Trying to activate certificate verification systematically leads to a failure.
Nextcloud version (eg, 20.0.5):
Operating system and version (eg, Ubuntu 20.04):
The issue you are facing:
I’ve been struggling for dozen of hours fo far to get Collabora Code usable with NextCloud. I did some good progresses because I can now edit documents. The only remaining thing is, I’m not able to establish a secure connexion between NC and Collabora server.
My instance is running in a jail on TrueNAS.
Collabora server is running on docker with the following configuration (I will try to give maximum of details since it was hard time for me to get all that stuff together).
version: '3' services: code: container_name: collabora-code environment: - "aliasgroup1=https://cloud.reunion.net:443" - server_name=docker2.reunion.net - username=admin - password=secret - 'extra_params=--o:ssl.enable=false --o:ssl.termination=true' cap_add: - MKNOD restart: always image: collabora/code:126.96.36.199.1 ports: - '9980:9980' networks: - collabora nginx-proxy-manager: container_name: nginx-proxy-manager depends_on: - code restart: always image: jlesage/nginx-proxy-manager ports: - "8181:8181" - "8080:8080" - "443:4443" volumes: - "/mnt/docker/collabora/nginx:/config:rw" networks: - collabora networks: collabora: driver: bridge
The following article was also very helpful because it seems that richdocuments > 5.0.0 is not working. This helped me to downgrade richdocuments:
What is ok so far:
I’m able to connect to my collabora server over SSL through the reverse proxy using the following links:
I filled out the Collabora Online server in NextCloud : https://docker2.reunion.net but I can only edit documents if the check box Disable certificate verification (insecure) is unticked.
When I SSH into the jail and run cURL -v, the output look good. I use my own CA authority and added the root CA in /usr/local/www/nextcloud/data/files_external
root@NextCloud:/nextcloud/apps/richdocuments # curl -v https://docker2.reunion.net * Trying 192.168.10.7:443... * Connected to docker2.reunion.net (192.168.10.7) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /usr/local/share/certs/ca-root-nss.crt * CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=FR; ST=XXX; L=XXX; O=Home; emailAddress=XXX; CN=docker2.reunion.net * start date: Jul 4 17:07:36 2022 GMT * expire date: Aug 5 17:07:36 2023 GMT * subjectAltName: host "docker2.reunion.net" matched cert's "docker2.reunion.net" * issuer: C=FR; ST=XXX; L=XXX; O=Home; emailAddress=XXX.fr; CN=XXX * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x801473c00) > GET / HTTP/2 > Host: docker2.reunion.net > user-agent: curl/7.74.0 > accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * Connection state changed (MAX_CONCURRENT_STREAMS == 128)! < HTTP/2 200 < server: openresty < date: Mon, 11 Jul 2022 15:45:21 GMT < content-type: 10 < content-length: 2 < last-modified: Mon, 11 Jul 2022 15:45:21 < x-served-by: docker2.reunion.net < * Connection #0 to host docker2.reunion.net left intact OK
I would be very happy being able to finalize this setup being able to activate SSL connection to the Collabora server, but I’m totally stuck and need some advice about how I could investigate further.