Nextcloud and Collabora (NGINX)


Following this guide, you will gain your Collabora Online Office within your Nextcloud, based on your existing NGINX Webserver (reverse proxy or default configuration). You don’t have to configure a second domain, just use your existing one e.g. your.dedyn.io and ammend your current configuration.

Prerequirement: NGINX ≥ 1.15 on Ubuntu 16.04.04 LTS or Ubuntu 18.04 LTS on an AMD64 infrastructure (not ARM64)

You just have to substitute and paste the red ones to your requirements.


Last Updates:
May, 17th 2018:
~ added the logon username and password to the docker command
~ added the admin url and screenshots


Let’s start with the preparation of the docker environment:

apt remove docker docker-engine docker.io
apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
UBUNTU 16.04.4 LTS:
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
UBUNTU 18.04 LTS:
sed -i '$adeb https://download.docker.com/linux/ubuntu artful stable' /etc/apt/sources.list
apt update && apt install docker-ce

Please ensure, docker is running properly:

docker run hello-world

Your result should look similar to mine:

Now start downloading and install collaboras docker:

docker pull collabora/code

Wait for about 500 MB of downloaded binaries and modify your NGINX configuration properly.

Assuming your Nextcloud is running at https://your.dedyn.io

Add the following block to your Webserver configuration:


NGINX acting as reverse proxy:

vi /etc/nginx/conf.d/gateway.conf

server {
listen 80 default_server;
server_name YOUR.DEDYN.IO;
location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:81;
proxy_set_header Host $host;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2 default_server;
server_name YOUR.DEDYN.IO;
include /etc/nginx/ssl.conf;
include /etc/nginx/header.conf;
### Start Collabora Online ###
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
### End Collabora Online ###
location ^~ / {
client_max_body_size 10G;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
send_timeout 3600;
proxy_buffering on;
proxy_max_temp_file_size 10240m;
proxy_request_buffering on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:82;
proxy_redirect off;
}
}

NGINX acting as default/non reverse proxy server

vi /etc/nginx/conf.d/nextcloud.conf

server {
server_name YOUR.DEDYN.IO;
listen 80 default_server;
location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:81;
proxy_set_header Host $host;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name YOUR.DEDYN.IO;
listen 443 ssl http2 default_server;
root /var/www/nextcloud/;
access_log /var/log/nginx/nextcloud.access.log main;
error_log /var/log/nginx/nextcloud.error.log warn;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 10240M;
### Start Collabora Online ###
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
### End Collabora Online ###
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ \.(?:flv|mp4|mov|m4a)$ {
mp4;
mp4_buffer_size 100m;
mp4_max_buffer_size 1024m;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
include php_optimization.conf;
fastcgi_pass php-handler;
fastcgi_param HTTPS on;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
access_log off;
expires 360d;
}
}

Restart your Webserver by issuing

service nginx restart

and start the docker image by issuing

docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=your\\.dedyn\\.io" -e "username=UserName" -e "password=Your-Secret" --restart always --cap-add MKNOD collabora/code

Logon to your Nextcloud as your administrator and enable the Collabora Online app.

Switch to the Settings and fill in your Nextcloud domain (https://your.dedyn.io) as shown examplarily:

From now, you can create and edit office documents directly in your Nextcloud instance.

If you are interested in information regarding the usage of your Collabora you may find the admin console at

https://your.dedyn.io/loleaflet/dist/admin/admin.html

using your choosen “UserName” and  password “Your-Secret” from the docker command to logon:

Enjoy your documents in your secured and hardened Nextcloud-Server!



Carsten Rieger


Usefull docker-things:

Status of docker container:

docker ps
docker image list

Issuing updates for Collabora Office:

docker ps
docker stop <id from "docker ps">
docker pull collabora/code
docker rm <id from "docker ps">
docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=your\\.dedyn\\.io" --restart always --cap-add MKNOD collabora/code
service nginx restart

Amount of used docker space:

docker system df

Reclaim space:

docker system prune

This will remove:
– all stopped containers
– all networks not used by at least one container
– all dangling images
– all build cache

25 Responses

  1. Tino says:

    Hallo Carsten,

    hattest du schon Zeit um Dir mein Problem anzusehen?

