Collabora Online on a Nextcloud Server: Difference between revisions
From Leechfinger
Jump to navigationJump to search
No edit summary |
|||
| Line 18: | Line 18: | ||
# a2enmod ssl | # a2enmod ssl | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Create Apache virtual host == | |||
<syntaxhighlight lang="bash" line> | |||
<VirtualHost *:443> | |||
ServerName office.nextcloud.com:443 | |||
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt! | |||
SSLEngine on | |||
SSLCertificateFile /path/to/signed_certificate | |||
SSLCertificateChainFile /path/to/intermediate_certificate | |||
SSLCertificateKeyFile /path/to/private/key | |||
SSLProtocol all -SSLv2 -SSLv3 | |||
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS | |||
SSLHonorCipherOrder on | |||
# Encoded slashes need to be allowed | |||
AllowEncodedSlashes NoDecode | |||
# Container uses a unique non-signed certificate | |||
SSLProxyEngine On | |||
SSLProxyVerify None | |||
SSLProxyCheckPeerCN Off | |||
SSLProxyCheckPeerName Off | |||
# keep the host | |||
ProxyPreserveHost On | |||
# static html, js, images, etc. served from coolwsd | |||
# browser is the client part of LibreOffice Online | |||
ProxyPass /browser https://127.0.0.1:9980/browser retry=0 | |||
ProxyPassReverse /browser https://127.0.0.1:9980/browser | |||
# WOPI discovery URL | |||
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0 | |||
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery | |||
# Main websocket | |||
ProxyPassMatch "/cool/(.*)/ws$" wss://127.0.0.1:9980/cool/$1/ws nocanon | |||
# Admin Console websocket | |||
ProxyPass /cool/adminws wss://127.0.0.1:9980/cool/adminws | |||
# Download as, Fullscreen presentation and Image upload operations | |||
ProxyPass /cool https://127.0.0.1:9980/cool | |||
ProxyPassReverse /cool https://127.0.0.1:9980/cool | |||
# Endpoint with information about availability of various features | |||
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0 | |||
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities | |||
</VirtualHost> | |||
</syntaxhighlight> | |||
[[Category:Docker]] | |||
Latest revision as of 03:56, 21 May 2024
Installing Collabora
This document will list all the steps to install Collabora for Nextcloud server.
# docker pull collabora/code
# docker run -t -d -p 127.0.0.1:9980:9980 \
-e 'domain=cloud\\.nextcloud\\.com' \
-e 'dictionaries=en de es fr' \
--restart always \
--cap-add MKNOD \
collabora/code
Enable apache mods
# a2enmod proxy
# a2enmod proxy_wstunnel
# a2enmod proxy_http
# a2enmod ssl
Create Apache virtual host
<VirtualHost *:443>
ServerName office.nextcloud.com:443
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /path/to/signed_certificate
SSLCertificateChainFile /path/to/intermediate_certificate
SSLCertificateKeyFile /path/to/private/key
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from coolwsd
# browser is the client part of LibreOffice Online
ProxyPass /browser https://127.0.0.1:9980/browser retry=0
ProxyPassReverse /browser https://127.0.0.1:9980/browser
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/cool/(.*)/ws$" wss://127.0.0.1:9980/cool/$1/ws nocanon
# Admin Console websocket
ProxyPass /cool/adminws wss://127.0.0.1:9980/cool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /cool https://127.0.0.1:9980/cool
ProxyPassReverse /cool https://127.0.0.1:9980/cool
# Endpoint with information about availability of various features
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
</VirtualHost>
