Collabora Online in Nethserver-Nextcloud

Hi there,

I found this: https://nextcloud.com/collaboraonline/
There was a similar discussion in Jan this year I saw. I would really like to have this feature.
I think this could be a real killerfeature for ns7.
So I tried to install it on a ns7-vm.
What I did so far: installed nethserver-nextcloud from softwarecenter, netsherver-docker from nethforge-testing (thanks @davidep) , enabled the service, docker is runing, pulled collabora and started the collabora container as discribed in the above link. So far so good.

But now Iā€™m facing 2 problems:

  1. how to configure the virtaulhost correct.
  2. there is no ā€œcollabora online appā€ in nextcloud/apps/productivity.

Can anybody guide me how to do, please? :pray: :slight_smile:

2 Likes

I also have interest in this feature. Months ago read some threads in nextcloud community complaining about performance/stability, IIRC. I would like to know your opinion once you get it running :wink:

For the second point, in the apps store, go ahead to the gear icon (bottom left) and enable experimental apps.

2 Likes

This hint was great! Found the app now. :smile:

Iā€™m still strungling with SSL-certificates.

Nextcloud is running, virtulahost is defined, collabora is running in a docker container, collabora app is installed in nextcloud.

But I get this error:

ā€œSSL-certificate not installedā€.

I tried cat /etc/pki/tls/certs/NSRV.crt >> /var/www/html/nexcloud/resources/config/ca-bundle.crt to add the NethServer certificate to the collabora-file, but that didnā€™t help.
Where could the ca-chain.cert.pem be? If I export the certificate to ā€œcertificate.cerā€ in ā€œderā€ format and convert it to ā€œcertificate.pemā€ itā€™s exactly the ā€œNSRV.crtā€.

Can anybody help me, please? :pray: :dizzy_face:

Donā€™t know the answer but this might be of some help:
https://help.nextcloud.com/search?q=collabora%20curl%2060

1 Like

Follow instructions in this link

This is for ubuntu however it helps figuring out the steps and procedure.

2 Likes

Hi ghost,

thanks for your reply. Your link provids a good tutorial, but I did all this steps allready.
I was digging in the wrong direction the last days. The error message lead me the wrong way, I think.

@flatspin
could you please provide me with the error you are getting ?
I spent lots of time to get it to work hence I know most of the errors already.

To get it to work you need to have a sub-domain or another domain name.
Say your main domain name is : flatspin.net pointing to 123.123.123.123
create another domain say : collabora.selfip.com also pointing to 123.123.123.123

now you need to create 2 certificates one for each of the above domains
In collabora settings under nextcloud you need to point it to https://collabora.selfip.com
add port number if different from 443

also please add the https://collabora.selfip.com to the config.php under nextcloud

It should work without any issue.
Good luck

Hi Ghost, thanks for your help.

Will try your advices as soon as possible and report than.

This is the error message:

Collabora Online: SSL certificate is not installed.
Please ask your administrator to add ca-chain.cert.pem to the ca-bundle.crt, for example "cat /etc/loolwsd/ca-chain.cert.pem >> /resources/config/ca-bundle.crt" . The exact error message was: cURL error 60: See http://curl.haxx.se/libcurl/c/libcurl-errors.html

This is the virtualhost config:

# 
# Virtual Host collabora - office.ns7.lan:443
#

<VirtualHost *:443>
    #DocumentRoot "/var/lib/nethserver/vhost/collabora"
    ServerName office.ns7.lan:443

    #
    #  20ssl_engine
    #
    SSLEngine on
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    SSLProtocol All -SSLv2 -SSLv3
    SSLHonorCipherOrder On
    SSLCertificateFile "/etc/pki/tls/certs/office.crt"
    SSLCertificateKeyFile "/etc/pki/tls/private/NSRV.key"

   
  # Encoded slashes need to be allowed
  AllowEncodedSlashes On

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://localhost:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://localhost:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://localhost:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://localhost:9980/hosting/discovery

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://localhost:9980/lool/$1/ws

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://localhost:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://localhost:9980/lool
  ProxyPassReverse    /lool https://localhost:9980/lool

</VirtualHost>

I copied the certs from docker container, from nethserver itself and the created cert for office.ns7.lan to the nextcloud ca-bundle-file. The domain is ns7.lan, FQDN is ns7test.ns7.lan, docker is running under office.ns7.lan on 127.0.0.1:9980

I also added ā€˜office.ns7.lanā€™ to ā€˜/var/www/html/nextcloud/config/config.phpā€™ as trusted domain.
I also check the firewall.log. No entries about blocking an internal IP.

