Nginx Question posted in
The official documentation can be found here.

nginx via docker – error:1408F10B:SSL routines:ssl3_get_record:wrong version number

I have a collabora server set up via docker. I’d like to put it behind a proxy so that it’s accessible only via https:

I’ve followed documentation here and here.

On the second link I’m using set up option 2 of 3. I was unsure if I should be using option 1.

After running the container, I wanted to check that collabora server is running per the bottom of the first documentation link above. Obtaining the ‘OK’ message signifies that all is set up correctly:

curl -k https://localhost:9980
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

If I remove the s:

curl -k http://localhost:9980
OK

I have 3 services in the docker-compose, here’s the last couple of lines of the logs:

docker ps
CONTAINER ID   IMAGE               COMMAND                  CREATED       STATUS       PORTS                                      NAMES
ee6bdb68f8e2   collabora/code      "/bin/sh -c 'bash st…"   2 hours ago   Up 2 hours   0.0.0.0:9980->9980/tcp                     collabora
1488465463c6   nginx:1.15-alpine   "/bin/sh -c 'while :…"   2 hours ago   Up 2 hours   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   collabora_nginx_1
4361ed3f6df7   certbot/certbot     "/bin/sh -c 'trap ex…"   2 hours ago   Up 2 hours   80/tcp, 443/tcp                            collabora_certbot_1

The collabora server container/service:

docker logs collabora
wsd-00006-00042 2021-03-02 16:39:07.374169 [ websrv_poll ] WRN  convert-to: Requesting address is denied: ::ffff:168.119.3.73| wsd/LOOLWSD.cpp:2315
wsd-00006-00042 2021-03-02 16:40:10.725982 [ websrv_poll ] ERR  Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2383

The nginx container/service:

docker logs collabora_nginx_1
2021/03/02 16:49:47 [error] 10#10: *54 open() "/etc/nginx/html/robots.txt" failed (2: No such file or directory), client: 198.20.87.98, server: collabora.mydomain.de, request: "GET /robots.txt HTTP/1.1", host: "135.181.152.187"
198.20.87.98 - - [02/Mar/2021:16:49:47 +0000] "GET /robots.txt HTTP/1.1" 404 154 "-" "-" "-"
2021/03/02 16:49:48 [error] 10#10: *55 open() "/etc/nginx/html/sitemap.xml" failed (2: No such file or directory), client: 198.20.87.98, server: collabora.mydomain.de, request: "GET /sitemap.xml HTTP/1.1", host: "135.181.152.187"
198.20.87.98 - - [02/Mar/2021:16:49:48 +0000] "GET /sitemap.xml HTTP/1.1" 404 154 "-" "-" "-"
2021/03/02 16:49:50 [error] 10#10: *56 open() "/etc/nginx/html/.well-known/security.txt" failed (2: No such file or directory), client: 198.20.87.98, server: collabora.mydomain.de, request: "GET /.well-known/security.txt HTTP/1.1", host: "135.181.152.187"
198.20.87.98 - - [02/Mar/2021:16:49:50 +0000] "GET /.well-known/security.txt HTTP/1.1" 404 154 "-" "-" "-"
2021/03/02 16:49:51 [error] 10#10: *57 open() "/etc/nginx/html/favicon.ico" failed (2: No such file or directory), client: 198.20.87.98, server: collabora.mydomain.de, request: "GET /favicon.ico HTTP/1.1", host: "135.181.152.187"
198.20.87.98 - - [02/Mar/2021:16:49:51 +0000] "GET /favicon.ico HTTP/1.1" 404 154 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
2021/03/02 16:49:56 [error] 10#10: *62 "/etc/nginx/html/index.html" is not found (2: No such file or directory), client: 104.155.101.3, server: collabora.mydomain.de, request: "GET / HTTP/1.1", host: "135.181.152.187"
104.155.101.3 - - [02/Mar/2021:16:49:56 +0000] "GET / HTTP/1.1" 404 154 "-" "python-requests/2.25.1" "-"

The certbot container:

docker logs collabora_certbot_1
logs collabora_certbot_1 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/collabora.mydomain.de.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/collabora.mydomain.de/fullchain.pem expires on 2021-05-31 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

My docker-compose.yaml:

version: "3.5"
services:
  collabora:
    image: collabora/code
    container_name: collabora
    restart: always
    depends_on:
      - nginx
    cap_add:
      - MKNOD
    environment:
      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true"
      - domain=nx12345.blah.de
      - dictionaries=en_US
    ports:
      - "9980:9980"
    volumes:
      - ./appdata/collabora:/config    
  nginx:
    image: nginx:1.15-alpine
    restart: unless-stopped
    volumes:
      - ./data/nginx:/etc/nginx/conf.d
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    ports:
      - "80:80"
      - "443:443"
    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'"
  certbot:
    image: certbot/certbot
    restart: unless-stopped
    volumes:
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

My nginx config app.conf:

server {
    listen 80;
    server_name mydomain.de;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}


server {
    listen       443 ssl;
    server_name  collabora.mydomain.de;

    ssl_certificate /etc/letsencrypt/live/collabora.mydomain.de/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/collabora.mydomain.de/privkey.pem;
    
    # static files
    location ^~ /loleaflet {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        proxy_pass http://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        proxy_pass http://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        proxy_pass http://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

How can I correctly place the collabora server behind a proxy using nginx per the above set up using docker?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    The issue was networks. A concept I do not yet fully understand but adding this to my docker-compose did the trick:

    networks:
  collabora:

    Then in each service I referenced this same network.


  2. 0

    proxy_pass http://localhost:9980

    In your nginx.conf, localhost is referring to the nginx container itself. If you are trying to route to the collabora container, change "localhost" to the name of the collabora container, collabora.

    Refer to this post about localhost in docker-compose

    Similar docker-compose and collabora config

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search