proxy protocol - Githubissues

Hello all,

I am using NC 27.0.2 and Collabora Built-in CODE Server 23.5.202 behind a haproxy.

Some time ago I enabled the proxy protocoll in the haproxy and the apache2 configuration of the NC server. Since then the Collabora Built-in CODE server does not work anymore.

If I deactivate the proxy protocol again, the Collabora Built-in CODE server works again.

Is there a way to use the Collabora Built-in CODE Server and the proxy protocol at the same time? :)

The haproxy forwards everything that is meant for the NC/Collabora server to this, the ssl termination also happens there. Attached the configurations of haproxy and apache2:

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 10s
        timeout client  60s
        timeout server  60s
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend http_in
        mode http
        option httplog
        bind *:80       
        option forwardfor

        acl host_nextcloud  hdr(host) -i xxx office.xxx
        acl host_webserver  hdr(host) -i shoppinglist.xxx test.xxx ip.xxx shoppinglist-test.xxx
        acl host_vpn        hdr(host) -i vpn.xxx

        use_backend http_nextcloud if host_nextcloud
        use_backend http_webserver if host_webserver
        use_backend http_vpn       if host_vpn

        #default_backend http_nextcloud2

backend http_nextcloud
        mode http
        option httplog
        option forwardfor
        server server1 192.168.222.23:80

backend http_webserver
        mode http
        option httplog
        option forwardfor
        server server1 192.168.222.48:80

backend http_vpn
        mode http
        option httplog
        option forwardfor
        server server1 192.168.222.27:80

frontend https_in
        mode tcp
        option tcplog
        bind *:443
        acl tls req.ssl_hello_type 1
        tcp-request inspect-delay 5s
        tcp-request content accept if tls

        acl host_nextcloud  req.ssl_sni -i xxx office.xxx
        acl host_webserver  req.ssl_sni -i shoppinglist.xxx ip.xxx shoppinglist-test.xxx test.xxx
        acl host_vpn        req.ssl_sni -i vpn.xxx

        use_backend https_nextcloud if host_nextcloud
        use_backend https_webserver if host_webserver
        use_backend https_vpn       if host_vpn

        #default_backend https_nextcloud2

backend https_nextcloud
        mode tcp
        option tcplog
        option ssl-hello-chk
        server server1 192.168.222.23:443
        #server server1 192.168.222.23:443 send-proxy
        #server server1 192.168.222.23:443 send-proxy-v2

backend https_webserver
        mode tcp
        option tcplog
        option ssl-hello-chk
        server server1 192.168.222.48:443 send-proxy

backend https_vpn
        mode tcp
        option tcplog
        option ssl-hello-chk
        server server1 192.168.222.27:443 send-proxy

<VirtualHost *:80>
    RewriteEngine On
    RewriteRule ^(.*)$ https://%{HTTP_HOST} [R=301,L]
</VirtualHost>

<VirtualHost *:443>
### YOUR SERVER ADDRESS ###

    ServerAdmin admin@xxx
    ServerName xxx

    RemoteIPProxyProtocol Off

### SETTINGS ###
    <FilesMatch "\.php$">
        SetHandler "proxy:unix:/run/php/php8.1-fpm.nextcloud.sock|fcgi://localhost"
    </FilesMatch>

    # Intermediate configuration
    Header add Strict-Transport-Security: "max-age=15552000;includeSubdomains"
    SSLEngine               on
    SSLCompression          off
    SSLProtocol             -all +TLSv1.2 +TLSv1.3
    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 
    SSLHonorCipherOrder     off
    SSLSessionTickets       off
    ServerSignature         off

    # Logs
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    ErrorLog ${APACHE_LOG_DIR}/error.log

    DocumentRoot /var/www/nextcloud

    <Directory /var/www/nextcloud>
    Options Indexes FollowSymLinks
    AllowOverride None
    ### include all .htaccess
    Include /var/www/nextcloud/.htaccess
    Include /var/www/nextcloud/config/.htaccess
    Include /mnt/ncdata/.htaccess
    ###
    Require all granted
    Satisfy Any
    </Directory>

    <IfModule mod_dav.c>
    Dav off
    </IfModule>

    SetEnv HOME /var/www/nextcloud
    SetEnv HTTP_HOME /var/www/nextcloud

    # The following lines prevent .htaccess and .htpasswd files from being
    # viewed by Web clients.
    <Files ".ht*">
    Require all denied
    </Files>

    # Disable HTTP TRACE method.
    TraceEnable off
    # Disable HTTP TRACK method.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACK
    RewriteRule .* - [R=405,L]

    # Avoid "Sabre\DAV\Exception\BadRequest: expected filesize XXXX got XXXX"
    <IfModule mod_reqtimeout.c>
    RequestReadTimeout body=0
    </IfModule>

### LOCATION OF CERT FILES ###

    SSLCertificateChainFile /etc/letsencrypt/live/xxx/chain.pem
    SSLCertificateFile /etc/letsencrypt/live/xxx/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/xxx/privkey.pem
    SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/live/xxx/dhparam.pem
</VirtualHost>

### EXTRAS ###
    SSLUseStapling On
    SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
    SetEnv proxy-sendcl 1

CollaboraOnline / richdocumentscode

proxy protocol #234