Nextcloud and COLLABORA (NGINX)

Nextcloud and Collabora


You just have to substitute and paste the red ones with regards to your requirements. It is requires to have IPv6 enabled on your server!

Let’s start with the preparation of the docker environment:

apt remove docker docker-engine docker.io
apt install apt-transport-https ca-certificates curl software-properties-common -y

on Ubuntu:

sed -i '$adeb https://download.docker.com/linux/ubuntu bionic stable' /etc/apt/sources.list
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

on Debian:

sed -i '$adeb [arch=amd64] https://download.docker.com/linux/debian stretch stable' /etc/apt/sources.list
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -

on both:

apt update && apt install docker-ce -y

Please ensure, docker is running properly:

docker run hello-world

Your result should look similar to mine:

Now start downloading and install collaboras docker:

docker pull collabora/code

Wait for about 500 MB of downloaded binaries and modify your NGINX configuration properly.

Assuming your Nextcloud is running at https://your.dedyn.io

Add the following block to your Webserver configuration:

vi /etc/nginx/conf.d/nextcloud.conf
...
server {
server_name your.dedyn.io;
listen 443 ssl http2 default_server;
...
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
### Start Collabora Online ###
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ^~ /hosting/capabilities {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
### End Collabora Online ###
client_max_body_size 10240M;
...
}

Verify your ssl.conf regarding the requirements depending on Collabora:

ssl_certificate /etc/letsencrypt/rsa-certs/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/rsa-certs/privkey.pem;
ssl_certificate /etc/letsencrypt/ecc-certs/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/ecc-certs/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/ecc-certs/chain.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_protocols TLSv1.3 TLSv1.2; ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384'; ssl_ecdh_curve X448:secp521r1:secp384r1:prime256v1; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on;

Restart your Webserver by issuing

service nginx restart

Start the docker image by issuing

docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=your\\.dedyn\\.io" -e "username=UserName" -e "password=Your-Secret" --name=COLLABORAOFFICE --restart always --cap-add MKNOD collabora/code

and verify the logs by issuing

docker logs COLLABORAOFFICE

If dns errors will appear just create a json file

nano /etc/docker/daemon.json

and paste

{
"dns": ["192.168.2.1"]
}

Finally restart the docker service

service docker restart

and logon to your Nextcloud as your administrator to enable the Collabora Online app.

 

Switch to the Settings and fill in your Nextcloud domain (https://your.dedyn.io) as shown examplarily:

 

Now reboot your server – for sure, please reboot now

reboot now

From now, you can create and edit office documents directly in your Nextcloud instance.

and from your mobile app directly or via file menu either

Enjoy your Nextcloud and Collabora-Office integration.


Attention:

It might become necessary to re-scan your data

sudo -u www-data php /var/www/nextcloud/occ files:scan --all

to include the new collabora office templates as we found out during https://github.com/nextcloud/richdocuments/issues/359


If you are interested in information regarding the usage of your Collabora you may find the admin console at

https://your.dedyn.io/loleaflet/dist/admin/admin.html

using your choosen “UserName” and  password “Your-Secret” from the docker command to logon:


To update the COLLABORAOFFICE docker just follow these steps:

Stop:

docker stop COLLABORAOFFICE

Remove

docker rm COLLABORAOFFICE

Re-Load

docker pull collabora/code

Re-Start

docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=your\\.dedyn\\.io" -e "username=UserName" -e "password=Your-Secret" --name=COLLABORAOFFICE --restart always --cap-add MKNOD collabora/code

Enjoy your personal data in your secured and hardened Nextcloud-Server!


Don’t forget to backup your Nextcloud

Find more instructions here: Nextcloud backup and restore



Carsten Rieger


Usefull docker-things:

Status of docker container:

docker ps
docker image list

Amount of used docker space:

docker system df

Reclaim space:

docker system prune

This will remove:
– all stopped containers
– all networks not used by at least one container
– all dangling images
– all build cache

Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 15 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 7 years.