Adding Nextcloud Office or Collabora Online to self hosting

erothoff · October 24, 2023, 2:43am

I tried adding Nextcloud office and Collabora in the admin account under apps so I could create and read Documents and Spreedsheet files, but I don’t see them in the menu nor do they open when opening a file. Is there something special that needs to be done? Anyone know?

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online services phone

smu44 · October 24, 2023, 5:11am

Just adding the app won’t do anything, unless you have installed the Collabora service stack beside your Nextcloud: https://docs.nextcloud.com/server/latest/admin_manual/office/installation.html.

Please be aware that Office solutions have been withdrawn from the Murena self-hosting project probably because of their high resources (RAM, CPU) requirements.

erothoff · October 29, 2023, 12:28am

I installed the built-in one, (Yea it is suppose to be slower, but I am mostly testing right now.) but it does not show up on the Murena Dashboard. When trying to open a file with writer, it times out. In:
https://$Domain/settings/admin/richdocuments it says:

You have not configured the allow-list for WOPI requests. Without this setting users may download restricted files via WOPI requests to the Nextcloud server. Click here for more info
Could not establish connection to the Collabora Online server. This might be due to a missing configuration of your web server. For more information, please visit: Connecting Collabora Online Single Click with Nginx

And the directions is not clear enough for me to follow. (I do not know how to go into the Docker Containers and change things.)

smu44 · October 29, 2023, 9:32am

I could try to reproduce your setup, but not before week 45 (from 11/5).
I can’t help you more for now, since I never installed this way and don’t know exactly how it behaves

It’s not a good idea to change anything in a Docker container, as they can get re-deployed from image without warning.
However, some host OS directories are exposed to container, you can find them in your /mnt/repo-base/docker-compose.yml file (look for volumes).
You will find, in your host OS:

Nextcloud configuration file in /mnt/repo-base/volumes/nextcloud/html/config/config.php
Nginx enabled configuration in /mnt/repo-base/config/nginx/sites-enabled/

Please be aware that creating a new Nginx “site” may need an additional Docker volume, and adding it to docker-compose.yml will probably trigger nginx container re-deploy at restart.

For example, a very basic static HTTPS-enabled “www.domain.tld” site:

/mnt/repo-base/config/nginx/sites-enabled/mysite.conf

server {
    listen 8000;
    server_name www.domain.tld;
    location /.well-known/acme-challenge/ {
        alias /etc/letsencrypt/acme-challenge/.well-known/acme-challenge/;
    }
    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 4430 ssl http2;
    server_name www.domain.tld;

    ssl_certificate /certs/live/www.domain.tld/fullchain.pem;
    ssl_certificate_key /certs/live/www.domain.tld/privkey.pem;

    include /etc/nginx/params/ssl_params;
    include /etc/nginx/params/headers_params;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    root /var/mysite/html;

}

to be added in /mnt/repo-base/docker-compose.yml, assuming your html files are in /srv/www/mysite/html on host OS


  nginx:
...
    volumes:
      ...
      - /srv/www/mysite/html:/var/mysite/html
...

Then, a docker-compose restart nginx will do it’s magic .
Note: this example doesn’t include steps for HTTPS certificates.

erothoff · November 6, 2023, 2:36am

I have not had time to look at it yet. It looks to actually be a Next Cloud issue that is passed onto the selfhosting. (At least part of it is.) The internal Collabora Online does not connect properly to Next Cloud. I got it working in Nextcloud (But that version was not a docker install.) I will try to work on it this week.

smu44 · November 6, 2023, 9:48am

I haven’t forgotten about you
Currently waiting for a new DNS domain to propagate, then I could move on with testing!

smu44 · November 7, 2023, 7:18am

I could install the built-in variant on a test instance, I ran into the same issues (couldn’t open documents).

Searching in their GitHub issues about error messages I had, it appears that many users had the same problem, sometime involving in-code patches!

So, I think the built-in may not be the best solution here (and it’s a considerable sideload to Nextcloud storage!).