TIA. Ralf

here is your mistake, no certs should be copied from docker.

You need to create the certificates as such:
cd /etc/letsencrypt
sudo ./certbot-auto --apache --agree-tos --email youremailaddress -d office.ns7.lan

I assume that your main site certificate is created and that you can access the nextcloud server through its public ip address.

after the letsencrypt certificate for your office.ns7.lan you need to follow the steps in the link I pointed you to earlier.

your ssl virtual host should look like this

---------------office.ns7.lan-le-ssl.conf -----------please add > to the first and last 2 lines----------
<IfModule mod_ssl.c
<VirtualHost *:443
ServerName office.ns7.lan
SSLCertificateFile /etc/letsencrypt/live/office.ns7.lan/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/office.ns7.lan/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

AllowEncodedSlashes On

Container uses a unique non-signed certificate

SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

keep the host

ProxyPreserveHost On

static html, js, images, etc. served from loolwsd

loleaflet is the client part of LibreOffice Online

ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet

WOPI discovery URL

ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery

Main websocket

ProxyPassMatch ā€œ/lool/(.*)/ws$ā€ wss://127.0.0.1:9980/lool/$1/ws

Admin Console websocket

ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws

Download as, Fullscreen presentation and Image upload operations

ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool

</VirtualHost

</IfModule
-----------------------end of file -----please add > to the first and last 2 lines--------------

I tried to ping that domain , it does not exist are you sure you were able to register such a name ?

1 Like

Sorry, maybe I was unclear.

My setup is an intranet-setup with selfsigned-certificates. So itā€™s clear that you canā€™t ping this domain.
Nextcloud is a nethserver-nextcloud installation.
I copied the docker cert just to try if itā€™s needed, but it isnā€™t.
The used certificate is the cert created for office.ns7.lan with openssl.
If you try to use a selfsigned cert you have to copy it to the bundle-file of nextcloud, so it becomes trusted.

Yes indeed , unclear is the headlineā€¦

Well I do not have similar scenario nor able to simulate your setup. For me you are on your own I am afraid.
I cannot be of help.

Donā€™t worry. Thanks anyway for your inputs. :slight_smile:

How exactly are you doing this?

The command is docker cp containerID:/path/to/file/in/container /local/path
Donā€™t forget the ā€œ:ā€ after containerID
The container ID you can find with: docker ps.
To open a shell in the docker container to find a file: docker exec -it containerID /bin/bash
AFAIK the certificates are in /etc/loolwsd in the container. Do you know if there are others?
Example: docker cp 52c20b531c45:/etc/loolwsd/ca-chain.cert.pem /root/ca-chain.cert.pem

Are you importing the certs every time you launch the container?

Good point. Iā€™ve to say I didnā€™t notice that they were changing, but I tried it within the running time of the container. And checked it right now again. But the erreor still appears. :sob:
Itā€™s time for weekend. Next attempt next week. :slight_smile:

When you get back on it, you could try appending the docker cert to the nextcloud ca-bundle.crt, aswell as your own NSRV.crt to it

something like

docker exec cat 52c20b531c45:/etc/loolwsd/ca-chain.cert.pem >> /var/www/html/nexcloud/resources/config/ca-bundle.crt

cat /etc/pki/tls/certs/NSRV.crt >> /var/www/html/nexcloud/resources/config/ca-bundle.crt

systemctl restart httpd.service

have a nice w/e!

Thanks for trying to help, but I allready did that without success.
PS apache.service on nethserver is httpd.service