Nextcloud in Docker with Collabora Code

Hi,

i have a functional Nextcloud installation with Docker and want to use Collabora Online with builtin Code App and Office App.

So i installed both. If i try to open a document, i only get an error: “cant open document”

If i go in the settings of Office and swap between own and builtin code i get this message: “should be the same protocoll”

My Nextcloud Server is http with overrideprotocol to https, cause i use a reverse proxy and the passwords app doesnt work without https override. For the builtin Code i cant set anything like this.

How i can solve it?
i wont use certificate rollout from my reverse proxy.

Thanks

It looks built-in CODE doesn’t take into account tweaks applied to NC… somebody reported this issue shortly (don’t have the reference handy)…

I have no good hint for built-in CODE… as your are using Docker and Reverse Proxy you could easily setup regular Docker CODE image which is more mature in my eyes. And you definitely have little more control over moving parts of the installation.

Take a look here for example with docker and traefik - should be not hard to adopt for other RP.

I wrote a guide based on Apache reverse proxy you can try if you want. It’s for a little bit older version but still mostly accurate.

I created the docker now and added collabora code in my compose. the envs i edit:

  collabora:
    image: collabora/code

    restart: unless-stopped
    networks:
      - nextcloud
    ports:
      - "127.0.0.1:9980:9980"
    extra_hosts:
      - "cloud.domain:10.0.0.41"
      - "office.domain:10.0.0.41"
    environment:
      - 'domain=cloud.domain'
      - 'dictionaries=de'
    cap_add:
      - MKNOD
    tty: true

The Docker is not reachable with http and https.

grafik878×600 11.8 KB

Docker is running, no errors in log.

grafik1297×167 21.8 KB

What could be wrong?

Thanks

with this directive you configure the port :9980 to listen only on ip 127.0.0.1. most likely you want

    ports:
      - "9980:9980"

this directive is outdated (use for CODE up to 6.4) newer CODE versions don’t require this config for single-server installations and only need aliasgroup if multiple clouds access a single CODE server

Ok. i only followed the howto. i change it. Locally it now works on https:

i added this on collabora too:

      - "extra_params=--o:ssl.enable=false  --o:ssl.termination=true"

Over Domain it works too:

But in the Config of Nextcloud it doesnt work:

grafik809×388 16.2 KB

Container Nextcloud App Test:

root@9ae703952336:/var/www/html# curl 10.0.0.41:9980
OK
root@9ae703952336:/var/www/html# curl office.domain
curl: (7) Failed to connect to office.domain port 80: Connection refused
root@9ae703952336:/var/www/html# curl https://office.domain
curl: (7) Failed to connect to office.domain port 443: Connection refused
root@9ae703952336:/var/www/html# curl office.domain:9980
OK
root@9ae703952336:/var/www/html# 

If i change the office ip address in the stack config to my reverse proxy the Nextcloud Settings are fine, but open a document failed

Nginx Config for 443:

upstream office {
 server 10.0.0.41:9980;
}

server {
    listen 443 ssl http2;
	listen   [::]:443 http2;
    server_name office.domain;
    ssl_certificate           /root/.acme.sh/office.domain/fullchain.cer; 
    ssl_certificate_key       /root/.acme.sh/office.domain/office.domain.key;


    ssl_protocols  TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;
	client_max_body_size 20000m;
    fastcgi_buffer_size 4k;
	fastcgi_buffers 64 4k;
    fastcgi_hide_header X-Powered-By;

    access_log            /var/log/nginx/office-access.log adv;
    error_log            /var/log/nginx/office-error.log notice;

location ~ / {
    proxy_pass https://office;
    proxy_set_header Host $http_host;
#    proxy_set_header Upgrade $http_upgrade;
#    proxy_set_header Connection "upgrade";
#    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#    proxy_set_header User-Agent $http_user_agent;
#	proxy_hide_header Upgrade;
#	proxy_ssl_verify off;

	}
}

Collabora integration with reverse proxy works like shown in this drawing

image929×314 26.1 KB

as I get from previous post

• assume connection from client to Nextcloud works (https://cloud.domain)
• connection from client to Collabora works (https://office.domain)
• connection from Nextcloud to Collabora doesn’t work
• connection from Collabora to Nextcloud not tested so far

For some reason communication from Nextcloud to Collabora doesn’t work. There might be different reasons e.g. missing/bad DNS resolution, routing or firewall issues or untrusted certificate (from NCs point of view).

