[SOLVED] Can link Nextcloud with Collabora with IP adress not with domaine name

Hello !

This is my first post, so, if I do something wrong, I would be happy to know it. :wink:
I’m glad to have a fresh Nextcloud Up and running since 2 days !!!
BUT I have an issue with Collabora…

System information :

Centos 8
Apache 2.4.37
Nextcloud 18.0.4
Collabora/CODE 4.2.2

Problem :

When I try to connect to Collabora at https://office.mydomain.com/hosting/discovery/ whith a curl(from the server) or my navigator, this is WORKING.

When I try to connect Nextcloud to Collabora with https://office.mydomain.com, this is NOT WORKING, the only error have got is a TIMEOUT, nothing happen on the docker.

I added my IP adress in my proxy configuration and when I try to connect Nextcloud at Collabora with https://MY.EXTERNAL.IP.ADRESS, this is WORKING !

So I can lunch Collabora, but, obviously I have an issue with the certificate. I know a workaround for that, so I can use IT !

This is nice, after around 10 hours of trial and failure, now I would like to understand :

Why this is working with my external IP and not with my domain name ???

  • I would like to not have to use any workaround and have optimal functioning…

Thanks for your reading !

office.apache.conf
<VirtualHost *:443>
ServerName office.mydomain.com:443
ServerName MY.EXTERNAL.IP.ADRESS

# SSL configuration
SSLEngine on
SSLCertificateFile /etc/letsencrypt/cert.pem
SSLCertificateChainFile /etc/letsencrypt/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/privkey.pem
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-$
SSLHonorCipherOrder     on

# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode

# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

# keep the host
ProxyPreserveHost On

# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

# WOPI discovery URL
ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery$
ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1/lool/$1/ws nocanon

# Admin Console websocket
ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

# Download as, Fullscreen presentation and Image upload operations
ProxyPass           /lool https://127.0.0.1:9980/lool
ProxyPassReverse    /lool https://127.0.0.1:9980/lool

# Endpoint with information about availability of various features
ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabi$
ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabi$
</VirtualHost>

How I run my docker
sudo docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=cloud\\.MYDOMAIN\\.COM|MY\\.EXTERNAL\\.IP\\.ADRESS' --restart always --cap-add MKNOD collabora/code

Error From NextCloud when I try to connect Nextcloud to Collabora with domain name
GuzzleHttp\Exception\ConnectException: cURL error 28: Resolving timed out after 5000 milliseconds (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
url : “https://office.mydomain.com/hosting/discovery/

I think your configuration is kind of messed up.

Your ServerName has two definitions – I don’t know a lot about apache but is that valid?

Remove the ServerName MY.EXTERNAL.IP.ADRESS and restart apache.

Can you ping office.mydomain.com?

This is a configuration error. See documentation:

http://httpd.apache.org/docs/2.2/mod/core.html#ServerName

For accessing via external IP, in many setups this won’t work at all because most routers won’t do hairpin routing (which is a silly thing anyway). What you need to do here is set up split-horizon DNS with that DNS on your LAN will resolve to LAN IPs instead of the external IP.

One other suggestion, you might consider setting up a reverse proxy vhost for Collabora so you can easily get a Let’s Encrypt cert.

Hello, thanks for your answer @kevdog
I added a second ServerName because this wasn’t working with the first one.

I tested again without the second one and still the same TimeOut.

Yes, I can even connect my navigator with the domain name :wink:

Hello @KarlF12,

I know it should not have two ServerName, but this is the only way it’s working for now with the external ip.

I don’t think I have a DNS problem because I can connect to Collabora server with the domain name with curl (in local) and with the navigator of my computer or my mobile.

I only have a TimeOut with Nextcloud when I use the domain name of Collabora, and i have a Let’s Encrypt cert for it :wink:

More to the point, you shouldn’t have a ServerName that contains an IP. The vhost ServerName doesn’t affect Apache’s listening IPs. You should remove this before you continue troubleshooting.

If you run
nslookup office.mydomain.com
do you get the local or external IP?

I did :wink:

External

Ok, I would not rely on hairpin routing for anything. Most sensible firewalls either don’t support it or have it disabled by default.

You should set up a local DNS server with split-horizon for your zone so that the names resolve to the LAN IPs while on your LAN.

Do you know how to shell into the nextcloud container?

I believe the command

docker exec -u root -it /bin/bash

I don’t know what the nextcloud container uses as its base image (ubuntu/debian), but you’ll probably once inside need to do an:

apt update
apt install iputils-ping

This will install ping into the container.

Once you have ping, try to ping collabora either by container name:

ping collabora

if that doesn’t work you might have to then install dig or nslookup or similar package and then try to discover why nextcloud container can not see collabora.

Oh and I just read KarlF12 comment - his comment is spot on. You either need a split dns, a dns host override at the router level, or an entry in the /etc/hosts file that will resolve office.mydoimain.com to a local IP address.

I was looking to install Bind9 on my server but I told myself that it was a big enterprise when finally the objective was simply to tell the server office.mydomain.com = 127.0.0.1.

So I wondered if adding “127.0.0.1 office.mydomain.com” to /etc/hosts would be enough …

And YES !!!

So now it works perfectly THANK A LOT :smiley:

Thanks @kevdog it’s finally working !

Your LAN clients will still be hairpinning to Nextcloud, so you should still consider using local DNS if you run any local server (not just NC).

Yes, I agree.
In a real production, I would not have done that, but this server will have no other use. :upside_down_face:

@Verthmaz

I’m glad its working for you – I wouldn’t have thought that would have worked but I was sure it was a Domain Name resolution issue. Just curious – what kind of router are you running?

thank you this solved it for me as well! before collabora only worked with it`s internal ip