I have an Nextcloud AIO Setup installed on a Synology DSM 7.2. Everything worked like a charm but troubles happen with the talk HPB. No user can connect to chats or calls using the browser webinterface.
The Basics
- Nextcloud Server version (e.g., 29.x.x):
Nextcloud AIO v10.14.0 - Operating system and version (e.g., Ubuntu 24.04):
Docker on Synology DSM 7.2 - Reverse proxy and version _(e.g. nginx 1.27.2)
Synology internal reverse proxy - When did this problem seem to first start?
directly after installation - Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
Nextcloud AIO without Callabora (replaced by OnlyOffice - Are you using CloudfIare, mod_security, or similar? (Yes / No)
No
Summary of the issue you are facing:
Nextcloud Talk with HPB entered seems to work in the Admin Panel: The rest reports "running version 2.0.2-docker
It also resolves the Url for Nextcloud Basis, Talk Backend Websocket URL and shows the available functions.
If I however connect via browser (tested Safari and Chrome) to the talk section of the webinterface, an error occurs saying that it could not connect to the signaling server.
If I remove the HBP it works fine.
If I use the dedicated app, it also works fine.
The curl requested here shows the following:
daaaf3b98a:/var/www/html# curl -vvv https://$NC_DOMAIN:443/standalone-signaling/api/v1/welcome
18:20:34.437162 [0-x] == Info: [READ] client_reset, clear readers
18:20:34.439241 [0-0] == Info: Host my.domain.tld:443 was resolved.
18:20:34.439390 [0-0] == Info: IPv6: (none)
18:20:34.439435 [0-0] == Info: IPv4: x.x.x.x
18:20:34.439504 [0-0] == Info: [HTTPS-CONNECT] created with 1 ALPNs -> 0
18:20:34.439622 [0-0] == Info: [HTTPS-CONNECT] added
18:20:34.439693 [0-0] == Info: [HTTPS-CONNECT] connect, init
18:20:34.439802 [0-0] == Info: Trying x.x.x.x:443...
18:20:34.439993 [0-0] == Info: [HTTPS-CONNECT] connect -> 0, done=0
18:20:34.440063 [0-0] == Info: [HTTPS-CONNECT] adjust_pollset -> 1 socks
18:20:34.440171 [0-0] == Info: [SSL] cf_connect()
18:20:34.443224 [0-0] == Info: ALPN: curl offers h2,http/1.1
18:20:34.443526 [0-0] => Send SSL data, 5 bytes (0x5)
0000: .....
18:20:34.443674 [0-0] == Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
18:20:34.443829 [0-0] => Send SSL data, 512 bytes (0x200)
0000: .......2..{.>..Ue...,Cq;5.H....+..%... ..!$..1P...Q.......<V.b.F
0040: O...?|..>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
0080: <.5./.....u...+.)..&my.domain.tld......
00c0: ...................................h2.http/1.1.........1.....0..
0100: ...............................................+........-.....3.
0140: &.$... r.w.u..{~w|..p5...V..."M.[%.D;.$.........................
0180: ................................................................
01c0: ................................................................
18:20:34.444887 [0-0] == Info: [SSL] ossl_bio_cf_out_write(len=517) -> 517, err=0
18:20:34.445056 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> -1, err=81
18:20:34.445198 [0-0] == Info: [SSL] ossl_populate_x509_store, path=/etc/ssl/cert.pem, blob=0
18:20:34.460451 [0-0] == Info: CAfile: /etc/ssl/cert.pem
18:20:34.460538 [0-0] == Info: CApath: /etc/ssl/certs
18:20:34.460599 [0-0] == Info: [SSL] SSL_connect() -> err=-1, detail=2
18:20:34.460668 [0-0] == Info: [SSL] SSL_connect() -> want recv
18:20:34.460746 [0-0] == Info: [SSL] cf_connect() -> 0, done=0
18:20:34.460835 [0-0] == Info: [HTTPS-CONNECT] connect -> 0, done=0
18:20:34.460942 [0-0] == Info: [SSL] adjust_pollset, POLLIN fd=4
18:20:34.461039 [0-0] == Info: [HTTPS-CONNECT] adjust_pollset -> 1 socks
18:20:34.461139 [0-0] == Info: [SSL] cf_connect()
18:20:34.461215 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
18:20:34.461327 [0-0] <= Recv SSL data, 5 bytes (0x5)
0000: ....z
18:20:34.461427 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=122) -> 122, err=0
18:20:34.461551 [0-0] == Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
18:20:34.461653 [0-0] <= Recv SSL data, 122 bytes (0x7a)
0000: ...v..\.....1....7..1.0..n3O@. #....rp ..!$..1P...Q.......<V.b.F
0040: O...?|.......+.....3.$... ."h... .)..8.$...*.^......}9...Q
18:20:34.462175 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
18:20:34.462278 [0-0] <= Recv SSL data, 5 bytes (0x5)
0000: .....
