Dear all,
I'm desperately trying to configure NextCloud with a docker instance of Collabora over SSL. I've spent hours, not to say days but now I guess I need some help because I'm really struggling
This is my configuration :
NextCloud is installed on TrueNAS as a plugin.
Collabora runs in a virtual machine (Debian 10), also hosted on TrueNAS.
In NextCloud parameters / Collabora Online, when I check the tick box telling not to verify SSL certificate, then everything works well.
BUT, I just want to be able to use SSL... When the check box is not checked, then I got an error telling Collabora server not found...
I use my own CA, CA certificates and server certificates have been installed. When log on my NextCloud server (dohelper is my collabora server), I get the following outputs:
Collabora is running behind a reverse :
Compose file :
Nginx config file :
What the hell do I miss?
I don't understand why curl @ openssl succeed, whereas NextCloud does not....
Is there any log file I would look into, in order to find why this connection doesn't succeed?
Any help would be much appreciated!
I'm desperately trying to configure NextCloud with a docker instance of Collabora over SSL. I've spent hours, not to say days but now I guess I need some help because I'm really struggling
This is my configuration :
NextCloud is installed on TrueNAS as a plugin.
Collabora runs in a virtual machine (Debian 10), also hosted on TrueNAS.
In NextCloud parameters / Collabora Online, when I check the tick box telling not to verify SSL certificate, then everything works well.
BUT, I just want to be able to use SSL... When the check box is not checked, then I got an error telling Collabora server not found...
I use my own CA, CA certificates and server certificates have been installed. When log on my NextCloud server (dohelper is my collabora server), I get the following outputs:
openssl s_client -connect dohelper.test.net:443
[...]
Start Time: 1615206777
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
[...]
curl -i --verbose https://dohelper.test.net
[...]
* SSL certificate verify ok.
[...]
Collabora is running behind a reverse :
Compose file :
services:
code:
ports:
- '127.0.0.1:9980:9980'
container_name: collabora-code
environment:
- domain=cloud\.test\.net
- server_name=dohelper\.test\.net
- username=admin
- password=secret
- 'extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:net.post_allow.host[0]=::ffff:172\.[0-9\.]+ --o:storage.wopi.host[0]=::ffff:172\.[0-9\.]+'
cap_add:
- MKNOD
restart: always
image: collabora/code
reverse-proxy:
depends_on:
- code
image: nginx
volumes:
- /mnt/docker/collabora/nginx/etc/nginx.conf:/etc/nginx/nginx.conf
- /mnt/docker/collabora/nginx/conf.d:/etc/nginx/conf.d
- /etc/ssl/private:/etc/ssl/private
ports:
- '80:80'
- '443:443'
Nginx config file :
server {
listen 443 ssl http2;
server_name dohelper.test.net;
ssl_certificate /etc/ssl/private/dohelper.crt;
ssl_certificate_key /etc/ssl/private/dohelper.key;
# static files
location ^~ /loleaflet {
proxy_pass http://collabora-code:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://collabora-code:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://collabora-code:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass http://collabora-code:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass http://collabora-code:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass http://collabora-code:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
What the hell do I miss?
I don't understand why curl @ openssl succeed, whereas NextCloud does not....
Is there any log file I would look into, in order to find why this connection doesn't succeed?
Any help would be much appreciated!