Bad Gateway 502 with Nginx on native Install - Debian

Installation & Configuration
1

Hi there,

I have a problem with my collabora setup, after starting fresh with my Pi because of Software-Failures.

I´ve had it on the old system natively installed and so on the new one, my nginx-config is also copied from the old system, so everything should be working, but it won´t :-/

so I installed it after setting prerequisities and finaly installed it with

apt install coolwsd code-brand

systemctl status coolwsd also tells:
“Nov 06 20:14:28 DietPi coolwsd[464]: Ready to accept connections on port 9980.”

The following is configured:

sudo coolconfig set storage.wopi.host office.mydomain.de
sudo coolconfig set ssl.enable true
sudo coolconfig set ssl.termination true

But everytime I try to connect it with my Nextcloud, I get 502 Bad Gateway, also when trying to browse to https://office.mydomain.de/hosting/discovery

Here the collabora.conf from Nginx:

server {
 listen       443 ssl;
 server_name  office.mydomain.de;


 ssl_certificate /etc/letsencrypt/live/office.mydomain.de/fullchain.pem; # managed by Certbot
 ssl_certificate_key /etc/letsencrypt/live/office.mydomain.de/privkey.pem; # managed by Certbot


 # static files
 location ^~ /browser {
   proxy_pass https://127.0.0.1:9980;
   proxy_set_header Host $http_host;
 }


 # WOPI discovery URL
 location ^~ /hosting/discovery {
   proxy_pass https://127.0.0.1:9980;
   proxy_set_header Host $http_host;
 }


 # Capabilities
 location ^~ /hosting/capabilities {
   proxy_pass https://127.0.0.1:9980;
   proxy_set_header Host $http_host;
 }


 # main websocket
 location ~ ^/cool/(.*)/ws$ {
   proxy_pass https://127.0.0.1:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }


 # download, presentation and image upload
 location ~ ^/(c|l)ool {
   proxy_pass https://127.0.0.1:9980;
   proxy_set_header Host $http_host;
 }


 # Admin Console websocket
 location ^~ /cool/adminws {
   proxy_pass https://127.0.0.1:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }
}
2

hello @superfun welcome to collabora online community forums.

I have seen same type of errors in forum topics. I am sharing one solution here, please try and let me know how things goes.

Probably it is related to the deprecated packages not installed by default so that we need…

Thanks,
Darshan

3

that was not the solution in my case. after install coolwsd-deprecated the problem persists :-/

4

Here are some troubleshooting steps that might help you identify and resolve the issue:

1. Check Collabora (coolwsd) Logs

Since coolwsd is reporting readiness on port 9980, it’s essential to check the detailed logs to see if there’s a specific error. Run:

sudo journalctl -u coolwsd -f

Look for any messages that indicate network or SSL-related issues.

2. Verify SSL Termination

Since you’re using ssl.termination=true in Collabora’s config, NGINX should handle the SSL termination, while Collabora will operate over HTTP locally (127.0.0.1). However, in your NGINX config, you are using https://127.0.0.1:9980 in proxy_pass. Try updating the proxy_pass settings to http://127.0.0.1:9980 as follows:

# static files
location ^~ /browser {
  proxy_pass http://127.0.0.1:9980;
  proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
  proxy_pass http://127.0.0.1:9980;
  proxy_set_header Host $http_host;
}

# Capabilities
location ^~ /hosting/capabilities {
  proxy_pass http://127.0.0.1:9980;
  proxy_set_header Host $http_host;
}

# main websocket
location ~ ^/cool/(.*)/ws$ {
  proxy_pass http://127.0.0.1:9980;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_set_header Host $http_host;
  proxy_read_timeout 36000s;
}

# download, presentation, and image upload
location ~ ^/(c|l)ool {
  proxy_pass http://127.0.0.1:9980;
  proxy_set_header Host $http_host;
}

# Admin Console websocket
location ^~ /cool/adminws {
  proxy_pass http://127.0.0.1:9980;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  proxy_set_header Host $http_host;
  proxy_read_timeout 36000s;
}

3. Restart NGINX and coolwsd

After making changes, restart both NGINX and Collabora to apply them:

sudo systemctl restart nginx
sudo systemctl restart coolwsd

4. Verify coolwsd Port Binding and Firewall Rules

Ensure that coolwsd is indeed listening on 127.0.0.1:9980. Run:

sudo netstat -tuln | grep 9980

If it’s bound to 127.0.0.1:9980, verify that no firewall rules are blocking access to this port locally.

