Nextcloud Community and Collabora CODE in the same Docker network

ℹ️ Support
, , , , ,
1
Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum (help.nextcloud.com) is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. :heart:

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • 32.0.1
  • Operating system and version (e.g., Ubuntu 24.04):
    • Docker/Linux/Synology
  • Web server and version (e.g, Apache 2.4.25):
    • Apache within commuinity NC container
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • Synology NGINX RP
  • PHP version (e.g, 8.3):
    • 8.3.27
  • Is this the first time you’ve seen this error? (Yes / No):
    • Yes
  • When did this problem seem to first start?
    • at installation
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • Docker Compose
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • no

Summary of the issue you are facing:

I try to set up Nextcloud with basic services inside Docker (AIO is not working for me).

Nextcloud is already up and running, now I added Collabora. The Container is running and prompts that it is ready to accept connections.

When I try to add the office server in the NC admin settings it first gets a green message, that turns into a red message after a few seconds.

Screenshot 2025-11-03 153152
Screenshot 2025-11-03 153152923×509 27.5 KB

Screenshot 2025-11-03 153213
Screenshot 2025-11-03 153213928×469 26 KB

Steps to replicate it (hint: details matter!):

  1. Enter the collabora hostname (collabora container name)

  2. press save

  3. wait

as both containers run in the same docker network, the container is usually accessible via the container name, though I also tried to add the IP of the container and it didn’t work either.

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

none in the logfile, error message in web interface see screenshot above

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

see screeshots above

Configuration

Docker Compose

services:
  mariadb:
    image: mariadb:11.5.2
    container_name: nextcloud_mariadb
    restart: unless-stopped
    networks:
      - nextcloud
    volumes:
      - ./mariadb:/var/lib/mysql
    environment:
      - MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=1

  redis:
    image: redis:alpine
    container_name: nextcloud_redis
    restart: unless-stopped
    command: redis-server --requirepass ***REMOVED SENSITIVE VALUE***
    networks:
      - nextcloud
  
  collabora:
    image: collabora/code:latest
    container_name: collabora
    restart: unless-stopped
    networks:
      - nextcloud
    environment:
      - "dictionaries=en_US,de_DE"
      - "aliasgroup1=https://***REMOVED SENSITIVE VALUE***:443,https://***REMOVED SENSITIVE VALUE***.net:443"
      - "username=***REMOVED SENSITIVE VALUE***"
      - "password=***REMOVED SENSITIVE VALUE***"
      - "extra_params=--o:security.seccomp=false --o:security.capabilities=false --o:ssl.enable=false --o:ssl.termination=true"
  
  nextcloud:
    image: nextcloud:32.0.1
    container_name: nextcloud_app
    depends_on:
      mariadb:
        condition: service_started
      redis:
        condition: service_started
    restart: unless-stopped
    ports:
      - 81:80
    links:
      - mariadb
      - redis
      - collabora
    networks:
      - nextcloud
    volumes: 
      - ./apps:/var/www/html/custom_apps
      - ./config:/var/www/html/config
      - ./data:/var/www/html/data 
      - ./nextcloud:/var/www/html
      - ./themes:/var/www/html/themes/custom
      - /volume1/photo/Test:/test
    environment:
      - PHP_MEMORY_LIMIT=4048M
      - PHP_UPLOAD_LIMIT=4048M
      - TRUSTED_PROXIES=192.168.13.201
      - OVERWRITEHOST=***REMOVED SENSITIVE VALUE***
      - OVERWRITEPROTOCOL=https
      - OVERWRITECLIURL=https://***REMOVED SENSITIVE VALUE***
      - REDIS_HOST=redis
      - REDIS_PORT=6379
      - REDIS_HOST_PASSWORD=***REMOVED SENSITIVE VALUE***

networks:
  nextcloud:
    name: nextcloud
    driver: bridge

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

{
    "system": {
        "htaccess.RewriteBase": "\/",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "overwritehost": "***REMOVED SENSITIVE VALUE***",
        "overwriteprotocol": "https",
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "upgrade.disable-web": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "32.0.1.2",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbtableprefix": "oc_",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "maintenance": false
    }
}

2

please work through collabora integration guide

3

Thank you for the guide. To bad it didn’t show up on my extensive research.

one point dragged my attention

So this means I need to configure a reverse proxy for the collabora container.

