Unable to connect Collabora behind pfsense Haproxy

Hello,

I’m running NC23 with nginx behind pfsense Haproxy sith SSL Termination. I have installed the Collabora docker image and started as follow:

docker run -t -d -p 9980:9980 -e ‘extra_params=–o:ssl.enable=false --o:ssl.termination=true’ -e “username=admin” -e “password=password” collabora/code

The docker image is up and running and listening on TCP/9980. I can acces from internet to Collabora admin and loolsw server is answering to :

https://office.mydomain.com/hosting/discovery
[… XML DATA …]

https://office.cabsis-consulting.com/hosting/capabilities
{“convert-to”:{“available”:false},“hasMobileSupport”:true,“hasProxyPrefix”:false,“hasTemplateSaveAs”:false,“hasTemplateSour ce”:true,“productName”:“Collabora Online Development Edition”,“productVersion”:“21.11.3.6”,“productVersionHash”:“eb73aa3”}

However Im’ unable to make Collabora working with Nextcloud usingpubilc URL : https://office.mydomain.com

Could not establish connection to the Collabora Online server.

Please advise! Thx !

Hi @Laurent_Linty,
You are missing the required support template. Please fill this form out and edit into your post.

Please also clarify server specs, which version of collabora you are running and whether all services are hosting on the same machine.

This will give us more of the technical info and logs needed to help you! Thanks.

Hi,

as per your request, here are further details on my configuration:

Nextcloud version: 23.0.4
Collabora Office: 5.0.4
Operating system and version : Ubuntu 20.04
Apache or nginx version : nginx 1.21.6
PHP version : 8.0.17

The issue is : Could not establish connection to the Collabora Online server.

Admin Logging:
{“reqId”:“sUymfjpewZFaGQez3XRV”,“level”:3,“time”:“2022-05-09T14:06:25+02:00”,“remoteAddr”:“93.23.87.152”,“user”:“admin”,“app”:“core”,“method”:“GET”,“url”:"/index.php/apps/files/api/v1/thumbnail/256/256/Partage/Evaluation-cm2-maths.pdf",“message”:“File: /admin/files/Partage/Evaluation-cm2-maths.pdf Imagick says:”,“userAgent”:“Mozilla/5.0 (Android) Nextcloud-android/3.20.1”,“version”:“23.0.4.1”,“exception”:{“Exception”:“ImagickException”,“Message”:“attempt to perform an operation not allowed by the security policy `PDF’ @ error/constitute.c/IsCoderAuthorized/408”,“Code”:499,“Trace”:[{“file”:"/var/www/nextcloud/lib/private/Preview/Bitmap.php",“line”:86,“function”:“readImage”,“class”:“Imagick”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Preview/Bitmap.php",“line”:49,“function”:“getResizedPreview”,“class”:“OC\Preview\Bitmap”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Preview/GeneratorHelper.php",“line”:62,“function”:“getThumbnail”,“class”:“OC\Preview\Bitmap”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Preview/Generator.php",“line”:245,“function”:“getThumbnail”,“class”:“OC\Preview\GeneratorHelper”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Preview/Generator.php",“line”:140,“function”:“getMaxPreview”,“class”:“OC\Preview\Generator”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Preview/Generator.php",“line”:109,“function”:“generatePreviews”,“class”:“OC\Preview\Generator”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/PreviewManager.php",“line”:212,“function”:“getPreview”,“class”:“OC\Preview\Generator”,“type”:"->"},{“file”:"/var/www/nextcloud/apps/files/lib/Controller/ApiController.php",“line”:130,“function”:“getPreview”,“class”:“OC\PreviewManager”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",“line”:217,“function”:“getThumbnail”,“class”:“OCA\Files\Controller\ApiController”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",“line”:126,“function”:“executeController”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/AppFramework/App.php",“line”:157,“function”:“dispatch”,“class”:“OC\AppFramework\Http\Dispatcher”,“type”:"->"},{“file”:"/var/www/nextcloud/lib/private/Route/Router.php",“line”:302,“function”:“main”,“class”:“OC\AppFramework\App”,“type”:"::"},{“file”:"/var/www/nextcloud/lib/base.php",“line”:1008,“function”:“match”,“class”:“OC\Route\Router”,“type”:"->"},{“file”:"/var/www/nextcloud/index.php",“line”:36,“function”:“handleRequest”,“class”:“OC”,“type”:"::"}],“File”:"/var/www/nextcloud/lib/private/Preview/Bitmap.php",“Line”:86,“CustomMessage”:“File: /mcadmin/files/Partage/Evaluation-cm2-maths.pdf Imagick says:”},“id”:“627917dc52193”}

Config file :

