I am having an issue getting my collabora code server running properly.
In a nutshell : CODE installed with docker and Nextcloud connects fine to it. But when trying to open a docuement, I get this error : Failure to establish a per-socket connection or an unexpected closing of the per-socket connection. The reverse proxy could be misconfigured, please contact the administrator. For more information on how to configure the proxy, please see https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html
Context
The nextcloud server is running with the apache php module and php8.2 on Debian 12. It is under ongoing migration and the data directory hasn’t been completely copied yet because of slow networks.
The code server is installed as a docker container running under the user docker with the group docker.
Here are my configurations :
Nextcloud apache :
<VirtualHost *:443>
DocumentRoot "/var/www/nextcloud"
ServerName mynextcloudserver.com
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
<Directory "/var/www/nextcloud/">
Options MultiViews FollowSymlinks
AllowOverride All
Order allow,deny
Allow from all
RewriteEngine on RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</Directory>
TransferLog /var/log/apache2/nextcloud_access.log
ErrorLog /var/log/apache2/nextcloud_error.log
<IfModule mod_dav.c>
Dav off
</IfModule>
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mynextcloudserver.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mynextcloudserver.com/privkey.pem
</VirtualHost>
Collabora apache :
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName collabora.mynextcloudserver.com
AllowEncodedSlashes NoDecode
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
ProxyPreserveHost On
ProxyPass /browser https://127.0.0.1:9980/browser retry=0
ProxyPassReverse /browser https://127.0.0.1:9980/browser
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
ProxyPass /cool https://127.0.0.1:9980/cool
ProxyPassReverse /cool https://127.0.0.1:9980/cool
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
SSLCertificateFile /etc/letsencrypt/live/collabora.mynextcloudserver.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/collabora.mynextcloudserver.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Docker compose file for collabora :
version: '3.8'
services:
collabora:
dns:
- 1.1.1.1
container_name: code
image: collabora/code
restart: always
network_mode: host
# ports:
# - 9980:9980
environment:
- domain=mynextcloudserver.com
- server_name=collabora.mynextcloudserver.com
- dictionaries=fr_FR
- username=code
- password=password123
- extra_params=--o:ssl.enable=true --o:ssl.termination=true
cap_add:
- MKNOD
The error
The nextcloud instance connects properly to the collabora server, however, when I try to open a document, I get the following error :
Failure to establish a per-socket connection or an unexpected closing of the per-socket connection. The reverse proxy could be misconfigured, please contact the administrator. For more information on how to configure the proxy, please see Proxy settings — SDK https://sdk.collaboraonline.com/ documentation
Docker log
code | wsd-00001-00031 2024-02-26 14:49:59.409152 +0000 [ websrv_poll ] WRN convert-to: Requesting address is denied: IPADDRESS_REDACTED | wsd/COOLWSD.cpp:4185
code | wsd-00001-00031 2024-02-26 15:01:12.926421 +0000 [ websrv_poll ] ERR #25: #25 bad request: [GET /cool/https:%2F%2Fmynextcloudserver.com%2F%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F3158364_oca6y7gp13ne%3Faccess_token=kzooMcHfuIxh2RUgIn3LNlLm6I96ztzv&access_token_ttl=0/ws?WOPISrc=https%3A%2F%2Fmynextcloudserver.com%2F%2Findex.php%2Fapps%2Fric...]: Invalid or unknown request.| wsd/COOLWSD.cpp:4443=/ws HTTP/1.1
code | wsd-00001-00031 2024-02-26 15:01:13.503693 +0000 [ websrv_poll ] ERR #25: #25 bad request: [GET /cool/https:%2F%2Fmynextcloudserver.com%2F%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F3158364_oca6y7gp13ne%3Faccess_token=kzooMcHfuIxh2RUgIn3LNlLm6I96ztzv&access_token_ttl=0&permission=edit/ws?WOPISrc=https%3A%2F%2Fmynextcloudserver.com%2F%2Findex....]: Invalid or unknown request.| wsd/COOLWSD.cpp:44436y7gp13ne&compat=/ws HTTP/1.1
What I already tried
- using a multitude of combinaisons of --o:ssl.enable=true/false --o:ssl.termination=true/false while changing the options in the apache config file accordingly
- using port mapping / host mode for the docker vm
- running the vm as root instead of unprivileged user
- disabling all firewall rules
Hypothesis
Because the instance is under a migration and we are not able to fully copy the original data directory as of now, there might be an issue with the appdata folder? However, because the user testing this has been created after the migration, I think his files in the appdata directory should be fine right?
Any help would be greatly appreciated !