Unable to connect Collabora behind pfsense Haproxy

ℹ️ Support 📄 Office
, ,
1

Hello,

I’m running NC23 with nginx behind pfsense Haproxy sith SSL Termination. I have installed the Collabora docker image and started as follow:

docker run -t -d -p 9980:9980 -e ‘extra_params=–o:ssl.enable=false --o:ssl.termination=true’ -e “username=admin” -e “password=password” collabora/code

The docker image is up and running and listening on TCP/9980. I can acces from internet to Collabora admin and loolsw server is answering to :

https://office.mydomain.com/hosting/discovery
[… XML DATA …]

https://office.cabsis-consulting.com/hosting/capabilities
{“convert-to”:{“available”:false},“hasMobileSupport”:true,“hasProxyPrefix”:false,“hasTemplateSaveAs”:false,“hasTemplateSour ce”:true,“productName”:“Collabora Online Development Edition”,“productVersion”:“21.11.3.6”,“productVersionHash”:“eb73aa3”}

However Im’ unable to make Collabora working with Nextcloud usingpubilc URL : https://office.mydomain.com

Could not establish connection to the Collabora Online server.

Please advise! Thx !

2

Hi @Laurent_Linty,
You are missing the required support template. Please fill this form out and edit into your post.

Please also clarify server specs, which version of collabora you are running and whether all services are hosting on the same machine.

This will give us more of the technical info and logs needed to help you! Thanks.

3

Hi,

as per your request, here are further details on my configuration:

Nextcloud version: 23.0.4
Collabora Office: 5.0.4
Operating system and version : Ubuntu 20.04
Apache or nginx version : nginx 1.21.6
PHP version : 8.0.17

The issue is : Could not establish connection to the Collabora Online server.

Admin Logging:
{“reqId”:“sUymfjpewZFaGQez3XRV”,“level”:3,“time”:“2022-05-09T14:06:25+02:00”,“remoteAddr”:“93.23.87.152”,“user”:“admin”,“app”:“core”,“method”:“GET”,“url”:"/index.php/apps/files/api/v1/thumbnail/256/256/Partage/Evaluation-cm2-maths.pdf",“message”:“File: /admin/files/Partage/Evaluation-cm2-maths.pdf Imagick says:”,“userAgent”:“Mozilla/5.0 (Android) Nextcloud-android/3.20.1”,“version”:“23.0.4.1”,“exception”:{“Exception”:“ImagickException”,“Message”:“attempt to perform an operation not allowed by the security policy `PDF’ @ error/constitute.c/IsCoderAuthorized/408”,“Code”:499,“Trace”:[{“file”:"/var/www/nextcloud/lib/private/Preview/Bitmap.php",“line”:86,“function”:“readImage”,“class”:“Imagick”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Preview/Bitmap.php",“line”:49,“function”:“getResizedPreview”,“class”:“OC\Preview\Bitmap”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Preview/GeneratorHelper.php",“line”:62,“function”:“getThumbnail”,“class”:“OC\Preview\Bitmap”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Preview/Generator.php",“line”:245,“function”:“getThumbnail”,“class”:“OC\Preview\GeneratorHelper”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Preview/Generator.php",“line”:140,“function”:“getMaxPreview”,“class”:“OC\Preview\Generator”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Preview/Generator.php",“line”:109,“function”:“generatePreviews”,“class”:“OC\Preview\Generator”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/PreviewManager.php",“line”:212,“function”:“getPreview”,“class”:“OC\Preview\Generator”,“type”:"->"},{“file”:"/var/www/nextcloud/apps/files/lib/Controller/ApiController.php",“line”:130,“function”:“getPreview”,“class”:“OC\PreviewManager”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",“line”:217,“function”:“getThumbnail”,“class”:“OCA\Files\Controller\ApiController”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",“line”:126,“function”:“executeController”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/AppFramework/App.php",“line”:157,“function”:“dispatch”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Route/Router.php",“line”:302,“function”:“main”,“class”:“OC\AppFramework\App”,“type”:"::"},{“file”:"/var/www/nextcloud/lib/base.php",“line”:1008,“function”:“match”,“class”:“OC\Route\Router”,“type”:"->"},{“file”:"/var/www/nextcloud/index.php",“line”:36,“function”:“handleRequest”,“class”:“OC”,“type”:"::"}],“File”:"/var/www/nextcloud/lib/private/Preview/Bitmap.php",“Line”:86,“CustomMessage”:“File: /mcadmin/files/Partage/Evaluation-cm2-maths.pdf Imagick says:”},“id”:“627917dc52193”}

Config file :