<?php $CONFIG = array ( 'passwordsalt' => 'pass', 'secret' => 'secret', 'trusted_domains' => array ( 0 => 'cloud.my-domain.com', ), 'datadirectory' => '/srv/nc_data', 'dbtype' => 'mysql', 'version' => '23.0.4.1', 'overwrite.cli.url' => 'https://cloud.my-domain.com', 'overwriteprotocol' => 'https', 'trusted_proxies' => array ( 0 => '192.168.100.254', ), 'dbname' => 'dbname', 'dbhost' => 'localhost', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'dbuser', 'dbpassword' => 'dbpassword', 'installed' => true, 'mail_smtpmode' => 'smtp', 'mail_smtpauthtype' => 'PLAIN', 'mail_smtpsecure' => 'ssl', 'mail_from_address' => from', 'mail_domain' => 'my-domain.com', 'mail_smtpauth' => 1, 'mail_smtphost' => 'smtp', 'mail_smtpport' => '465', 'mail_smtpname' => 'from@my-domain.com', 'mail_smtppassword' => 'xxx', 'htaccess.RewriteBase' => '/', 'loglevel' => 0, 'logtimezone' => 'Europe/Paris', 'default_phone_region' => 'FR', 'logfile' => '/srv/data/nextcloud.log', 'log_rotate_size' => 104857600, 'cron_log' => true, 'filesystem_check_changes' => 1, 'quota_include_external_storage' => false, 'knowledgebaseenabled' => false, 'memcache.local' => '\\OC\\Memcache\\APCu', 'filelocking.enabled' => 'true', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array ( 'host' => '/var/run/redis/redis-server.sock', 'port' => 0, 'timeout' => 0.0, ), 'maintenance' => false, 'theme' => '', 'enable_previews' => true, 'enabledPreviewProviders' => array ( 0 => 'OC\\Preview\\PNG', 1 => 'OC\\Preview\\JPEG', 2 => 'OC\\Preview\\GIF', 3 => 'OC\\Preview\\BMP', 4 => 'OC\\Preview\\XBitmap', 5 => 'OC\\Preview\\Movie', 6 => 'OC\\Preview\\PDF', 7 => 'OC\\Preview\\MP3', 8 => 'OC\\Preview\\TXT', 9 => 'OC\\Preview\\MarkDown', ), 'preview_max_x' => 512, 'preview_max_y' => 512, 'preview_max_scale_factor' => 1, 'instanceid' => 'ocwdt816i35c', 'app_install_overwrite' => array ( 0 => 'defaultgroup', ), 'mail_sendmailmode' => 'smtp', 'updater.release.channel' => 'stable', ); NGINX error file: 2022/05/05 06:26:26 [warn] 6924#6924: *1606 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/5/00/0000000005 while reading upstream, client: 192.168.100.254, server: test, request: "GET /remote.php/dav/files/mcadmin/wasabi/vps-4292125d/cabsis/backups/site-www.cabsis-consulting.com-20220407-214316.jpa HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.0-fpm.sock:", host: "cloud.my-domain.com" 2022/05/05 14:35:55 [warn] 6924#6924: *7109 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/6/00/0000000006 while reading upstream, client: 192.168.100.254, server: test, request: "GET /remote.php/webdav/Partage/IEF/Lionel/quizPontDuGard.livecode HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.0-fpm.sock:", host: "cloud.my-domain.com" 2022/05/05 14:35:57 [warn] 6924#6924: *7178 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/7/00/0000000007 while reading upstream, client: 192.168.100.254, server: test, request: "GET /remote.php/dav/files/mcadmin/Partage/IEF/Lionel/quizPontDuGard.livecode HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.0-fpm.sock:", host: "cloud.my-domain.com" 2022/05/05 16:59:31 [error] 15764#15764: *9 access forbidden by rule, client: 192.168.100.254, server: test, request: "GET /.well-known/webfinger HTTP/1.1", host: "cloud.my-domain.com" 2022/05/05 16:59:31 [error] 15764#15764: *11 access forbidden by rule, client: 192.168.100.254, server: test, request: "GET /.well-known/nodeinfo HTTP/1.1", host: "cloud.my-domain.com" 2022/05/05 16:59:31 [error] 15764#15764: *30 access forbidden by rule, client: 192.168.100.254, server: test, request: "PROPFIND /.well-known/caldav HTTP/1.1", host: "cloud.my-domain.com" 2022/05/05 17:24:27 [error] 15991#15991: *9 access forbidden by rule, client: 192.168.100.254, server: test, request: "GET /.well-known/webfinger HTTP/1.1", host: "cloud.my-domain.com" 2022/05/05 17:24:27 [error] 15991#15991: *12 access forbidden by rule, client: 192.168.100.254, server: test, request: "GET /.well-known/nodeinfo HTTP/1.1", host: "cloud.my-domain.com" 2022/05/05 17:24:27 [error] 15991#15991: *9 access forbidden by rule, client: 192.168.100.254, server: test, request: "PROPFIND /.well-known/caldav HTTP/1.1", host: "cloud.my-domain.com" 2022/05/05 18:05:20 [error] 16615#16615: *1 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 192.168.100.254, server: test, request: "GET /apps/logreader/poll?lastReqId=bmJywUHyjmMB3FKH7oLH HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.0-fpm.sock:", host: "cloud.my-domain.com"