18:20:34.462382 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=1) -> 1, err=0
18:20:34.462467 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
18:20:34.462577 [0-0] <= Recv SSL data, 5 bytes (0x5)
0000: ....$
18:20:34.462681 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=36) -> 36, err=0
18:20:34.462837 [0-0] <= Recv SSL data, 1 bytes (0x1)
0000: .
18:20:34.462929 [0-0] == Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
18:20:34.463067 [0-0] <= Recv SSL data, 19 bytes (0x13)
0000: .................h2
18:20:34.463186 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
18:20:34.463291 [0-0] <= Recv SSL data, 5 bytes (0x5)
0000: ....Z
18:20:34.463375 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=2138) -> 2138, err=0
18:20:34.463623 [0-0] <= Recv SSL data, 1 bytes (0x1)
0000: .
18:20:34.463732 [0-0] == Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
18:20:34.463861 [0-0] <= Recv SSL data, 2121 bytes (0x849)
0000: ...E...A...0...0..^.............t.........p.0...*.H.=...021.0...
0040: U....US1.0...U....Let's Encrypt1.0...U....E50...250515062006Z..2
0080: 50813062005Z011/0-..U...&my.domain.tld0
00c0: Y0...*.H.=....*.H.=....B...lQ.....D................u...#H.U.....
0100: ..n.S..g->L..7a.9....d.=.1...S0..O0...U...........0...U.%..0...+
0140: .........+.......0...U.......0.0...U......v*#.........(k1.`...0.
0180: ..U.#..0....+_.<!O....+,..p....02..+........&0$0"..+.....0...htt
01c0: p://e5.i.lencr.org/0O..U...H0F..domain.tld.&
0200: my.domain.tld0...U. ..0.0...g.....0-..U..
0240: .&0$0". ....http://e5.c.lencr.org/28.crl0.....+.....y...........
0280: .w....j.q.e...S...|"..\.....~T..L........3......H0F.!...u..|..8E
02c0: .t..hb ...8."...R..$.O.!..@.c......5Q!y.!.*..........~#.W.v..B..
0300: I`aT......z-&EM.../.EY.'O:.T......3......G0E. ....X...B.o... Dr.
0340: ..C.....#$..#N.!......wu].....`.].U...!uL.);kC"i^0...*.H.=....h.
0380: 0e.0.=.f.F.H.L...r..=.....N8..eN.D.hn..T>s/..j9*T.9..1......n.=.
03c0: ....v.....f..S.......T.....|sS.............[0..W0..?..........lc
0400: ..9.b.b.....0...*.H........0O1.0...U....US1)0'..U... Internet Se
0440: curity Research Group1.0...U....ISRG Root X10...240313000000Z..2
0480: 70312235959Z021.0...U....US1.0...U....Let's Encrypt1.0...U....E5
04c0: 0v0...*.H.=....+...".b....:.ka...._X..BET.c.faH..Yu...7P.?.y....
0500: (.r .,..|R NTx[..k......QA<Z...M..`..l-.}.....T...L........0..0.
0540: ..U...........0...U.%..0...+.........+.......0...U.......0......
0580: .0...U.......+_.<!O....+,..p....0...U.#..0...y.Y.{....s.....X...
05c0: n02..+........&0$0"..+.....0...http://x1.i.lencr.org/0...U. ..0.
0600: 0...g.....0'..U... 0.0.......http://x1.c.lencr.org/0...*.H......
0640: ........r.4EBA.......&L.Q%.B..6H......c../....g........U...C..F.
0680: .......(q...m..d..L2...............q...r............R....I8..sE
06c0: .o|.`..L?*#..H..[..v.[.....'#..5......A._8\.\..l..j..s..XoL;...Z
0700: ...WDgU[....Q......0MY.i.........#fi^........\Q.l......z.W.w....
0740: b0.......y.jrm..,X .zq..aSI.g.Z..C.XJ.2.{..<.S.....'..qd....._..
0780: ..*...b}.................:...T4..t.......^..+P\h..%.&n4`..w.....
07c0: P3....4.v..b9.q...Go......W..h.i....O......:...x...U.....ccX.)..
0800: .''..*...n...W.K....dxU.5..<F....{.G>.k..6....?..d..&.P...b]U...
0840: .Z...\'..
18:20:34.469025 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
18:20:34.469165 [0-0] <= Recv SSL data, 5 bytes (0x5)
0000: ....`
18:20:34.469249 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=96) -> 96, err=0
18:20:34.469346 [0-0] <= Recv SSL data, 1 bytes (0x1)
0000: .
18:20:34.469422 [0-0] == Info: TLSv1.3 (IN), TLS handshake, CERT verify (15):
18:20:34.469512 [0-0] <= Recv SSL data, 79 bytes (0x4f)
0000: ...K...G0E. s...1...b...D..>.P.^..p]2......5.!......Qh.K........
0040: .a..$...85.<.~.
