finally Collabora Online seems to work, fully installed on Nethserver. All you need is a trusted certificate like letsencrypt.
It’s possible to install onlyoffice too. Onlyoffice opens docx and collabora odt.
Please test and share your experiences. Tagging some interrested people: @flatspin@dnutan@iglqut@danb35@oneitonitram
EDIT 14.9.2018:
Please test the module:
Don’t forget to replace “yourdomain.tld” with your real domain:
# Install nextcloud and yum-utils for repoimport
yum -y install nethserver-nextcloud yum-utils
# get repo and install collabora
wget https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos7/repodata/repomd.xml.key && rpm --import repomd.xml.key
yum-config-manager --add-repo https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos7
yum -y install loolwsd CODE-brand
# generate self-signed cert
openssl genrsa -out /etc/loolwsd/privatekey.pem 4096
openssl req -batch -new -x509 -sha512 -days 3650 -key /etc/loolwsd/privatekey.pem -out /etc/loolwsd/fullchain.pem
loolconfig set ssl.cert_file_path /etc/loolwsd/fullchain.pem
loolconfig set ssl.key_file_path /etc/loolwsd/privatekey.pem
loolconfig set ssl.ca_file_path ''
loolconfig set storage.wopi.host yourdomain.tld
# Create a httpd conf file for reverse proxy
cat << EOF > /etc/httpd/conf.d/collabora.conf
<VirtualHost *:443>
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/\$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
</VirtualHost>
EOF
# Set admin user and password for the web console
sed -i 's!enabled."/>!enabled.">admin</username>!' /etc/loolwsd/loolwsd.xml
loolconfig set-admin-password
Type your wanted password for the admin web console and then finish installation with restarting services and nextcloud setup. Don’t forget to replace “yourdomain.tld” with your real domain:
Man, you make it look so easy . It’s working so far.
No problems opening/editing .odt, .docx, .xlsx, .pptx
Document scrolling and rendering on big documents seems less fluid than in onlyoffice.
Browser zooming badly affects font rendering (at least on my PC).
To add support for spell-check you can add dictionaries (in this example for english language):
(It’s OK to leave dictionaries out of the default installation, as they are said to consume some resources and users can choose which ones they want to install.)
With many open documents it warns about…
This is an unsupported version of LibreOffice Online. To avoid the impression that it is suitable for deployment in enterprises, this message appears when more than 10 documents or 20 connections are in use concurrently
Not really needed, but interesting to know tricks:
yum install nethserver-collabora
Created a domain collabora.mydomain.tld
Got lets encrypt certs for collabora.mydomain.tld
Encrypted Access to collabora.mydomain.tld is possible also from the whole wide world
config setprop loolwsd VirtualHost collabora.mydomain.tld
signal-event nethserver-collabora-update
loolconfig set-admin-password
openssl genrsa -out /etc/loolwsd/privatekey.pem 4096
openssl req -batch -new -x509 -sha512 -days 3650 -key /etc/loolwsd/privatekey.pem -out /etc/loolwsd/fullchain.pem
loolconfig set ssl.cert_file_path /etc/loolwsd/fullchain.pem
loolconfig set ssl.key_file_path /etc/loolwsd/privatekey.pem
loolconfig set ssl.ca_file_path ''
loolconfig set storage.wopi.host yourdomain.tld
and a new httpd-conf-file:
<VirtualHost *:443>
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/\$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
</VirtualHost>
Now I get:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /loleaflet/dist/admin/admin.html.
when trying to access http://…/loleaflet/dist/admin/admin.html
loolwsd shows the following error:
[ websrv_poll ] ERR Looks like SSL/TLS traffic on plain http port| wsd/LOOLWSD.cpp:2024
does it work to create documents in Nextcloud and edit them with Collabora?
I could not reproduce the issue, nethserver-collabora should work out of the box.
The installation procedure you wrote is completely right. I just had to restart the loolwsd service with systemctl restart loolwsd so that the new admin password was accepted.
You do not need to create certificates for the loolwsd service because a reverse proxy is used. The local loolwsd service is configured to use only HTTP, not HTTPS.
A conf file /etc/httpd/conf.d/zz_collabora.conf is created by the module, you do not need to use a separate conf file.
Please revert your last changes like the additional conf file, the wopihost and cert settings with loolconfig then do a signal-event nethserver-collabora-update.
You may have a look at the used virtual host config with httpd -S and you should find a line like:
port 443 namevhost collabora.mydomain.tld (/etc/httpd/conf.d/zz_collabora.conf:9)
No, it’s possible to use 2 completely different domains.
Did you create a virtual host in Nethserver via the Web interface? That’s not necessary. The virtualhost is automatically created by the nethserver-collabora module.
Please enter following on command line and post the result:
Then I did:
config setprop loolwsd VirtualHost servername.something.ddnss.de
signal-event nethserver-collabora-update
loolconfig set-admin-password
service loolwsd restart
I don’t know if it’s the case but you can’t use the same domain as the Nethserver server domain that you set via “Server name” in the web UI. You need a different domain or a subdomain.
Old news but related to the topic. There’s a built-in collabora CODE nextcloud app, but I guess the package from Markus shall perform at least the same or a bit better (unaware of the internal differences on the built-in app).
provides a built-in server with all of the document editing features of Collabora Online. Easy to install, for personal use or for small teams. It is a bit slower than a standalone server and without the advanced scalability features.
the built-in CODE server has some limitations in terms of performance
Please help with this issue:
I have installed nethserver-collabora package following your steps and of course, the documentation.
I can access the Admin console at https://collabora.gtbs.ro/loleaflet/dist/admin/admin.html
If I check in browser https://collabora.gtbs.ro I get (please see photo 1).
In Nextcloud: “Could not establish connection to the Collabora Online server.” (please see photo 2).
What did I do wrong?
From where I must start to check?