Collabora online + nextcloud without docker SSL handshake Error

Hello,
Trying the whole to make it work with nextcloud under apache without docker.
When I go on admin link I got.

And it is the same when I try to edit/create file:

Error21535×414 23 KB

I edit a lot of time my apache conf.

<IfModule mod_ssl.c>
  SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)

  <VirtualHost *:443>
    ServerName collabora.XXXXXX.XXX
    # Collabora config
    Options -Indexes
    # Encoded slashes need to be allowed
    AllowEncodedSlashes NoDecode
    # Container uses a unique non-signed certificate
    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    # keep the host
    ProxyPreserveHost On
    SSLEngine On

    # static html, js, images, etc. served from coolwsd
    ProxyPass           /browser https://127.0.0.1:9980/browser retry=0
    ProxyPassReverse    /browser https://127.0.0.1:9980/browser


    # WOPI discovery URL
    ProxyPass           /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
    ProxyPassReverse    /hosting/discovery http://127.0.0.1:9980/hosting/discovery

    # Capabilities
    ProxyPass           /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
    ProxyPassReverse    /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities

    # Main websocket
    ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:9980/cool/$1/ws nocanon

    # Admin Console websocket
    ProxyPass   /cool/adminws ws://127.0.0.1:9980/cool/adminws

    # Download as, Fullscreen presentation and Image upload operations
    ProxyPass           /cool http://127.0.0.1:9980/cool
    ProxyPassReverse    /cool http://127.0.0.1:9980/cool

    # Compatibility with integrations that use the /lool/convert-to endpoint
    ProxyPass           /lool http://127.0.0.1:9980/cool
    ProxyPassReverse    /lool http://127.0.0.1:9980/cool

      SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECD>
  SSLHonorCipherOrder on


    ErrorLog "/var/log/apache2/collabora_error"
    Include /etc/letsencrypt/options-ssl-apache.conf
    Header always set Strict-Transport-Security "max-age=31536000"
    SSLUseStapling on
    SSLCertificateFile /etc/letsencrypt/live/collaboa.XXXXXX.XXX/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/collabora.XXXXXX.XXX/privkey.pem
    </VirtualHost>
</IfModule>

If somebody can help because I am tired and got no more idea ^^.

Thanks

Hi @Shad and sorry for the spam bot’s shenanigans… I have approved and now this post s visible for everyone

Is that supposed to be a terminating reverse proxy set up? If so, in /etc/coolwsd/coolwsd.xml, have you set ssl.enable to false and ssl.termination to true?

Yes I had set correctly these 2 lines.

<enable default="true" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." type="bool">fal>
<termination default="true" desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool">true</termination>

I have no more idea to resolve that …