Failed to install Collabora-online on my own server

Hello Community,

I hope you are well <3

So lets begin with the problem

I rent VPS from hetzner with 4vCPU, 8GBRAM, 80GBSSD, ubuntu20.04

and my nextcloud in other server same account in NC.

so I tried many times to install CollaboraOnline using packeges or using docker
same problem.

my steps was:
1- Import of the signing key
2- install the coolwsd and code-brand

I followed the instructions here:

after that i generate a SSL cert by certbot for the A record subdomain.

after that i tried to make the reverse proxy and im stack there hard!!

this is my reverse proxy `<VirtualHost *:443>
ServerName collabora.arabianshell.com:443

# SSL configuration
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/collabora.arabianshell.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/collabora.arabianshell.com/privkey.pem

# Static files
Alias /cool /usr/share/cool
<Directory /usr/share/cool>
    Require all granted
</Directory>

# Main proxy configuration
ProxyPreserveHost On
ProxyPass /loleaflet http://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet http://127.0.0.1:9980/loleaflet
ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery
ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities
ProxyPassMatch "/cool/.*" http://127.0.0.1:9980/cool/$1 retry=0
ProxyPassReverse "/cool/.*" http://127.0.0.1:9980/cool/$1

# WebSocket proxy
ProxyPassMatch "/cool/.*ws$" ws://127.0.0.1:9980/cool/$1
ProxyPassReverse "/cool/.*ws$" ws://127.0.0.1:9980/cool/$1

# Redirect HTTP to HTTPS
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*)           wss://%{HTTP_HOST}/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*)           https://%{HTTP_HOST}/$1 [P,L]

Can someone help me please? i’m stack here for 6 days

I appreceate your time and effort for help.

thank you

the domain of collabora is:

thank you.

hii @STORM welcome to collabora online forums.

1. Can you confirm that your Apache proxy configuration aligns with the specifications provided in our SDK?

2. Can you access hosting/capabilities to check the server connection?

3. Can you please paste some error logs here ? To help you out, i need some more context on this

Thanks,
Darshan

@STORM does this solved your problem ?

yes i confirm this

take a look

https://collabora.arabianshell.com/hosting/capabilities

root@ubuntu-collabora:/home# tail -f /var/log/apache2/error.log
[Mon Jul 29 11:13:18.695141 2024] [ssl:emerg] [pid 4846:tid 140058550168640] AH02565: Certificate and private key collabora.arabianshell.com:443:0 from /etc/letsencrypt/live/collabora.arabianshell.com/chain.pem and /etc/letsencrypt/live/collabora.arabianshell.com/privkey.pem do not match
[Mon Jul 29 11:13:18.695169 2024] [:emerg] [pid 4846:tid 140058550168640] AH00020: Configuration Failed, exiting
[Mon Jul 29 11:21:15.214721 2024] [core:warn] [pid 6290:tid 139763836447808] AH00098: pid file /var/run/apache2/apache2.pid overwritten -- Unclean shutdown of previous Apache run?
[Mon Jul 29 11:21:15.217427 2024] [mpm_event:notice] [pid 6290:tid 139763836447808] AH00489: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Mon Jul 29 11:21:15.217497 2024] [core:notice] [pid 6290:tid 139763836447808] AH00094: Command line: '/usr/sbin/apache2'
[Mon Jul 29 13:00:11.403698 2024] [mpm_event:notice] [pid 6290:tid 139763836447808] AH00491: caught SIGTERM, shutting down
[Mon Jul 29 13:00:11.487205 2024] [mpm_event:notice] [pid 6420:tid 140471577136192] AH00489: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations
[Mon Jul 29 13:00:11.487375 2024] [core:notice] [pid 6420:tid 140471577136192] AH00094: Command line: '/usr/sbin/apache2'
[Mon Jul 29 22:37:38.671719 2024] [authz_core:error] [pid 6422:tid 140471443638016] [client 213.232.87.234:37877] AH01630: client denied by server configuration: /var/www/html/server-status
[Tue Jul 30 05:50:32.265611 2024] [core:error] [pid 6421:tid 140471544710912] [client 47.76.58.74:55188] AH00126: Invalid URI in request POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1

Hii @STORM i see your private key and cert does not match that seems to be issue here As per logs

The private key must match with the certificate('s public key) you use. Otherwise, you won’t be able to use them together.

One way to make sure both key and certificate match (certificate comes from the private key being used) is by checking their modulus with openssl.

openssl rsa -in file.key -noout -modulus

openssl x509 -in file.crt -noout -modulus

Note: If certificate or key are not in ASCII you must add "-inform DER" to the specific file.

Also I found a thread which have some interesting discussion related to fix issue ssl - Error: Public Key Certificate and Private Key doesn't match - Stack Overflow

@STORM also if you need a guidance to integrate NC with collabora here is the YT video which will help to set up