[SOLVED] Can link Nextcloud with Collabora with IP adress not with domaine name

ā„¹ļø Support šŸ“„ Collabora
1

Hello !

This is my first post, so, if I do something wrong, I would be happy to know it. :wink:
Iā€™m glad to have a fresh Nextcloud Up and running since 2 days !!!
BUT I have an issue with Collaboraā€¦

System information :

Centos 8
Apache 2.4.37
Nextcloud 18.0.4
Collabora/CODE 4.2.2

Problem :

When I try to connect to Collabora at https://office.mydomain.com/hosting/discovery/ whith a curl(from the server) or my navigator, this is WORKING.

When I try to connect Nextcloud to Collabora with https://office.mydomain.com, this is NOT WORKING, the only error have got is a TIMEOUT, nothing happen on the docker.

I added my IP adress in my proxy configuration and when I try to connect Nextcloud at Collabora with https://MY.EXTERNAL.IP.ADRESS, this is WORKING !

So I can lunch Collabora, but, obviously I have an issue with the certificate. I know a workaround for that, so I can use IT !

This is nice, after around 10 hours of trial and failure, now I would like to understand :

Why this is working with my external IP and not with my domain name ???

  • I would like to not have to use any workaround and have optimal functioningā€¦

Thanks for your reading !

2

office.apache.conf
<VirtualHost *:443>
ServerName office.mydomain.com:443
ServerName MY.EXTERNAL.IP.ADRESS

# SSL configuration
SSLEngine on
SSLCertificateFile /etc/letsencrypt/cert.pem
SSLCertificateChainFile /etc/letsencrypt/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/privkey.pem
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-$
SSLHonorCipherOrder     on

# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode

# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

# keep the host
ProxyPreserveHost On

# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

# WOPI discovery URL
ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery$
ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1/lool/$1/ws nocanon

# Admin Console websocket
ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

# Download as, Fullscreen presentation and Image upload operations
ProxyPass           /lool https://127.0.0.1:9980/lool
ProxyPassReverse    /lool https://127.0.0.1:9980/lool

# Endpoint with information about availability of various features
ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabi$
ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabi$
</VirtualHost>
3

How I run my docker
sudo docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=cloud\\.MYDOMAIN\\.COM|MY\\.EXTERNAL\\.IP\\.ADRESS' --restart always --cap-add MKNOD collabora/code

Error From NextCloud when I try to connect Nextcloud to Collabora with domain name
GuzzleHttp\Exception\ConnectException: cURL error 28: Resolving timed out after 5000 milliseconds (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
url : ā€œhttps://office.mydomain.com/hosting/discovery/ā€

4

I think your configuration is kind of messed up.

Your ServerName has two definitions ā€“ I donā€™t know a lot about apache but is that valid?

Remove the ServerName MY.EXTERNAL.IP.ADRESS and restart apache.

Can you ping office.mydomain.com?

5

This is a configuration error. See documentation:

http://httpd.apache.org/docs/2.2/mod/core.html#ServerName

For accessing via external IP, in many setups this wonā€™t work at all because most routers wonā€™t do hairpin routing (which is a silly thing anyway). What you need to do here is set up split-horizon DNS with that DNS on your LAN will resolve to LAN IPs instead of the external IP.

One other suggestion, you might consider setting up a reverse proxy vhost for Collabora so you can easily get a Letā€™s Encrypt cert.

6

Hello, thanks for your answer @kevdog
I added a second ServerName because this wasnā€™t working with the first one.

I tested again without the second one and still the same TimeOut.

Yes, I can even connect my navigator with the domain name :wink:

7

Hello @KarlF12,

I know it should not have two ServerName, but this is the only way itā€™s working for now with the external ip.

I donā€™t think I have a DNS problem because I can connect to Collabora server with the domain name with curl (in local) and with the navigator of my computer or my mobile.

I only have a TimeOut with Nextcloud when I use the domain name of Collabora, and i have a Letā€™s Encrypt cert for it :wink:

8

More to the point, you shouldnā€™t have a ServerName that contains an IP. The vhost ServerName doesnā€™t affect Apacheā€™s listening IPs. You should remove this before you continue troubleshooting.

If you run
nslookup office.mydomain.com
do you get the local or external IP?

9

I did :wink:

External

10

Ok, I would not rely on hairpin routing for anything. Most sensible firewalls either donā€™t support it or have it disabled by default.

You should set up a local DNS server with split-horizon for your zone so that the names resolve to the LAN IPs while on your LAN.

11

Do you know how to shell into the nextcloud container?

I believe the command

docker exec -u root -it /bin/bash

I donā€™t know what the nextcloud container uses as its base image (ubuntu/debian), but youā€™ll probably once inside need to do an:

apt update
apt install iputils-ping

This will install ping into the container.

Once you have ping, try to ping collabora either by container name:

ping collabora

if that doesnā€™t work you might have to then install dig or nslookup or similar package and then try to discover why nextcloud container can not see collabora.

Oh and I just read KarlF12 comment - his comment is spot on. You either need a split dns, a dns host override at the router level, or an entry in the /etc/hosts file that will resolve office.mydoimain.com to a local IP address.

12

I was looking to install Bind9 on my server but I told myself that it was a big enterprise when finally the objective was simply to tell the server office.mydomain.com = 127.0.0.1.

So I wondered if adding ā€œ127.0.0.1 office.mydomain.comā€ to /etc/hosts would be enough ā€¦

And YES !!!

So now it works perfectly THANK A LOT :smiley:

Thanks @kevdog itā€™s finally working !

13

Your LAN clients will still be hairpinning to Nextcloud, so you should still consider using local DNS if you run any local server (not just NC).

14

Yes, I agree.
In a real production, I would not have done that, but this server will have no other use. :upside_down_face:

15

@Verthmaz

Iā€™m glad its working for you ā€“ I wouldnā€™t have thought that would have worked but I was sure it was a Domain Name resolution issue. Just curious ā€“ what kind of router are you running?

16

thank you this solved it for me as well! before collabora only worked with it`s internal ip