18:20:34.469882 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
18:20:34.470004 [0-0] <= Recv SSL data, 5 bytes (0x5)
0000: ....E
18:20:34.470104 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=69) -> 69, err=0
18:20:34.470201 [0-0] <= Recv SSL data, 1 bytes (0x1)
0000: .
18:20:34.470279 [0-0] == Info: TLSv1.3 (IN), TLS handshake, Finished (20):
18:20:34.470362 [0-0] <= Recv SSL data, 52 bytes (0x34)
0000: ...03..g..g.V4l]..X. O.N'.P...)..2a.mb..3.. V..&p...
18:20:34.470557 [0-0] => Send SSL data, 5 bytes (0x5)
0000: .....
18:20:34.470663 [0-0] == Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
18:20:34.470789 [0-0] => Send SSL data, 1 bytes (0x1)
0000: .
18:20:34.470930 [0-0] => Send SSL data, 5 bytes (0x5)
0000: ....E
18:20:34.471012 [0-0] => Send SSL data, 1 bytes (0x1)
0000: .
18:20:34.471095 [0-0] == Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
18:20:34.471181 [0-0] => Send SSL data, 52 bytes (0x34)
0000: ...0%.~....f#p..=......O."....T%{..D..El..F8.r0.._..
18:20:34.471370 [0-0] == Info: [SSL] ossl_bio_cf_out_write(len=80) -> 80, err=0
18:20:34.471572 [0-0] == Info: SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey
18:20:34.471731 [0-0] == Info: ALPN: server accepted h2
18:20:34.471807 [0-0] == Info: Server certificate:
18:20:34.471895 [0-0] == Info: subject: CN=my.domain.tld
18:20:34.472028 [0-0] == Info: start date: May 15 06:20:06 2025 GMT
18:20:34.472120 [0-0] == Info: expire date: Aug 13 06:20:05 2025 GMT
18:20:34.472221 [0-0] == Info: subjectAltName: host "my.domain.tld" matched cert's "my.domain.tld"
18:20:34.472395 [0-0] == Info: issuer: C=US; O=Let's Encrypt; CN=E5
18:20:34.472504 [0-0] == Info: SSL certificate verify ok.
18:20:34.472617 [0-0] == Info: Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
18:20:34.472837 [0-0] == Info: Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
18:20:34.473055 [0-0] == Info: Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
18:20:34.473256 [0-0] == Info: [SSL] cf_connect() -> 0, done=1
18:20:34.473353 [0-0] == Info: [HTTPS-CONNECT] connect+handshake h2: 33ms, 1st data: 21ms
18:20:34.473514 [0-0] == Info: [HTTP/2] [0] created h2 session
18:20:34.473630 [0-0] == Info: [HTTP/2] [0] -> FRAME[SETTINGS, len=18]
18:20:34.473755 [0-0] == Info: [HTTP/2] [0] -> FRAME[WINDOW_UPDATE, incr=1048510465]
18:20:34.473891 [0-0] == Info: [HTTP/2] cf_connect() -> 0, 1,
18:20:34.473969 [0-0] == Info: [HTTPS-CONNECT] connect -> 0, done=1
18:20:34.474064 [0-0] == Info: Connected to my.domain.tld(x.x.x.x) port 443
18:20:34.474190 [0-0] == Info: using HTTP/2
18:20:34.474273 [0-0] == Info: [HTTP/2] [1] OPENED stream for https://my.domain.tld:443/standalone-signaling/api/v1/welcome
18:20:34.474484 [0-0] == Info: [HTTP/2] [1] [:method: GET]
18:20:34.474566 [0-0] == Info: [HTTP/2] [1] [:scheme: https]
18:20:34.474654 [0-0] == Info: [HTTP/2] [1] [:authority: my.domain.tld]
18:20:34.474786 [0-0] == Info: [HTTP/2] [1] [:path: /standalone-signaling/api/v1/welcome]
18:20:34.474916 [0-0] == Info: [HTTP/2] [1] [user-agent: curl/8.12.1]
18:20:34.475008 [0-0] == Info: [HTTP/2] [1] [accept: */*]
18:20:34.475095 [0-0] == Info: [HTTP/2] [1] submit -> 135, 0
18:20:34.475180 [0-0] == Info: [HTTP/2] [1] -> FRAME[HEADERS, len=74, hend=1, eos=1]
18:20:34.475314 [0-0] => Send SSL data, 5 bytes (0x5)
0000: .....
18:20:34.475410 [0-0] => Send SSL data, 1 bytes (0x1)
0000: .
