Hi guys! So, I have my Seafile server working successfully on a LXC container. Nginx runs on a separate container, and they talk just fine. Nginx has say mydomain.duckdns.org and it’s been working just fine. It also holds a few sub-subdomains for other services (as in, immich.mydomain.duckdns.org), which also work just fine. I created for Collabora the domain office.mydomain.duckdns.org.
I run the docker collabora image with: docker run -t -d -p 192.168.0.15:9980:9980 -e "aliasgroup1=https://office.mydomain.duckdns.org:443" -e "username=***" -e "password=***" --name code --restart always collabora/code
(the docker server is in 192.168.0.15…Ahem, I literally put the username/pw as three asterisks…is this meant to be this way?).
I've copy/pasted the seahub_settings.py additional lines and modified for OFFICE_WEB_APP_BASE_URL = 'https://office.mydomain.duckdns.org/hosting/discovery'
If I attempt to load https://office.mydomain.duckdns.org/hosting/discovery, I get what I think is the collabora XML.
However if I attempt https://office.mydomain.duckdns.org/ (no /hosting/discovery), I just get an NGINX welcome page. So I guess I did something wrong here.
If I try https://192.168.0.15:9980, I get the cursory OK, so I guess that’s also good.
And if I try to get Seafile to open any office files, I get the Unauthorized WOPI host error. Any pointers at where might problem might be would be very welcome! I think I must be rather close, but something’s amiss.
Just in case, here’s my nginx for collabora:
server {
listen 443 ssl;
server_name office.mydomain.duckdns.org;
ssl_certificate /etc/letsencrypt/live/mydomain.duckdns.org-0xxxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.duckdns.org-0xxxx/privkey.pem; # managed by Certbot
# static files
location ^~ /browser {
proxy_pass https://192.168.0.15:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://192.168.0.15:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass https://192.168.0.15:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass https://192.168.0.15:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass https://192.168.0.15:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass https://192.168.0.15:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
Oh…I have no idea what to make of this, but I guess it might be the main clue. Pulling dockers logs code will give me a bunch of error entries such as these:
wsd-00001-00063 2024-06-06 03:35:39.568983 +0000 [ websrv_poll ] ERR #35: Attempted to remove: 904 which is > size: 0 clamped to 0| net/Socket.hpp:1260
wsd-00001-00063 2024-06-06 03:42:18.369823 +0000 [ websrv_poll ] ERR #36: Error while handling poll at 0 in websrv_poll: #36 (handshake): unknown. BIO error: 167773208, rc: -1: error:0A000418:SSL routines::tlsv1 alert unknown ca:
C0F68556017F0000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:ssl/record/rec_layer_s3.c:1590:SSL alert number 48
| net/Socket.cpp:550
wsd-00001-00063 2024-06-06 03:42:46.467505 +0000 [ websrv_poll ] ERR #36: Error while handling poll at 0 in websrv_poll: #36 (handshake): unknown. BIO error: 167772316, rc: -1: error:0A00009C:SSL routines::http request:
C0F68556017F0000:error:0A00009C:SSL routines:ssl3_get_record:http request:ssl/record/ssl3_record.c:345:
| net/Socket.cpp:550