Next Cloud AIO - Can't Connect to Signalling Server

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 20.0.5): 28.0.1

The issue you are facing:
Using nextcloud AIO, Unable to connect to next cloud talk when signalling server when high performance backend settings are enabled.
AIO is run behind a an nginx reverse proxy.

Within the nextlcoud talk settings the high performance back end shows:
OK: Running version: 1.2.2~docker.

When visiting the talk page the following error shows: Failed to establish signaling connection. Something might be wrong in the signaling server configuration

Is this the first time you’ve seen this error? (Y/N): Y

Steps to replicate it:

  1. Followed guide to setting up Nextcloud-AIO as a local instance.

The output of your Nextcloud talk log in:

capabilities.go:248: Could not get capabilities for https://domain.tld/ocs/v2.php/apps/spreed/api/v3/signaling/backend: Get “https://domain.tld/ocs/v2.php/cloud/capabilities”: tls: failed to verify certificate: x509: certificate signed by unknown authority

And help would be much appreciated.

Hi, can you follow How to debug problems with Collabora and/or Talk · nextcloud/all-in-one · Discussion #1358 · GitHub?

The output of my curl command form the nextcloud container shows:
curl -vvv https://domain.tld:443/standalone-signaling/api/v1/welcome

  • Host domain.tld:443 was resolved.
  • IPv6: (none)
  • IPv4: 0.0.0.0
  • Trying 0.0.0.0:443…
  • Connected to domain.tld (0.0.0.0) port 443
  • ALPN: curl offers h2,http/1.1
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: /etc/ssl/certs
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
  • ALPN: server accepted http/1.1
  • Server certificate:
  • subject: CN=domain.tld
  • start date: Dec 19 08:32:27 2023 GMT
  • expire date: Dec 19 08:42:27 2025 GMT
  • subjectAltName: host “domain.tld” matched cert’s “domain.tld”
  • issuer: DC=; DC=; DC=; CN=
  • SSL certificate verify ok.
  • Certificate level 0: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
  • Certificate level 1: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
  • using HTTP/1.x

GET /standalone-signaling/api/v1/welcome HTTP/1.1
Host: domain.tld
User-Agent: curl/8.5.0
Accept: /

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
    < HTTP/1.1 200 OK
    < Server: nginx/1.25.3
    < Date: Fri, 05 Jan 2024 14:44:57 GMT
    < Content-Type: application/json; charset=utf-8
    < Content-Length: 66
    < Connection: keep-alive
    < X-Spreed-Signaling-Features: audio-video-permissions, dialout, hello-v2, incall-all, mcu, simulcast, switchto, transient-data, update-sdp, welcome
    <
    {“nextcloud-spreed-signaling”:“Welcome”,“version”:“1.2.2~docker”}
  • Connection #0 to host domain.tld left intact

Hm… Is your client where you open the web interface also able to resolve your domain to point to the correct ip-address inside your lan?

Running the same curl command but from my client I get:
curl -vvv https:/domain.tld:443/standalone-signaling/api/v1/welcome

  • Trying 0.0.0.0:443…
  • Connected to domain.tld (0.0.0.0) port 443
  • ALPN: curl offers h2,http/1.1
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (OUT), TLS alert, unknown CA (560):
  • OpenSSL/3.0.12: error:16000069:STORE routines::unregistered scheme
  • Closing connection
    curl: (35) OpenSSL/3.0.12: error:16000069:STORE routines::unregistered scheme

Looks like you found your problem then