NGINX reverse proxy: Unauthorized WOPI host

I’m trying to set up Collabora. While the server seems to be running and connected with the collabora app, opening an ods file from nextcloud results in “Unauthorized WOPI host”.

I’m using Nextcloud 17.0.4, Ubuntu 18.04, Docker image collabora/code. Nextcloud is available under domainname.de/owncloud for historical reasons. The docker image is accessible from the outside via domainname.de:449 through an nginx reverse proxy. Subdomains are not possible.

I started the docker image with the following settings:

docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=domainname\\.de/owncloud' --restart always --cap-add MKNOD collabora/code

This is my nginx config:

server {
    listen       449 ssl;
    server_name domainname.de;

    ssl_certificate /etc/letsencrypt/live/domainname.de/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domainname.de/privkey.pem;
    include /etc/nginx/sites-available/sharedssl.conf;

    # static files
    location ^~ /loleaflet {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

Maybe Collabora doesn’t like nextcloud running in a subdirectory like domainname.de/owncloud?

EDIT: My setup wasn’t described very clearly, I apologize for that. Here are some more details: NGINX reverse proxy: Unauthorized WOPI host

my guess it doesn’t like an url as a domain name.

did you try domain=domainname\\.de

I don’t think your domain name is correct

I’m still a little unclear on your setup

Describe your setup a little more
You have an Ubuntu VM running Nextcloud 17.0.4. Are you running Nextcloud from a docker image or did you just install it on the host machine. It looks like you are using nginx on the host machine.

Is your docker collabora running on the same machine as the reverse proxy?
I’m going to guess it is as you’ve bound the image to 127.0.0.1.

I don’t understand how your docker image is available using domainname.de:449, I’m not clear.

Yes, that is the solution if you use a internal collabora server.
When you use a remote collabore server, you have to give also the nextcloud installation and the collabora server location:

'domain=collaboradomain\\.tld|nextclouddomain\\.tld'

That fixed it. Thank you so much!

Sorry if I wasn’t clear enough.

• Ubuntu 18.04 is installed directly on the server SSD (so no VM involved)
• Nextcloud 17.0.4 is directly installed on the Ubuntu host in /var/www/owncloud (historical reasons, I migrated from ownCloud) and it’s Apache http server is accessed via an nginx HTTPS reverse proxy
• Nginx was installed via apt-get on the host
• Collabora is used on the same Ubuntu host via the official docker image
• Collabora is accessed via the same nginx https reverse proxy but on a different port (449) than Nextcloud because I cannot use subdomains

The solution to my problem was this: NGINX reverse proxy: Unauthorized WOPI host