Collabora using Proxy to access NC Files?

[wilfriedwolf]

Hello there.

I have a working NC/Collabora installation using docker-compose and docker-swarm. There are separate Containers for everything especially app (NC) and office (Docker-CODE). Everything works as supposed to be.
NC is accessible at https://cloud.example.com and office at https://office.example.com

Now I have a different setting where the office-Container can not directly access https://cloud.example.com. It should use a Proxy.

We tried setting PROXY_HOST etc. on the office-Container, but this was not reflected by the application.
Looking for "proxy" in the code (collabora-CODE) did not succeed, since the only stuff i found was the ReverseProxying to access collabora from outside.

Any Ideas?

Best regards and thanks in advance,

Willi

[Gnork]

I just encountered the exact same problem.

Current Behaviour

In our network, we have to use an outgoing HTTP proxy, otherwise the Firewall will block the request. The Collabora Server needs to contact the Nextcloud server and therefore needs to do outgoing requests through the proxy. The Collabora Server is started via Docker. We specify the proxy by setting environment variables in the Container using the Docker options -e HTTP_PROXY=proxy.example.com -e HTTPS_PROXY=proxy.example.com -e http_proxy=proxy.example.com -e https_proxy=proxy.example.com. The Collabora Server ignores these settings and does not use the proxy. As a result, the automatic download of a Document from Nextcloud to the DocumentServer has a timeout (due to the firewall). Errors can be seen in docker logs.

Expected behavior

The expected behaviour is, that the software in the container picks these variables up and uses the proxy, as many other Linux programs do. ButPreferably, Collabora Server should support HTTP_PROXY, HTTPS_PROXY, NO_PROXY and/or http_proxy, https_proxy, no_proxy environment variables.

[kevdogg]

Perhaps you can help me since I might be running into a similar issue (perhaps not).
I'm running collabora/code:latest via docker on a physically separate machine than nc.

I'm testing a situation where I have a reverse proxy (nginx) which sits in-front of my nginx/nc installation. The reverse proxy is on a physically different VM than nginx/nc.

Testing within LAN, if I access nc directly (not going through reverse proxy), I'm able to select an .odt document and collabora server is able to open document and allow for changes.

If I utilize RV proxy, I'm still able to reach nextcloud, but when trying to open document, I get the following:

Docker logs show the following -- the name of the reverse proxy is test..com:

15:34:42.344467 [ docbroker_004 ] ERR  Cannot get file info from WOPI storage uri [https://test.<redacted>.com/index.php/apps/richdocuments/wopi/files/25_ocny42d5quk3?access_token=bFJtLrNocloZFQUWsZJyM5re5HvkIBgp&access_token_ttl=0&permission=edit]. Error: SSL Exception: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version| wsd/Storage.cpp:504
wsd-00017-14979 2020-04-21 15:34:42.344536 [ docbroker_004 ] ERR  loading document exception: SSL Exception| wsd/DocumentBroker.cpp:1158
wsd-00017-14979 2020-04-21 15:34:42.344548 [ docbroker_004 ] ERR  Failed to add session to [/index.php/apps/richdocuments/wopi/files/25_ocny42d5quk3] with URI [https://test.<redacted>.com/index.php/apps/richdocuments/wopi/files/25_ocny42d5quk3?access_token=bFJtLrNocloZFQUWsZJyM5re5HvkIBgp&access_token_ttl=0&permission=edit]: SSL Exception| wsd/DocumentBroker.cpp:1120
wsd-00017-14979 2020-04-21 15:34:42.344563 [ docbroker_004 ] ERR  Error while loading : SSL Exception| wsd/LOOLWSD.cpp:2703
wsd-00017-14979 2020-04-21 15:34:42.354151 [ docbroker_004 ] WRN  Child session [0035] not found to forward message: load url=https://test.<redacted>.com/index.php/apps/richdocuments/wopi/files/25_ocny42d5quk3?access_token=bFJtLrNocloZFQUWsZJyM5re5HvkIBgp&access_token_ttl=0&permission=edit readonly=0 lang=en| wsd/DocumentBroker.cpp:1770
kit-14771-00019 2020-04-21 15:34:43.345743 [ loolkit ] WRN  Kit connection lost without exit arriving from wsd. Setting TerminationFlag| kit/Kit.cpp:2240
wsd-00017-14979 2020-04-21 15:34:43.349835 [ docbroker_004 ] ERR  Invalid or unknown session [0035] to remove.| wsd/DocumentBroker.cpp:1194
wsd-00017-14979 2020-04-21 15:34:43.350038 [ docbroker_004 ] ERR  No socket associated with WebSocketHandler 0x7efed80036f0| ./net/WebSocketHandler.hpp:125
wsd-00017-00018 2020-04-21 15:35:02.463776 [ prisoner_poll ] WRN  Prisoner connection disconnected but without valid socket.| wsd/LOOLWSD.cpp:1799

Curiously from inside the docker container:

curl https://test.<redacted>.com/index.php/apps/richdocuments/wopi/files/25_ocny42d5quk3?access_token=bFJtLrNocloZFQUWsZJyM5re5HvkIBgp&access_token_ttl=0&permission=edit
[1] 14618
[2] 14619
root@ubuntu:/etc/docker/compose/office.<redacted>.com# {"BaseFileName":"About.odt","Size":76671,"Version":"0","UserId":"ncadmin","OwnerId":"ncadmin","UserFriendlyName":"ncadmin","UserExtraInfo":{"avatar":"https:\/\/nextcloud.<redacted>.com\/avatar\/ncadmin\/32"},"UserCanWrite":true,"UserCanNotWriteRelative":false,"PostMessageOrigin":"https:\/\/nextcloud.gohilton.com\/","LastModifiedTime":"2019-10-06T13:12:44.000000Z","SupportsRename":true,"UserCanRename":true,"EnableInsertRemoteImage":true,"EnableShare":true,"HideUserList":"desktop","DisablePrint":"0","DisableExport":"0","DisableCopy":"0","HideExportOption":"0","HidePrintOption":"0","DownloadAsPostMessage":false}

Do I have to do something with the collabora container if it access NC behind reverse proxy?