Nextcloud/Collabora behind PFsense with SSL Offloading

Ubuntu 18.04 + Apache2 + PHP 7.2 + Nextcloud 16.03 + Collabora (Docker’s Stable) + PFsense 2.4.4 + HAproxy 1.7 + SSL Offloading (3rd Party Wildcard Cert/not Let’sEncrypt)

Hi All,

I struggled my way through getting Nextcloud installed and working with SSL Offloaded to PFsense. However, while trying to follow all the posts/write-ups for integrating Collabora no one seems to be doing it with PFsense and certainly not with 3rd party wildcard certificate. But I am confident someone out there has a similar config and welling to share with me (and others attempting this path) of how they achieved greatness.

Of course, the SSL Offloading can also be achieved with LetsEncrypt on PFsense as well; I just need some insight of how it all should be configured. Like how did you configure the docker container for Collabora and the Apache virtual host configuration? I’ve tried setting the config for HTTP only and commented out the reference to SSL, but got errors when reloading Apache. Do I need still need to load the proxy modules for Apache?

I am using apache reverse proxy and LAN internal connection http instead of https.

collabora/code:4.1-snapshot docker image with


and SSL disable - first line off SSL settings in /etc/loolwsd/loolwsd.xml - and of course based of my config there are apache proxy mods enable. I am using LE Certs.

This config works at me…

ralfi, thanks for responsing. However, I do not exactly understand what you’re trying to say. In regards to the “-o:ssl.enable=false” and “-o:ssl.termination=true” setting, where am I supposed to edit OR add them and where? I’ve extracted the “loolwsd.xml” file from the collabora container and there are no such settings.

To the community and NextCloud Staffers, please read my post and chime in with solutions, if I didn’t provide adequate information, ask and I’ll try to provide. I find it quite very concerning this product has been around for 16 versions (not counting OwnCloud) and there is little information on getting it stood up in a similar scenario as mine.

Hi crazybrain,

you should not be concerned about the fact that there is no solution for your config. IMHO it is not possible to write docs for all configs… And of course sometimes i feel like there is a expectation that if someone ask here there is a solution like “Shift-F7 + Arrow left + 7B28R3 + ESC” and everything works. That’s really impossible…

First of all you should enable de Debug Log Options for all software components (Nextcloud in config/config.php, LOOL/CODE in /etc/loolwsd/loolwsd.xml and of course in apache…) to get a deeper lool what fails. Then - i hope - we are able to find a solution. And of course you can also ask in the chat.

Regards, Ralfi


Obviously, you have nothing to contribute to my inquiry and perhaps should move on to something or someone that values your feedback.

Hi crazybrain,

of course i do that. You have only read the first section of my reply … :wink:


I know that is a " year old post but for the one interested it is possible to do (pf or opnsense), just install haproxy module, then in ha proxy config

  • create real server for collabora and next cloud
  • create backend pool for collabora and next cloud
  • create condition and rule to use the backend pool depending on the subdomain
  • create a public service on 443 that will use the rules (I have also a force htts service on 80)

I have lots of service running like that (nexcloud, collabora, subsonic, transmission … )