Unable to establish connection to the Collabora Online server

Rajstopy · July 11, 2022, 3:52pm

Support intro

Trying to activate certificate verification systematically leads to a failure.

Nextcloud version (eg, 20.0.5): 23.0.6
Operating system and version (eg, Ubuntu 20.04): TrueNAS-12.0-U8
Collabora Code: 21.11.3.4.1

The issue you are facing:

Dear all,

I’ve been struggling for dozen of hours fo far to get Collabora Code usable with NextCloud. I did some good progresses because I can now edit documents. The only remaining thing is, I’m not able to establish a secure connexion between NC and Collabora server.

NextCloud

My instance is running in a jail on TrueNAS.

Collabora stack

Collabora server is running on docker with the following configuration (I will try to give maximum of details since it was hard time for me to get all that stuff together).

Docker-compose file

version: '3'
services:
  code:
    container_name: collabora-code
    environment:
      - "aliasgroup1=https://cloud.reunion.net:443"
      - server_name=docker2.reunion.net
      - username=admin
      - password=secret
      - 'extra_params=--o:ssl.enable=false --o:ssl.termination=true'
    cap_add:
      - MKNOD
    restart: always
    image: collabora/code:21.11.3.4.1
    ports:
      - '9980:9980'
    networks:
      - collabora
      
  nginx-proxy-manager:
    container_name: nginx-proxy-manager
    depends_on:
      - code
    restart: always
    
    image: jlesage/nginx-proxy-manager
    ports:
      - "8181:8181"
      - "8080:8080"
      - "443:4443"
    volumes:
      - "/mnt/docker/collabora/nginx:/config:rw"
    networks:
      - collabora
      
networks:
  collabora:
    driver: bridge

The following article was also very helpful because it seems that richdocuments > 5.0.0 is not working. This helped me to downgrade richdocuments:

https://7thzero.com/blog/upgrade-to-nextcloud-23-prevents-online-document-editing-in-collabora-online-files-download-instead-of-edit

What is ok so far:

I’m able to connect to my collabora server over SSL through the reverse proxy using the following links:
https://docker2.reunion.net:4443/browser/dist/admin/admin.html
https://docker2.reunion.net:4443/hosting/capabilities
I filled out the Collabora Online server in NextCloud : https://docker2.reunion.net but I can only edit documents if the check box Disable certificate verification (insecure) is unticked.
When I SSH into the jail and run cURL -v, the output look good. I use my own CA authority and added the root CA in /usr/local/www/nextcloud/data/files_external

root@NextCloud:/nextcloud/apps/richdocuments # curl -v https://docker2.reunion.net
*   Trying 192.168.10.7:443...
* Connected to docker2.reunion.net (192.168.10.7) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /usr/local/share/certs/ca-root-nss.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=FR; ST=XXX; L=XXX; O=Home; emailAddress=XXX; CN=docker2.reunion.net
*  start date: Jul  4 17:07:36 2022 GMT
*  expire date: Aug  5 17:07:36 2023 GMT
*  subjectAltName: host "docker2.reunion.net" matched cert's "docker2.reunion.net"
*  issuer: C=FR; ST=XXX; L=XXX; O=Home; emailAddress=XXX.fr; CN=XXX
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x801473c00)
> GET / HTTP/2
> Host: docker2.reunion.net
> user-agent: curl/7.74.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200 
< server: openresty
< date: Mon, 11 Jul 2022 15:45:21 GMT
< content-type: 10
< content-length: 2
< last-modified: Mon, 11 Jul 2022 15:45:21
< x-served-by: docker2.reunion.net
< 
* Connection #0 to host docker2.reunion.net left intact
OK

I would be very happy being able to finalize this setup being able to activate SSL connection to the Collabora server, but I’m totally stuck and need some advice about how I could investigate further.

Cheers

Rajstopy · December 16, 2022, 10:53am

Hello,

Just a short reminder. I was never able to get it work, unless I untick Disable certificate verification (insecure) .

I have just no idea what I could do / check more…

Cheers