Improvements for Nethserver-Collabora

Feature
#1

Continuing this discussion here in this wiki-fied post…

(recap) The objective are :

  • Improve stability on updates in non interactive shells.
  • If the NS instance you install nethserver-collabora on has nethserver-nextcloud installed and is the DNS-server: it should work out-off the box on virtual/wopi host collabora.server-domain except for the certificate issue
  • If a loolwsd VirtualHost prop is set it respects this.
  • Redirect http > https on virtualhost except for acme http-01 challenge
  • If the virtual/wopi host does not have a valid cert and nethserver-nextcloud is installed on the same instance try to Disable certificate verification
  • Enable certificate verification on certifate-save event if the cert is valid.
  • Update documentation in README/documentation/wiki :
    • Reflect the changes made about what the package does.
    • Provide documentation to include exception in web-browser if cert is invalid.
    • Provide documentation to set AllowWopiHost if Nextcloud runs on an other instance.
  • Update CODE-brand, loolwsd, collaboraoffice6.x

For the time being enabled issues in my fork to get a bit organized before opening an issue in Nethserver/dev.

(moderator(s) feel free to merge 7 to 14 into this post :upside_down_face: )

1 Like
#2

And have a question for more experienced @dev_team members:

I want to move line 53 … 58 into an separate action (lets say nethserver-collabora-check-wopi-cert) which can scubribe to a certificate-save event.

How do I call this action on this place in nethserver-collabora-conf ?
(this to prevent code duplication)

#3

action takes a number to start before or after the template, and before or after the service start in your createlinks

basically you launch the action

0 < action number < 10 before template expand
10 < action number < 90 after the template expand but before the service start
90 < action number < 100 after the service has been restarted.

in your case create an action with the 21 number

this will start you action after the nethserver-collabora-conf

2 Likes
#4

Did not known this, learned something (tk)

Ideally it is in between the if statement;
However setting up the wopi_url and check the certificate can be done in a separate action.

Only downside is the wopi_url is set upon every certificate-save event. I can live with this. :astonished:

#5

I did not dive in the code but you can do something like this

my $event = 'nethserver-collabora-update';

event_actions($event, qw(
             initialize-default-databases 00
             nethserver-collabora-conf 20
             newAction                         21
));

$event = 'certificate-save';

event_actions($event, qw(
             newAction                         numberYouNeed
));
1 Like
#6

check in the messages log transaction when you need to start your action

#7

except for the above, think i’v got the objectives. Running some tests and - out of time here.

Feel free to commend/review/scrutinize the changes I made:

2 Likes
#8

I tested on a running server and a fresh install on a VM but no success this time.
I got an unauthorized wopi host error on the running server and on the VM the connection to the wopi host could not be established…

When the loolwsd virtualhost prop is unset, the Nextcloud app is not configured and collabora.server-domain is not set as wopi_url.

I think something like this would be needed (or maybe use a variable wopiurl when calling occ to have less code) :

#Configure Nethserver-Nextcloud

if [[ -x "/usr/local/sbin/occ" ]]; then

  /usr/local/sbin/occ app:install richdocuments

  if [[ -n `config getprop loolwsd VirtualHost` ]]; then

    /usr/local/sbin/occ config:app:set richdocuments wopi_url --value=https://`config getprop loolwsd VirtualHost`

  else

    /usr/local/sbin/occ config:app:set richdocuments wopi_url --value=https://collabora.`config get DomainName`

  fi

fi

/usr/local/sbin/occ app:enable richdocuments

After that change it’s configured but still not working, so maybe some new/changed loolwsd settings like localhost or IPV4 are a problem.

The cert check seems not working, it’s always set to disable cert verification.

I’m going to do some more tests tomorrow…thanks for your work!

1 Like
#9

hmm, works here :thinking:

Did you clone my git-repo and locally build nethserver-collabora on the tlc_wip branch to include the commits made so-far?
(NOTE: I tend to --force push on wip-branches to keep it tidy in the end)

As said before have an dns entry in the lan-dnsserver for collabora.server-domain
If curl can not resolve collabora.server-domain it will not exit 60 on an un-trusted cert here:

1 Like
#10

Have one strange quirk:
Always need to refresh my (firefox) browser to open a new document :confounded:

#11

No, I didn’t checkout the tlc_wip branch. :sleepy:
Tests will follow…

EDIT:

When using the correct branch it’s working like a charm. :clap:

Just for info: I needed to browse to collabora.server-domain first and allow the self signed cert in Firefox else Collabora shows an error where it’s not possible to allow the cert.

Same here with Firefox and Chrome.

There’s an open issue:

#12

Great feedback again :+1:

Same here, guess this needs to be documented (same behavior with M$-Edge).

1 Like
#13

Good idea, just to avoid support questions.
Onlyoffice has the same browser issue when using self signed certs.

#14

In the end of the day a lot of the possible hickups can be avoided if (default) setup on installation can run on the default virtualhost (ie server FQDN) instead of a virtual host.

  • No worries about dns settings
  • If the certificate is invalid the user might have made a exception for this…
  • Would use the (valid) let’s encrypt cert of the server if requested by the user…

Risk is nethserver-collabora breaks the default virtualhost. Would be a bit more comfortable if loolwsd had it’s own location like /loolwsd (Server-FQDN/loolwsd) and we (Reverse)ProxyPass from there.

2 Likes
#15

My knowledge of the Apache web-server (or web-servers in general to be precise) falls to short to accomplish this.

If someone can make it work, post your configs. :orange_heart:
And I’ll try to make a template for it. :grinning:

2 Likes
#16

@syntaxerrormmm found a bug :+1:

It is addressed in my tcl-wip branch and to make our live easy opened a PR to invoke the (nethbot) auto-build.

(ATM: nethserver-collabora-0.1.2-1.9.pr7.gfb51eaf.ns7.noarch.rpm)

1 Like
#17

what is the state of collabora and php73, I saw it is not released ?

#18

If you mean using the same rh-php7x nethserver-nextcloud depends on;
It is fixed and released using the wrapper provided by nethserver-nextcloud.

#19

what rpm number, I installed yesterday and I use the older php version I bet…

fixed yes but released sure ?

my rpm version are

[root@ns1 ~]# rpm -qa | grep collabora
collaboraoffice6.2-ure-6.2.10.3-3.x86_64
collaboraoffice6.2-6.2.10.3-3.x86_64
collaboraofficebasis6.2-draw-6.2.10.3-3.x86_64
collaboraofficebasis6.2-writer-6.2.10.3-3.x86_64
collaboraofficebasis6.2-core-6.2.10.3-3.x86_64
collaboraofficebasis6.2-images-6.2.10.3-3.x86_64
collaboraofficebasis6.2-impress-6.2.10.3-3.x86_64
collaboraofficebasis6.2-ooolinguistic-6.2.10.3-3.x86_64
collaboraofficebasis6.2-calc-6.2.10.3-3.x86_64
collaboraofficebasis6.2-graphicfilter-6.2.10.3-3.x86_64
collaboraofficebasis6.2-ooofonts-6.2.10.3-3.x86_64
nethserver-collabora-0.1.2-1.ns7.noarch
collaboraofficebasis6.2-extension-pdf-import-6.2.10.3-3.x86_64
collaboraofficebasis6.2-en-US-6.2.10.3-3.x86_64
#20

Yes this includes the fix for rh-php7x

1 Like