Nextcloud + Collabora without NAT Loopback?

Isaiah_Mallard · August 25, 2016, 11:06pm

I recently went about the process of integrating Collabora w/ my apache hosted Nextcloud setup. After 3 days of troubleshooting a connection issue, I remembered that Xfinity’s routers no longer allow for Nat Loopback. This means I must use something pointing to a local ip in order for Collabora to work. Usually this would be fine for personal use, but I require the Collabora setup for a group project.

Is there anyway I can work around this? I can get the suite to work by having hosts file point my 2 sub domains to the server’s local ip. However, Collabora seems to serve a local ip back when it’s time to load a document.

Nextcloud Config

 <IfModule mod_ssl.c>
Alias /nextcloud "/var/www/nextcloud/"

<VirtualHost *:443>
  ServerName nextcloud.example.xyz
  ServerAlias nextcloud.example.xyz
  ServerAdmin xyzxyz@exmple.com
  DocumentRoot /var/www/nextcloud/
SSLEngine On
SSLCertificateFile /etc/letsencrypt/~~~
SSLCertificateKeyFile /etc/letsencrypt/~~~
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

<Directory /var/www/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All
  Allow from all

<IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/nextcloud
 SetEnv HTTP_HOME /var/www/nextcloud
</Directory>

</IfModule>

Office Config

<VirtualHost *:443>
  ServerName office.example.xyz:443

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/~~~
  SSLCertificateChainFile /etc/letse~~~
  SSLCertificateKeyFile /etc/letsencrypt/~~
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes On

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://office.example.xyz:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://office.example.xyz:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://office.example.xyz:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://office.example.xyz:9980/hosting/discovery

  # Main websocket
  ProxyPass   /lool/ws      wss://office.example.xyz:9980/lool/ws

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://office.example.xyz:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://office.example.xyz:9980/lool
  ProxyPassReverse    /lool https://office.example.xyz:9980/lool
</VirtualHost>

hosts

127.0.0.1       office.example.xyz
127.0.0.1       nextcloud.example.xyz

Note: Freedns points to my domains public IP

godfuture · September 1, 2016, 10:57am

This is a DNS issue. The domain that you try to connect is returning your external IP. In order to be able to reach your Apache server, your DNS server has to reply with the local IP.

What can you do? The easiest solution is the modify your host file. This will solve the problem on your local computer. If you want to solve it in a more generic way, you need to setup your own DNS and redirect the domain to local IP. You might then share this custom DNS with your custom DHCP.

DNS and DHCP configuration is not really complex, presupposed you are working with IPv4 and your router allows custom DNS rules. Both points were not given in my case. I have a consumer router at home that I cannot get rid of due to several reasons. If this is also the case for you, you might disable the DHCP on your router and use a computer or semi professional router instead. Don’t forget that you might flash other firmwares on certain routers. My Linksys E2500 is supported by TomatoUSB. It turned my old rig into something really capable (e.g. custom DHCPv4 and DNSv4).

Good luck.