Nextcloud 23 and Collabora - works!

Forum home -> Tech Talk -> View topic

Post

Posted
Rating:
#794 (In Topic #307)
Avatar
Nerd Club Member

Successful Installation of latest Nextcloud with Collabora

Thank you Jacob!!!

I got the latest Nextcloud 23.0.3 and Collabora 21.11.3.4 to work! It was a week-long battle, but in the end, it worked. I couldn't believe it when I created a spreadsheet and Collabora office actually opened it (After many failures).

In the end, I used a combination of the vendor instructions at
https://docs.nextcloud.com/server/latest/admin_manual/contents.html
and
https://www.collaboraoffice.com/code-install-and-test/
and Jacob's instructions for Nextcloud 21.

I'll be happy to upload the details if anybody is interested.. 
Online now: No Back to the top

Post

Posted
Rating:
#795
Avatar
NOTS Staff
Hi atmelino/Tobias,

Great to hear you got things working even though they've been updated since the tutorial! It's always a great feeling to finish a project successfully.

I'd definitely be interested in any major differences between my tutorial and the current Nextcloud/Collabora documentation. I was planning to potentially cover Nextcloud again, but I've been waiting for ownCloud Infinite Scale to release so I can compare the two.

- Jacob
Online now: No Back to the top

Post

Posted
Rating:
#796
Avatar
Nerd Club Member
Hi Jacob,

I'll post the details in the next post, but here's a quick summary:

First, I tried to install Nextcloud 21 and Collabora on Debian 10 on Linode. The problem is that Collabora has changed the name from "lool" to "cool" in many  places, so I renamed the references in my install, but in the end I got an error message saying that the version numbers don't match.

Next, I installed (the latest) Nextcloud 23 and Collabora on Debian 10 on Linode with a mix of your and their instructions. When I first tried to open a document, I got a security-related error message. That's when I used your instructions to turn off SSL in coolwsd.xml and turned on termination - that seemed to do the trick!

Again, without your video and wiki, I probably would have given up, so thanks again!

:-)
Tobias
Online now: No Back to the top

Post

Posted
Rating:
#797
Avatar
Nerd Club Member
Instructions for installing Nextcloud 23.0.3 and Collabora 21.11.3.4 on Ubuntu 20.04 on Linode from Packages

Nextcloud

Documentation sources:

Nextcloud Server Administration Guide
https://docs.nextcloud.com/server/latest/admin_manual/contents.html

Jacob instructions
https://nerdonthestreet.com/wiki?find=Install+Nextcloud+21%2C+Collabora%2C+and+HPB+on+Debian+10
https://nerdonthestreet.com/episode/tech/nextcloud-21-with-collabora-hpb

Prerequisites:
domain name bought at godaddy= myservername.com
at godaddy, change name servers to "Using custom nameservers"
enter
ns1.linode.com
ns2.linode.com
etc.
https://www.linode.com/community/questions/18941/how-to-point-domain-to-linode

in Linode, under domains, added A record, set  myservername.com to IP address
in Linode, under domains, added A record, set  nextcloud.myservername.com to IP address

Example installation on Ubuntu 20.04 LTS
https://docs.nextcloud.com/server/latest/admin_manual/installation/example_ubuntu.html

SSH into your server. Install new packages:
apt update
apt install apache2 mariadb-server libapache2-mod-php7.4
apt install php7.4-gd php7.4-mysql php7.4-curl php7.4-mbstring php7.4-intl
apt install php7.4-gmp php7.4-bcmath php-imagick php7.4-xml php7.4-zip
apt install libmagickcore-6.q16-3-extra
Set up database:
mysql_secure_installation
mariadb
Type the following at mariadb prompt:
CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'p#ssw&rd';
CREATE DATABASE IF NOT EXISTS nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost';
FLUSH PRIVILEGES;
quit;
Install Nextcloud:
wget https://download.nextcloud.com/server/releases/nextcloud-23.0.3.zip
unzip nextcloud-23.0.3.zip
cp -r nextcloud /var/www
chown -R www-data: /var/www/nextcloud

