
ProxyPass /lool/adminws ws://127.0.0.1:9980/lool/adminws
ProxyPass /lool http://127.0.0.1:9980/lool
ProxyPassReverse /lool http://127.0.0.1:9980/lool