Next Cloud AIO - Can’t Connect to Signalling Server
Hey everyone,
I’m encountering an issue with my Nextcloud All-In-One (AIO) setup using Docker. Specifically, I’m unable to establish a connection to the Nextcloud signalling or Collabora server when trying to use Collabora or Talk within Nextcloud.
I suspect the problem might be with my reverse proxy configuration. Here’s what I have currently:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl;
server_name nc.domain.de;
ssl_certificate /path/to/nc.domain.de.crt;
ssl_certificate_key /path/to/nc.domain.de.key;
location / {
proxy_pass http://127.0.0.1:11000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
A bit about my setup: I’m running two reverse proxies in my network. One is the Microsoft Remote Web Applications Proxy, and the other is Nginx on the machine hosting the AIO setup to ensure the encrypted traffic between the AIO and the first reverse Proxy.
My etc/hosts
#127.0.0.1 localhost
#127.0.1.1 rz-nextcloud
127.0.0.1 nc.domain.de
127.0.1.1 nc.domain.de
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Ports are forwarded in my router.
curl -vvv https://$NC_DOMAIN:443/standalone-signaling/api/v1/welcome
* Host nc.domain.de:443 was resolved.
* IPv6: (none)
* IPv4: 127.0.0.1, 127.0.1.1
* Trying 127.0.0.1:443...
* connect to 127.0.0.1 port 443 from 127.0.0.1 port 53616 failed: Connection refused
* Trying 127.0.1.1:443...
* connect to 127.0.1.1 port 443 from 127.0.0.1 port 60252 failed: Connection refused
* Failed to connect to nc.domain.de port 443 after 2 ms: Couldn't connect to server
* Closing connection
curl: (7) Failed to connect to nc.domain.de port 443 after 2 ms: Couldn't connect to server
I’ve been troubleshooting this for a while now, but haven’t had any luck. Any insights or suggestions would be greatly appreciated.
Thanks in advance for your help!
Thanks for the quick answer, i already saw this guide and worked with. I ended up with the problem that my hosts file contains the domain what shouldent be there. (I missread that)
But it havent changed anything.
After removing the ip-address from your host file, can you run the mentioned command again and post its output here?
sudo docker exec -it nextcloud-aio-nextcloud bash
9aea24f805cc:/var/www/html# curl -vvv https://$NC_DOMAIN:443/standalone-signaling/api/v1/welcome
* Host nc.domain.de:443 was resolved.
* IPv6: (none)
* IPv4: 46.35.35.239
* Trying 46.35.35.239:443...
* Connected to nc.domain.de (46.35.35.239) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: CN=*.domain.de
* start date: Dec 27 00:00:00 2023 GMT
* expire date: Dec 30 23:59:59 2024 GMT
* subjectAltName: host "nc.domain.de" matched cert's "*.domain.de"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=GeoTrust TLS RSA CA G1
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
> GET /standalone-signaling/api/v1/welcome HTTP/1.1
> Host: nc.domain.de
> User-Agent: curl/8.5.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/1.1 200 OK
< Content-Length: 66
< Content-Type: application/json; charset=utf-8
< Server: nginx/1.18.0 (Ubuntu) Microsoft-HTTPAPI/2.0
< X-Spreed-Signaling-Features: audio-video-permissions, dialout, hello-v2, incall-all, mcu, simulcast, switchto, transient-data, update-sdp, welcome
< Date: Thu, 14 Mar 2024 13:47:35 GMT
<
{"nextcloud-spreed-signaling":"Welcome","version":"1.2.3~docker"}
* Connection #0 to host nc.domain.de left intact
Looks good to me. Have you enabled websocket support in your reverse proxy?
Like this? It was whole time in the nginx conf
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
.......
# Websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
following is the webapplicationproxy settings from the gui (i dont know if i am able to set more with the powershell)
Set-WebApplicationProxyApplication -BackendServerUrl 'https://192.168.120.244/' -ExternalCertificateThumbprint 'xxx' -EnableHTTPRedirect:$true -ExternalUrl 'https://nc.domain.de/' -Name 'RZ-Nextcloud' -ID 'xxx'
Turn-Server is available now too, I just replaced the ´´´nc.domain.de:3478´´´ with my public ip:port
Problem with the Talk application still there. Will post updates here in the next few days/weeks.