For better security, store data outside of www folder:
mkdir /ncdata
chown www-data: /ncdata

Create Apache configuration for Nextcloud:
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/nextcloud.conf
nano /etc/apache2/sites-available/nextcloud.conf
contents should be changed to contain inside <VirtualHost *:80>
      ServerName nextcloud.myservername.com

        ServerAdmin myemail@mailserver.com
        DocumentRoot /var/www/nextcloud
       <Directory /var/www/nextcloud/>
                Require all granted
                AllowOverride All
                Options FollowSymLinks MultiViews
         Satisfy Any
                <IfModule mod_dav.c>
                        Dav off
                </IfModule>
        </Directory>
Enable Apache configuration:
a2ensite nextcloud
a2enmod rewrite headers env dir mime
systemctl restart apache2

Enable https:
snap install --classic certbot
certbot --apache
certbot will create a file named /etc/apache2/sites-enabled/nextcloud-le-ssl.conf whoch we will edit later.

At this point, Nextcloud is already running:
Open a web browser and go to
https://nextcloud.myservername.com


Take care of the warnings under Settings → Overview:

nano /etc/php/7.4/apache2/php.ini
make the following changes:
memory_limit = 512M
output_buffering = Off

modify the Apache configuration:
nano /etc/apache2/sites-enabled/nextcloud-le-ssl.conf

contents should be changed to contain inside <VirtualHost *:443>
        ServerName nextcloud.myservername.com

        ServerAdmin myemail@mailserver.com
        DocumentRoot /var/www/nextcloud

        <IfModule mod_headers.c>
                Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains";
        </IfModulec>

        <Directory /var/www/nextcloud/>
                Require all granted
                AllowOverride All
                Options FollowSymLinks MultiViews
                Satisfy Any
                <IfModule mod_dav.c>
                        Dav off
                </IfModule>
        </Directory>

make changes to PHP configuration:
nano /var/www/nextcloud/config/config.php

add
'htaccess.RewriteBase' => '/',
  'default_phone_region' => 'US',
make the changes effective:
sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess

Configure memcache:
apt install php-redis redis-server

Edit redis configuration:
nano /etc/redis/redis.conf
Uncomment unixsocket /var/run/redis/redis-server.sock.
Uncomment unixsocketperm 700 and change 700 to 770.
Change port 6379 to port 0.

to add Apache to the Redis group, run
usermod -aG redis www-data

make changes to PHP configuration:
nano /var/www/nextcloud/config/config.php

add
'memcache.local' => '\OC\Memcache\Redis',
'memcache.distributed' => '\OC\Memcache\Redis',
'redis' => [
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
],
make the changes effective:
sudo -u www-data php /var/www/nextcloud/occ maintenance:update:htaccess

have to restart Apache and Redis
systemctl restart apache2 redis

one warning remains:

You have not set or verified your email server configuration, yet

https://docs.nextcloud.com/server/16/admin_manual/configuration_server/email_configuration.html#

 

Collabora

Documentation sources:

Collabora SDK
https://sdk.collaboraonline.com/

How to find instructions for Linux packages:

go to
https://sdk.collaboraonline.com/
click on Installation guide.
This will take you to
https://sdk.collaboraonline.com/docs/installation/index.html
Click on Installation from packages
This will take you to
https://sdk.collaboraonline.com/docs/installation/Installation_from_packages.html
Find the sentence
"If you are not Collabora’s Partner please follow CODE instructions"
and click on "CODE instructions"
This will take you to
  https://www.collaboraoffice.com/code/
Find the box "Install CODE & do tryout" and click on Check how-to
This will take you to
 https://www.collaboraoffice.com/code-install-and-test/
click on packages for Linux
This will take you to
https://www.collaboraoffice.com/code/linux-packages/

Install Collabora from repository:
cd /usr/share/keyrings
sudo wget https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg
nano /etc/apt/sources.list.d/collaboraonline.sources
paste this:
Types: deb
URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-ubuntu2004
Suites: ./
Signed-By: /usr/share/keyrings/collaboraonline-release-keyring.gpg
then run

apt update
apt install coolwsd
apt install code-brand
apt install hunspell

Configure Apache to serve collabora:
cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/collabora.conf
nano /etc/apache2/sites-available/collabora.conf
    
change ServerName to
ServerName collabora.myservername.com

Delete the ServerAdmin and DocumentRoot directives.
Save and exit.

