Collabora not accessible when set up with docker compose and proxy

Installation & Configuration
1

Hello

I am using docker-compose to set up Collabora and NextCloud with nginxproxy/nginx-proxy:alpine. NextCloud works fine. Collabora seems to be running but I am not able to access it. I think it might have something to do with the proxy. When I go to my Collabora domain https://office.[domain].com/ I get “502 Bad Gateway” and “nginx/1.23.3”. Is it expected that I should be able to get some kind of webpage results?

Included some logs and my docker compose configuration below.

Thanks for your help.

Collabora logs through docker-compose after boot-up:

nextcloud-collabora-1              | wsd-00001-00001 2023-08-19 08:03:04.509109 -0700 [ coolwsd ] TRC  Have 1 new children.| wsd/COOLWSD.cpp:5722
nextcloud-collabora-1              | wsd-00001-00031 2023-08-19 08:03:04.509112 -0700 [ prisoner_poll ] TRC  Executing SocketDisposition of #17: Type::CONTINUE| net/Socket.cpp:684
nextcloud-collabora-1              | wsd-00001-00001 2023-08-19 08:03:04.509139 -0700 [ coolwsd ] INF  WSD initialization complete: setting log-level to [warning] as configured.| wsd/COOLWSD.cpp:5738
nextcloud-collabora-1              | Ready to accept connections on port 9980.

Proxy logs through docker-compose when trying to connect to domain.

nextcloud-proxy-1                  | nginx.1     | office.[domain].com 192.168.1.1 - - [19/Aug/2023:15:10:25 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0" "-"
nextcloud-proxy-1                  | nginx.1     | 2023/08/19 15:10:25 [warn] 92#92: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/etc/nginx/certs/office.[domain].com.crt"
nextcloud-proxy-1                  | nginx.1     | 2023/08/19 15:10:25 [error] 92#92: *34 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: office.[domain].com, request: "GET / HTTP/2.0", upstream: "http://172.27.0.3:443/", host: "office.[domain].com"
nextcloud-proxy-1                  | nginx.1     | office.[domain].com 192.168.1.1 - - [19/Aug/2023:15:10:25 +0000] "GET / HTTP/2.0" 502 157 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0" "172.27.0.3:443"
nextcloud-proxy-1                  | nginx.1     | 2023/08/19 15:10:25 [error] 92#92: *34 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: office.[domain].com, request: "GET /favicon.ico HTTP/2.0", upstream: "http://172.27.0.3:443/favicon.ico", host: "office.[domain].com", referrer: "https://office.[domain].com/"
nextcloud-proxy-1                  | nginx.1     | office.[domain].com 192.168.1.1 - - [19/Aug/2023:15:10:25 +0000] "GET /favicon.ico HTTP/2.0" 502 157 "https://office.[domain].com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0" "172.27.0.3:443"

docker-compose.yml

version: '3'

services:
  db:
    [...]

  redis:
    [...]

  app:
    image: nextcloud:apache
    restart: always
    volumes:
      [...]
    environment:
      - VIRTUAL_HOST=nextcloud.[domain].com
      - LETSENCRYPT_HOST=nextcloud.[domain].com
      - LETSENCRYPT_EMAIL=my@email.com
      - MYSQL_HOST=db
      - REDIS_HOST=redis
      - NEXTCLOUD_TRUSTED_DOMAINS=nextcloud.[domain].com [domain].com
      - NEXTCLOUD_DATA_DIR=/srv/nextcloud/data
      - TRUSTED_PROXIES=nextcloud-proxy-1
      - NEXTCLOUD_HOSTNAME=nextcloud.[domain].com
      - OVERWRITEPROTOCOL=https
      - OVERWRITEHOST=nextcloud.[domain].com
    hostname: nextcloud.[domain].com
    env_file:
      [...]
    depends_on:
      [...]
    networks:
      - proxy-tier
      - default

  cron:
  [...]

  collabora:
    image: collabora/code:latest
    cap_add:
      - MKNOD
    environment:
      - aliasgroup1=https://nextcloud.[domain].com:443
      - username=collaboranextcloud
      - password=[...]
      - VIRTUAL_HOST=office.[domain].com
      # - VIRTUAL_PORT=443
      - LETSENCRYPT_HOST=office.[domain].com
      - LETSENCRYPT_EMAIL=my@email.com
    ports:
      - 9980:9980
    restart: always
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
    networks:
      - proxy-tier
      - default

    #https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html

    #FROM nginxproxy/nginx-proxy:alpine
    #COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - certs:/etc/nginx/certs:ro
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    container_name: nextcloud-proxy-1
    networks:
      - proxy-tier

  letsencrypt-companion:
    image: nginxproxy/acme-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs
      - acme:/etc/acme.sh
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy

volumes:
  [...]

networks:
  proxy-tier:
2

I kind of lost track of what all I tried but I did get this to partly work. I think the main change was to add one line to the docker-compose.yml like so:

  collabora:
   [...]
    environment:
      [...]
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true

This allows me to access http://office.[domain].com:9980/hosting/discovery)

However, it still will not work with https. If I go to https://office.[domain].com:9980/hosting/discovery I get an error that says:

Secure Connection Failed

An error occurred during a connection to office.[domain].com:9980. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Please contact the website owners to inform them of this problem.