I have a setup that has a TrueNAS host, running Docker images for Nextcloud and Collabora, and a Linux VM running Virtualmin which manages Apache and other web apps for me as a proxy.
Originally, I had Nextcloud configured to use Collabora using the URL of 10.0.0.253:9980, ignoring the self-signed certificate. This worked from my home network, but failed when I was outside and accessing Nextcloud via Proxy.
I then tried to set up a Proxy for Collabora, but after configuring it, I am getting an 403 Forbidden when trying to browse to the new URL for the proxy. The intended URL of the Collabora server is office(dot)aiskon(dot)net
I tried to follow the directions from the Proxy Settings page, but seem to be stuck. Below are my files:
hello @GJSchaller Welcome to collabora online forum. I did some investigation, here are some points that you can check one by one and see if that works ?
1. Check coolwsd.xml Configuration
Ensure that the coolwsd.xml file allows traffic from the reverse proxy (office.aiskon.net):
To allow multiple hosts or aliases (e.g., your internal network IP and proxy domain), switch the mode to "groups" and explicitly define your allowed hosts. Here’s how you can configure it:
Checkout coolwsd.xml => alias_groups
2. Apache Proxy Configuration
Your Apache proxy settings for Collabora seem well-structured, but here are a few refinements:
Add nocanon to all ProxyPass directives where URLs are being passed to coolwsd (especially WebSocket URLs).
You have configured AllowEncodedSlashes NoDecode for the VirtualHost, but this might need to be set globally in Apache:
AllowEncodedSlashes NoDecode
4. Verify SSL Configuration
Confirm that the SSL certificate for office.aiskon.net is valid and trusted by Collabora. You can test this by accessing https://office.aiskon.net/hosting/discovery directly.
Ensure the SSL handshake works between Apache and the Collabora server. If using self-signed certificates:
Add the self-signed CA certificate to Apache’s trusted store.
Configure Collabora to ignore invalid certificates temporarily by setting <ssl> in coolwsd.xml:
<ssl>
<termination>true</termination>
</ssl>
5. Inspect Collabora Logs
Check the Collabora logs for details on the 403 Forbidden error:
docker logs <collabora-container-name>
Look for messages related to unauthorized access, WebSocket issues, or CORS errors.
6. Confirm Proxy Functionality
Test each proxied endpoint individually in your browser or with curl to verify if Apache forwards requests properly:
Coming back to this - I reset everything back to as simple as possible, and a working state (Local access only, no proxy set up). I’ll try to work out the local issues before setting up the proxy.
Right now, using the docker compose file listed above, here are the results I get for various URLs:
(Base URL)/hosting/discovery - XML File (Expected result)
(Base URL)/cool - HTTP Error 400
(Base URL)/cool/adminws - HTTP Error 400
Collabora works fine when tested from my local network at home - I can browse Nextcloud and open a file to edit. I’m not sure if I need to fix the two HTTP 400 errors before trying the proxy next?