Dual Stack IPv4/IPv6


Both nextcloud and collabora are behind a reverse proxy on a NAT with one single public IPv4.
Both have a TLS certificate on the reverse proxy so " The corresponding loolwsd settings are ssl.enable=false and ssl.termination=true ."

So far, so good

Now it gets trickier.

Nextcloud is also working on IPv6 with a certbot TLS certificate. It’s actually the nextcloud container that deliver the TLS certificate (thanks to sftp) to the reverse proxy for IPv4 connection to nextcloud.
The reverse proxy get the TLS certificate of collabora thanks to certbot for now.

My question is : how can I make collabora working also on IPv6.
Collabora has it’s own IPv6. I would like collabora to get it’s certificate thanks to certbot and deliver it to the reverse proxy as I do for nextcloud and other CT (I’d stop certbot on the reverse proxy nginx then) but if it gets a TLS certificate then I need to change the loolwsd settings to ssl.enable=true, right? But then, Ipv4 won’t work anymore…

It feels like collabora is not IPv6 ready and not easy to implement in a dual stack environment.

Unless, maybe, if I could get “SSL on both ends” also for IPv4 but I don’t know how I can do that…

Actually it was quiet easy.
I had to keep ssl.enable=false and ssl.termination=true in loolwsd settings and then, I had to remove listen [::]:443 ssl; and listen [::]:80; from the conf file on the reverse proxy of the NAT IPv4 and I had to add a conf file with listen [::]:443 ssl; and listen [::]:80; and without listen 443 ssl; and listen 80; in the collabora CT.

It is now working Dual Stack Ipv4/Ipv6.

1 Like