Enable the Collabora server:
a2ensite collabora

systemctl restart apache2

Now we will set up SSL for Collabora.

https://sdk.collaboraonline.com/docs/installation/Configuration.html#ssl-configuration
„Collabora Online uses WOPI protocol, which mandates SSL. However, it is possible to run Collabora Online server without SSL, it is configurable. Basically there are 3 modes:
    • SSL
    • SSL termination
    • No SSL“

Enable https:
certbot --apache

This will create the file collabora-le-ssl.conf which we will edit.

specific proxy settings are described in
https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html
https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-with-apache-2-webserver

We will use the one WITH SSL termination:
https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-settings-in-apache2-config-ssl-termination

nano /etc/apache2/sites-available/collabora-le-ssl.conf

contents should be changed to contain inside <VirtualHost *:443>
 
 ########################################

 # Reverse proxy for Collabora Online
 #

 ########################################


 AllowEncodedSlashes NoDecode
 ProxyPreserveHost On


 # static html, js, images, etc. served from coolwsd
 # browser is the client part of Collabora Online
 ProxyPass           /browser http://127.0.0.1:9980/browser retry=0
 ProxyPassReverse    /browser http://127.0.0.1:9980/browser


 # WOPI discovery URL
 ProxyPass           /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
 ProxyPassReverse    /hosting/discovery http://127.0.0.1:9980/hosting/discovery


 # Capabilities
 ProxyPass           /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
 ProxyPassReverse    /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities


 # Main websocket
 ProxyPassMatch      "/cool/(.*)/ws$"      ws://127.0.0.1:9980/cool/$1/ws nocanon


 # Admin Console websocket
 ProxyPass           /cool/adminws ws://127.0.0.1:9980/cool/adminws


 # Download as, Fullscreen presentation and Image upload operations
 ProxyPass           /cool http://127.0.0.1:9980/cool
 ProxyPassReverse    /cool http://127.0.0.1:9980/cool
 # Compatibility with integrations that use the /lool/convert-to endpoint
 ProxyPass           /lool http://127.0.0.1:9980/cool
 ProxyPassReverse    /lool http://127.0.0.1:9980/cool

Save and exit.

Configure reverse proxy for Collabora:
Enable proxy in general: a2enmod proxy
Enable proxy for HTTP protocol: a2enmod proxy_http
Enable SSL support: a2enmod proxy_connect
Enable proxy of websockets: a2enmod proxy_wstunnel
a2enmod proxy proxy_wstunnel proxy_http

systemctl restart apache2


Test whether SSL is working with
curl -v https://collabora.myservername.com:9980/hosting/discovery

or once we have disabled SSL
curl -v http://collabora.myservername.com:9980/hosting/discovery


Collabora Configuration

https://sdk.collaboraonline.com/docs/installation/Configuration.html

To get status:
 systemctl status coolwsd


turn SSL off, but termination on (Jacob instructions):
Disable ssl.
Enable the SSL termination option.

 nano /etc/coolwsd/coolwsd.xml

change to
     <ssl desc="SSL settings">
        <!-- switches from https:// + wss:// to http:// + ws:// -->
        <enable type="bool" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>
        <!-- SSL off-load can be done in a proxy, if so disable SSL, and enable termination below in production -->
        <termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>
Restart the daemon with
systemctl restart coolwsd

Go to Nextcloud web page, Settings, Office (could also be named Nextcloud office or Collabora Online)

change to use your own server
enter
„collabora.myservername.com“
and click save


Disable unused languages for better performance:

nano /etc/coolwsd/coolwsd.xml

modify line <allowed_languages desc=" (Jacob instructions)

systemctl restart coolwsd

Last edit: by atmelino

Online now: No Back to the top
1 guest and 0 members have just viewed this.