5. Confirm Nextcloud Configuration

Make sure that the Nextcloud configuration for Collabora Online points to the correct address (https://office.mydomain.de), with SSL enabled as expected. Double-check for any typos or mismatches in the Collabora Online app settings within Nextcloud.

6. Inspect Permissions and Ownership

Occasionally, permission issues can prevent coolwsd from working correctly. Confirm that the service user running coolwsd has the necessary permissions for any required files or directories.

7. Additional Debugging with NGINX Logs

If the issue persists, examine NGINX’s error logs for more detailed information on the 502 errors. Run:

sudo tail -f /var/log/nginx/error.log

After following these steps, you should have a clearer indication of where the issue lies. Let me know if you encounter specific errors

Thanks,
Darshan

5

Hi,

“sudo journalctl -u coolwsd -f”

gives output and this is the only section with an error

Error “File not found: /etc/coolwsd/ca-chain.cert.pem”

Nov 07 08:37:04 DietPi coolwsd[15266]: Failed to initialize COOLWSD: File not found: /etc/coolwsd/ca-chain.cert.pem
Nov 07 08:37:04 DietPi coolwsd[15266]: wsd-15266-15266 2024-11-07 08:37:04.039526 +0000 [ coolwsd ] TRC  Initialize StorageConnectionManager| wsd/COOLWSD.cpp:2953
Nov 07 08:37:04 DietPi coolwsd[15266]: wsd-15266-15266 2024-11-07 08:37:04.042422 +0000 [ coolwsd ] FTL  Failed to initialize COOLWSD: File not found: /etc/coolwsd/ca-chain.cert.pem| wsd/COOLWSD.hpp:530
Nov 07 08:37:04 DietPi coolwsd[15266]: File not found: /etc/coolwsd/ca-chain.cert.pem
Nov 07 08:37:04 DietPi coolwsd[15266]: <shutdown>-15266 2024-11-07 08:37:04.058860 +0000 [ coolwsd ] SIG   Fatal signal received: SIGABRT code: 18446744073709551610 for address: 0x6900003ba2
Nov 07 08:37:04 DietPi coolwsd[15266]: Recent activity:
Nov 07 08:37:04 DietPi coolwsd[15266]: Backtrace 15266 - wsd 24.04.9.1 55317ef:
Nov 07 08:37:04 DietPi systemd[1]: coolwsd.service: Main process exited, code=killed, status=11/SEGV
Nov 07 08:37:04 DietPi systemd[1]: coolwsd.service: Failed with result 'signal'.
Nov 07 08:37:04 DietPi systemd[1]: coolwsd.service: Consumed 8.027s CPU time.
Nov 07 08:37:04 DietPi systemd[1]: coolwsd.service: Scheduled restart job, restart counter is at 1077.
Nov 07 08:37:04 DietPi systemd[1]: Stopped coolwsd.service - Collabora Online WebSocket Daemon.
Nov 07 08:37:04 DietPi systemd[1]: coolwsd.service: Consumed 8.027s CPU time.
Nov 07 08:37:04 DietPi systemd[1]: Started coolwsd.service - Collabora Online WebSocket Daemon.

Also Log in Nginx tell that connection to Collabora is refused:

2024/11/07 08:44:49 [error] 16335#16335: *37 connect() failed (111: Connection refused) while connecting to upstream, client: 79.242.101.142, server: office.mydomain.de, request: "GET /hosting/discovery HTTP/2.0", upstream: "http://127.0.0.1:9980/hosting/discovery", host: "office.mydomain.de"
6

@superfun did you read the log ? There is no such file exist ca-chain.cert.pem

You have some issues with the ssl certificates, so please recheck that.

Thanks,
Darshan

7

Yes, I read the log, but the problem is, the ssl certificate is issued by LetsEncrypt and it is linked in nNginx collabora.conf.

the path where collabora searches for the cert is not in use… but I try to simlink LetsEncrypt to the path and test

1 Like