PS: it’s more or less pointless to verify connections to the IP and port 9980 - this connection don’t happen in real life and only may help you to troubleshoot. please focus on required connection to https://office.domain and https://cloud.domain obviously both on port 443

Okay, if i want to do it like the picture, i need to use the reverse proxy ip on the compose file, cause the containers are on another vm and only communicate in http.

if i do that:
extra_hosts:
- “cloud.domain:10.0.0.7”
- “office.domain:10.0.0.7”

the Setting in Nextcloud is “OK” but only nginx access log notice the “save” and Test.

On the log of the office container i dont get any entries.
Nginx:
site=“office.domain” server=“office.domain dest_port=“443” dest_ip=“10.0.0.7” src=“10.0.0.41” src_ip=“10.0.0.41” user=”-" time_local=“07/Nov/2022:11:51:13 +0100” protocol=“HTTP/1.1” status=“200” bytes_out=“526” http_user_agent=“Nextcloud Server Crawler” nginx_version=“1.14.2” http_x_forwarded_for=“-” http_x_header=“-” uri_query=“-” uri_path=“/hosting/capabilities” http_method=“GET” response_time=“0.012” cookie=“-” request_time=“0.011”

But i cant open documents. The Accesslog of office doesnt tell me more, the cloud access log is not useful.

Curl:

root@5d65b90847b2:/var/www/html# curl office.domain
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
root@5d65b90847b2:/var/www/html# curl https://office.domain
OK
root@5d65b90847b2:/var/www/html# 

With https in the console of nextcloud container i get a Ok. Only with hostname i get nginx 301, its port 80.

you are getting closer. Please run and post the tests I asked before (see troubleshooting guide referred above for details).

I dont find a solution. I have no idea, how i can solve this. I tried, the config except the traefik is identical… but it doesnt work.

well this is likely the reason you post here. but in order to help you all the volunteers here need you to provide informations what is going wrong. in this case run some commands and describe the output.

pro hint: running curl with -v provides more verbose output (see manpage).

Try to add RootCa to nextcloud.

sudo nano nextcloud/resources/config/ca-bundle.crt

Append at bottom.

Also, try setting the Debug level of logging, otherwise you won’t see much.

And one more thing, if you started collabora with ssl.enabled=false and termination you have to have http://office in your nginx conf.

Where is the RootCA in the collabora container? i dont find the file.

nginx config is already http and correct.

Curl from Nextcloud app Container to Collabora Container:

curl -v https://office.domain
*   Trying 10.0.0.40:443...
* Connected to office.domain (10.0.0.40) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=office.domain
*  start date: Nov  7 06:23:40 2022 GMT
*  expire date: Feb  5 06:23:39 2023 GMT
*  subjectAltName: host "office.domain" matched cert's "office.domain"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55645fe7e2c0)
> GET / HTTP/2
> Host: office.domain
> user-agent: curl/7.74.0
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
< server: nginx/1.14.2
< date: Wed, 09 Nov 2022 06:18:02 GMT
< content-type: 10
< content-length: 2
< last-modified: Wed, 09 Nov 2022 06:18:02
< 
* Connection #0 to host office.domain left intact

Collabora to Cloud:

cool@96120713b535:/$ curl -v https://cloud.domain
* Rebuilt URL to: https://cloud.domain/
*   Trying 10.0.0.40...
* TCP_NODELAY set
* Connected to cloud.domain (10.0.0.40) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=cloud.domain
*  start date: Oct  9 21:00:07 2022 GMT
*  expire date: Jan  7 21:00:06 2023 GMT
*  subjectAltName: host "cloud.domain" matched cert's "cloud.domain"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x561e7064f620)
> GET / HTTP/2
> Host: cloud.domain
> User-Agent: curl/7.58.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200 
< server: nginx/1.14.2
< date: Wed, 09 Nov 2022 06:20:16 GMT
< content-type: text/html; charset=utf-8
< content-length: 156
< referrer-policy: no-referrer
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< x-permitted-cross-domain-policies: none
< x-robots-tag: none
< x-xss-protection: 1; mode=block
< last-modified: Sun, 30 Oct 2022 09:59:22 GMT
< etag: "9c-5ec3d8b94dfde"
< accept-ranges: bytes
< vary: Accept-Encoding
< 
<!DOCTYPE html>
<html>
<head>
        <script> window.location.href="index.php"; </script>
        <meta http-equiv="refresh" content="0; URL=index.php">
</head>
</html>
* Connection #0 to host cloud.domain left intact