<?php $CONFIG = array ( 'passwordsalt' => 'pass', 'secret' => 'secret', 'trusted_domains' => array ( 0 => 'cloud.my-domain.com', ), 'datadirectory' => '/srv/nc_data', 'dbtype' => 'mysql', 'version' => '23.0.4.1', 'overwrite.cli.url' => 'https://cloud.my-domain.com', 'overwriteprotocol' => 'https', 'trusted_proxies' => array ( 0 => '192.168.100.254', ), 'dbname' => 'dbname', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'dbuser', 'dbpassword' => 'dbpassword', 'installed' => true, 'mail_smtpmode' => 'smtp', 'mail_smtpauthtype' => 'PLAIN', 'mail_smtpsecure' => 'ssl', 'mail_from_address' => from', 'mail_domain' => 'my-domain.com', 'mail_smtpauth' => 1, 'mail_smtphost' => 'smtp', 'mail_smtpport' => '465', 'mail_smtpname' => 'from@my-domain.com', 'mail_smtppassword' => 'xxx', 'htaccess.RewriteBase' => '/', 'loglevel' => 0, 'logtimezone' => 'Europe/Paris', 'default_phone_region' => 'FR', 'logfile' => '/srv/data/nextcloud.log', 'log_rotate_size' => 104857600, 'cron_log' => true, 'filesystem_check_changes' => 1, 'quota_include_external_storage' => false, 'knowledgebaseenabled' => false, 'memcache.local' => '\\OC\\Memcache\\APCu', 'filelocking.enabled' => 'true', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array ( 'host' => '/var/run/redis/redis-server.sock', 'port' => 0, 'timeout' => 0.0, ), 'maintenance' => false, 'theme' => '', 'enable_previews' => true, 'enabledPreviewProviders' => array ( 0 => 'OC\\Preview\\PNG', 1 => 'OC\\Preview\\JPEG', 2 => 'OC\\Preview\\GIF', 3 => 'OC\\Preview\\BMP', 4 => 'OC\\Preview\\XBitmap', 5 => 'OC\\Preview\\Movie', 6 => 'OC\\Preview\\PDF', 7 => 'OC\\Preview\\MP3', 8 => 'OC\\Preview\\TXT', 9 => 'OC\\Preview\\MarkDown', ), 'preview_max_x' => 512, 'preview_max_y' => 512, 'preview_max_scale_factor' => 1, 'instanceid' => 'ocwdt816i35c', 'app_install_overwrite' => array ( 0 => 'defaultgroup', ), 'mail_sendmailmode' => 'smtp', 'updater.release.channel' => 'stable', ); NGINX error file: 2022/05/05 06:26:26 [warn] 6924#6924: *1606 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/5/00/0000000005 while reading upstream, client: 192.168.100.254, server: test, request: "GET /remote.php/dav/files/mcadmin/wasabi/vps-4292125d/cabsis/backups/site-www.cabsis-consulting.com-20220407-214316.jpa HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.0-fpm.sock:", host: "cloud.my-domain.com" 2022/05/05 14:35:55 [warn] 6924#6924: *7109 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/6/00/0000000006 while reading upstream, client: 192.168.100.254, server: test, request: "GET /remote.php/webdav/Partage/IEF/Lionel/quizPontDuGard.livecode HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.0-fpm.sock:", host: "cloud.my-domain.com" 2022/05/05 14:35:57 [warn] 6924#6924: *7178 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/7/00/0000000007 while reading upstream, client: 192.168.100.254, server: test, request: "GET /remote.php/dav/files/mcadmin/Partage/IEF/Lionel/quizPontDuGard.livecode HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.0-fpm.sock:", host: "cloud.my-domain.com" 2022/05/05 16:59:31 [error] 15764#15764: *9 access forbidden by rule, client: 192.168.100.254, server: test, request: "GET /.well-known/webfinger HTTP/1.1", host: "cloud.my-domain.com" 2022/05/05 16:59:31 [error] 15764#15764: *11 access forbidden by rule, client: 192.168.100.254, server: test, request: "GET /.well-known/nodeinfo HTTP/1.1", host: "cloud.my-domain.com" 2022/05/05 16:59:31 [error] 15764#15764: *30 access forbidden by rule, client: 192.168.100.254, server: test, request: "PROPFIND /.well-known/caldav HTTP/1.1", host: "cloud.my-domain.com" 2022/05/05 17:24:27 [error] 15991#15991: *9 access forbidden by rule, client: 192.168.100.254, server: test, request: "GET /.well-known/webfinger HTTP/1.1", host: "cloud.my-domain.com" 2022/05/05 17:24:27 [error] 15991#15991: *12 access forbidden by rule, client: 192.168.100.254, server: test, request: "GET /.well-known/nodeinfo HTTP/1.1", host: "cloud.my-domain.com" 2022/05/05 17:24:27 [error] 15991#15991: *9 access forbidden by rule, client: 192.168.100.254, server: test, request: "PROPFIND /.well-known/caldav HTTP/1.1", host: "cloud.my-domain.com" 2022/05/05 18:05:20 [error] 16615#16615: *1 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 192.168.100.254, server: test, request: "GET /apps/logreader/poll?lastReqId=bmJywUHyjmMB3FKH7oLH HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.0-fpm.sock:", host: "cloud.my-domain.com"
4

Hi @Laurent_Linty

You can refer to the configuration in my article.

Use HTTPS with Ubuntu 22.04, apache, Nextcloud and Collabora(Docker)

5

Hi @bearchen, thank you for sharing your article. I have already done this configuration and it is working. My problem is to make it work with following configuration. I have installed a reverse proxy running under pfsense which is performing SSL Termnation. This proxy is a VM running on Proxmox with IP 192.168.100.254. Nextcloud is another VM running like a charm behind the reverse proxy. Nextloud is powered by Nginx and not Apache. A Docker image for Collabora Office is also installed on the same VM as Nextcloud. However, I’m not able to make it work. Collabora Office environnement is not working with any of the SSL Termination possible configuration.

6

Hi @Laurent_Linty

Congratulations, your machine is working fine, but I’m not sure if you’re still having issues.

Can you use Nextcloud and Collabora Office by HTTPS?
If not, you can try my apache configuration Since I’m not using Nginx.

Nginx config for your reference Integrate Collabora Online with Nextcloud on Ubuntu without Docker
Remember to change the listening port to 443.

Or your problem is something else.

Finally, I’d like to say that Proxmox is a fantastic VM management solution.

7

Hi @bearchen,

I still have an issue with my configuration as described in the topic. What I mean is that I cannot copy/paste your configuration because you neither use Haproxy nor Nginx. Morever it is not possible to change Nginx with Apache. However thank you for the resource. Maybe I can solve this problem without using Docker. I think that the problem is related to communication with SSL Termination between Haproxy and Collabora Office.