"Document loading failed" - NGINX (Reverse Proxy), no Docker

[natrius]

Describe the bug Updated from Ubuntu 18.04 to 20.04 and now run into quite some problems with collabora.

Details: Ubuntu 20.04 LTS NGINX 1.18 PHP 8.1.7 Nextcloud 24.0.2 Richdocuments 6.1.0

Nextcloud shows me in the "Office" Tab that it is connected to the Collabora server.

Its just, when i try to open a file it waits for some time and ends in "Document loading failed". Log in Nextcloud itself does not show anything for the time when trying to open a file.

Logs

#### Nextcloud log (data/nextcloud.log) ``` sudo tail data/nextcloud.log did not show anything in the timeframe i tried to access the file. ``` Here is the nginx. I had to switch https to http so it works or the coolwsb service would even start at all. ``` server { listen 443 ssl; server_name office.example.home; ssl_certificate /etc/letsencrypt/live/office.example.home/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/office.example.home/privkey.pem; # managed by Certbot # static files location ^~ /browser { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $http_host; } # WOPI discovery URL location ^~ /hosting/discovery { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $http_host; } # Capabilities location ^~ /hosting/capabilities { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $http_host; } # main websocket location ~ ^/cool/(.*)/ws$ { proxy_pass http://127.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } # download, presentation and image upload location ~ ^/(c|l)ool { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $http_host; } # Admin Console websocket location ^~ /cool/adminws { proxy_pass http://localhost:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot ssl_trusted_certificate /etc/letsencrypt/live/office.example.home/chain.pem; # managed by Certbot ssl_stapling on; # managed by Certbot ssl_stapling_verify on; # managed by Certbot } ```

EDIT: I found https://github.com/nextcloud/richdocuments/issues/917 already and as my installation was indeed an old one, i tried it without success unfortunately. I found https://github.com/nextcloud/richdocuments/issues/2058 this as well, but it seems there is something a bit else as far as i could tell. Dunno.

EDIT2: When using the nginx from here https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html with the https instead of the http i'm using i will get the following error with sudo journalctl -eu coolwsd: ERR Looks like SSL/TLS traffic on plain http port| wsd/COOLWSD.cpp:3373

[grosjo]

Same with richdocuments 6.2.0

[Raudius]

Hi,

Thanks for your report.

The check in the Nextcloud Office settings only verifies that the /hosting/capabilities endpoint is reachable over HTTP(S). This is only serves a superficial check to make sure that the URL points to a Collabora server (it does not verify that the server is correctly configured: web-sockets and Collabora -> Nextcloud connections are not checked).

From your issue I gather that you are trying to set up a reverse proxy (a https endpoint that forwards request to unsecured local ports). If this is the case then this is the reference set-up which you should use: https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-with-nginx-webserver

I think that adding the Strict-Transport-Security header, requires the forwarded request to be served over HTTPS (or not at all). This is of course not desired in your setup.

Can you try removing (or commenting out) this line from your config and restarting your server:

add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot

[natrius]

Hello,

i actually solved this already, sorry - forgot about this issue. Details can be found in this issue https://github.com/CollaboraOnline/online/issues/4966#issuecomment-1238720448 but in short: I updated from Ubuntu 18.04 to 20.04 and due to that /etc/apt/sources.list.d/collaboraonline.sources was still wrong. Use the correct one and afterwards the correect nginx config WITH https (not http)

Sorry for not closing. Hope this helps others as well :)