1st time user, trying to set NginX as both web server for Nextcloud and reverse proxy for Collabora. I want to set all locally to be served from folders, not as docker. Using related names in hosts file.
I can find specific detailed configs for Nextcloud and Collabora but do not understand how it should work, redirection with ports and sites.
There are many cases and instructions, but I failed to apply that to this case. Giving here overview without certs and details, hoping this is what is relevant.
So IDK how to relate web server and reverse proxy. Are they all on 443?
Do I need 2 or 3 server blocks? Do I need to define “external” site i.e. site I open in browser as nx.local? Is it any different from nc.local?
If I open https://nx.local in browser (to first access to reverse proxy)), do I need nc.local (is it ever seen), I know how co.local is used with sites and websockets (and in Nextcloud Office configuration).
I am posting here for this big picture. I could make Nextcloud work (so that would be web server I presume) and somewhat see Collabora (that reverse proxy part), but it cannot open a file. I assumed my NginX conf is NOK for reverse proxy to NC.
Collabora has Termination mode (proxy-Collabora is HTTP) and Ssl mode (proxy-Collabora is SSL), I assumeed that is only controlled by co.conf, not by different ports or NginX config.
There are multiple ways to configure your environment, so it’s hard to give you a specific answer. Here are some pointers (in addition to what you found in the other posts):
The difference between a web server and proxy “block” is with regards to how you configure it. Usually, this is determined at the location block.
You could have everything in a single server block, e.g.
server {
listen 443 ssl;
#server_name local.server; remove server_name or use a generic name
location / {
root /var/www/nextcloud;
try_files $uri $uri/ /index.php$request_uri;
}
location /collabora {
proxy_pass http://127.0.0.1:9980;
}
}
You could also use two different server blocks like in your original example. The same port can be reused as long as the server_name is different, which it is in your examples.
Thanks for reply. I tried with single server block but I cannot open files. Collabora says: `Failed to establish socket connection or socket connection closed unexpectedly. The reverse proxy might be misconfigured.`
Looking in the logs, it says: ERR jserror PostMessage ignored: not ready. which would indicate that communication does not work, I think that Collabora waits for “Host_PostmessageReady” signal.
Could you please see if there is something obvious. I added from NC and CO sample configurations, commented out your parts, not sure if they need to be applied somehow.
Usually in docker configuration it is important to separate NC and CO hosts, if the same machine then via hosts file. I do not see how that can be done in single block.
upstream php-handler {
server 127.0.0.1:9000;
}
# Set the immutable cache control options only for assets with a cache busting v argument
map $arg_v $asset_immutable {
“” “”;
default “, immutable”;
}
server {
listen 443 ssl;
server_name rp.local
#location / { # is this needed in some way?
# root /var/www/nextcloud;
# try_files $uri $uri/ /index.php$request_uri;
#}
root /var/www/nextcloud;
index index.php index.html /index.php$request_uri;
include mime.types;
types {
text/javascript mjs;
}
#HTTP response headers borrowed from Nextcloud .htaccess
add_header Referrer-Policy “no-referrer” always;
add_header X-Frame-Options “SAMEORIGIN” always;
add_header X-Permitted-Cross-Domain-Policies “none” always;
add_header X-Permitted-Cross-Domain-Policies “all” always;
add_header X-Robots-Tag “noindex, nofollow” always;
add_header X-Content-Type-Options “nosniff” always;
location ~ .php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|.+/richdocumentscode(_arm64)?/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering on; # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
fastcgi_max_temp_file_size 0;
}
#Serve static files
location ~ .(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri;
# HTTP response headers borrowed from Nextcloud .htaccess
add_header Cache-Control “public, max-age=15778463$asset_immutable”;
add_header Referrer-Policy “no-referrer” always;
add_header X-Frame-Options “SAMEORIGIN” always;
add_header X-Permitted-Cross-Domain-Policies “none” always;
add_header X-Permitted-Cross-Domain-Policies “all” always;
add_header X-Robots-Tag “noindex, nofollow” always;
add_header X-Content-Type-Options “nosniff” always;
access_log off; # Optional: Don’t log access to assets
}
#location /collabora {
# proxy_pass http://127.0.0.1:9980;
#}
#static files
location ^~ /browser {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
}
#WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
}
#Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
}
#main websocket for termination
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “Upgrade”;
proxy_set_header Host $host;
proxy_read_timeout 36000s;
}
#download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $host;
}
}
I can’t see anything obviously wrong, although you are missing a semicolon after server_name rp.local, and I would suggest putting everything Nextcloud specific within a distinct location block, or in a separate server block (like you originally had) than your Collabora block. I don’t have any experience myself with Nextcloud or Collabora so I don’t quite know how to actually debug what the issue might be though
I would probably suggest trying to get both things working separately, and once you do, see if there’s a way to sensibly consolidate both configs. Hopefully someone else has some suggestions too
Awesome that you figured it out! Thanks for coming back and letting us know what works - this can be helpful to others in the future.
Mind marking your post as solved, or if we mark it? That way it’s easy to tell that you figured out the answer!