18:20:34.475551 [0-0] == Info: [SSL] ossl_bio_cf_out_write(len=169) -> 169, err=0
18:20:34.475661 [0-0] == Info: [HTTP/2] [0] egress: wrote 147 bytes
18:20:34.475769 [0-0] == Info: [HTTP/2] [1] cf_send(len=135) -> 135, 0, eos=1, h2 windows 65535-65535 (stream-conn), buffers 0-0 (stream-conn)
18:20:34.476025 [0-0] => Send header, 135 bytes (0x87)
0000: GET /standalone-signaling/api/v1/welcome HTTP/2
0031: Host: my.domain.tld
005f: User-Agent: curl/8.12.1
0078: Accept: */*
0085:
18:20:34.476429 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
18:20:34.476560 [0-0] <= Recv SSL data, 5 bytes (0x5)
0000: ....J
18:20:34.476693 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=74) -> 74, err=0
18:20:34.476819 [0-0] <= Recv SSL data, 1 bytes (0x1)
0000: .
18:20:34.477038 [0-0] == Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
18:20:34.477115 [0-0] <= Recv SSL data, 57 bytes (0x39)
0000: ...5....I`............ 8~..u.....Oc..x.b..z..1./;l.......
18:20:34.477391 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
18:20:34.477539 [0-0] <= Recv SSL data, 5 bytes (0x5)
0000: ....J
18:20:34.477673 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=74) -> 74, err=0
18:20:34.477786 [0-0] <= Recv SSL data, 1 bytes (0x1)
0000: .
18:20:34.477911 [0-0] == Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
18:20:34.478044 [0-0] <= Recv SSL data, 57 bytes (0x39)
0000: ...5......sq.......... .W..E..<.......=.:J<......g.1*<b..
18:20:34.478292 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
18:20:34.478399 [0-0] <= Recv SSL data, 5 bytes (0x5)
0000: ....9
18:20:34.478506 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=57) -> 57, err=0
18:20:34.478624 [0-0] <= Recv SSL data, 1 bytes (0x1)
0000: .
18:20:34.478715 [0-0] == Info: [SSL] cf_recv(len=16384) -> 40, 0
18:20:34.478806 [0-0] == Info: [HTTP/2] [0] ingress: read 40 bytes
18:20:34.478922 [0-0] == Info: [HTTP/2] [0] <- FRAME[SETTINGS, len=18]
18:20:34.479032 [0-0] == Info: [HTTP/2] [0] MAX_CONCURRENT_STREAMS: 128
18:20:34.479132 [0-0] == Info: [HTTP/2] [0] ENABLE_PUSH: TRUE
18:20:34.479218 [0-0] == Info: [HTTP/2] [0] notify MAX_CONCURRENT_STREAMS: 128
18:20:34.479334 [0-0] == Info: [HTTP/2] [1] DRAIN select_bits=1
18:20:34.479448 [0-0] == Info: [HTTP/2] [0] <- FRAME[WINDOW_UPDATE, incr=2147418112]
18:20:34.479583 [0-0] == Info: [HTTP/2] [0] progress ingress: inbufg=0
18:20:34.479701 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
18:20:34.479793 [0-0] <= Recv SSL data, 5 bytes (0x5)
0000: .....
18:20:34.479897 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=26) -> 26, err=0
18:20:34.480040 [0-0] <= Recv SSL data, 1 bytes (0x1)
0000: .
18:20:34.480104 [0-0] == Info: [SSL] cf_recv(len=16384) -> 9, 0
18:20:34.480202 [0-0] == Info: [HTTP/2] [0] ingress: read 9 bytes
18:20:34.480324 [0-0] == Info: [HTTP/2] [0] <- FRAME[SETTINGS, ack=1]
18:20:34.480426 [0-0] == Info: [HTTP/2] [0] progress ingress: inbufg=0
18:20:34.480526 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
18:20:34.480602 [0-0] <= Recv SSL data, 5 bytes (0x5)
0000: ....t
18:20:34.480683 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=372) -> 372, err=0
18:20:34.480813 [0-0] <= Recv SSL data, 1 bytes (0x1)
0000: .
