I use nextcloud AIO docker image with reverse proxy. How can i make “High-performance backend server” (external signaling server) for nextcloud talk?
Nextcloud AIO v7.2.1
Hi, the external signaling server is automatically included in AIO.
Thanks for your answer. But when i turn on automatically included “High-performance backend server” my nextcloud talk is not working with “Failed to establish signaling connection” error.
And I can’t connect to this automatically included address.
See How to debug problems with Collabora and/or Talk · nextcloud/all-in-one · Discussion #1358 · GitHub
Step curl -vvv https://$NC_DOMAIN:443/standalone-signaling/api/v1/welcome
curl -vvv https://$NC_DOMAIN:443/standalone-signaling/api/v1/welcome
- processing: https:// $NC_DOMAIN:443/standalone-signaling/api/v1/welcome
- Trying xxx.xxx.xxx.xxx:443…
- Connected to $NC_DOMAIN (xxx.xxx.xxx.xxx) port 443
- ALPN: offers h2,http/1.1
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- CAfile: /etc/ssl/certs/ca-certificates.crt
- CApath: none
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
- TLSv1.3 (IN), TLS handshake, Certificate (11):
- TLSv1.3 (IN), TLS handshake, CERT verify (15):
- TLSv1.3 (IN), TLS handshake, Finished (20):
- TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
- TLSv1.3 (OUT), TLS handshake, Finished (20):
- SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
- ALPN: server did not agree on a protocol. Uses default.
- Server certificate:
- subject: CN=domain.com
- start date: Sep 4 11:17:23 2023 GMT
- expire date: Dec 3 11:17:22 2023 GMT
- subjectAltName: host “$NC_DOMAIN” matched cert’s “$NC_DOMAIN”
- issuer: C=US; O=Let’s Encrypt; CN=R3
- SSL certificate verify ok.
- using HTTP/1.x
GET /standalone-signaling/api/v1/welcome HTTP/1.1
Host: $NC_DOMAIN
User-Agent: curl/8.2.1
Accept: /
- TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
- TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
- old SSL session ID is stale, removing
< HTTP/1.1 200 OK
< content-length: 94
< content-type: application/json; charset=utf-8
< date: Fri, 27 Oct 2023 06:21:18 GMT
< server: Caddy
< server: nextcloud-spreed-signaling/12de5a9b71afef06eaf171099712ef0a5f6ca0c4
< x-spreed-signaling-features: audio-video-permissions, hello-v2, incall-all, mcu, simulcast, switchto, transient-data, update-sdp, welcome
< strict-transport-security,max-age=31536000,includesubdomains,: preload
< strict-transport-security,max-age=31536000,includesubdomains,: preload
<
{“nextcloud-spreed-signaling”:“Welcome”,“version”:“12de5a9b71afef06eaf171099712ef0a5f6ca0c4”} - Connection #0 to host $NC_DOMAIN left intact
and logs:
Logs
capabilities.go:151: Capabilities expired for https://$NC_DOMAIN/ocs/v2.php/cloud/capabilities, updating
capabilities.go:248: Could not get capabilities for https://$NC_DOMAIN/ocs/v2.php/apps/spreed/api/v3/signaling/backend: Get “https://$NC_DOMAIN/ocs/v2.php/cloud/capabilities”: net/http: HTTP/1.x transport connection broken: malformed MIME header line: strict-transport-security,max-age=31536000,includesubdomains,: preload
client.go:284: Client from xxx.xxx.xxx.xxx has RTT of 4 ms (4.819095ms)
I see. Can you follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things?
Yes, i use --env APACHE_PORT=11000 and --env APACHE_IP_BINDING=0.0.0.0, output from my haproxy after nc -z localhost 11000; echo $? is 0 and etc.
Everything works fine if i disable high-performance backend server in nextcloud settings by clicking on a trash can. But it says that “Please note that in calls with more than 4 participants without external signaling server, participants can experience connectivity issues and cause high load on participating devices”. That’s why i think i need it.
Did you make sure that the reverse proxy config is up-to-date with the one in the docs?
It looks very similar. You mean that my problem is in my haproxy?
Yes I think so. Did you enable websocket connections for example?