Collabora Online + Nextcloud Integration – Issue

Collabora Online + Nextcloud Integration – Status & Outstanding Issue
Environment

Server: Dedicated Linux server (Plesk, EL9)

Reverse proxy: Plesk-managed nginx (in front of Apache)

Nextcloud: Self-hosted instance (HTTPS)

Collabora: External Collabora Online server (Docker-based)

Proxy model: nginx reverse proxy

CDN / WAF: Disabled during testing

SSL: Terminated at nginx (Collabora running without internal SSL)

What Has Been Completed (and Verified)
1. Collabora container deployment

Collabora Online is running in Docker

Exposed internally on port 9980

Container starts cleanly and remains healthy

Verified via direct local HTTP request:

/hosting/discovery → HTTP 200 OK
2. nginx reverse proxy configuration

nginx successfully proxies Collabora endpoints:

/hosting/discovery

/cool

/browser

WebSocket upgrades are enabled and functioning

Verified externally over HTTPS:

/hosting/discovery → HTTP 200 OK
3. SSL / proxy alignment

SSL is terminated at nginx

Collabora started with:

SSL disabled internally

SSL termination enabled

This matches the reverse proxy architecture

No TLS or certificate errors observed

4. CDN / firewall eliminated as a factor

CDN/WAF fully disabled during testing

Requests go directly from client → nginx → Collabora

No CDN headers or interference present

5. Nextcloud Office configuration

“Use your own server” selected

External Collabora URL configured (HTTPS)

Built-in CODE server disabled

Demo server not used

Admin UI reports Collabora as reachable

6. WOPI allow list configuration

WOPI allow list configured in Nextcloud

No token-based authentication configured

Certificate verification left enabled (public certificate in use)

7. nginx validation

nginx configuration validates successfully

Reload performed via Plesk tooling

No nginx syntax or runtime errors

Current Behaviour (What Works)

Collabora service starts normally

Reverse proxy works correctly

Discovery XML loads both:

Internally (direct to port 9980)

Externally (via HTTPS proxy)

WebSocket connections establish successfully

No networking, firewall, or SSL failures observed

Current Issue (Still Failing)
Error shown in Nextcloud UI
Document loading failed
Unauthorised WOPI host.
Interpretation of the Error

Collabora is rejecting the WOPI request

Rejection happens after discovery and WebSocket setup

This indicates a WOPI host authorisation failure, not a connectivity issue

Likely Root Cause (High Confidence)

The Collabora domain allowlist regex does not exactly match the WOPI host string generated by Nextcloud.

Typical causes:

Host includes an explicit port (e.g. :443)

Regex not anchored (^ / $)

Multiple valid hostnames not fully accounted for

This is a known and common Collabora failure mode.

Evidence Supporting This Conclusion

Network path is fully functional

SSL termination is correct

Discovery and WebSockets work

Error is specific to WOPI authorisation

CDN/WAF is disabled

Logs show normal Collabora startup and request handling up to WOPI validation

Trying to get AI apps setup and working, trying to do this broke the Next docs.