I think that Docker variant is better: easier administration and maintenance, isolation, technically more satisfying.
Of course, it comes with a cost:

dedicated DNS entry and certificate
nginx site
docker compose service

I’m currently investigating to get it running, will keep you posted!

smu44 · November 8, 2023, 8:30am

I got it somehow working.
Unfortunately, I’m facing some authorization token error when opening a document

I couldn’t find a solution, it bites me but I have to give up
They are plenty of threads in Nextcloud community forum, but none relevant

If anyone willing to try, here is the recipe for Docker Collabora.
NB1 {domain.tld} is to be replaced with your actual DNS domain
NB2 all commands to be issued in /mnt/repo-base directory

1. Prerequisites

1.1. Create a “collaboraonline” CNAME record in your DNS zone (to mail.{domain.tld})

1.2. Create a config/nginx/sites-enabled/collaboraonline.conf (reference: https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-settings-in-nginx-config-ssl-termination) with

server {
  listen 8000;
  server_name collaboraonline.{domain.tld};
  location /.well-known/acme-challenge/ {
    alias /etc/letsencrypt/acme-challenge/.well-known/acme-challenge/;
  }
  location / {
    return 301 https://$host$request_uri;
  }
}


server {
 listen       4430 ssl;
 server_name  collaboraonline.{domain.tld};

  ssl_certificate /certs/live/collaboraonline.{domain.tld}/fullchain.pem;
  ssl_certificate_key /certs/live/collaboraonline.{domain.tld}/privkey.pem;
  include /etc/nginx/params/ssl_params;
  include /etc/nginx/params/headers_params;

# static files
 location ^~ /browser {
   proxy_pass http://collaboraonline:9980;
   proxy_set_header Host $http_host;
 }

# WOPI discovery URL
 location ^~ /hosting/discovery {
   proxy_pass http://collaboraonline:9980;
   proxy_set_header Host $http_host;
 }

# Capabilities
 location ^~ /hosting/capabilities {
   proxy_pass http://collaboraonline:9980;
   proxy_set_header Host $http_host;
 }


# main websocket
 location ~ ^/cool/(.*)/ws$ {
   proxy_pass http://collaboraonline:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }

# download, presentation and image upload
 location ~ ^/(c|l)ool {
   proxy_pass http://collaboraonline:9980;
   proxy_set_header Host $http_host;
 }

# Admin Console websocket
 location ^~ /cool/adminws {
   proxy_pass http://collaboraonline:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }
}

1.3. restart nginx with docker-compose restart nginx
1.4. get SSL certificate with bash scripts/ssl-renew.sh

2. Get default configuration file

2.1. start a dummy container with docker pull collabora/code followed by docker run -t -d -p 9980:9980 -e 'aliasgroup1=https://collaboraonline.{domain.tld}:443' --restart always --cap-add MKNOD collabora/code
2.2. create a dedicated dir with mkdir -p volumes/collaboraonline/etc/coolwsd
2.3. get container ID with docker ps
2.4. copy generated default configuration with (replace {id}) docker cp {id}:/etc/coolwsd/coolwsd.xml volumes/collaboraonline/etc/coolwsd/
2.5. cleanup with docker stop {id} then docker rm {id}

3. Add container to Compose

3.1. add to docker-compose.yaml:

  collaboraonline:
    image: collabora/code
    container_name: collaboraonline
    restart: always
    networks:
      - default
    ports:
      - "9980:9980"
    expose:
      - "9980"
    environment:
      - aliasgroup1=https://{domain.tld}:443
      - domain={domain.tld}
      - VIRTUAL_PROTO=http
      - VIRTUAL_PORT=9980
      - VIRTUAL_HOST=https://collaboraonline.{domain.tld}
      - "extra_params=--o:ssl.enable=false  --o:ssl.termination=true"
    volumes:
      - /mnt/repo-base/volumes/collaboraonline/etc/coolwsd/coolwsd.xml:/etc/coolwsd/coolwsd.xml
    cap_add:
      - MKNOD

3.2. activate with docker-compose up -d

4. NC configuration and checks

4.1. install NC Collabora app, insert https://collaboraonline.{domain.tld} (“Use your own server”) in https://{domain.tld}/settings/admin/richdocuments
4.2. check using https://help.nextcloud.com/t/nextcloud-collabora-integration/151879

system · January 22, 2024, 2:44am

This topic was automatically closed after 90 days. New replies are no longer allowed.