18:20:34.480850 [0-0] == Info: [SSL] cf_recv(len=16384) -> 355, 0
18:20:34.480955 [0-0] == Info: [HTTP/2] [0] ingress: read 355 bytes
18:20:34.481078 [0-0] <= Recv header, 13 bytes (0xd)
0000: HTTP/2 200
18:20:34.481187 [0-0] == Info: [WRITE] cw_out, wrote 13 header bytes -> 13
18:20:34.481298 [0-0] == Info: [WRITE] download_write header(type=c, blen=13) -> 0
18:20:34.481384 [0-0] == Info: [WRITE] client_write(type=c, len=13) -> 0
18:20:34.481480 [0-0] == Info: [HTTP/2] [1] local window update by 10420224
18:20:34.481588 [0-0] == Info: [HTTP/2] [1] status: HTTP/2 200
18:20:34.481695 [0-0] <= Recv header, 15 bytes (0xf)
0000: server: nginx
18:20:34.481817 [0-0] == Info: [WRITE] header_collect pushed(type=1, len=15) -> 0
18:20:34.481917 [0-0] == Info: [WRITE] cw_out, wrote 15 header bytes -> 15
18:20:34.482003 [0-0] == Info: [WRITE] download_write header(type=4, blen=15) -> 0
18:20:34.482124 [0-0] == Info: [WRITE] client_write(type=4, len=15) -> 0
18:20:34.482227 [0-0] == Info: [HTTP/2] [1] header: server: nginx
18:20:34.482325 [0-0] <= Recv header, 37 bytes (0x25)
0000: date: Fri, 23 May 2025 18:20:34 GMT
18:20:34.482469 [0-0] == Info: [WRITE] header_collect pushed(type=1, len=37) -> 0
18:20:34.482595 [0-0] == Info: [WRITE] cw_out, wrote 37 header bytes -> 37
18:20:34.482715 [0-0] == Info: [WRITE] download_write header(type=4, blen=37) -> 0
18:20:34.482855 [0-0] == Info: [WRITE] client_write(type=4, len=37) -> 0
18:20:34.482959 [0-0] == Info: [HTTP/2] [1] header: date: Fri, 23 May 2025 18:20:34 GMT
18:20:34.483116 [0-0] <= Recv header, 47 bytes (0x2f)
0000: content-type: application/json; charset=utf-8
18:20:34.483264 [0-0] == Info: [WRITE] header_collect pushed(type=1, len=47) -> 0
18:20:34.483396 [0-0] == Info: [WRITE] cw_out, wrote 47 header bytes -> 47
18:20:34.483520 [0-0] == Info: [WRITE] download_write header(type=4, blen=47) -> 0
18:20:34.483656 [0-0] == Info: [WRITE] client_write(type=4, len=47) -> 0
18:20:34.483774 [0-0] == Info: [HTTP/2] [1] header: content-type: application/json; charset=utf-8
18:20:34.483920 [0-0] <= Recv header, 20 bytes (0x14)
0000: content-length: 66
18:20:34.484055 [0-0] == Info: [WRITE] header_collect pushed(type=1, len=20) -> 0
18:20:34.484170 [0-0] == Info: [WRITE] cw_out, wrote 20 header bytes -> 20
18:20:34.484273 [0-0] == Info: [WRITE] download_write header(type=4, blen=20) -> 0
18:20:34.484402 [0-0] == Info: [WRITE] client_write(type=4, len=20) -> 0
18:20:34.484522 [0-0] == Info: [HTTP/2] [1] header: content-length: 66
18:20:34.484631 [0-0] <= Recv header, 16 bytes (0x10)
0000: via: 1.1 Caddy
18:20:34.484724 [0-0] == Info: [WRITE] header_collect pushed(type=1, len=16) -> 0
18:20:34.484842 [0-0] == Info: [WRITE] cw_out, wrote 16 header bytes -> 16
18:20:34.484954 [0-0] == Info: [WRITE] download_write header(type=4, blen=16) -> 0
18:20:34.485065 [0-0] == Info: [WRITE] client_write(type=4, len=16) -> 0
18:20:34.485191 [0-0] == Info: [HTTP/2] [1] header: via: 1.1 Caddy
18:20:34.485305 [0-0] <= Recv header, 205 bytes (0xcd)
0000: x-spreed-signaling-features: audio-video-permissions, dialout, f
0040: ederation, hello-v2, incall-all, join-features, mcu, offer-codec
0080: s, recipient-call, simulcast, switchto, transient-data, update-s
00c0: dp, welcome
18:20:34.485786 [0-0] == Info: [WRITE] header_collect pushed(type=1, len=205) -> 0
18:20:34.485928 [0-0] == Info: [WRITE] cw_out, wrote 205 header bytes -> 205
18:20:34.486061 [0-0] == Info: [WRITE] download_write header(type=4, blen=205) -> 0
18:20:34.486198 [0-0] == Info: [WRITE] client_write(type=4, len=205) -> 0
18:20:34.486317 [0-0] == Info: [HTTP/2] [1] header: x-spreed-signaling-features: audio-video-permissions, dialout, federation, hello-v2, incall-all, join-features, mcu, offer-codecs, recipient-call, simulcast, switchto, transient-data, update-sdp, welcome
18:20:34.486742 [0-0] <= Recv header, 73 bytes (0x49)
0000: strict-transport-security: max-age=15768000; includeSubdomains;
0040: preload
18:20:34.486985 [0-0] == Info: [WRITE] header_collect pushed(type=1, len=73) -> 0
18:20:34.487127 [0-0] == Info: [WRITE] cw_out, wrote 73 header bytes -> 73
18:20:34.487235 [0-0] == Info: [WRITE] download_write header(type=4, blen=73) -> 0
18:20:34.487370 [0-0] == Info: [WRITE] client_write(type=4, len=73) -> 0
18:20:34.487475 [0-0] == Info: [HTTP/2] [1] header: strict-transport-security: max-age=15768000; includeSubdomains; preload
18:20:34.487634 [0-0] == Info: [HTTP/2] [1] <- FRAME[HEADERS, len=271, hend=1, eos=0]
18:20:34.487758 [0-0] <= Recv header, 2 bytes (0x2)
0000:
18:20:34.487846 [0-0] == Info: [WRITE] header_collect pushed(type=1, len=2) -> 0
18:20:34.487971 [0-0] == Info: [WRITE] cw_out, wrote 2 header bytes -> 2
18:20:34.488080 [0-0] == Info: [WRITE] download_write header(type=4, blen=2) -> 0
18:20:34.488202 [0-0] == Info: [WRITE] client_write(type=4, len=2) -> 0
18:20:34.488325 [0-0] <= Recv data, 66 bytes (0x42)
0000: {"nextcloud-spreed-signaling":"Welcome","version":"2.0.2~docker"
0040: }.
