I’m trying to debug my Collabora server to confirm if it’s running OK. However, I’m seeing the following:
$ wget -O - https://office.mydomain.com/hosting/discovery > /dev/null
--2019-01-15 22:40:29-- https://office.mydomain.com/hosting/discovery
Resolving office.mydomain.com (office.mydomain.com)... 5.28.62.38
Connecting to office.mydomain.com (office.mydomain.com)|5.28.62.38|:443... connected.
HTTP request sent, awaiting response... 502 Proxy Error
2019-01-15 22:40:31 ERROR 502: Proxy Error.
So proxy error. Now I’m looking at the virtual host file, I can see where it’s trying to reverse proxy to:
<VirtualHost *:443>
ServerName office.mydomain.com:443
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/office.mydomain.com/fullchain.pem
SSLCertificateChainFile /etc/letsencrypt/live/office.mydomain.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/office.mydomain.com/privkey.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
</VirtualHost>
So (SSH into that server to run locally) I’m trying to send a request to the reverse proxy destination, cutting out the proxy:
$ wget -O - https://127.0.0.1:9980/hosting/discovery > /dev/null
--2019-01-15 22:20:25-- https://127.0.0.1:9980/hosting/discovery
Connecting to 127.0.0.1:9980... connected.
Unable to establish SSL connection.
So there is a problem with my SSL connection? The keys do exist and I’ve used Let’s encrypt for this and other sites that work fine over HTTPS.
More info if it helps:
$ sudo netstat -lnpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
...
tcp 0 0 127.0.0.1:9980 0.0.0.0:* LISTEN 21147/docker-proxy
tcp6 0 0 :::80 :::* LISTEN 7489/apache2
...
$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c714e3b8883d collabora/code "/bin/sh -c 'bash st…" 24 hours ago Up 2 minutes 127.0.0.1:9980->9980/tcp vibrant_haibt
Is there anything I might have done wrong in my virtual host setup? Anything else I ought to be checking? UFW, etc?