The “Extra Hosts” Settings go to my Reverse Proxy at the moment.
10.0.0.40 is my Reverse Proxy
10.0.0.41 is my Docker Server with Nextcloud and Collabora

Compose:

version: '2'

volumes:
  nextcloud:
  db:

networks:
 nextcloud:

services:
  db:
    image: mariadb:10.5
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
      - /opt/portainer/nextcloud/mariaconf:/etc/mysql/conf.d
      - /etc/localtime:/etc/localtime:ro
    networks:
      - nextcloud
    environment:
      - MYSQL_ROOT_PASSWORD=Secret
      - MYSQL_PASSWORD=Secret
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nc
  redis:
    image: redis
    restart: always
    command: redis-server --requirepass Secret
    networks:
      - nextcloud
  app:
    image: c-lab-nextcloud:latest
    restart: always
    ports:
      - 12003:80
    links:
      - db
    volumes:
      - nextcloud:/var/www/html
      - /opt/portainer/nextcloud/data:/var/www/html/data
      - /etc/localtime:/etc/localtime:ro
    networks:
      - nextcloud
    extra_hosts:
      - "office.domain:10.0.0.40"
    environment:
      - MYSQL_PASSWORD=Secret
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nc
      - MYSQL_HOST=db
      - PHP_MEMORY_LIMIT=4G
      - PHP_UPLOAD_LIMIT=20G
      - REDIS_HOST_PASSWORD=Secret

    depends_on:
      - db
      - redis
  collabora:
    image: collabora/code

    restart: unless-stopped
    networks:
      - nextcloud
    ports:
      - "9980:9980"
    extra_hosts:
      - "cloud.domain:10.0.0.40"
      - "office.domain:10.0.0.40"
    environment:
      - "extra_params=--o:ssl.enable=false  --o:ssl.termination=true"
      - 'dictionaries=de_DE'
    cap_add:
      - MKNOD
    tty: true

Nginx Settings:
Cloud:

upstream nextcloud {
 server 10.0.0.41:12003 max_fails=1 fail_timeout=10;
}

server {
    listen 443 ssl http2;
	listen   [::]:443 http2;
    server_name cloud.domain;
    ssl_certificate           /root/.acme.sh/cloud.domain/fullchain.cer; 
    ssl_certificate_key       /root/.acme.sh/cloud.domain/cloud.domain.key;

	# Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;


    ssl_protocols  TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;
	client_max_body_size 20000m;
    fastcgi_buffer_size 4k;
	fastcgi_buffers 64 4k;
    fastcgi_hide_header X-Powered-By;

    access_log            /var/log/nginx/cloud-access.log adv;
    error_log            /var/log/nginx/cloud-error.log notice;

location ~ / {
    proxy_pass http://nextcloud;
    proxy_set_header Host $server_name;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header User-Agent $http_user_agent;
	proxy_hide_header Upgrade;
	proxy_ssl_verify off;

	
	
	    #proxy_send_timeout 180s;
	    #proxy_read_timeout 180s;

  
		proxy_ssl_session_reuse off;
		proxy_max_temp_file_size 0;
	}

    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
    location = / {
        if ( $http_user_agent ~ ^DavClnt ) {
            return 302 /remote.php/webdav/$is_args$args;
        }
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }




    location ^~ /.well-known {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.
		
		location = /.well-known/carddav { return 301 /remote.php/dav/; }
        location = /.well-known/caldav  { return 301 /remote.php/dav/; }
		location = /.well-known/webfinger { return 301 /index.php/webfinger; }
        location = /.well-known/nodeinfo  { return 301 /index.php/nodeinfo; }
        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
	}

#location ~ ^(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) {}

    # Rules borrowed from `.htaccess` to hide certain paths from clients
#    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
#    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }

}

 

