NC+Collabora (Docker) reverse proxy problems

rollanders · June 12, 2018, 8:04am

I have a functioning NC 13.0.2 installation at https://cloud.mydomain.com.
I have Lets encrypt for cloud.mydomain.com, office.mydomain.com and mydomain.com.

I add docker as described here https://www.linuxbabe.com/cloud-storage/integrate-collabora-online-server-nextcloud-ubuntu-16-04

I install collabora/code
docker run -t -d -p 127.0.0.1:9980:9980 -e ‘domain=cloud\.mydomain\.com’ --name collabora_nextcloud --restart always --cap-add MKNOD collabora/code

I followed the guide and run letsencrypt for the office.mydomain.com after this.
sudo letsencrypt --apache --agree-tos --email your-email-address -d office.mydomain.com

According to the guide I should now edit the new virtual host file created by Let’s Encrypt ( certbot ) client. sudo nano /etc/apache2/sites-enabled/office.mydomain.com-le-ssl.conf

However that file was not created. So I created it and edited according to the instruction.

Maybe I should not have run the letsencryp as now the SSL for cloud.mydomain.com was not functioning. So I repeated my original lets-encrypt command

certbot --apache -m my@email.adress -d mydomain.com -d cloud.mydomain.com -d office.mydomain.com

After that I set up the Apache reverse proxy and configured collabora in the NC backend.
I can access both office.mydomain.com and cloud.mydomain.com - they look the same. I have the collabora icons to create files. When I create a file nothing seem to happen, but if I reload the page there is a new, empty file icon created. If I want to open a file I get Internal server error.

The first in a chain of errors in the log file say simplexml_load_string(): Entity: line 21: parser error : Specification mandate value for attribute defer at /var/www/html/nextcloud/apps/richdocuments/lib/WOPI/Parser.php#43

The docker is running and sudo docker ps gives the correct information.

I have these files in sites-enabled
/etc/apache2/sites-enabled/000-default.conf
/etc/apache2/sites-enabled/nextcloud.conf
/etc/apache2/sites-enabled/nextcloud-le-ssl.conf
/etc/apache2/sites-enabled/office.mydomain.com.conf
/etc/apache2/sites-enabled/office.mydomain.com-le-ssl.conf

In /etc/apache2/sites-enabled/nextcloud.conf

<VirtualHost *:80>
DocumentRoot /var/www/html/nextcloud/
ServerName cloud.mydomain.com

 Alias /nextcloud "/var/www/html/nextcloud/"

 <Directory /var/www/html/nextcloud/>
    Options +FollowSymlinks
    AllowOverride All
    Require all granted
      <IfModule mod_dav.c>
        Dav off
      </IfModule>
    SetEnv HOME /var/www/html/nextcloud
    SetEnv HTTP_HOME /var/www/html/nextcloud
 </Directory>

RewriteEngine on
RewriteCond %{SERVER_NAME} =mydomain.com [OR]
RewriteCond %{SERVER_NAME} =cloud.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =office.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

In /etc/apache2/sites-enabled/office.mydomain.com.conf

<VirtualHost *:80>
ServerName office.mydomain.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =office.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

In /etc/apache2/sites-enabled/nextcloud-le-ssl.conf

DocumentRoot /var/www/html/nextcloud/ ServerName cloud.mydomain.com

 Alias /nextcloud "/var/www/html/nextcloud/"

 <Directory /var/www/html/nextcloud/>
    Options +FollowSymlinks
    AllowOverride All
    Require all granted
      <IfModule mod_dav.c>
        Dav off
      </IfModule>
    SetEnv HOME /var/www/html/nextcloud
    SetEnv HTTP_HOME /var/www/html/nextcloud
 </Directory>

ServerAlias mydomain.com
Include /etc/letsencrypt/options-ssl-apache.conf

ServerAlias office.mydomain.com

Header always set Strict-Transport-Security “max-age=15768000; preload”

SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem

In /etc/apache2/sites-enabled/office.mydomain.com-le-ssl.conf

ServerName office.mydomain.com

Include /etc/letsencrypt/options-ssl-apache.conf

Encoded slashes need to be allowed

AllowEncodedSlashes NoDecode

Container uses a unique non-signed certificate

SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

keep the host

ProxyPreserveHost On

static html, js, images, etc. served from loolwsd

loleaflet is the client part of LibreOffice Online

ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet

WOPI discovery URL

ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery

Main websocket

ProxyPassMatch “/lool/(.*)/ws$” wss://127.0.0.1:9980/lool/$1/ws nocanon

Admin Console websocket

ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws

Download as, Fullscreen presentation and Image upload operations

ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool

SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem

Maybe you can spot an apparent error.

Any help is appreciated