finally I found time and motivation to test Docker network alias feature to avoid network traffic through the internet for communication between Nextcloud and Collabora.
Following instructions describe how to avoid the internet loop and route the traffic straight between Collabora ↔ Reverse Proxy ↔ Nextcloud which should improve your overall experience by removing all the delays from VPN tunnel and additional processing on the VPS
Having a docker network proxy
where all 3 containers are connected to (it is used to publish applications) I added following directive to the compose of reverse proxy container:
networks:
proxy:
aliases:
- collabora.mydomain.tld
- cloud.mydomain.tld
which resulted in curl -v https://collabora.mydomain.tld
and curl -v https://cloud.mydomain.tld
showing the IP address of the reverse proxy… but document edit failed
logs on collabora-online
wsd-00001-00045 2023-12-26 20:40:39.740787 +0100 [ docbroker_003 ] ERR loading document exception: Access denied, 403. WOPI::CheckFileInfo failed on: https://cloud.mydomain.tld//index.php/apps/richdocuments/wopi/files/6106_oc52dthqts8g?access_token=k7zUSGSwky22tcbLigVybQAZcw7vfGX3&access_token_ttl=0&permission=edit| wsd/DocumentBroker.cpp:2631
and cloud
fd00:feed:beef:1::2 - - [26/Dec/2023:19:40:39 +0000] "GET //index.php/apps/richdocuments/wopi/files/6106_oc52dthqts8g?access_token=k7zUSGSwky22tcbLigVybQAZcw7vfGX3&access_token_ttl=0&permission=edit HTTP/1.1" 403 2139 "-" "COOLWSD HTTP Agent 23.05.5.4"
showed the issue fast: CODE was blocked by “allow list for WOPI requests” on NC side - which was not aware of IPv6 addresses I enabled IPv6
Docker IPv6 enabled /etc/docker/daemon.json
(majority of docker installations will run using IPv4-only - which is default - and only require the 172.16.0.0/12 network)
{
"userland-proxy": false,
"ipv6": true,
"fixed-cidr-v6": "fd00:beef:beef::/48",
"experimental": true,
"ip6tables": true
}
adding the respective config
made it work like a charm