Nginx reverse proxy configuration gives 502 bad gateway

[pierrecorsini]

Summary

Getting 502 bad gateway. Docker container seems rejecting the requests.

Steps to reproduce

server {
	server_name editxxxxxxxxxxx.com;
    listen 443 ssl; # managed by Certbot
    ssl_certificate xxxxxxxxxxx; # managed by Certbot
    ssl_certificate_key xxxxxxxxxxx# managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	proxy_set_header X-Forwarded-Host $host:$server_port;
	proxy_set_header X-Real-IP $remote_addr;
	real_ip_header X-Forwarded-For;

	# Force ssl
	error_page  497 https://$host:$server_port$request_uri;

	# Redirect requests to odoo backend server
	location / {
		proxy_redirect off;
		proxy_pass http://10.10.10.133:9980;
	}

 # static files
 location ^~ /browser {
   proxy_pass http://10.10.10.133:9980;
   proxy_set_header Host $http_host;
 }


 # WOPI discovery URL
 location ^~ /hosting/discovery {
   proxy_pass http://10.10.10.133:9980;
   proxy_set_header Host $http_host;
 }


 # Capabilities
 location ^~ /hosting/capabilities {
   proxy_pass http://10.10.10.133:9980;
   proxy_set_header Host $http_host;
 }


 # main websocket
 location ~ ^/cool/(.*)/ws$ {
   proxy_pass http://10.10.10.133:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }


 # download, presentation and image upload
 location ~ ^/(c|l)ool {
   proxy_pass http://10.10.10.133:9980;
   proxy_set_header Host $http_host;
 }


 # Admin Console websocket
 location ^~ /cool/adminws {
   proxy_pass http://10.10.10.133:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }
}

services:
  collabora-online-app:
    image: tiredofit/collabora-online:latest
    container_name: collabora-online-app-tiredofit
    hostname: editxxxxxxxxxxx.com
    cap_add:
      - MKNOD
      - NET_ADMIN
    privileged: true
    labels:
      - traefik.enable=false
      - traefik.http.routers.collabora-online-app.rule=Host(`editxxxxxxxxxxx.com`)
      - traefik.http.services.collabora-online-app.loadbalancer.server.port=9980
    volumes:
      - ./logs:/logs
    environment:
      - TIMEZONE=Africa/Casablanca
      - CONTAINER_NAME=collabora-online-app-tiredofit

      - ADMIN_USER=admin
      - ADMIN_PASS=collabora-online

      - ALLOWED_HOSTS=editxxxxxxxxxxx.com

      - ENABLE_TLS=FALSE
      - ENABLE_TLS_REVERSE_PROXY=TRUE

      - INTERFACE=notebookbar
      - LOG_TYPE=FILE
      - LOG_LEVEL=information
    networks:
      - proxy
      - services
    restart: always
networks:
  proxy:
    external: true
  services:
    external: true
~                                    

What is the expected correct behavior?

Collabora access; not a 502 Bad Gateway.

Relevant logs and/or screenshots

2023/07/29 01:23:44 [error] 532421#532421: *34 connect() failed (111: Unknown error) while connecting to upstream, client: 105.154.3.13, server: editxxxxxxxxxxx.com, request: "GET / HTTP/1.1", upstream: "http://10.10.10.133:9980/", host: "editxxxxxxxxxxx.com"

Question

I am not able to make the container work with a nginx reverse proxy (that is working with other services).

Would you have an example of a working nginx configuration ?

Looking a my nginx log there is a 111: Unknown error but I was not able to get more intel on docker log side (even increasing the log level ti information).

Any advice welcome :)

[pierrecorsini]

Possible error during docker compose up:
collabora-online-app-tiredofit | /etc/cont-init.d/10-coolwsd: line 144: -e: command not found

That might be linked to 379d74a :
sed -i -e "s|<num_prespawn_children \(.*\)>.*</num_prespawn_children>|<num_prespawn_children \1>${PRESPAWN_CHILD_PROCESSES}</num_prespawn_children>|" /etc/coolwsd/coolwsd.xml

EDIT Quickfixing the previous sed issue will not solve my problem.

[tiredofit]

Can you confirm what version you are using? I am not seeing it on the past few releases.

[pierrecorsini]

compose.yml :
image: tiredofit/collabora-online:latest

[tiredofit]

Can you try using a tagged release - 23.05.2-2 is the most recent just to make sure I can look into what is happening..

[pierrecorsini]

I do have the same results with image: tiredofit/collabora-online:23.05.2-2 :

Sed error:

collabora-online-app-tiredofit | 2023-07-30.18:27:45 [NOTICE] ** [collabora-online] Autogenerating Configuration File
collabora-online-app-tiredofit | sed: -e expression #3, char 93: unterminated `s' command

Connection still refused (I forced wildcard * in the hosts to ne sure this was not the problem):

wget 10.10.10.133:9980
--2023-07-30 18:28:57--  http://10.10.10.133:9980/
Connecting to 10.10.10.133:9980... failed: Connection refused.

[tiredofit]

Thanks - to look into the erroneous sed command as a bug fix on Monday.

[tiredofit]

I am not able to recreate the sed error on my copy here. It was an issue in earlier releases but not in the latest I wrote about above. I will keep looking.