How to install Collabora Online Development Edition (CODE)

Collabora is now part of the Nethforge repository and installable as module:
You can follow this document to install it:
http://docs.nethserver.org/en/v7/collabora.html


Hi guys,

finally Collabora Online seems to work, fully installed on Nethserver. All you need is a trusted certificate like letsencrypt.
It’s possible to install onlyoffice too. Onlyoffice opens docx and collabora odt.
Please test and share your experiences. Tagging some interrested people: @flatspin @dnutan @iglqut @danb35 @oneitonitram

EDIT 14.9.2018:

Please test the module:

Don’t forget to replace “yourdomain.tld” with your real domain:

# Install nextcloud and yum-utils for repoimport
yum -y install nethserver-nextcloud yum-utils

# get repo and install collabora
wget https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos7/repodata/repomd.xml.key && rpm --import repomd.xml.key
yum-config-manager --add-repo https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos7
yum -y install loolwsd CODE-brand

# generate self-signed cert
openssl genrsa -out /etc/loolwsd/privatekey.pem 4096
openssl req -batch -new -x509 -sha512 -days 3650 -key /etc/loolwsd/privatekey.pem -out /etc/loolwsd/fullchain.pem
loolconfig set ssl.cert_file_path /etc/loolwsd/fullchain.pem
loolconfig set ssl.key_file_path /etc/loolwsd/privatekey.pem
loolconfig set ssl.ca_file_path ''
loolconfig set storage.wopi.host yourdomain.tld

# Create a httpd conf file for reverse proxy
cat << EOF > /etc/httpd/conf.d/collabora.conf 
<VirtualHost *:443>
  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/\$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>
EOF

# Set admin user and password for the web console
sed -i 's!enabled."/>!enabled.">admin</username>!' /etc/loolwsd/loolwsd.xml
loolconfig set-admin-password

Type your wanted password for the admin web console and then finish installation with restarting services and nextcloud setup. Don’t forget to replace “yourdomain.tld” with your real domain:

# (re)start and enable services
systemctl restart httpd
systemctl enable loolwsd --now

# Install nextcloud collabora richdocuments app
sudo -u apache /opt/rh/rh-php71/root/usr/bin/php /usr/share/nextcloud/occ app:install richdocuments
# Set domain
sudo -u apache /opt/rh/rh-php71/root/usr/bin/php /usr/share/nextcloud/occ config:app:set richdocuments wopi_url --value=https:\/\/yourdomain.tld
# Enable app
sudo -u apache /opt/rh/rh-php71/root/usr/bin/php /usr/share/nextcloud/occ app:enable richdocuments

# Set nextcloud trusted domains and apply
config setprop nextcloud TrustedDomains yourdomain.tld
signal-event nethserver-nextcloud-save

Now you should be able to create and edit libre documents in Nextcloud:
https://yourdomain.tld/nextcloud

Admin interface (username admin):
https://yourdomain.tld/loleaflet/dist/admin/admin.html

Sources:


7 Likes

With a quick look, this seems to be working.

Edit: Testing so far involves creating a new .odt document, and opening .doc and .odt files–all are working.

Edit 2: Somewhat to my surprise, it also opens a .xlsx file.

4 Likes

Man, you make it look so easy :clap: :clap: :clap: . It’s working so far.
No problems opening/editing .odt, .docx, .xlsx, .pptx
Document scrolling and rendering on big documents seems less fluid than in onlyoffice.
Browser zooming badly affects font rendering (at least on my PC).

To add support for spell-check you can add dictionaries (in this example for english language):

yum install collaboraoffice5.3-dict-en
systemctl restart loolwsd

(It’s OK to leave dictionaries out of the default installation, as they are said to consume some resources and users can choose which ones they want to install.)

With many open documents it warns about…

This is an unsupported version of LibreOffice Online. To avoid the impression that it is suitable for deployment in enterprises, this message appears when more than 10 documents or 20 connections are in use concurrently

Not really needed, but interesting to know tricks:

4 Likes

Hi,

I have a working setup of Nethserver 7.6 + nextcloud 16.
Now I wanted to install Collabora. I followed the instructions here http://docs.nethserver.org/en/v7/collabora.html

These are the steps I did so far:

yum install nethserver-collabora
Created a domain collabora.mydomain.tld
Got lets encrypt certs for collabora.mydomain.tld
Encrypted Access to collabora.mydomain.tld is possible also from the whole wide world
config setprop loolwsd VirtualHost collabora.mydomain.tld
signal-event nethserver-collabora-update
loolconfig set-admin-password

When I try to access https://collabora.mydomain.tld/loleaflet/dist/admin/admin.html or https://mydomain.tld/loleaflet/dist/admin/admin.html I get

The requested URL /loleaflet/dist/admin/admin.html was not found on this server.

In ssl_access_log I find

    • [27/Jul/2019:17:34:06 +0200] “GET /loleaflet/dist/admin/admin.html HTTP/1.1” 404 229

Local access to lynx http://127.0.0.1:9980/loleaflet/dist/admin/admin.html is possible

Service loolwsd status shows now errors

I have no idea what I did wrong during the setup?

