Nextcloud + Collabora CODE+ Docker Compose + Nginx

Why?

Google Docs is great - but is behind GFW. Better have something we can control.

Options?

Nextcloud has native support of Collabora Office.

ONLYOFFICE also supports Nextcloud.

Difference?

Collabora is LibreOffice in browser. Harder on server since the server is effectively rendering a copy of LibreOffice for every client and transporting differences after operations. Works better if bandwidth(for both server and client) is high, and server is powerful.

ONLYOFFICE is more like Google Docs: client's browser loads the full editor, and sync changes on the document to the server. Easier on server but mobile client is not free.

Setting up Collabora

Get Nginx working

I use Nginx on the host directly since I have more than 1 services to run.

Setup SSL with anything you like - I use acme.sh:

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name .com;

    ssl_certificate /root/.acme.sh/.com/.com.cer;
    ssl_certificate_key /root/.acme.sh/.com/.com.key;
    ssl_session_timeout 5m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
    ssl_prefer_server_ciphers on;
    keepalive_timeout 70;
    ssl_session_cache shared:SSL:10m;
    ssl_dhparam /etc/nginx/ssl/dhparams.pem;

    # static files
    location ^~ /browser {
      proxy_pass https://127.0.0.1:9980;
       proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
      proxy_pass https://127.0.0.1:9980;
      proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
      proxy_pass https://127.0.0.1:9980;
      proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/cool/(.*)/ws$ {
      proxy_pass https://127.0.0.1:9980;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $http_host;
      proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/(c|l)ool {
      proxy_pass https://127.0.0.1:9980;
      proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /cool/adminws {
      proxy_pass https://127.0.0.1:9980;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
      proxy_set_header Host $http_host;
      proxy_read_timeout 36000s;
    }
}

Setup Collabora CODE server

I really hate this setup since privileged is required - there's no easy way bypassing the limit:

version: '3'
services:
  code:
    image: collabora/code:latest
    restart: always
    privileged: true
    environment:
      - password=xxx
      - username=xxx
      - domain=nextcloud.your.domain
    ports:
      - '127.0.0.1:9980:9980'

So all traffic shall go through the reverse proxy.

Nextcloud

Install the App.

URL: https://username:password@domain.for.collabora.com

Leave a Reply

Your email address will not be published.