Hello there.
I have a fully functionnal NC instance running on docker.
I have a fully functionnal collabora office connected to nextcloud.
I have a fully functionnal swag container that connects domains to my locals ip that are all accessible via 443 ports.
I can edit documents when I connect from nexcloud.mydomain.com (amazing !), But when I try to connect from my local IP (192.168.X.X (added to wopi host from docker compose (aliasgroup1) NOT FROM THE NEXTCLOUD ADMINISTRATION ! ! (that swipes all wopi hosts…))), then I get the ssl error in collabora logs
20C0F2917F000000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1889:
| net/Socket.cpp:651
As far as I understood, collabora is not ok that I try to connect from a self-signed ssl adress (local nexcloud).
So the question is :
Is there a way to disable the collabora ssl certificate verification when I log from my local Nextcloud adress ?
this is an expected behavior as TLS certificates are issued for a domain and not for an IP address. For this reason direct connection to an IP address always trigger TLS error. and TLS is required for WOPI protocol.
Goood !
Thank you very much. Well, that sounds tricky. The last diagram in your (amazing) article is not very clear… Anyway. I added a DNS rule in my AdGuardHome (in the filters menu—not in the DNS menu!) that redirects nextcloud.mydomain.com to 192.168.X.X. However, the certificate is still self-signed, and Collabora won’t open.
The the new question is :
Should I add a rule in the SWAG container as well? Or should I redirect this address to my SWAG container? At this point, I’m a bit lost!
Sorry, the answer was : Of course the Swag addess.
Here are my rules in AdGuard
192.168.X.Y (swag adress) nextcloud.mydomain.com
192.168.X.Y (same swag address) collabora.mydomain.com
Swag makes it’s own kitchen (relatively to the address witch request is comming from) and it seems to work.
I disconnected internet, to be sure, and I could access my nexcloud entering the nexcloud.mydomain.com. However, Collabora doesn’t seems to open out-line… (I’ll try later on).
Thank you much for your answer wwe, you’re amazing !
the communication is little more complex than in a normal webserver scenario as there is another party involved but no mistery at all. carefully read the collabora integration guide (and referenced articles) and you will understand everything you need and much more in terms of WOPI protocol and integration.
Yes, thank you very much for all this guidance. I finally solved my issue. It was a problem with communication between the containers and SWAG.
I use a MACVLAN network for all these services. From my local network, I could reach the Collabora address without any problem, but not from the Nextcloud Docker container. The solution for me was to create a MACVLAN bridge so that each container could communicate with the others.
As I understand it, Nextcloud accesses Collabora through SWAG, and Collabora also reaches Nextcloud through SWAG. However, if SWAG is on an address that cannot be reached by the containers, that’s where the problems begin…
Anyway, everythings works fine now, and it’s thanks to you.
Thank you very much once more
