Nextcloud 23 and Collabora - works!
Posted
#794
(In Topic #307)
Nerd Club Member
Successful Installation of latest Nextcloud with Collabora
Thank you Jacob!!!I got the latest Nextcloud 23.0.3 and Collabora 21.11.3.4 to work! It was a week-long battle, but in the end, it worked. I couldn't believe it when I created a spreadsheet and Collabora office actually opened it (After many failures).
In the end, I used a combination of the vendor instructions at
https://docs.nextcloud.com/server/latest/admin_manual/contents.html
and
https://www.collaboraoffice.com/code-install-and-test/
and Jacob's instructions for Nextcloud 21.
I'll be happy to upload the details if anybody is interested..
Posted
NOTS Staff
Great to hear you got things working even though they've been updated since the tutorial! It's always a great feeling to finish a project successfully.
I'd definitely be interested in any major differences between my tutorial and the current Nextcloud/Collabora documentation. I was planning to potentially cover Nextcloud again, but I've been waiting for ownCloud Infinite Scale to release so I can compare the two.
- Jacob
Posted
Nerd Club Member
I'll post the details in the next post, but here's a quick summary:
First, I tried to install Nextcloud 21 and Collabora on Debian 10 on Linode. The problem is that Collabora has changed the name from "lool" to "cool" in many places, so I renamed the references in my install, but in the end I got an error message saying that the version numbers don't match.
Next, I installed (the latest) Nextcloud 23 and Collabora on Debian 10 on Linode with a mix of your and their instructions. When I first tried to open a document, I got a security-related error message. That's when I used your instructions to turn off SSL in coolwsd.xml and turned on termination - that seemed to do the trick!
Again, without your video and wiki, I probably would have given up, so thanks again!
:-)
Tobias
Posted
Nerd Club Member
Nextcloud
Documentation sources:Nextcloud Server Administration Guide
https://docs.nextcloud.com/server/latest/admin_manual/contents.html
Jacob instructions
https://nerdonthestreet.com/wiki?find=Install+Nextcloud+21%2C+Collabora%2C+and+HPB+on+Debian+10
https://nerdonthestreet.com/episode/tech/nextcloud-21-with-collabora-hpb
Prerequisites:
domain name bought at godaddy= myservername.com
at godaddy, change name servers to "Using custom nameservers"
enter
ns1.linode.com
ns2.linode.com
etc.
https://www.linode.com/community/questions/18941/how-to-point-domain-to-linode
in Linode, under domains, added A record, set myservername.com to IP address
in Linode, under domains, added A record, set nextcloud.myservername.com to IP address
Example installation on Ubuntu 20.04 LTS
https://docs.nextcloud.com/server/latest/admin_manual/installation/example_ubuntu.html
SSH into your server. Install new packages:
apt update
apt install apache2 mariadb-server libapache2-mod-php7.4
apt install php7.4-gd php7.4-mysql php7.4-curl php7.4-mbstring php7.4-intl
apt install php7.4-gmp php7.4-bcmath php-imagick php7.4-xml php7.4-zip
apt install libmagickcore-6.q16-3-extra
mysql_secure_installation
mariadb
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'p#ssw&rd';
CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
FLUSH PRIVILEGES;
quit;
wget https://download.nextcloud.com/server/releases/nextcloud-23.0.3.zip
unzip nextcloud-23.0.3.zip
cp -r nextcloud /var/www
chown -R www-data: /var/www/nextcloud
For better security, store data outside of www folder:
mkdir /ncdata
chown www-data: /ncdata
Create Apache configuration for Nextcloud:
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/nextcloud.conf
nano /etc/apache2/sites-available/nextcloud.conf
ServerName nextcloud.myservername.com
ServerAdmin myemail@mailserver.com
DocumentRoot /var/www/nextcloud
<Directory /var/www/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
Satisfy Any
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
a2ensite nextcloud
a2enmod rewrite headers env dir mime
systemctl restart apache2
Enable https:
snap install --classic certbot
certbot --apache
At this point, Nextcloud is already running:
Open a web browser and go to
https://nextcloud.myservername.com
Take care of the warnings under Settings → Overview:
nano /etc/php/7.4/apache2/php.ini
memory_limit = 512M
output_buffering = Off
modify the Apache configuration:
nano /etc/apache2/sites-enabled/nextcloud-le-ssl.conf
contents should be changed to contain inside <VirtualHost *:443>
ServerName nextcloud.myservername.com
ServerAdmin myemail@mailserver.com
DocumentRoot /var/www/nextcloud
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains";
</IfModulec>
<Directory /var/www/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
Satisfy Any
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
make changes to PHP configuration:
nano /var/www/nextcloud/config/config.php
add
'htaccess.RewriteBase' => '/',
'default_phone_region' => 'US',
sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess
Configure memcache:
apt install php-redis redis-server
Edit redis configuration:
nano /etc/redis/redis.conf
Uncomment unixsocketperm 700 and change 700 to 770.
