I have TrueNAS 25.04.2.3 running. I wish to use the TrueNAS apps to set up Collabora and NextCloud so that I have access to my files off-site.
Currently, I have:
- Set up Nginx Proxy Manager with port forwarding through my router so that I can access my containers that I have proxied. I have used dynu with dynamic DNS with subdomains to access these containers. I have used Let’s Encrypt to generate SSL certificates.
- Set up NextCloud on port 30027 and set up NPM to reverse proxy into NextCloud . In NPM, I have enabled Websockets Support. In the configuration, I have listed the “Host” as the same address in NPM reverse proxy.
- Set up Collabora on port 9980 and set up NPM to reverse proxy into Collabora via the address collabora.xxxxx.xxxxx.xxx (I have enabled Websockets support). In the configuration, I have listed the “Server Name” as the same address in NPM reverse proxy.
- In NextCloud interface, I have downloaded and enabled the “Nextcloud Office” app. In the Administration Settings → Office, I have clicked on “Use your own server” and put in the address collabora
- It initially connects, but then gives me the following error:
Your browser has been unable to connect to the Collabora server: collabora.xxxxx.xxxxx.xxx:9980
This URL is determined on the Collabora server either from the configured URL or the server_name parameter in coolwsd.xml.
I’m not sure what the problem is.
I have not been able to edit the coolwsd.xml file as I am not sure how to when it is running in the container.
Could anyone give me advice?
Can your Nextcloud container resolve this address successfully and connect to it?
Yes, I get the following output when I use resolve the address from within the Nextcloud container.
# curl -vk collabora.xxxxx.xxxxx.xxx
* Host collabora.xxxxx.xxxxx.xxx:443 was resolved.
* IPv6: (none)
* IPv4: yyy.yyy.yy.yy
* Trying yyy.yyy.yy.yy:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
* subject: CN=*.xxxxx.xxxxx.xxx
* start date: Sep 1 19:45:25 2025 GMT
* expire date: Nov 30 19:45:24 2025 GMT
* issuer: C=US; O=Let's Encrypt; CN=E7
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Certificate level 0: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to collabora.xxxxx.xxxxx.xxx (yyy.yyy.yy.yy) port 443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://collabora.xxxxx.xxxxx.xxx/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: collabora.xxxxx.xxxxx.xxx]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.14.1]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: collabora.xxxxx.xxxxx.xxx
> User-Agent: curl/8.14.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Request completely sent off
< HTTP/2 200
< server: openresty
< date: Wed, 10 Sep 2025 20:14:31 GMT
< content-type: text/plain
< content-length: 2
< last-modified: Wed, 10 Sep 2025 20:14:31
< strict-transport-security: max-age=63072000; preload
< x-served-by: collabora.xxxxx.xxxxx.xxx
<
* Connection #0 to host collabora.xxxxx.xxxxx.xxx left intact
Hi all, I have managed to fix my issue. I will link below my Collabora TrueNAS configs:
Server Name = collabora.xxxxx.xxxxx.xxx:443
Alias Group 1 = https://nextcloud.xxxxx.xxxxx.xxx
Adding port 443 at the end of the Server Name seems to force the Collabora container to return communications via HTTPS port rather than its own allocated webui port, which is by default 9980.
Extra parameters:
--o:welcome.enable=false
--o:user_interface.mode=notebookbar
--o:ssl.termination=true
--o:ssl.enable=false
--o:net.proto=IPv4
--o:logging.level=warning
--o:logging.level_startup=warning
--o:mount_jail_tree=false
--o:net.post_allow.host[0]=nextcloud.xxxxx.xxxxx.xxx
--o:ssl.termination=true
--o:ssl.enable=false
These parameters forces the Collabora container to use SSL certificates provided by Nginx Proxy Manager, rather generating their own. I believe that these are the default parameters for the TrueNAS community app.
--o:net.post_allow.host[0]=nextcloud.xxxxx.xxxxx.xxx explicitly allows your Nextcloud host to connect.
The 2 main changes here are the --o:net.post_allow.host[0]=nextcloud.xxxxx.xxxxx.xxx and Server Name = collabora.xxxxx.xxxxx.xxx:443.
In terms of NPM proxy host settings, I disabled HSTS, although I am unsure if this would have helped.
Just to highlight this point: the Server Name in the TrueNAS config is equivalent to editing the server_name in coolwsd.xml in the container, and it appears if you’re running Collabora through a reverse proxy, you need to specify as part of the URL for the server name that it should be running on port 443, otherwise it will default to the webUI port (default 9980) as specified further down in the TrueNAS config UI