Or is it enough to set a domain name and assign a certificate?

If I need a reverse proxy, I’m not entirely sure how to properly set this up? I have an RP server running on the host, that has an RP for the NC container but also some other containers, I have configured.
A container in a bridge network can communicate with the host, if use proxy_pass. Does that mean, I have to set up an RP (nginx container) within the bridge network, that does the proxy_pass?

Or do I set up the RP within the bridge network to handle requests from NC container to Collabora container and the RP on the host handles requests from client to Collabora container?

Sorry if I overcomplicate something that may be trivial but none of the resources I have read, properly explains that topic. Or I don’t see how .

4

you can go this way if you have spare IP/TLS cert..

usually you would place a reverse proxy in front of multiple service you host.. (many reasons exist). for NC and CODE on same server running both behind a RP and do a “shortcut” would avoid traffic loop through the internet resulting in better performance - look at the references of the above guide there are topics/examples for splitbraindns in Docker.

5

I can create a new subdomain and assign a Let’s encrypt cert to it, if that’s what you mean.

So a custom bridge network can use the host DNS for resolving external domains. Can the DNS + the hosts RP be used to access another container in the same bridge network (see image)?

Unbenanntes Diagramm
Unbenanntes Diagramm801×514 26.5 KB

Most probably not, as the RP resolves to localhost: but would need the CODE containers IP.
What if the CODE container runs in a separate bridge network?

usually you would place a reverse proxy in front of multiple service you host.. (many reasons exist).

Well, this is what I currently do with the hosts RP. At least I access different containers, but the shortcut is, what I don’t know how to do yet.

This one doesn’t have a link, or did you mean this one:

Because the second link is a bit vague, or at least I can’t depict a solution for it.

I checked other tutorials and guides, some include an nginx in their docker compose but it listens to 80 and 443 which is already used on the host, also an RP is already in place, handling the other containers and services on the host.
Other guides just use a domain for their docker container but don’t state how the domain is resolved or they don’t use a bridge network.

6

this one is the closest to your requirement.

doesn’t look complete for me.. using a dns might result in issues - I never find motivation to troubleshoot but from my experience docker container on same host can’t talk to each other using external networking - probably one has to adopt iptable rules.. but maybe it works if reverse proxy runs on a separate host. your drawing would result in Nextcloud accessing CODE through hosts network (NC -> Docker Network -> host network -> reverse proxy -> CODE)

I would describe more like this

flowchart LR

router_firewall[router_firewall<br>port forward<br>external:443 to server:443]

subgraph internal_network
  clientint(inside client)
  clientint-- https:// nextcloudurl<br>192.168.1.24:443 -->RP;
  clientint-- https:// collaboraurl<br>192.168.1.24:443 -->RP;
  Collabora-- https:// nextcloudurl -->RP;
  Nextcloud-- https:// collaboraurl -->RP;
  dnsint[pihole, adGuard, etc.]
  subgraph server
	  RP(reverse proxy<br>container<br>expose:443)
		Nextcloud(Nextcloud<br>container)
		Collabora(Collabora<br>container)

	end
end
clientint-- dns:nextcloudurl -->dnsint;
clientint-- dns:collaboraurl -->dnsint;
dnsint-- ip:192.168.1.24 -->clientint;

router_firewall-- tcp/443 -->RP;
RP-- plain http -->Nextcloud
RP-- plain http -->Collabora

the solution in Probably DNS help with NC Docker + Collabora + Wireguard tunnel - #5 by wwe shows the case NC, CODE and ReverseProxy run on the same docker host and NC and CODE can reach reverse proxy using the respective URL - adopt to your needs.

7

So Docker is supposed to make things easier but in that case it seems to add more complexity. Setting up CODE for the NC instance running on the hosts webserver was easier and straight forward.
In your diagram, internal_network is a docker network right? How would other containers be handled? If the RP runs as a container in a bridge network he wouldn’t be able to handle containers running in other bridge networks.

In that case it seems easier to run the NC container in the docker host network and run all other services in the bridge network behind an RP.

I’d like to know how others are handling that, I mean there are dozens of tutorials, most of them act like there is only NC + Services running on docker and the RP only has to handle them. Or the guides set things up in a bridge network without properly explaining how domains get resolved.