Beste regards,
Joachim

I´m a litte bit further:

I created certificates


openssl genrsa -out /etc/loolwsd/privatekey.pem 4096
openssl req -batch -new -x509 -sha512 -days 3650 -key /etc/loolwsd/privatekey.pem -out /etc/loolwsd/fullchain.pem
loolconfig set ssl.cert_file_path /etc/loolwsd/fullchain.pem
loolconfig set ssl.key_file_path /etc/loolwsd/privatekey.pem
loolconfig set ssl.ca_file_path ''
loolconfig set storage.wopi.host yourdomain.tld

and a new httpd-conf-file:

<VirtualHost *:443>
  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/\$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>

Now I get:


Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /loleaflet/dist/admin/admin.html.

when trying to access http://…/loleaflet/dist/admin/admin.html

loolwsd shows the following error:

[ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2024

Any ideas?

Regards,
Joachim

Hi Joachim,

does it work to create documents in Nextcloud and edit them with Collabora?
I could not reproduce the issue, nethserver-collabora should work out of the box.

The installation procedure you wrote is completely right. I just had to restart the loolwsd service with systemctl restart loolwsd so that the new admin password was accepted.

You do not need to create certificates for the loolwsd service because a reverse proxy is used. The local loolwsd service is configured to use only HTTP, not HTTPS.

A conf file /etc/httpd/conf.d/zz_collabora.conf is created by the module, you do not need to use a separate conf file.

Please revert your last changes like the additional conf file, the wopihost and cert settings with loolconfig then do a signal-event nethserver-collabora-update.

You may have a look at the used virtual host config with httpd -S and you should find a line like:

port 443 namevhost collabora.mydomain.tld (/etc/httpd/conf.d/zz_collabora.conf:9)

2 Likes

Hi Markus,

thank you for the fast response.

I tried it several times without the additional steps (creating certs and the conf file). Always with the same result.

Maybe it´s the domain I choose for collabora.

The domain of nethserver is

servername.mydomain.tld

and the domain I created for collabora within the admin console is

collabora.mydomain.de

Could it be that I have to name the collabora domain

collabora.servername.mydomain.tld

Also: Which options do I have to choose when creating the virtual host?

No, it’s possible to use 2 completely different domains.

Did you create a virtual host in Nethserver via the Web interface? That’s not necessary. The virtualhost is automatically created by the nethserver-collabora module.

Please enter following on command line and post the result:

httpd -S

This shows the used virtualhosts.

1 Like

Now I startet from scratch.

After

yum install nethserver-collabora

this is the output from httpd -S:

VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server servername.something.ddnss.de (/etc/httpd/conf.d/nethserver.conf:44)
         port 443 namevhost servername.something.ddnss.de (/etc/httpd/conf.d/nethserver.conf:44)
         port 443 namevhost servername.something.ddnss.de (/etc/httpd/conf.d/ssl.conf:56)
*:80                   is a NameVirtualHost
         default server servername.something.ddnss.de (/etc/httpd/conf.d/virtualhosts.conf:12)
         port 80 namevhost servername.something.ddnss.de (/etc/httpd/conf.d/virtualhosts.conf:12)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default 
Mutex mpm-accept: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

I cannot find a virtual host named collabora.servername.something.ddnss.de

Then I did:
config setprop loolwsd VirtualHost servername.something.ddnss.de
signal-event nethserver-collabora-update
loolconfig set-admin-password
service loolwsd restart

Still the same problem: I cannot connect to https://servername.something.ddnss.de/loleaflet/dist/admin/admin.html

Maybe it has something to do with my long servername. I have a ddnss domain. So I named my domain

something.ddnss.de

That leads to a servername servername

servername.domething.ddnss.de

You have to run httpd -S after the configuration steps to see the vhost.

You only need the domain without servername:

config setprop loolwsd VirtualHost something.ddnss.de
signal-event nethserver-collabora-update

I don’t know if it’s the case but you can’t use the same domain as the Nethserver server domain that you set via “Server name” in the web UI. You need a different domain or a subdomain.

If the servername is servername.something.ddnss.de you need a another domain like otherdomain.ddnss.de or a subdomain like subdomain.something.ddnss.de.

I ran httpd -S after the configuration steps. I have the same result this morning.

Also I tried to configure loolwsd just with the domain without the servername with the same result.

You said I can´t use the same domain I set with the web UI. As you said I do not have to create another virtual host as this is done by

yum install nethserver-collabora

So do you think I should create a seperate virtual host like collabora.ddnss.de ? Will the installscript use this created virtual host?

No, you don’t need to create a virtualhost in Nethserver for collabora.

You just need to get another domain (like collabora.ddnss.de) from your (ddns) provider and configure it in Nethserver:

config setprop loolwsd VirtualHost collabora.ddnss.de
signal-event nethserver-collabora-update

After these steps httpd -S should show the collabora.ddnss.de domain.

I set up a spearate VM for testing and registered a seperate domain from ddnss.de.

After

yum install nethserver-collabora

and

config setprop loolwsd VirtualHost collabora.ddnss.de
signal-event nethserver-collabora-update
loolconfig set-admin-password

I have the same situation. I cannot access the admin dashboard.

Thank you @mrmarkuz for your assistance. Now I´ll try onlyoffice and hope I´ll have more success with it.

Best regards,
Joachim

If you use a VM, did you port forward the https port to the VM?

You have to use the collabora domain to get to the admin interface.

Please check /var/log/messages for errors.

3 posts were split to a new topic: Nethserver-collabora uses rh-php71 without requiring it

A post was split to a new topic: Portforwarding config collabora