Nextcloud and Collabora (NGINX)


Following this guide, you will gain your Collabora Online Office within your Nextcloud, based on your existing NGINX Webserver (reverse proxy or default configuration). You don’t have to configure a second domain, just use your existing one e.g. your.dedyn.io and ammend your current configuration.

Prerequirement: NGINX ≥ 1.15.3 on Ubuntu 18.04.1 LTS on an AMD64 infrastructure

You just have to substitute and paste the red ones to your requirements.


Last Updates:

September, 11th 2018:
– verified for Nextcloud 14, removed Ubuntu 16.04.x statements


Let’s start with the preparation of the docker environment:

apt remove docker docker-engine docker.io
apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sed -i '$adeb https://download.docker.com/linux/ubuntu artful stable' /etc/apt/sources.list
apt update && apt install docker-ce

Please ensure, docker is running properly:

docker run hello-world

Your result should look similar to mine:

Now start downloading and install collaboras docker:

docker pull collabora/code

Wait for about 500 MB of downloaded binaries and modify your NGINX configuration properly.

Assuming your Nextcloud is running at https://your.dedyn.io

Add the following block to your Webserver configuration:


NGINX acting as reverse proxy:

vi /etc/nginx/conf.d/gateway.conf

server {
listen 80 default_server;
server_name YOUR.DEDYN.IO;
location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:81;
proxy_set_header Host $host;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2 default_server;
server_name YOUR.DEDYN.IO;
include /etc/nginx/ssl.conf;
include /etc/nginx/header.conf;
### Start Collabora Online ###
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
### End Collabora Online ###
location ^~ / {
client_max_body_size 10G;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
send_timeout 3600;
proxy_buffering on;
proxy_max_temp_file_size 10240m;
proxy_request_buffering on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:82;
proxy_redirect off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
} 
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
}

NGINX acting as default/non reverse proxy server

vi /etc/nginx/conf.d/nextcloud.conf

server {
server_name YOUR.DEDYN.IO;
listen 80 default_server;
location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:81;
proxy_set_header Host $host;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name YOUR.DEDYN.IO;
listen 443 ssl http2 default_server;
root /var/www/nextcloud/;
access_log /var/log/nginx/nextcloud.access.log main;
error_log /var/log/nginx/nextcloud.error.log warn;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 10240M;
### Start Collabora Online ###
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
### End Collabora Online ###
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ \.(?:flv|mp4|mov|m4a)$ {
mp4;
mp4_buffer_size 100m;
mp4_max_buffer_size 1024m;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
expires 360d;
}
}

Restart your Webserver by issuing

service nginx restart

and start the docker image by issuing

docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=your\\.dedyn\\.io" -e "username=UserName" -e "password=Your-Secret" --restart always --cap-add MKNOD collabora/code

Logon to your Nextcloud as your administrator and enable the Collabora Online app.

Switch to the Settings and fill in your Nextcloud domain (https://your.dedyn.io) as shown examplarily:

From now, you can create and edit office documents directly in your Nextcloud instance.

If you are interested in information regarding the usage of your Collabora you may find the admin console at

https://your.dedyn.io/loleaflet/dist/admin/admin.html

using your choosen “UserName” and  password “Your-Secret” from the docker command to logon:

Enjoy your documents in your secured and hardened Nextcloud Server!



Carsten Rieger


Usefull docker-things:

Status of docker container:

docker ps
docker image list

Issuing updates for Collabora Office:

docker ps
docker stop <id from "docker ps">
docker pull collabora/code
docker rm <id from "docker ps">
docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=your\\.dedyn\\.io" --restart always --cap-add MKNOD collabora/code
service nginx restart

Amount of used docker space:

docker system df

Reclaim space:

docker system prune

This will remove:
– all stopped containers
– all networks not used by at least one container
– all dangling images
– all build cache

Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 13 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 6 years.

39 Responses

  1. Malte says:

    Hallo Carsten,

    ich habe mir nach Deiner Anleitung (https://www.c-rieger.de/nextcloud-14-nginx-installation-guide-for-ubuntu-18-04-lts/) Nextcloud installiert.
    Hier funktioniert alles einwandfrei.

    Nun wollte ich mir Collabora installieren. Nach dem Einspielen der angepassten nextcloud.conf + gateway.conf und Neustart von NGINX erhalte ich folgende Fehlermeldung:

    Job for nginx.service failed because the control process exited with error code.
    See “systemctl status nginx.service” and “journalctl -xe” for details.

    Wenn ich nun die gateway.conf wieder lösche und die nextcloud.conf angepasst so belasse, startet NGINX wieder einwandfrei.

    Was habe ich übersehen?

    • Warum gateway.conf? Was wird denn bei systemctl status nginx.service ausgegeben als Fehlerursache ausgegeben?
      Es bedarf keiner gateway.conf, es müsste eigentlich nur die “nextcloud.conf” bearbeitet werden.