{"nextcloud-spreed-signaling":"Welcome","version":"2.0.2~docker"}
18:20:34.488564 [0-0] == Info: [WRITE] cw_out, wrote 66 body bytes -> 66
18:20:34.488685 [0-0] == Info: [WRITE] download_write body(type=1, blen=66) -> 0
18:20:34.488828 [0-0] == Info: [WRITE] client_write(type=1, len=66) -> 0
18:20:34.488931 [0-0] == Info: [WRITE] xfer_write_resp(len=66, eos=0) -> 0
18:20:34.489039 [0-0] == Info: [HTTP/2] [1] <- FRAME[DATA, len=66, eos=0, padlen=0]
18:20:34.489172 [0-0] == Info: [HTTP/2] [1] DATA, window=66/10485760
18:20:34.489259 [0-0] == Info: [HTTP/2] [0] progress ingress: inbufg=0
18:20:34.489352 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=5) -> 5, err=0
18:20:34.489458 [0-0] <= Recv SSL data, 5 bytes (0x5)
0000: .....
18:20:34.489561 [0-0] == Info: [SSL] ossl_bio_cf_in_read(len=26) -> 26, err=0
18:20:34.489678 [0-0] <= Recv SSL data, 1 bytes (0x1)
0000: .
18:20:34.489762 [0-0] == Info: [SSL] cf_recv(len=16384) -> 9, 0
18:20:34.489859 [0-0] == Info: [HTTP/2] [0] ingress: read 9 bytes
18:20:34.489956 [0-0] == Info: [HTTP/2] [1] <- FRAME[DATA, len=0, eos=1, padlen=0]
18:20:34.490090 [0-0] == Info: [HTTP/2] [1] DATA, window=66/10485760
18:20:34.490174 [0-0] == Info: [HTTP/2] [1] CLOSED
18:20:34.490246 [0-0] == Info: [HTTP/2] [1] DRAIN select_bits=1
18:20:34.490355 [0-0] == Info: [HTTP/2] [0] progress ingress: inbufg=0
18:20:34.490473 [0-0] == Info: [HTTP/2] [1] DRAIN select_bits=1
18:20:34.490547 [0-0] == Info: [HTTP/2] [0] progress ingress: done
18:20:34.490649 [0-0] == Info: [HTTP/2] [1] returning CLOSE
18:20:34.490742 [0-0] == Info: [HTTP/2] handle_stream_close -> 0, 0
18:20:34.490847 [0-0] == Info: [HTTP/2] [0] -> FRAME[SETTINGS, ack=1]
18:20:34.490955 [0-0] => Send SSL data, 5 bytes (0x5)
0000: .....
18:20:34.491049 [0-0] => Send SSL data, 1 bytes (0x1)
0000: .
