Yet another problem with Nextcloud Office/Collabora

ℹ️ Support 📄 Office
2

Ok – can you explain your setup more just to make sure I have a handle on your situation

Here is what I’m surmising based on your post:

  1. You have one host running your nextcloud installation.
  2. You have a second host running nginx and a docker version of collabora. I’m surmising on this host there is no firewall blocking access to either port 80/443 and 9980.

Does the URL collabora.my.domain have the assigned IP address of 10.0.30.21?

Your running collabora with the ssl.enable=true parameter.

So I think what is happening is probably a conflict → You have TLS connection from the client to your nextcloud. Nextcloud is attempting to establish a TLS connection between itself and your nginx reverse proxy, and then nginx is trying to establish an encrypted connection to collabora. You’ll need 3 sets of certs here I believe (one for nextcloud, one for nginx, and one for collabora container).

To dumb things down a bit I would start easy and build up as you go.
Order I might try things:

  1. Nextcloud which then connects directly to collabora docker instance over http to port 9980. (I’ve totally removed the reverse proxy in this situation).
  2. Add reverse proxy. Nextcloud to nginx over port 80 and then proxy_pass http to collabora docker
  3. Add SSL certificates to nginx reverse proxy → Nextcloud to nginx over port 433 then proxy_pass http to collabora docker.

I thing I really had a hard time with was making the actual collabora container use a TLS connection – I think I may have had it at one time, however the TLS connection between the reverse proxy and collabora seemed to always break. I ended up terminating the TLS connection at the reverse proxy and just did a plain unencrypted connection to the collabora container.

Snippets of my docker-compose file for collabora have this:

services:
  collabora:
    image: collabora/code:21.11.1.4.1

    expose:
      - 9980
    cap_add:
      - MKNOD
    environment:
      - username=admin
      - password=dockercol
      - domain=nextcloud\.domain\.com|test\.domain\.com|nc\.domain\.com
      - DONT_GEN_SSL_CERT=1
      - server_name=loolwsd.domain.com
      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true"

Hopefully that will help
Alternative to expose would be ports: 9980:9980 as you have in your config
The username/password is not needed – I believe its just to log into the collabora admin console which is located at <collabora_URL_OR_IP_address>:9980/hosting/discovery

Domain refers to the domains which the collabora will accept connections from. So in most circumstances its going to be the nextcloud URL which in your situation will be nextcloud\.my\.domain.