Zum Hauptinhalt springen Skip to page footer

Docker Installation Collabora Ubuntu

|   Server/NAS

Introduction

Nextcloud Office is based on Collabora and can be used to view and edit office documents directly inside the Nextcloud web interface.

This tutorial will describe how to install an own Collabora Online server that can be used with a Nextcloud instance. The Collabora Online server will be configured with Let's Encrypt to provide access via a valid SSL connection.

Prerequisites

You need the following things:

  • a server with Ubuntu 22.04 (but other Ubuntu's should work too)
  • an own domain like example.com
  • a subdomain of your domain that points to your planned Collabora server (e.g. using office.example.com)
  • a Nextcloud (for this tutorial it has the domain nextcloud.example.com)

 

Step 1 - Configure Docker Repository

Docker is needed to run the Collabora Docker container. You have to configure the Docker repository in order to be able to install Docker:

apt update
apt install apt-transport-https ca-certificates curl gnupg lsb-release
curl -fsSL download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

 

Step 2 - Install Docker

Now install Docker itself:

apt update
apt install docker-ce docker-ce-cli containerd.io

 

Step 3 - Start Collabora Container

With Docker installed, you can now start the Collabora Docker Container. Set the domain variable to the address of your Nextcloud instance (you must replace . with \\. due to shell escaping):

docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=nextcloud\\.example\\.com" --restart always collabora/code

The newest container is pulled and started. You can check if it is running via docker ps.

Optionally, you can also use Docker Compose. You can find a general guide for it here.

 

Step 4 - Install Nginx

To make the Collabora container available over the internet, an SSL reverse proxy is used. This tutorial will use Nginx for it.

Install Nginx via command line:

apt install nginx

 

Step 5 - Install Let's Encrypt Certbot via Snap

For the network connection a valid SSL certificate is needed. To generate it, the Let's Encrypt's Certbot is used. Install the Certbot via Snap:

apt install snapd
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot

 

Step 6 - Create SSL Certs

Now request the SSL certificates via Certbot and your servers domain:

certbot certonly --nginx -d office.example.com
[...]
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/office.example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/office.example.com/privkey.pem
[...]

Note: Store the paths to the SSL cert and key file as you need them in the next step.

 

Step 7 - Configure Nginx as Reverse Proxy

Add the following configuration with a text editor of your choice (e.g. nano or vim) to the file /etc/nginx/sites-enabled/collabora and modify the line server_name office.example.com and both SSL certificate config lines at the top with your own domain:

server {
    listen 443 ssl;
    # modify this three lines with your own domain:
    server_name office.example.com;
    ssl_certificate /etc/letsencrypt/live/office.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/office.example.com/privkey.pem;

    # static files
    location ^~ /browser {
        proxy_pass 127.0.0.1;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass 127.0.0.1;
        proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        proxy_pass 127.0.0.1;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/cool/(.*)/ws$ {
        proxy_pass 127.0.0.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/(c|l)ool {
        proxy_pass 127.0.0.1;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /cool/adminws {
        proxy_pass 127.0.0.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

Now restart Nginx to load the new configuration via the following command:

systemctl restart nginx

 

Step 8 - Activate Nextcloud Office in Nextcloud

The Collabora server itself is now fully configured and usable. You now have to configure Nextcloud Office within your Nextcloud.

In your Nextcloud, activate the app Nextcloud Office. For that, go to the web interface of your Nextcloud and open the app store (top right corner -> Apps). Search for Nextcloud Office and activate only the app Nextcloud Office.

 

Step 9 - Configure Nextcloud Office App

After the installation of the app, you have to configure it and tell it where your Collabora Online Server is. For that, go to the settings of your Nextcloud (top right corner -> Administration Settings) and select Office on the left menu (under Administration). There select Use your own server and add the address of your server (e.g. office.example.com):

 

Click on the Save button in order to save the configuration. If everything works correctly, then the settings dialog should show a working connection to your Collabora server.

Additionally, you should configure the Allow list for WOPI requests to only allow the Collabora Server to fetch documents. This setting is located under the Advanced settings and you have to add the IPv4 and IPv6 address of the Collabora server (e.g. 1.2.3.4,2a01:4f8:aaaa:bbbb:cccc::1).

 

Step 10 - Renew SSL Cert

Let's Encrypt certs are only valid for a few months and then must be renewed. Certbot already has a systemd timer for this and you only need to activate it:

systemctl enable --now snap.certbot.renew.timer

After that your SSL certs automatically get renewed when needed.

 

Step 11 - Whitelist your Nextcloud instance to access Collabora

Currently, anyone can access office.example.com. This section aims to limit access to nextcloud.example.com.

Open the file /etc/coolwsd/coolwsd.xml and change the alias_groups configuration under the storage section.

<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
            <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
                    add the hosts below.  If one host is accessible under multiple ip addresses
                    or names, add them as aliases. -->
            <group>
                    <host desc="hostname to allow or deny." allow="true">nextcloud.example.com</host>
            </group>

 

Conclusion

You now have configured an own Collabora server and configured your Nextcloud to use it. Each office document should now be opened editable in the web interface.

 
License: MIT
Zurück