If anyone is interested in how to deploy Nextcloud with Collabora behind caddy this is my final Caddy file configuration. The below configuration is for NextCloud 23+ version.
# Collabora
collabora.runner {
encode gzip zstd
@collabora {
path /browser/* # Browser is the client part of LibreOffice Online
path /hosting/discovery # WOPI discovery URL
path /hosting/capabilities # Show capabilities as json
path /cool/* # Main websocket, uploads/downloads, presentations and admin
}
reverse_proxy @collabora https://127.0.0.1:9980 {
header_up Host {host}
header_up Connection "Upgrade"
header_up Upgrade websocket
transport http {
tls_insecure_skip_verify
}
}
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # enable HSTS
}
}
# NextCloud
nextcloud.runner{
header {
Referrer-Policy "no-referre" always;
Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
X-XSS-Protection "1; mode=block"
}
reverse_proxy http://127.0.0.1:9080 {
header_up Host {host}
header_up X-Forwarded-Host {host}
header_up X-Content-Type-Options "nosniff" always;
header_up X-Robots-Tag "none" always;
header_up X-Frame-Options "SAMEORIGIN" always;
header_up X-Download-Options "noopen" always;
header_up X-Permitted-Cross-Domain-Policies "none" always;
}
encode gzip zstd
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
root * /var/www/html
file_server
php_fastcgi 127.0.0.1:9080 {
env front_controller_active true # Remove index.php form url
}
redir /.well-known/carddav /remote.php/carddav 301
redir /.well-known/caldav /remote.php/caldav 301
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 404
}
I followed [ Caddy reverse proxy + Nextcloud + Collabora + Bitwarden_rs with local HTTPS](Caddy reverse proxy + Nextcloud + Collabora + Bitwarden_rs with local HTTPS) tutorial for reference.
In the latest version of NC they renamed two paths, loleaflet was renamed to browser and lool was renamed to cool.
For docker-compose configuration follow the tutorial above, nothing much changed there.
If it happens that Collabora is not able to resolve the DNS of your domain add those entries inside the /etc/hosts file where you are running the server. In my case, I added two entries pointing to my server IP where the docker instances are running. I wasn’t expecting this behaviour to happen, since I am running my own Pihole DNS server. These records are already in pihole.
Docker is also configured to use my Pihole DNS server to resolve names. But for some weird reason is not able to resolve it.
Regards,