Collabora Docker + Nextcloud + nginx docker, cannot open files, Collabora not sending HTTPS requests

Nextcloud shows Collabora connection is working. When I attempt to open a file in Nextcloud, Collabora logs errors like this:

wsd-00001-00600 2022-05-19 23:33:23.797926 +0000 [ docbroker_010 ] ERR  WOPI::CheckFileInfo failed for URI [https://nextcloud.example.com/index.php/apps/richdocuments/wopi/files/539_oc7tvxhh9k4b?access_token=T4Vd5Xqgf8s3lqwSrEfHhhutlAjXhLBf&access_token_ttl=0&permission=edit]: 0 . Headers:         Body: []| wsd/Storage.cpp:675

Nginx does not log the request. If I curl the URI from within the Collabora container, I get a successful response and it is logged by nginx. I installed tcpdump in the Collabora container and confirmed that no HTTPS request is being sent.

Here is my docker-compose.override.yml, adapted from one I found here:

version: '2.1'
services:

    nginx-mailcow:
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.100
          aliases:
            - phpfpm

    php-fpm-mailcow:
      extra_hosts:
        - "collabora.example.com:${IPV4_NETWORK:-172.22.1}.100"

    collabora:
      image: collabora/code
      container_name: collabora
      cap_add:
        - MKNOD
      environment:
        - dictionaries=en_US
        - extra_params=--o server_name=collabora.example.com --o ssl.enable=false --o ssl.termination=true
      networks:
        - mailcow-network
      extra_hosts:
        - "collabora.example.com:${IPV4_NETWORK:-172.22.1}.100"

Here is my nginx collabora.example.com.conf:

server {
    server_name  collabora.example.com;

    ssl_certificate /etc/ssl/mail/cert.pem;
    ssl_certificate_key /etc/ssl/mail/key.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
    ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;
    include /etc/nginx/conf.d/listen_plain.active;
    include /etc/nginx/conf.d/listen_ssl.active;
    server_tokens off;

    # This allows acme to be validated even with a different web root
    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        rewrite /.well-known/acme-challenge/(.*) /$1 break;
        root /web/.well-known/acme-challenge/;
    }

    if ($scheme = http) {
        return 301 https://$server_name$request_uri;
    }

    # static files
    location ^~ /browser {
      proxy_pass http://collabora:9980;
       proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
      proxy_pass http://collabora:9980;
      proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
      proxy_pass http://collabora:9980;
      proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/cool/(.*)/ws$ {
      proxy_pass http://collabora:9980;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $http_host;
      proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/(c|l)ool {
      proxy_pass http://collabora:9980;
      proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /cool/adminws {
      proxy_pass http://collabora:9980;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $http_host;
      proxy_read_timeout 36000s;
    }
}

Realized that the hostname under extra_hosts in the collabora: section of docker-compose.override.yml is supposed to be the name of the Nextcloud server. Made some other adjustments because the php-fm section is unnecessary and there have been parameter name changes in Collabora 21.11.3.6

version: '2.1'
services:
    nginx-mailcow:
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.100
    collabora:
      image: collabora/code
      container_name: collabora
      restart: always
      cap_add:
        - MKNOD
      environment:
        - dictionaries=en_US
        - username=[redacted]
        - password=[redacted]
        - aliasgroup1=https://nextcloud.example.com:443
        - extra_params=--o ssl.enable=false --o ssl.termination=true
      networks:
        - mailcow-network
      extra_hosts:
        - "nextcloud.example.com:${IPV4_NETWORK:-172.22.1}.100"

Welcome to the forum @keenmouse !

Does it now work? For more information on what are the current configurations including: Configuration — SDK https://sdk.collaboraonline.com/ documentation and CODE Docker image — SDK https://sdk.collaboraonline.com/ documentation

Yes, it does!

I was aware of the information in the links you provided; that’s where I started. The problem was getting it to work with the nginx container in mailcow. I’m pretty new to docker and docker-compose. I figured out that I had the wrong hostname in extra_hosts by running tcpdump in the collabora container and seeing that requests were going to the wrong IP address.