18:20:34.491156 [0-0] == Info: [SSL] ossl_bio_cf_out_write(len=31) -> 31, err=0
18:20:34.491218 [0-0] == Info: [HTTP/2] [0] egress: wrote 9 bytes
18:20:34.491321 [0-0] == Info: [HTTP/2] [1] cf_recv(len=102400) -> 0 0, window=-1/-1, connection 1048575934/1048576000
18:20:34.491512 [0-0] == Info: abort upload
18:20:34.491578 [0-0] <= Recv data, 0 bytes (0x0)
18:20:34.491646 [0-0] == Info: [WRITE] download_write body(type=81, blen=0) -> 0
18:20:34.491769 [0-0] == Info: [WRITE] client_write(type=81, len=0) -> 0
18:20:34.491869 [0-0] == Info: [WRITE] xfer_write_resp(len=0, eos=1) -> 0
18:20:34.491962 [0-0] == Info: [WRITE] cw-out is notpaused
18:20:34.492035 [0-0] == Info: [WRITE] cw-out done
18:20:34.492115 [0-0] == Info: [READ] client_reset, clear readers
18:20:34.492240 [0-0] == Info: Connection #0 to host my.domain.tld left intact
My reverse Proxy settings are the following:
The nexcloud-aio-talk logs show this:
++ hostname -i
++ head -1
++ grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+'
+ IPv4_ADDRESS_TALK_RELAY=172.25.0.3
++ dig nextcloud-aio-talk IN A +short +search
++ grep '^[0-9.]\+$'
++ sort
++ head -n1
+ IPv4_ADDRESS_TALK=172.25.0.3
++ dig nextcloud-aio-talk AAAA +short +search
++ grep '^[0-9a-f:]\+$'
++ ++ head -n1
sort
+ IPv6_ADDRESS_TALK=
+ set +x
+ IP_BINDING=::
+ grep -q 1 /sys/module/ipv6/parameters/disable
+ grep -q 1 /proc/sys/net/ipv6/conf/all/disable_ipv6
+ IP_BINDING=0.0.0.0
+ set +x
Exec: /opt/eturnal/erts-15.1.2/bin/erlexec -noinput +Bd -boot /opt/eturnal/releases/1.12.1/start -mode embedded -boot_var SYSTEM_LIB_DIR /opt/eturnal/lib -config /opt/eturnal/releases/1.12.1/sys.config -args_file /opt/eturnal/releases/1.12.1/vm.args -erl_epmd_port 3470 -start_epmd false -- foreground
Root: /opt/eturnal
/opt/eturnal
Janus version: 1301 (1.3.1)
Janus commit: 8d4a7b1e162ffb0cee5968184c07abaa301162e4
Compiled on: Fri May 2 12:45:53 UTC 2025
Logger plugins folder: /usr/local/lib/janus/loggers
---------------------------------------------------
Starting Meetecho Janus (WebRTC Server) v1.3.1
---------------------------------------------------
Checking command line arguments...
Debug/log level is 3
Debug/log timestamps are disabled
Debug/log colors are disabled
[WARN] Janus is deployed on a private address (172.25.0.3) but you didn't specify any STUN server! Expect trouble if this is supposed to work over the internet and not just in a LAN...
[35] 2025/05/23 15:59:36.711979 [INF] Starting nats-server
[35] 2025/05/23 15:59:36.712034 [INF] Version: 2.11.3
[35] 2025/05/23 15:59:36.712038 [INF] Git: [a82cfda]
[35] 2025/05/23 15:59:36.712041 [INF] Name: NBTS42LPLOG5U66UXEUP6J2VTWVXILP7XDYJQ54I2M4S7KUGXP3HQCXX
[35] 2025/05/23 15:59:36.712045 [INF] ID: NBTS42LPLOG5U66UXEUP6J2VTWVXILP7XDYJQ54I2M4S7KUGXP3HQCXX
[35] 2025/05/23 15:59:36.712062 [INF] Using configuration file: /etc/nats.conf (sha256:bfa0xxxxxxxxxxxxx)
[35] 2025/05/23 15:59:36.716753 [INF] Listening for client connections on 127.0.0.1:4222
[35] 2025/05/23 15:59:36.716771 [INF] Server is ready
[35] 2025/05/23 15:59:36.717165 [WRN] Failed to set GOMAXPROCS: open /sys/fs/cgroup/cpu/cpu.cfs_quota_us: no such file or directory
[WARN] libcurl not available, Streaming plugin will not have RTSP support
[WARN] libogg not available, Streaming plugin will not have file-based Opus streaming
[WARN] No Unix Sockets server started, giving up...
[WARN] The 'janus.transport.pfunix' plugin could not be initialized
main.go:162: Starting up version 2.0.2~docker/go1.23.5 as pid 36
main.go:171: Using a maximum of 4 CPUs
natsclient.go:104: Connection established to nats://127.0.0.1:4222 (NBTS42LPLOG5U66UXEUP6J2VTWVXILP7XDYJQ54I2M4S7KUGXP3HQCXX)
grpc_common.go:176: WARNING: No GRPC server certificate and/or key configured, running unencrypted
grpc_common.go:178: WARNING: No GRPC CA configured, expecting unencrypted connections
backend_storage_static.go:73: Backend backend-1 added for https://my.domain.de/
hub.go:224: Using a maximum of 8 concurrent backend connections per host
hub.go:231: Using a timeout of 10s for backend connections
hub.go:264: No trusted proxies configured, only allowing for [127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16]
hub.go:306: Not using GeoIP database
mcu_common.go:110: Maximum bandwidth 1048576 bits/sec per publishing stream
mcu_common.go:117: Maximum bandwidth 2097152 bits/sec per screensharing stream
mcu_janus.go:161: Using a timeout of 10s for MCU requests
mcu_janus.go:342: Connected to Janus WebRTC Server 1.3.1 by Meetecho s.r.l.
mcu_janus.go:350: Found JANUS VideoRoom plugin 0.0.10 by Meetecho s.r.l.