    Vorab vielen Dank!

    MfG Tino

  2. Tino says:

    Hallo Carsten,

    sorry für die späte Antwort! Ich habe die Kommunikation nun auch intern auf 8443 verlegt. Die Admin Console ist inzwischen auch erreichbar. Leider lässt sich Nextcloud trotzdem nicht überreden die Dateien mit Collabora zu öffnen. Es kommt ein internen Serverfehler.

    Zu meinem Verständnis: Wie funktioniert die Kommunikation zwischen den beiden Systemen beim Aufruf genau ? (Findet die Kommunikation nur intern statt, oder muss ich ggf. auch noch Ports nach außen in der Firewall öffnen? Port 80 ist bei mir nicht von außen erreichbar , muss dieser erreichbar sein?

    Evtl. muss auch der Dockerbefehl angepasst werden? Ich habe schon einen Aufruf mit Angabe des Ports versucht, leider ohne Erfolg.

    Leider gibt es in den Logs keine Konkreten Hinweise…

    Ich habe die nextcloud.conf und die nginx.conf hochgeladen.

    Für Hinweise bin ich Dir wirklich sehr dankbar!!

    Viele Grüße Tino

  3. Tino says:

    Hallo Carsten,

    zuerst einmal vielen Dank für diese super Howto´s!!

    Da mein Port 443 bereits in Benutzung ist, habe ich Port 8443 auf 443 per Port Forwarding “umgebogen”. Leider habe ich wahrscheinlich deshalb ein Problem mit Collabora. Unter der genannten Adresse ist die Admin Console nicht erreichbar. Hast du evtl. einen Tipp wie ich die Config anpassen muss?
    (Nextcloud läuft mit eigenem öffentlichen Zertifikat ohne Probleme)

    Vielen Dank im voraus!!

    Viele Grüße Tino

  4. tom says:

    Hallo Carsten,
    ich wollte fragen ob es möglich ist den Container und Nginx mit Nextcloud auf zwei unterschiedlichen Systemen im gleichen Netzwerk laufen zu haben? Ich hab schon versucht “localhost” im Collabora-Teil der Nginx-Config gegen die IP des Docker-Host zu tauschen, aber da schmeißt mir Nextcloud einen Gateway Fehler aus.
    MfG Tom

  5. Paul says:

    Hello Carsten!

    I follow all your tutorials but this one resists me!!!!!!

    I can not link nextcloud with collabora office, but I can see the administration panel by the url you provided:

    https: //x.x.x/loleaflet/dist/admin/admin.html

    I can access the admin interface but I can not find nextcloud link with collabora office, I have tried thousands of things and nothing works.
    This is the error that returns:

    GuzzleHttp \ Exception \ ConnectException: cURL error 7: Failed to connect to x.x.x port 443: Connection refused

    the fw is set any to any so that can not be the problem.

    I have a great frustration, help me, great Carsten!

    Thanks for your amazing job!!

    • How did you start your docker? Please provide me your statement. Did you already restart docker and nginx or the entire server?

      • Paul says:

        docker run -t -d -p 127.0.0.1:9980:9980 -e “domain=subdomain\\.domain\\.com” -e “username=admin” -e “password=admin” –restart always –cap-add MKNOD collabora/code.

        I try restart docker, nginx and finally entire server but nothing work.

        • Please try to add an ending slash (https://your.domain.com/) to collaboras URL in Nextcloud’s Admin-Panel.

          • Paul says:

            Hi Carsten,

            I managed to get nextcloud to connect to collabora but now it’s throwing me another different error, I uploaded the docker logs to your nx, its very cool.

            A nextcloud customization tutorial would be fine too 😛 .

            Thanks for your time!

  6. Mathias says:

    Hello,

    Very very clean tutorial ! Very usefull thanks a lot.