  2. harro says:

    Hello, thx for the great website you are maintaining.

    Im running OnlyOffice Docker image, and im in need to update. But i cannot find your tutorial anymore. Did you remove it, and why?

    thx

  3. Jim says:

    I followed your Ubuntu18 Nextcloud 14 install and its working great. But when I followed your collabora tutorial its not opening any office files. Just blank screen. And Nextcloud logs shows name is already in use error and cURL error 60 SSL cert problem. I installed using default/non reverse proxy. I am able to access the admin page. And I made sure I did not have any other vhost using port 80.

    Any idea what might be causing these errors?

    Also, Thank you for all these detail tutorials

    • Jim says:

      I ended up starting from a fresh U18 install and now its working. =)

      I also, did one for my work but still getting the same error. Not sure what I did differently but one works the other doesn’t

      • In a company environment it might be related to network settings e.g. proxy, dns and firewall. we had troubles in an environment that consists of a sophos firewall. so please have a look in the corresponding logfiles. perhaps a route is missing or a dns has to be configured properly?

        • Jim says:

          I ended up installing collabora on a separate VM on a different external IP and everything is working as it should. Thanks again.

  4. Josep Martí Oliver says:

    First of all, give my sincere congratulations for his blog. I have followed the instructions to install the NextCloud 14, and the truth is that I have gotten quite well. But now at the installation of Collabora it gives me problems. I can access the administration console but instead I can not access the documents. I am using PROXMOX as a server with virtual drives, which manages the NGINX PROXY RESERVE.

    I have other virtual machines with the NC 13.0x with the Collaborator, but with this I can not get rid of it. The screen comes up when I open the document blank, without any error on screen. I have copied the instructions in the configuration file of Proxmox, which you set out, and it does not work for me, just as I have copied the instructions that others work for. I have to point out that when I execute the order of the docker I do not put 127.0.0.1: 9980 if not the address of the virtual machine 192.168.1.x: 9980 which is the order that works with the others. Although I have tried it in both ways. Also where in their configurations instead of 127.0.0.1 I put the address of the virtual machine and it works correctly.

    Can you help me to find out what error I have for Collabora software to work?

    Thanks in advance.

  5. Jürgen says:

    Hallo Carsten

    Super Anleitung! Vielen, vielen Dank!

  6. Tino says:

    Hallo Carsten,

    hattest du schon Zeit um Dir mein Problem anzusehen?

    Vorab vielen Dank!

    MfG Tino

  7. Tino says:

    Hallo Carsten,

    sorry für die späte Antwort! Ich habe die Kommunikation nun auch intern auf 8443 verlegt. Die Admin Console ist inzwischen auch erreichbar. Leider lässt sich Nextcloud trotzdem nicht überreden die Dateien mit Collabora zu öffnen. Es kommt ein internen Serverfehler.

    Zu meinem Verständnis: Wie funktioniert die Kommunikation zwischen den beiden Systemen beim Aufruf genau ? (Findet die Kommunikation nur intern statt, oder muss ich ggf. auch noch Ports nach außen in der Firewall öffnen? Port 80 ist bei mir nicht von außen erreichbar , muss dieser erreichbar sein?

    Evtl. muss auch der Dockerbefehl angepasst werden? Ich habe schon einen Aufruf mit Angabe des Ports versucht, leider ohne Erfolg.

    Leider gibt es in den Logs keine Konkreten Hinweise…

    Ich habe die nextcloud.conf und die nginx.conf hochgeladen.

    Für Hinweise bin ich Dir wirklich sehr dankbar!!

    Viele Grüße Tino

  8. Tino says:

    Hallo Carsten,

    zuerst einmal vielen Dank für diese super Howto´s!!

    Da mein Port 443 bereits in Benutzung ist, habe ich Port 8443 auf 443 per Port Forwarding “umgebogen”. Leider habe ich wahrscheinlich deshalb ein Problem mit Collabora. Unter der genannten Adresse ist die Admin Console nicht erreichbar. Hast du evtl. einen Tipp wie ich die Config anpassen muss?
    (Nextcloud läuft mit eigenem öffentlichen Zertifikat ohne Probleme)

    Vielen Dank im voraus!!

    Viele Grüße Tino

  9. tom says:

    Hallo Carsten,
    ich wollte fragen ob es möglich ist den Container und Nginx mit Nextcloud auf zwei unterschiedlichen Systemen im gleichen Netzwerk laufen zu haben? Ich hab schon versucht “localhost” im Collabora-Teil der Nginx-Config gegen die IP des Docker-Host zu tauschen, aber da schmeißt mir Nextcloud einen Gateway Fehler aus.
    MfG Tom

  10. Paul says:

    Hello Carsten!

    I follow all your tutorials but this one resists me!!!!!!