mcu_janus.go:355: Data channels are supported
mcu_janus.go:359: Full-Trickle is enabled
mcu_janus.go:366: Created Janus session 6598672678717755
mcu_janus.go:373: Created Janus handle 6952686614333319
main.go:303: Using janus MCU
hub.go:411: Using a timeout of 10s for MCU requests
backend_server.go:114: No IPs configured for the stats endpoint, only allowing access from 127.0.0.1
main.go:384: Listening on 0.0.0.0:8081
client.go:355: Client from x.x.x.x has RTT of 43 ms (43.776853ms)
Steps to replicate it (hint: details matter!):
- install Nextcloud AIO on Synology DSM
- try to open a chat within the webinterface
Log entries
Nextcloud
The Nextcloud log shows nothing except entries that mention other parts of Nextcloud like
"Failed to get notes folder for user sys: Notizen is not a folder"
Web Browser
The chrome console shows a lot of errors. I think it might be this, but I am lost if I have to solve this:
signaling.js:1068 Could not connect to server using backend url https://my.domain.tld/ocs/v2.php/apps/spreed/api/v3/signaling/backend {id: '1', type: 'error', error: {…}}
hs.Standalone.helloResponseReceived @ signaling.js:1068
(anonymous) @ signaling.js:750
signaling.js:638 Reconnect in 805.933985015647
signaling.js:803 Ignore unknown error {id: '1', type: 'error', error: {…}}
(anonymous) @ signaling.js:803
Hier sieht man noch mehr details
Configuration
Nextcloud
The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):
{
"system": {
"one-click-instance": true,
"one-click-instance.user-limit": 100,
"memcache.local": "\\OC\\Memcache\\APCu",
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": true
}
],
"check_data_directory_permissions": false,
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 6379
},
"overwritehost": "MY.DOMAIN.DE",
"overwriteprotocol": "https",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"MY.DOMAIN.DE"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "31.0.5.1",
"overwrite.cli.url": "https:\/\/MY.DOMAIN.DE\/",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"updatedirectory": "\/nc-updater",
"loglevel": 1,
"app_install_overwrite": [
"nextcloud-aio"
],
"log_type": "file",
"logfile": "\/var\/www\/html\/data\/nextcloud.log",
"log_rotate_size": 10485760,
"log.condition": {
"apps": [
"admin_audit"
]
},
"preview_max_x": 2048,
"preview_max_y": 2048,
"jpeg_quality": 60,
"enabledPreviewProviders": {
"1": "OC\\Preview\\Image",
"2": "OC\\Preview\\MarkDown",
"3": "OC\\Preview\\MP3",
"4": "OC\\Preview\\TXT",
"5": "OC\\Preview\\OpenDocument",
"6": "OC\\Preview\\Movie",
"7": "OC\\Preview\\Krita",
"0": "OC\\Preview\\Imaginary",
"23": "OC\\Preview\\ImaginaryPDF"
},
"enable_previews": true,
"upgrade.disable-web": true,
"mail_smtpmode": "smtp",
"trashbin_retention_obligation": "auto, 30",
"versions_retention_obligation": "auto, 30",
"activity_expire_days": 30,
"simpleSignUpLink.shown": false,
"share_folder": "\/Shared",
"one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
"upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
"maintenance_window_start": 100,
"allow_local_remote_servers": true,
"davstorage.request_timeout": 3600,
"documentation_url.server_logs": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/5425",
"htaccess.RewriteBase": "\/",
"dbpersistent": false,
"auth.bruteforce.protection.enabled": true,
"ratelimit.protection.enabled": true,
"files_external_allow_create_new_local": false,
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
"preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
"mail_smtpsecure": "ssl",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpauth": true,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
}
}
Apps
The output of occ app:list (if possible).
Enabled:
- activity: 4.0.0
- admin_audit: 1.21.0
- bruteforcesettings: 4.0.0
- calendar: 5.2.4
- circles: 31.0.0
- cloud_federation_api: 1.14.0
- comments: 1.21.0
- contacts: 7.1.1
- contactsinteraction: 1.12.0
- dashboard: 7.11.0
- dav: 1.33.0
- deck: 1.15.1
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- nextcloud-aio: 0.7.0
- nextcloud_announcements: 3.0.0
- notes: 4.12.0
- notifications: 4.0.0
- notify_push: 1.1.0
- oauth2: 1.19.1
- onlyoffice: 9.8.0
- password_policy: 3.0.0
- photos: 4.0.0-dev.1
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- recommendations: 4.0.0
- related_resources: 2.0.0
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- spreed: 21.0.4
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- tasks: 0.16.1
- text: 5.0.0
- theming: 2.6.1
- twofactor_backupcodes: 1.20.0
- twofactor_totp: 13.0.0-dev.0
- user_status: 1.11.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- whiteboard: 1.0.5
- workflowengine: 2.13.0
Disabled:
- app_api: 5.0.2 (installed 5.0.2)
- encryption: 2.19.0
- files_external: 1.23.0
- suspicious_login: 9.0.1
- twofactor_nextcloud_notification: 5.0.0
- user_ldap: 1.22.0