“Unable to establish a network connection or the network connection was unexpectedly closed. The reverse proxy might be misconfigured, please contact the administrator.” The editor occasionally reports this error. What could be the reason? We are using Nginx as the proxy, and the HTTPS certificate is deployed in a self-signed manner.If my configuration was wrong, it shouldn’t occur occasionally.
@darshan I see that the final solution recommended in the article you mentioned is to use Nginx as a proxy. However, we are already using Nginx as a proxy and still encountering this issue. Here is our Nginx configuration:
upstream collaserver {
server 192.168.1.119:9981;
}
server {
listen 8068 ssl;
server_name 192.168.1.119;
ssl_certificate /usr/share/nginx/ssl/server.crt;
ssl_certificate_key /usr/share/nginx/ssl/server.key;
ssl_session_cache shared:SSL:1m;
ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
gzip_static on;
location /office {
alias /usr/share/nginx/html/;
index index.html index.htm;
try_files $uri $uri/ /office/index.html;
}
error_page 500 502 503 504 /50x.html;
location /gateway/ {
client_max_body_size 2048m;
proxy_pass http://192.168.1.119:5901/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
add_header Access-Control-Allow-Methods 'GET, POST, PATCH, DELETE, PUT, OPTIONS';
if ($request_method = OPTIONS){
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET, OPTIONS, POST, PATCH, PUT, DELETE";
add_header Access-Control-Allow-Headers $http_access_control_request_headers;
add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
}
#colla static files
location ^~ /browser {
proxy_pass https://collaserver;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://collaserver;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass https://collaserver;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass https://collaserver;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass https://collaserver;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass https://collaserver;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
1. Protocol Version and Cipher Suites
- Your SSL protocols currently include deprecated versions (
SSLv2,SSLv3,TLSv1,TLSv1.1). Collabora may require onlyTLSv1.2orTLSv1.3, so you might want to limit to just those:
ssl_protocols TLSv1.2 TLSv1.3;
- For
ssl_ciphers, it’s advisable to use a more modern and widely compatible set:
ssl_ciphers HIGH:!aNULL:!MD5;
2. WebSocket Timeout and Connection Settings
- Since Collabora heavily relies on WebSocket connections, setting higher timeouts for WebSocket handling can improve connection stability:
location ~ ^/cool/(.*)/ws$ {
proxy_pass https://collaserver;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 3600s; # Adjust if necessary
proxy_send_timeout 3600s; # Adjust if necessary
}
@darshan Thank you for your help. I will modify the configuration to see if it works