The Basics
- Nextcloud Server version (e.g., 29.x.x):
- 32.0.3
- Operating system and version (e.g., Ubuntu 24.04):
- N/A
- Web server and version (e.g, Apache 2.4.25):
- Apache 2.4.66
- Reverse proxy and version _(e.g. nginx 1.27.2)
- Traefik 3.6.5
- When did this problem seem to first start?
- Some time after 12/5/2025
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
AIO
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
No
Summary of the issue you are facing:
When trying to load a file into Collabora (Nextcloud Office), the document failed to load, citing a websocket connection issue. When I checked the Network tab in Dev tools, the websocket connections to wss://(NC_DOMAIN)/cool/… were hitting 400 responses
Steps to replicate it (hint: details matter!):
-
Run Nextcloud with Collabora
-
Use Traefik v 3.6.4 or later
-
Try to open document in collabora
Solution:
I discovered a log entry in my Traefik log with the following:
Rejecting request because it contains encoded character %2F in the URL path: /cool/http%3A%2F%2Fnextcloud-aio-apache%3A23973%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F
When I found this, I discovered that Traefik had added a security measure in v3.6.4 which filtered out certain encoded characters. This broke the way that the websocket is opened from the browser. In order to resolve this, I had to add entries to my entrypoint in the Traefik static config as per the documentation at Request Path - Traefik
Specifically, you have to set allowEncodedSlash and allowEncodedPercent properties to “true” to fix the issue. Hopefully this helps someone else.
EDIT:
Thanks to @fmaia for pointing out that the allowEncodedQuestionMark setting was also required in their case, meaning the updated settings should look like this:
http:
encodedCharacters:
allowEncodedSlash: true
allowEncodedPercent: true
allowEncodedQuestionMark: true