Running your own Online Office with Nextcloud and nginx

Over the time, Nextcloud has become a manifest for the private cloud and does not also sync files but also contacts and calendars as well as notes. But what if you need yet another approach to edit documents online?

vor 3 Monaten

Latest Post Storm in a teacup - or how "NextCry" tried to target Nextcloud by Oliver Pifferi

Over the time, Nextcloud has become a manifest for the private cloud and does not also sync files but also contacts and calendars as well as notes. But what if you need yet another approach to edit documents online? What if you don’t need a local Office-installation anymore and don’t rely on the well-known solutions from, for example, Microsoft and Google? The answer is simple: Go with one of the two great implementations for an online office for Nextcloud!

The aim of this tutorial is to show you how you can implement Collabora Online based upon a Docker container to run on a nginx-webserver. Some time ago, I did already accomplish this with Apache as I have been using this web server since more than a decade but hadn’t the time to port this to nginx somehow. Anyway, I have finally accomplished to manage this and therefore I want to share this experience with you. All we need is the typical shell access on an (here) Ubuntu server-installation, an existing nginx-installation with a running Nextcloud and Certbot for delivering the Let’s Encrypt-certificate for our new, virtual office. Let’s start!

Collabora Online Development Edition

If you haven’t done so before, install the Docker-environment by typing the two commands

sudo apt update
sudo apt install docker.io

After you have done so, checking the status with

systemctl status docker

should be the first step before we head on to download the desired container. This can be accomplished by typing

sudo docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=nextcloud\\.domain\\.tld' --restart always --cap-add MKNOD collabora/code

The container will be downloaded and startet. Please take note that the „domain“-part should be the name of the FQDN your existing Nextcloud-instance is already running on like 'domain=nextcloud\.mydomain\.com‘ ! The parameter „--restart always" also add the ability that your container isn't down once you reboot your VPS - a most-common mistake I once made by myself.

Since the  newly-created Docker container we use as our main Collabora Online-server doesn’t come with valid certificates for your domain, we will now use nginx’s reverse proxy-capabilities. In addition with Let’s Encrypt, we will finally get a valid ssl-setup to connect our browser to. In my example, I have created a new virtual host in nginx named „office.mydomain.tld“ so please be sure to adopt the following configuration example to match your own environment.

The code we need looks like listed below:

server {
    listen       443 ssl;
    server_name  office.example.com;

    ssl_certificate /path/to/certficate;
    ssl_certificate_key /path/to/key;
    
    # static files
    location ^~ /loleaflet {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

   # main websocket
   location ~ ^/lool/(.*)/ws$ {
       proxy_pass https://localhost:9980;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "Upgrade";
       proxy_set_header Host $http_host;
       proxy_read_timeout 36000s;
   }
   
   # download, presentation and image upload
   location ~ ^/lool {
       proxy_pass https://localhost:9980;
       proxy_set_header Host $http_host;
   }
   
   # Admin Console websocket
   location ^~ /lool/adminws {
       proxy_pass https://localhost:9980;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "Upgrade";
       proxy_set_header Host $http_host;
       proxy_read_timeout 36000s;
   }
}
nginx-configuration

After you have made these changes to your vhost-configuration, you will have to reload nginx by typing

sudo nginx -s reload

Hint: If you cannot deal or don’t want to deal with the certificates in one step, remove the both ssl lines and save the configuration. Reload nginx’s configuration as seen above and let Certbot do all those work for you by typing either

sudo certbot --nginx

or

sudo letsencrypt --nginx

The certificate-workflow will now start and you may choose your desired host like „office.mydomain.tld“ which must be reachable from the outside on TCP-ports 80 and 443. Enter if you want a permanent redirection from port 80 to 443 (which is always good) and let Let’s Encrypt do all the work for you. Finally, you should get a message that the certificate has been created and so you’re ready to go with the last step.

Head to your Nextcloud-installation and go to the „Apps“-section. Amongst the category of „Office & Text“ you will find the Collabora-app which can now be installed and deployed by a click. After doing so, go to the Settings where you will find a new „Collabora Online“-option.

Nextcloud 17 and Collabora Online - Settings

Just enter the URL from the example above with the „https“-prefix like „https://office.mydomain.tld“ and you should be ready to go! A first test can be accomplished by clicking the "Plus"-option to create a new file. The new documents served by Collabora should be available now:

Collabora Online successfully activated / new filetypes

By the way - using Collabora in combination with Nextcloud 17 will also enable the watermark-feature which has been recently announced on the Nextcloud Conference 2019!

Collabora Online watermarked with Nextcloud 17

I hope that you have found this tutorial to be useful. As for myself, it took some time to adopt everything from the „Apache“-point of view to the nginx-one but as Collabora is finally working well, I hope you will gain the same results. Don’t hesitate to drop my some comments or questions!

Oliver Pifferi

Published vor 3 Monaten