Installation of Collabora on Debain 12 Rumi, March 3, 2024 Collabora CODE is more straightforward to install than Nextcloud. Typically, Collabora prerequisites are installed when Nextcloud is installed. To install Collabora CODE, follow the steps below: Import the Collabora CODE signing key. cd /usr/share/keyrings sudo wget https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg Create a source file for the Collabora CODE package repository. sudo vi /etc/apt/sources.list.d/collaboraonline.sources Add the following information to the file and save it. nano /etc/apt/sources.list.d/collaboraonline.sources Types: deb URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-ubuntu2204 Suites: ./ Signed-By: /usr/share/keyrings/collaboraonline-release-keyring.gpg Update the repository sudo apt update -y Install Collabora CODE using apt. sudo apt install coolwsd code-brand -y How to Configure Collabora Collabora configuration depends on an XML file at /etc/coolwsd/coolwsd.xml. Although this file can be edited directly, it is faster to use the coolconfig tool to make configuration changes. To configure Collabora, follow the steps below: With the current configuration, the coolwsd service continues to fail and restart. This happens because Collabora cannot establish an HTTPS connection with the local host. Use the coolconfig tool to disable HTTPS on the connection. sudo coolconfig set ssl.enable false sudo coolconfig set ssl.termination true Only certain designated hosts are allowed to access the Collabora server. To designate Nextcloud as a trusted client, set storage.wopi.host to the Nextcloud domain, for example, nextcloud.example.com. In the following command, substitute the real domain name in place of example.com. sudo coolconfig set storage.wopi.host nextcloud.example.com Create an administration account and provide a password for the account. When prompted, enter the admin username. Then, enter the admin password twice. sudo coolconfig set-admin-password Restart the coolwsd service and verify the service status. sudo systemctl restart coolwsd sudo systemctl status coolwsd coolwsd.service - Collabora Online WebSocket Daemon Loaded: loaded (/lib/systemd/system/coolwsd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-12-13 14:42:09 UTC; 7s ago How to Configure the Collabora Virtual Host Both NGINX and Apache require a Collabora virtual host to serve the Collabora application. This guide uses NGINX. To configure an NGINX virtual host, follow the steps below: apt install nginx For details on how to configure the Apache virtual host, see the Collabora Apache Proxy Settings from the Collabora installation guide. Enable the proxy, proxy_http, proxy_connect, and proxy_wstunnel modules using the a2enmod command. Create a collabora NGINX virtual host file. sudo vi /etc/nginx/sites-available/collabora Add the following configuration to the file. Change the value of server_name from collabora.example.com to the name of the Collabora subdomain. nano /etc/nginx/sites-available/collabora server { listen 80; listen [::]:80; server_name collabora.example.com; error_log /var/log/nginx/collabora.error; # static files location ^~ /browser { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $http_host; } # WOPI discovery URL location ^~ /hosting/discovery { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $http_host; } # Capabilities location ^~ /hosting/capabilities { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $http_host; } # main websocket location ~ ^/cool/(.*)/ws$ { proxy_pass http://127.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } # download, presentation and image upload location ~ ^/(c|l)ool { proxy_pass http://127.0.0.1:9980; proxy_set_header Host $http_host; } # Admin Console websocket location ^~ /cool/adminws { proxy_pass http://127.0.0.1:9980; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; proxy_read_timeout 36000s; } } Enable the Collabora site on the server by creating a symbolic link in the sites-enabled directory. sudo ln -s /etc/nginx/sites-available/collabora /etc/nginx/sites-enabled/collabora Test the file syntax to ensure it does not contain any errors. sudo nginx -t Restart NGINX and verify its status. sudo systemctl reload nginx sudo systemctl status nginx How to Enable HTTPS for the Collabora Domain The steps in this section explain how to use Certbot to request a Let’s Encrypt TLS certificate and enable HTTPS support. The snap package manager can be used to install Certbot. For additional information about Certbot, Let’s Encrypt certificates, and HTTPS, consult the Linode guide to Using Certbot on NGINX. Install the snap package manager. sudo apt install snapd sudo snap install core Remove the old certbot package and use snap to install the newer certbot Snap. Then, create a symbolic link to the new directory. sudo apt remove certbot sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot Run the certbot command to request and install a Let’s Encrypt TLS certificate. The –nginx option allows Certbot to modify the NGINX virtual host file for the domain. During the certificate granting process, certbot prompts for more information. Some of these questions might not appear if you have used Certbot on this particular Compute Instance before. To request a certificate, follow the guidelines below: Enter the administrator’s email address when requested to do so. Let’s Encrypt sends renewal notices and other relevant updates to this email address. Enter Y to agree to the Terms of Service. Enter N to end the program. Certbot asks for permission to register the address with the Electronic Frontier Foundation. Enter either Y or N. This does not affect the rest of the installation. Enter the Collabora domain name, for example, collabora.example.com, or choose the correct name from a list. If certbot displays a list, select the number corresponding to the Collabora domain. The certbot program confirms the results of the certificate request and displays any error messages. certbot automatically schedules the certificate for auto-renewal. sudo certbot --nginx Requesting a certificate for collabora.example.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/collabora.example.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/collabora.example.com/privkey.pem This certificate expires on 2023-03-14. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for collabora.example.com to /etc/nginx/sites-enabled/collabora Congratulations! You have successfully enabled HTTPS on https://collabora.example.com Reload NGINX to incorporate the changes. sudo systemctl reload nginx For Nextcloud integration you can read the other article posted here: Install Collabora Online on Ubuntu 20 for Nextcloud Administrations Application Configurations (Linux) CollaboraDebainDebian 12