Office:

upstream office {
 server 10.0.0.41:9980;
}

server {
    listen 443 ssl http2;
	listen   [::]:443 http2;
    server_name office.domain;
    ssl_certificate           /root/.acme.sh/office.domain/fullchain.cer; 
    ssl_certificate_key       /root/.acme.sh/office.domain/office.domain.key;

    ssl_protocols  TLSv1.2;
#    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#    ssl_prefer_server_ciphers on;
#	client_max_body_size 20000m;
#    fastcgi_buffer_size 4k;
#	fastcgi_buffers 64 4k;
#    fastcgi_hide_header X-Powered-By;

    access_log            /var/log/nginx/office-access.log adv;
    error_log            /var/log/nginx/office-error.log notice;

location ~ / {
    proxy_pass http://office;
#    proxy_set_header Host $http_host;
#    proxy_set_header Upgrade $http_upgrade;
#    proxy_set_header Connection "upgrade";
#    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#    proxy_set_header User-Agent $http_user_agent;
#	proxy_hide_header Upgrade;
#	proxy_ssl_verify off;

	}
}

NonSSL conf of nextcloud and office are identical except the servername, logpath and return 301

server {
	listen 80;
	listen   [::]:80;
	server_name office.domain;
	client_max_body_size 20m;
	access_log            /var/log/nginx/office-access.log adv;
	error_log            /var/log/nginx/office-error.log notice;

    location /.well-known {
     root /var/www/letsencrypt;
    }    

    location / {
    return 301 https://office.domain$request_uri
;	}
}

Cloud Office Setting

If i click the save button nginx office log:

site="office.domain" server="office.domain� dest_port="443" dest_ip="10.0.0.40" src="10.0.0.41" src_ip="10.0.0.41" user="-" time_local="09/Nov/2022:07:31:05 +0100" protocol="HTTP/1.1" status="200" bytes_out="526" http_user_agent="Nextcloud Server Crawler" nginx_version="1.14.2" http_x_forwarded_for="-" http_x_header="-" uri_query="-" uri_path="/hosting/capabilities" http_method="GET" response_time="0.004" cookie="-" request_time="0.000" 

No Logentry in collabora container. Last Log 5 o Clock AM:

2022-11-09T05:00:04.277457846Z sh: 1: /usr/bin/coolmount: Operation not permitted

If i want to open a Document:

No logs on cloud, nginx or collabora while opening.

Ah, it was nightmare for me to setup this too.

Feel free to take a look here. This ansible script might not work for you, however all the config is there.

Also, when you henerate certs, you habe to sign them with rootCa and if you geberated rootCa by yourself nextcloud and collabora page won’t load, at least for me. So i had to introduce that to nextcloud. In the container it is at /var/www/html/nextcloud I think.

In the first Config File Collabora has “dont gen ssl cert” env.

I think here is the Cert.

cool@96120713b535:/etc$ cd coolwsd/
cool@96120713b535:/etc/coolwsd$ ls
ca-chain.cert.pem cert.pem coolkitconfig.xcu coolwsd.xml key.pem proof_key proof_key.pub
cool@96120713b535:/etc/coolwsd$ ls -ltra
total 72
-rw-r–r-- 1 root root 9156 Oct 20 09:00 coolkitconfig.xcu
drwxr-xr-x 1 root root 4096 Nov 8 18:52 …
-rw-r–r-- 1 cool cool 399 Nov 8 18:52 proof_key.pub
-rw------- 1 cool cool 1679 Nov 8 18:52 proof_key
-rw-r–r-- 1 cool cool 1326 Nov 8 18:56 ca-chain.cert.pem
-rw------- 1 cool cool 1679 Nov 8 18:56 key.pem
-rw-r–r-- 1 cool cool 1196 Nov 8 18:56 cert.pem
-rw-r----- 1 cool cool 26448 Nov 8 18:56 coolwsd.xml
drwxr-xr-x 1 cool cool 4096 Nov 8 18:56 .
cool@96120713b535:/etc/coolwsd$

But i dont use Certs on both Docker, only the Nginx Reverse Proxy has Certs.

looks like network connection between both components works…

NC and Collabora containers print most important logs to docker stdout - please review with docker logs <containername>

Please open browser dev tools (F12) and check what happens when you try to open the document, in parallel collect container logs (maybe increasing logs level helps)… some requests going to both systems are expected… I don’t post everything only the most interesting requests (in my eyes):

1. client receives a token used by Collabora to access the document:

