Follow-up previous thread!

Installation & Configuration
1

Hi @darshan

First thanks a lot for your answer in previous thread Collabora CODE not working with some users? and sorry for late answer as I had no time to work on it earlier :frowning:

I have tried your modifications both on the Nextcloud Apache server itself and on the proxy Apache server for CODE but still same problem :frowning:

It happens either when you try to open a file from the Nextcloud client on mobile (IoS and Android) or open it in web on IoS.

Regarding your questions about the network, there are no restrictions such as DPI. I’m able to reproduce the problem on my Android phone so it’s not a specific device issue, not a problem of proxy or ISP as my computer and mobile phone use same internet connection and I have no issue on my computer with Firefox to open/edit documents in Nextcloud.

Any other things I can check ?

Thanks again,

Vincèn

2

hii @vincen

Based on what you described, the problem almost always boils down to one of these on iOS / mobile

  1. TLS / Certificates

iOS is far stricter than desktop browsers about the full certificate chain.

Make sure your Apache or reverse proxy presents the full chain (leaf + intermediate + root).

Test with SSL Labs SSL Server Test (Powered by Qualys SSL Labs)
— if it says “Chain issues” or “Incomplete”, fix that first.

In Apache this is usually done with both SSLCertificateFile (leaf) and SSLCertificateChainFile or SSLCertificateKeyFile lines pointing to the right bundle.

  1. check that mod_proxy_wstunnel is enabled. Without that, iOS or Android apps can’t upgrade to WebSockets.

  2. SameSite Cookies / CORS

  3. If you’re running multiple Nextcloud instances, make sure the WOPI_ALLOW and aliasgroup settings in Collabora include every host your mobiles are calling from. iOS sometimes sends slightly different origin headers than desktop.

3

Hi @darshan

Thanks for your message.

  • I have checked the websites concerned with SSL Server test and they all show up as A+ note and no error with SSL certificate or chain. I have checked both the nextcloud website and the reverse proxy website for Collabora and both are all goods regarding SSL.
  • Regarding the module proxy_wstunnel, it’s well installed and activated in Apache. Does it need specific parameters per virtual site in Apache ?
  • For Samesite Cookies it has to be done in each Nextcloud Apache server ? or only the reverse proxy or both ?
  • For CORS same question as Samesite.
  • I have added in Collabora config file the WOPI_ALLOW with lists of all Nextcloud instances on the server and the aliasgroup feature too that were not present. I added it in coolwsd config file under storage/wopi typed that way below. Is it correct syntax ?
<host allow="true">
    			<domain>url nc 1</domain>
            	<domain>url nc 2</domain>
            	<domain>url nc 3</domain>
    		</host>
        
            <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
            <group>
                    <host desc="NC 1" allow="true">scheme://url nc1</host>
                    <host desc="NC 2" allow="true">scheme://url nc2</host>
<host desc="NC 3" allow="true">scheme://url nc3</host>
            </group>>
            </alias_groups>

Thanks for all,

Vincèn

4

Hi @darshan

Did you get a chance to have a look at my last post ?

Thanks

Vincèn