    I can not link nextcloud with collabora office, but I can see the administration panel by the url you provided:

    https: //x.x.x/loleaflet/dist/admin/admin.html

    I can access the admin interface but I can not find nextcloud link with collabora office, I have tried thousands of things and nothing works.
    This is the error that returns:

    GuzzleHttp Exception ConnectException: cURL error 7: Failed to connect to x.x.x port 443: Connection refused

    the fw is set any to any so that can not be the problem.

    I have a great frustration, help me, great Carsten!

    Thanks for your amazing job!!

    • How did you start your docker? Please provide me your statement. Did you already restart docker and nginx or the entire server?

      • Paul says:

        docker run -t -d -p 127.0.0.1:9980:9980 -e “domain=subdomain\.domain\.com” -e “username=admin” -e “password=admin” –restart always –cap-add MKNOD collabora/code.

        I try restart docker, nginx and finally entire server but nothing work.

  11. Mathias says:

    Hello,

    Very very clean tutorial ! Very usefull thanks a lot.

    Just a problem at the end when editing nextcloud.conf nginx doesn’t want to restart :
    root@Nextdesk:/usr/local/src# systemctl status nginx.service
    ● nginx.service – nginx – high performance web server
    Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Wed 2018-06-06 10:01:01 UTC; 2min 56s ago
    Docs: http://nginx.org/en/docs/
    Process: 14793 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)
    Process: 14889 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
    Main PID: 10164 (code=exited, status=0/SUCCESS)

    Jun 06 10:01:01 Nextdesk systemd[1]: Starting nginx – high performance web server…
    Jun 06 10:01:01 Nextdesk nginx[14889]: nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/conf.d/nextcloud.conf:4
    Jun 06 10:01:01 Nextdesk systemd[1]: nginx.service: Control process exited, code=exited status=1
    Jun 06 10:01:01 Nextdesk systemd[1]: nginx.service: Failed with result ‘exit-code’.
    Jun 06 10:01:01 Nextdesk systemd[1]: Failed to start nginx – high performance web server.

    netxcloud.conf :

    server {
    server_name nextdesk.ch;
    #Your DDNS adress, (e.g. from desec.io)
    listen 80 default_server;
    # IPv6:
    #listen [::]:80 default_server;
    location ^~ /.well-known/acme-challenge {
    proxy_pass http://127.0.0.1:81;
    proxy_set_header Host $host;
    }
    location / {
    return 301 https://$host$request_uri;
    }
    }
    server {
    server_name nextdesk.ch;
    #Your DDNS adress, (e.g. from desec.io)
    listen 443 ssl http2 default_server;
    # IPv6
    #listen [::]:443 ssl http2 default_server;
    root /var/www/nextcloud/;
    access_log /var/log/nginx/nextcloud.access.log main;
    error_log /var/log/nginx/nextcloud.error.log warn;
    location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
    }
    location = /.well-known/carddav {
    return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
    return 301 $scheme://$host/remote.php/dav;
    }
    client_max_body_size 10240M;
    ### Start Collabora Online ###

    • Please verify no other conf-file (vhost in /etc/nginx/conf.d) exists containing “listen 80 default_server;”. If you configured multiple SNIs only one is the default one 😉 .


      listen 80 default_server;

      }

      listen 80;

      • Mathias says:

        Ok maybe i misunderstood last part :
        Both nextcloud and collabora are on the same server and I created gateway.conf AND nextcloud.conf, which one do i need to suppress ?

        • It depends on the way you operate your NGINX and Nextcloud. If you have a gateway.conf in place and proxy your requests to a local nextcloud.conf (e.g. port 127.0.0.1:82) the “listen 80 default_server;” directive only exists in the gateway.conf and in the nextcloud.conf “listen 127.0.0.1:82 default_server;”.

  12. robbie says:

    Carsten, if you’ve some time, please can you make a tutorial for nextcloud and ONLYOFFICE with docker? 🙂

  13. Thomas Müller says:

    Hallo Carsten,

    ich bin schon einigen Deiner Anleitungen gefolgt und bin mit allen höchst zufrieden, dafür viele Dank.

    Vielleicht hast Du auch einen Tip mit Collabora Office unter Nutzung von Safari auf Mac. Hier kann ich keinen Text im Textdokument eingeben oder sehe den momentanen Bearbeiter. Ein Spreadsheet ist im Safari ohne Probleme editierbar. Ein wechsel auf Safari zeigt, dass es am Browser liegen könnte, da Firefox eine Eingabe ermöglicht.

    Vielleicht ist Dir da eine Lösung oder Debugmöglichkeit bekannt?

    Danke und Grüße
    Thomas

  14. Franko says:

    Hallo Carsten

    Super Anleitung! Habe aber glaub ich einen Fehler gefunden also wenn ich unter Collabora Online https://your.dedyn.io geht es bei mir nicht nur mit / am Ende also so -> https://your.dedyn.io/

Leave a Reply

Your email address will not be published. Required fields are marked *