Hello friends,
I am trying to set up Collabora online server on a dedicated server which is different from where am running nextcloud. Here is what I did on a server I installed Collabora online server.
- Installed native collabora package | sudo dnf install coolwsd CODE-brand collaboraoffice
- Edited coolwsd.xml | disabled SSL and enabled SSL termination
- Installed Apache and mod_ssl | sudo dnf install httpd mod_ssl
- Configured reverse proxy for collabora | reverse proxy for ssl termination (Proxy settings — SDK https://sdk.collaboraonline.com/ documentation) | collabora.conf
- Installed certbot to certify my domain | Used generated key and cert in collabora.conf <VirtualHost *:443> section.
That’s what I have done so far, now I have tested to connect to Collabora place from Nextcloud and browser (to access admin panel), Here are the errors am getting:
- Trying to connect from Nextcloud, as https://office.mydomain.com:443
Error: Could not establish connection to the Collabora Online server. - Trying to access admin panel from Browser (FIrefox)
Error: Secure Connection Failed, Error code: SSL_ERROR_RX_RECORD_TOO_LONG
Coolwsd.service showed me this as I try to connect from browser
[ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/COOLWSD.cpp:3373
This is the way am trying to set up a dedicated Collabora online server:
Here is my collabora.conf configuration:
# generated 2021-06-12, Mozilla Guideline v5.6, Apache 2.4.48, OpenSSL 1.1.1d, intermediate configuration, no OCSP
# https://ssl-config.mozilla.org/#server=apache&version=2.4.48&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6
# this configuration requires mod_ssl, mod_rewrite, and mod_headers
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
# curl https://ssl-config.mozilla.org/ffdhe2048.txt >> /path/to/signed_cert_and_intermediate_certs_and_dhparams
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain/privkey.pem
ServerName mydomain.com
# enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"
########################################
# Reverse proxy for Collabora Online
#
########################################
AllowEncodedSlashes NoDecode
ProxyPreserveHost On
# static html, js, images, etc. served from coolwsd
# browser is the client part of Collabora Online
ProxyPass /browser http://127.0.0.1:9980/browser retry=0
ProxyPassReverse /browser http://127.0.0.1:9980/browser
# WOPI discovery URL
ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery
# Capabilities
ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities
# Main websocket
ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:9980/cool/$1/ws nocanon
# Admin Console websocket
ProxyPass /cool/adminws ws://127.0.0.1:9980/cool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /cool http://127.0.0.1:9980/cool
ProxyPassReverse /cool http://127.0.0.1:9980/cool
# Compatibility with integrations that use the /lool/convert-to endpoint
ProxyPass /lool http://127.0.0.1:9980/cool
ProxyPassReverse /lool http://127.0.0.1:9980/cool
</VirtualHost>
# intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
I have been struggling with this issue for like 4 days, Please help.