[Solved] 502 error with Collabora on Apache


I’ve tried to get Collabora work on Apache for 3 days, following the official guide (https://nextcloud.com/collaboraonline/). I encountered some issues because my self-signed certificates, but I think I managed to get trough.

However, I keep having this error when clicking on the Nextcloud’s app:

Collabora en ligne, erreur inconnue : Server error response [url] https://office.(mydomain)/hosting/discovery [status code] 502 [reason phrase] Proxy Error Merci de contacter l'administrateur de "https://office.(mydomain)".

I’ve triplechecked my virtual host conf file:

<VirtualHost *:443>
ServerName office.(mydomain)
ServerAdmin benoit.reyt@(mydomain)

SSLEngine On
SSLCertificateFile /home/apache2/ssl/office.crt
SSLCertificateKeyFile /home/apache2/ssl/apache.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
# Encoded slashes need to be allowed
AllowEncodedSlashes On

# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
#SSLVerifyClient None

# Keep the host
ProxyPreserveHost On

# Static html, js, images, etc., served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass               /loleaflet retry=0
ProxyPassReverse        /loleaflet

# WOPI discovery URL
ProxyPass               /hosting/discovery retry=0
ProxyPassReverse        /hosting/discovery

# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://$1/ws

# Admin console websocket
ProxyPass               /lool/adminws wss://

# Download as, Fullscreen presentation and Image upload operations
ProxyPass               /lool
ProxyPassReverse        /lool

ErrorLog /var/log/apache2/office-error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel trace6

CustomLog /var/log/apache2/office-access.log combined

It seems to me that it matches the guide…

I only see 4 lines in Apache errors’ log that seem related to the issue:

[proxy_http:error] [pid 28263] (103)Software caused connection abort: [client] AH01102: error reading status line from remote server
[proxy_http:debug] [pid 28263] mod_proxy_http.c(1372): [client] AH01105: NOT Closing connection to client although reading from backend server failed.
[proxy:error] [pid 28263] [client] AH00898: Error reading from remote server returned by /hosting/discovery
[ssl:trace4] [pid 28263] ssl_engine_io.c(2065): [client] OpenSSL: I/O error, 5 bytes expected to read on BIO#80775890 [mem: 80870c6b]

I’ve tried to set up a no-ssl virtual host to “fix” the OpenSSL related line, but the three first lines remained.

When pointing my browser to https://office.(mydomain)/hosting/discovery, the errors seem the same:

Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /hosting/discovery.
Reason: Error reading from remote server

Where may I have to look to debug this?

I have the same exact issue, except I’m using certificate signed by “Let’s Encrypt”. Were you able to resolve it?

Unfortunately not.

As you can see on this thread, it doesn’t seem to be a frequent issue, and I was not able to find anything more helpful around the web.

I tried two ways more:

  • upgrading to Collabora 2;
  • adding my nextcloud and collabora autosigned certs to nextcloud/resources/config/ca-bundle.crt.

But I still got the exact same result.

I can understand there’s an SSL issue, but I’m not skilled enough with SSL and Apache proxying to debug and solve it.

I’m thinking about trying an nginx server…

Actually, I don’t think it’s SSL, unless you have some additional errors related to self-signed cert (but I’m not expert either).
I was able to solve my issue - it was a firewall. I run “shorewall” and it was blocking traffic to/from docker. Docker created its own bridge “docker0” with private IP in 172.xx.xxx.xxx range. I use 192.xxx for my local network. Since 172/docker0 was not recognized as local traffic it was blocked (as it should). Solution was to create policy allowing traffic to/from FW <-> docker.
In case you’re using shorewall, here are the steps (again I’m not expert, so this may not be the best way to fix it):
in interfaces:
dock docker0

in zones add:
dock ipv4

in policy:
dock all ACCEPT

Hope this helps

Many thanks for sharing that.

I’m pretty sure I’m not using any firewall on my server; but I’ll check my interfaces.

Maybe late but I had a functioning collabora/code and some update stopped it from working be it either collabora or nextcloud update i’m not sure.

But as OP posted the virtual host config I noticed some difference which made it work for me.

Maybe someone with a 502 error or the “This is embarrassing” message can confirm this sollution.

in you virtual host file for apache that serves your collabora/code


# Encoded slashes need to be allowed
AllowEncodedSlashes On


# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode


# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://$1/ws


# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://$1/ws nocanon

This loaded my documents again :slight_smile: hope this helps for you too.

1 Like

It finally works!

The main issue was that the Docker’s image was endless restarting, so Collabora wasn’t up. It was because of my 32-bits Ubuntu Server setup! The Collabora image is only meant for 64-bits version.

I had to make a fresh install of Ubuntu Server 16.04.2 LTS, to install the 64-bits Docker’s version, and so Collabora went up. Just had to complete Nextcloud configuration with adding my self-signed CA certificate to Nextcloud’s bundle.

1 Like

yes great to mention it’s only 64 bit. also I think your the first to mention this. this was my first problem as well and for newbies to docker there is no information about the minimum system requirements for collabora/code.

now a days they simply assume everyone is on 64bit. while the 32bit docker happily downloads the collabora/code without error and it looks like its working but never really starts.