Integrate Collabora with our own web server

We build a web file server and want to integrate with Collabora. We use HAPROXY for reverse proxy. The File Server and the Collabora server are in different containers (LXC) and behind HAPROXY. SSL are disabled.

We can open document in Collabora if we access our File Server using internal IP address. But we cannot open document in Collabora if we access our File Server with a domain name.
Can any one help or give us a direction on what to look for?

OS Debian 10.
HAPROXY ver 1.5.18

Below is our haproxy configuration file.

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    tune.ssl.default-dh-param 2048
    daemon
    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          2m
    timeout server          2m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  main 
     bind *:80
     bind *:443 ssl crt-list /etc/letsencrypt/live/crt-list.txt

     acl app_doc          hdr(host)      -i doc.netsoft.me
     acl app_collab       hdr(host)      -i collab.netsoft.me

     use_backend doc_cluster	   if app_doc
     use_backend collab_cluster	   if app_collab

backend doc_cluster
    option forwardfor
    server  doc1	10.0.1.52:8002

backend collab_cluster
#    option forwardfor
#    mode http
    timeout tunnel	1800s
    server collab1	10.0.1.51:9980

What do the Collabora logs say ? possibly if you turn up the logging level to debug or trace - you will get a massive performance impact (beware) - but see everything going on there =) Almost certainly from inside the container we can’t reach the WOPI host with that name, -or- the certificate is not valid (I guess) - but the logs will tell you what’s up.
All the best with your integration.

I did turn on the log. I see log message if connect the WOPI host from internal IP. But there are no log messages if we connect our server (WOPI) using domain name. The API are the same

'http://collab.netsoft.me/browser/8fe1f0f/cool.html?'

Is HTTPS is required? It seems the collabora server just ignore the API request in the second case.

I solved the problem and leave a note and hopefully may help the other. Both the WOPI server and the Collab server is behind Haproxy with SSL Termination and the Haproxy is behind a firewall access via NAT. So when the two servers talk, they are using domain name, in turn will use public IP, and will then need to go thru the router. I fix the problem by setting the hostname in linux host file of both server s point to the proxy server so that their request will go directly to the proxy server instead of to the router.

4 Likes