    Just a problem at the end when editing nextcloud.conf nginx doesn’t want to restart :
    root@Nextdesk:/usr/local/src# systemctl status nginx.service
    ● nginx.service – nginx – high performance web server
    Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Wed 2018-06-06 10:01:01 UTC; 2min 56s ago
    Docs: http://nginx.org/en/docs/
    Process: 14793 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)
    Process: 14889 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
    Main PID: 10164 (code=exited, status=0/SUCCESS)

    Jun 06 10:01:01 Nextdesk systemd[1]: Starting nginx – high performance web server…
    Jun 06 10:01:01 Nextdesk nginx[14889]: nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/conf.d/nextcloud.conf:4
    Jun 06 10:01:01 Nextdesk systemd[1]: nginx.service: Control process exited, code=exited status=1
    Jun 06 10:01:01 Nextdesk systemd[1]: nginx.service: Failed with result ‘exit-code’.
    Jun 06 10:01:01 Nextdesk systemd[1]: Failed to start nginx – high performance web server.

    netxcloud.conf :

    server {
    server_name nextdesk.ch;
    #Your DDNS adress, (e.g. from desec.io)
    listen 80 default_server;
    # IPv6:
    #listen [::]:80 default_server;
    location ^~ /.well-known/acme-challenge {
    proxy_pass http://127.0.0.1:81;
    proxy_set_header Host $host;
    }
    location / {
    return 301 https://$host$request_uri;
    }
    }
    server {
    server_name nextdesk.ch;
    #Your DDNS adress, (e.g. from desec.io)
    listen 443 ssl http2 default_server;
    # IPv6
    #listen [::]:443 ssl http2 default_server;
    root /var/www/nextcloud/;
    access_log /var/log/nginx/nextcloud.access.log main;
    error_log /var/log/nginx/nextcloud.error.log warn;
    location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
    }
    location = /.well-known/carddav {
    return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
    return 301 $scheme://$host/remote.php/dav;
    }
    client_max_body_size 10240M;
    ### Start Collabora Online ###

    • Please verify no other conf-file (vhost in /etc/nginx/conf.d) exists containing “listen 80 default_server;”. If you configured multiple SNIs only one is the default one 😉 .


      listen 80 default_server;

      }

      listen 80;

      • Mathias says:

        Ok maybe i misunderstood last part :
        Both nextcloud and collabora are on the same server and I created gateway.conf AND nextcloud.conf, which one do i need to suppress ?

        • It depends on the way you operate your NGINX and Nextcloud. If you have a gateway.conf in place and proxy your requests to a local nextcloud.conf (e.g. port 127.0.0.1:82) the “listen 80 default_server;” directive only exists in the gateway.conf and in the nextcloud.conf “listen 127.0.0.1:82 default_server;”.

  7. robbie says:

    Carsten, if you’ve some time, please can you make a tutorial for nextcloud and ONLYOFFICE with docker? 🙂

  8. Thomas Müller says:

    Hallo Carsten,

    ich bin schon einigen Deiner Anleitungen gefolgt und bin mit allen höchst zufrieden, dafür viele Dank.

    Vielleicht hast Du auch einen Tip mit Collabora Office unter Nutzung von Safari auf Mac. Hier kann ich keinen Text im Textdokument eingeben oder sehe den momentanen Bearbeiter. Ein Spreadsheet ist im Safari ohne Probleme editierbar. Ein wechsel auf Safari zeigt, dass es am Browser liegen könnte, da Firefox eine Eingabe ermöglicht.

    Vielleicht ist Dir da eine Lösung oder Debugmöglichkeit bekannt?

    Danke und Grüße
    Thomas

  9. Franko says:

    Hallo Carsten

    Super Anleitung! Habe aber glaub ich einen Fehler gefunden also wenn ich unter Collabora Online https://your.dedyn.io geht es bei mir nicht nur mit / am Ende also so -> https://your.dedyn.io/

Leave a Reply

Your email address will not be published. Required fields are marked *