Hi,
I’m trying to install Collabora Online with docker collabora/code (3.0) using the official instructions of Nextcloud & Collabora Office.
I have the next infraestucture:
- Nextcoud (12.04) in Debian 9 (LXC over Proxmox) with ip 192.168.5.14
- collabora/code (3.0 over docker) in Linux Mint 18.3 Sylvia with ip 192.168.5.17
I have followed the next steps of instalation for collabora/code (taking into account that i already had nextcloud installed):
- docker pull collabora/code
- docker run -t -d -p 0.0.0.0:9980:9980 -e ‘domain=cloud\.mydomain\.foo’ --restart always --cap-add MKNOD collabora/code (ion this case, I said to the container to listen in all interfaces because my nextcoud other host)
- I create certificate with “sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt”
- I active the Apache required modules “sudo a2enmod proxy proxy_wstunnel proxy_http ssl”
- I create the Apache virtualhost for collabora with next sintax (and restart apache):
<VirtualHost *:443>
ServerName 192.168.5.14:443
ErrorLog /var/log/apache2/collabora-ssl_error.log
CustomLog /var/log/apache2/collabora-ssl_access.log combined
= # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
=# SSLCertificateChainFile /path/to/intermediate_certificate
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
=# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
=# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
=# keep the host
ProxyPreserveHost On
=# static html, js, images, etc. served from loolwsd
=# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet …127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet …127.0.0.1:9980/loleaflet
…
I know that I am using an IP as a ServerName “ServerName 192.168.5.14:443” in the virtualhost (I think it is valid), because I think it is not necessary go out from de LAN in order to communicate between nextcloud -> collabora.
In this steep I try open a file in nextcoud and I obtain the next error:
Internal Server Error
The server has encountered an error and can not complete the request.
Please contact the server administrator if this error reappears multiple times. Also include the technical details shown below.
More details can be seen in the server log.
Technical details
_ Remote address: 93.59.45.238_
_ Application ID: 6uEBzGEOBq9bCXVT3Vp6_
And in log I find this:
Error richdocuments GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: self signed certificate in certificate chain
Then, I’m going to check the paths in the browser:
- 192.168.5.17 - - [23/Dec/2017:12:19:46 +0100] “GET /loleaflet HTTP/1.1” 404 380 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”
- 192.168.5.17 - - [23/Dec/2017:12:25:25 +0100] “GET /lool/adminws HTTP/1.1” 500 1011 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”
- 192.168.5.17 - - [23/Dec/2017:12:37:43 +0100] “GET /lool HTTP/1.1” 400 337 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”
- 192.168.5.17 - - [23/Dec/2017:12:39:05 +0100] “GET /hosting/discovery HTTP/1.1” 200 3740 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0”
Apart from not understanding why I get these errors, I have a conclusion that I don’t know if it is correct:
If the container has a web server inside & nextcloud communicates with collabora without a public domain it is not necessary Apache as a proxy server.
Maybe the problem is in raise the container in 0.0.0.0 interfaces ?
Maybe it can be other ?
I am really overwhelmed with this topic & I would be very gratefull for your help.
Thank you,
Jon.