Change port 6379 to port 0.
to add Apache to the Redis group, run
usermod -aG redis www-data
make changes to PHP configuration:
nano /var/www/nextcloud/config/config.php
add
'memcache.local' => '\OC\Memcache\Redis',
'memcache.distributed' => '\OC\Memcache\Redis',
'redis' => [
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
],
sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess
have to restart Apache and Redis
systemctl restart apache2 redis
one warning remains:
You have not set or verified your email server configuration, yet
https://docs.nextcloud.com/server/16/admin_manual/configuration_server/email_configuration.html#
Collabora
Documentation sources:Collabora SDK
https://sdk.collaboraonline.com/
How to find instructions for Linux packages:
go to
https://sdk.collaboraonline.com/
click on Installation guide.
This will take you to
https://sdk.collaboraonline.com/docs/installation/index.html
Click on Installation from packages
This will take you to
https://sdk.collaboraonline.com/docs/installation/Installation_from_packages.html
Find the sentence
"If you are not Collabora’s Partner please follow CODE instructions"
and click on "CODE instructions"
This will take you to
https://www.collaboraoffice.com/code/
Find the box "Install CODE & do tryout" and click on Check how-to
This will take you to
https://www.collaboraoffice.com/code-install-and-test/
click on packages for Linux
This will take you to
https://www.collaboraoffice.com/code/linux-packages/
Install Collabora from repository:
cd /usr/share/keyrings
sudo wget https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg
nano /etc/apt/sources.list.d/collaboraonline.sources
Types: deb
URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-ubuntu2004
Suites: ./
Signed-By: /usr/share/keyrings/collaboraonline-release-keyring.gpg
apt update
apt install coolwsd
apt install code-brand
apt install hunspell
Configure Apache to serve collabora:
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/collabora.conf
nano /etc/apache2/sites-available/collabora.conf
change ServerName to
ServerName collabora.myservername.com
Delete the ServerAdmin and DocumentRoot directives.
Save and exit.
Enable the Collabora server:
a2ensite collabora
systemctl restart apache2
Now we will set up SSL for Collabora.
https://sdk.collaboraonline.com/docs/installation/Configuration.html#ssl-configuration
„Collabora Online uses WOPI protocol, which mandates SSL. However, it is possible to run Collabora Online server without SSL, it is configurable. Basically there are 3 modes:
• SSL
• SSL termination
• No SSL“
Enable https:
certbot --apache
This will create the file collabora-le-ssl.conf which we will edit.
specific proxy settings are described in
https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html
https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-with-apache-2-webserver
We will use the one WITH SSL termination:
https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-settings-in-apache2-config-ssl-termination
nano /etc/apache2/sites-available/collabora-le-ssl.conf
contents should be changed to contain inside <VirtualHost *:443>
########################################
# Reverse proxy for Collabora Online
#
########################################
AllowEncodedSlashes NoDecode
ProxyPreserveHost On
# static html, js, images, etc. served from coolwsd
# browser is the client part of Collabora Online
ProxyPass /browser http://127.0.0.1:9980/browser retry=0
ProxyPassReverse /browser http://127.0.0.1:9980/browser
# WOPI discovery URL
ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery
# Capabilities
ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities
# Main websocket
ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:9980/cool/$1/ws nocanon
# Admin Console websocket
ProxyPass /cool/adminws ws://127.0.0.1:9980/cool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /cool http://127.0.0.1:9980/cool
ProxyPassReverse /cool http://127.0.0.1:9980/cool
# Compatibility with integrations that use the /lool/convert-to endpoint
ProxyPass /lool http://127.0.0.1:9980/cool
ProxyPassReverse /lool http://127.0.0.1:9980/cool
Configure reverse proxy for Collabora:
Enable proxy in general: a2enmod proxy
Enable proxy for HTTP protocol: a2enmod proxy_http
Enable SSL support: a2enmod proxy_connect
Enable proxy of websockets: a2enmod proxy_wstunnel
a2enmod proxy proxy_wstunnel proxy_http
systemctl restart apache2
Test whether SSL is working with
curl -v https://collabora.myservername.com:9980/hosting/discovery
or once we have disabled SSL
curl -v http://collabora.myservername.com:9980/hosting/discovery
Collabora Configuration
https://sdk.collaboraonline.com/docs/installation/Configuration.html
To get status:
systemctl status coolwsd
turn SSL off, but termination on (Jacob instructions):
Disable ssl.
Enable the SSL termination option.
nano /etc/coolwsd/coolwsd.xml
change to
<ssl desc="SSL settings">
<!-- switches from https:// + wss:// to http:// + ws:// -->
<enable type="bool" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>
<!-- SSL off-load can be done in a proxy, if so disable SSL, and enable termination below in production -->
<termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>
systemctl restart coolwsd
Go to Nextcloud web page, Settings, Office (could also be named Nextcloud office or Collabora Online)
change to use your own server
enter
„collabora.myservername.com“
and click save
Disable unused languages for better performance:
nano /etc/coolwsd/coolwsd.xml
modify line <allowed_languages desc=" (Jacob instructions)
systemctl restart coolwsd
Last edit: by atmelino
1 guest and 0 members have just viewed this.