2. inside of the cloud session client talks with Collabora
   

3. Collabora access a URL of the cloud like (from cloud docker logs)

172.21.0.2 - - [09/Nov/2022:08:19:47 +0000] "GET /index.php/apps/richdocuments/wopi/files/128686_oc52dthqts8g?access_token=hAgGp4xVJQYx3FWp11YljfPo4Q07eNRI&access_token_ttl=1668017986000 HTTP/1.1" 200 2735 "-" "COOLWSD HTTP Agent 22.05.7.3"
172.21.0.2 - - [09/Nov/2022:08:19:47 +0000] "GET /index.php/apps/richdocuments/wopi/files/128686_oc52dthqts8g/contents?access_token=hAgGp4xVJQYx3FWp11YljfPo4Q07eNRI&access_token_ttl=1668017986000 HTTP/1.1" 200 12067 "-" "COOLWSD HTTP Agent 22.05.7.3"

4. nothing from interest visible in default Collabora output (–o:logging.level=warning) you might want to increase log level with --o:logging.level=debug

screenshots and logs are from different attempts bare with me if tokens don’t match.

You must see all this requests on you reverse proxy as well…

NC and Collabora containers print most important logs to docker stdout - please review with docker logs <containername>

I use Portainer to monitore my Container and the Log in Portainer is the docker log.

While opening the Document

grafik1676×115 7.79 KB

Security Message: Ein Fehler trat auf: SSL_ERROR_BAD_CERT_DOMAIN

Thats not correct i think:

I copied the Link. https://office/ get my browser. I think this is not correct. (I only edit cloudaddress in this link)
https://office/browser/b639546/cool.html?WOPISrc=https%3A%2F%2Fcloud.domain%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F21288_ocxhj39jv7tr&title=Netzplan.xlsx&lang=de&closebutton=1&revisionhistory=1

No Log in Collabora (10:30 i opened the Document)

wsd-00001-00028 2022-11-09 09:24:57.734503 +0000 [ prisoner_poll ] TRC  ppoll start, timeoutMicroS: 5000000 size 2| net/Socket.cpp:337
wsd-00001-00001 2022-11-09 09:24:57.734547 +0000 [ coolwsd ] INF  WSD initialization complete: setting log-level to [warning] as configured.| wsd/COOLWSD.cpp:5269
Ready to accept connections on port 9980.

I only see the requests in the cloud-access Log in Nginx. Office Log nothing, Docker Logs nothing. Nextcloud docker Log only one entry while click on the file in webgui.

Moment! The Link is not complete https:/office.

My Nginx Config may wrong.
He got only host, not server name.
So i edit the Config:

location ~ / {
    proxy_pass http://office;
    proxy_set_header Host $server_name;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header User-Agent $http_user_agent;
	proxy_hide_header Upgrade;

Now i get this while opening:

The link is identical:

I dont see only one token (nextcloud log while open the file) but i cant compare, cause the office log is empty

I get this Errors in the Browser:

grafik912×628 10.7 KB

And this:

grafik1347×439 6.97 KB

could be the reason.

take a look at the XML doc you get from https://office.domain/hosting/discovery you will see something

image778×112 8.34 KB

if you don’t see full name there your Collabora container is not aware of it’s public DNS name and generates wrong URLs… please double check you docker-compose config:

    environment:
      - VIRTUAL_HOST=${COLLABORA_FQDN}

VIRTUAL_HOST describes public domain name the Collabora container (reverse proxy listener)

The discovery looks fine:

grafik1697×482 41.8 KB

This XML file does not appear to have any style information associated with it. The document tree is shown below.

<wopi-discovery>
<net-zone name="external-http">
<!--  Writer documents  -->
<app favIconUrl="https://office.domain/browser/b639546/images/x-office-document.svg" name="writer">
<action default="true" ext="sxw" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="odt" name="edit" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="fodt" name="edit" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<!--  Text template documents  -->
<action default="true" ext="stw" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="ott" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<!--  MS Word  -->
<action default="true" ext="doc" name="edit" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="dot" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<!--  OOXML wordprocessing  -->
<action default="true" ext="docx" name="edit" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="docm" name="edit" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="dotx" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="dotm" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<!--  Others  -->
<action default="true" ext="wpd" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="pdb" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="hwp" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="wps" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="wri" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="lrf" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="mw" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="rtf" name="edit" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="txt" name="edit" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="fb2" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="cwk" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="pages" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="abw" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
<action default="true" ext="602" name="view" urlsrc="https://office.domain/browser/b639546/cool.html?"/>
</app>
<app name="writer-global">

i add VIRTUAL_HOST to the Envionments now for beeing safe. After recreating same issue