Nextcloud high-performance backend server (external signaling server)

I use nextcloud AIO docker image with reverse proxy. How can i make “High-performance backend server” (external signaling server) for nextcloud talk?
Nextcloud AIO v7.2.1

Hi, the external signaling server is automatically included in AIO.

Thanks for your answer. But when i turn on automatically included “High-performance backend server” my nextcloud talk is not working with “Failed to establish signaling connection” error.
And I can’t connect to this automatically included address.

See How to debug problems with Collabora and/or Talk · nextcloud/all-in-one · Discussion #1358 · GitHub

Step curl -vvv https://$NC_DOMAIN:443/standalone-signaling/api/v1/welcome

curl -vvv https://$NC_DOMAIN:443/standalone-signaling/api/v1/welcome

  • processing: https:// $NC_DOMAIN:443/standalone-signaling/api/v1/welcome
  • Trying…
  • Connected to $NC_DOMAIN ( port 443
  • ALPN: offers h2,http/1.1
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: none
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
  • ALPN: server did not agree on a protocol. Uses default.
  • Server certificate:
  • subject:
  • start date: Sep 4 11:17:23 2023 GMT
  • expire date: Dec 3 11:17:22 2023 GMT
  • subjectAltName: host “$NC_DOMAIN” matched cert’s “$NC_DOMAIN
  • issuer: C=US; O=Let’s Encrypt; CN=R3
  • SSL certificate verify ok.
  • using HTTP/1.x

GET /standalone-signaling/api/v1/welcome HTTP/1.1
User-Agent: curl/8.2.1
Accept: /

  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
    < HTTP/1.1 200 OK
    < content-length: 94
    < content-type: application/json; charset=utf-8
    < date: Fri, 27 Oct 2023 06:21:18 GMT
    < server: Caddy
    < server: nextcloud-spreed-signaling/12de5a9b71afef06eaf171099712ef0a5f6ca0c4
    < x-spreed-signaling-features: audio-video-permissions, hello-v2, incall-all, mcu, simulcast, switchto, transient-data, update-sdp, welcome
    < strict-transport-security,max-age=31536000,includesubdomains,: preload
    < strict-transport-security,max-age=31536000,includesubdomains,: preload
  • Connection #0 to host $NC_DOMAIN left intact

and logs:


capabilities.go:151: Capabilities expired for https://$NC_DOMAIN/ocs/v2.php/cloud/capabilities, updating
capabilities.go:248: Could not get capabilities for https://$NC_DOMAIN/ocs/v2.php/apps/spreed/api/v3/signaling/backend: Get “https://$NC_DOMAIN/ocs/v2.php/cloud/capabilities”: net/http: HTTP/1.x transport connection broken: malformed MIME header line: strict-transport-security,max-age=31536000,includesubdomains,: preload
client.go:284: Client from has RTT of 4 ms (4.819095ms)

I see. Can you follow

Yes, i use --env APACHE_PORT=11000 and --env APACHE_IP_BINDING=, output from my haproxy after nc -z localhost 11000; echo $? is 0 and etc.
Everything works fine if i disable high-performance backend server in nextcloud settings by clicking on a trash can. But it says that “Please note that in calls with more than 4 participants without external signaling server, participants can experience connectivity issues and cause high load on participating devices”. That’s why i think i need it.

Did you make sure that the reverse proxy config is up-to-date with the one in the docs?

It looks very similar. You mean that my problem is in my haproxy?

Yes I think so. Did you enable websocket connections for example?