Installation of Collabora on Debain 12

Collabora CODE is more straightforward to install than Nextcloud. Typically, Collabora prerequisites are installed when Nextcloud is installed. To install Collabora CODE, follow the steps below:

Import the Collabora CODE signing key.

cd /usr/share/keyrings
sudo wget https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg

Create a source file for the Collabora CODE package repository.

sudo vi /etc/apt/sources.list.d/collaboraonline.sources

Add the following information to the file and save it.

nano /etc/apt/sources.list.d/collaboraonline.sources
Types: deb
URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-ubuntu2204
Suites: ./
Signed-By: /usr/share/keyrings/collaboraonline-release-keyring.gpg

Update the repository

sudo apt update -y

Install Collabora CODE using apt.

sudo apt install coolwsd code-brand -y

How to Configure Collabora

Collabora configuration depends on an XML file at /etc/coolwsd/coolwsd.xml. Although this file can be edited directly, it is faster to use the coolconfig tool to make configuration changes. To configure Collabora, follow the steps below:

With the current configuration, the coolwsd service continues to fail and restart. This happens because Collabora cannot establish an HTTPS connection with the local host. Use the coolconfig tool to disable HTTPS on the connection.

sudo coolconfig set ssl.enable false
sudo coolconfig set ssl.termination true

Only certain designated hosts are allowed to access the Collabora server. To designate Nextcloud as a trusted client, set storage.wopi.host to the Nextcloud domain, for example, nextcloud.example.com. In the following command, substitute the real domain name in place of example.com.

sudo coolconfig set storage.wopi.host nextcloud.example.com

Create an administration account and provide a password for the account. When prompted, enter the admin username. Then, enter the admin password twice.

sudo coolconfig set-admin-password

Restart the coolwsd service and verify the service status.

sudo systemctl restart coolwsd
sudo systemctl status coolwsd
coolwsd.service - Collabora Online WebSocket Daemon
Loaded: loaded (/lib/systemd/system/coolwsd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-12-13 14:42:09 UTC; 7s ago

How to Configure the Collabora Virtual Host

Both NGINX and Apache require a Collabora virtual host to serve the Collabora application. This guide uses NGINX. To configure an NGINX virtual host, follow the steps below:

apt install nginx

For details on how to configure the Apache virtual host, see the Collabora Apache Proxy Settings from the Collabora installation guide. Enable the proxy, proxy_http, proxy_connect, and proxy_wstunnel modules using the a2enmod command. Create a collabora NGINX virtual host file.

sudo vi /etc/nginx/sites-available/collabora

Add the following configuration to the file. Change the value of server_name from collabora.example.com to the name of the Collabora subdomain.

nano /etc/nginx/sites-available/collabora
server {
listen 80;
listen [::]:80;
server_name collabora.example.com;

error_log /var/log/nginx/collabora.error;

# static files
location ^~ /browser {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
}

# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
}

# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}

# download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Host $http_host;
}

# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass http://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}

Enable the Collabora site on the server by creating a symbolic link in the sites-enabled directory.

sudo ln -s /etc/nginx/sites-available/collabora /etc/nginx/sites-enabled/collabora

Test the file syntax to ensure it does not contain any errors.

sudo nginx -t

Restart NGINX and verify its status.

sudo systemctl reload nginx
sudo systemctl status nginx

How to Enable HTTPS for the Collabora Domain

The steps in this section explain how to use Certbot to request a Let’s Encrypt TLS certificate and enable HTTPS support. The snap package manager can be used to install Certbot. For additional information about Certbot, Let’s Encrypt certificates, and HTTPS, consult the Linode guide to Using Certbot on NGINX.

Install the snap package manager.

sudo apt install snapd
sudo snap install core

Remove the old certbot package and use snap to install the newer certbot Snap. Then, create a symbolic link to the new directory.

sudo apt remove certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Run the certbot command to request and install a Let’s Encrypt TLS certificate. The –nginx option allows Certbot to modify the NGINX virtual host file for the domain.

During the certificate granting process, certbot prompts for more information. Some of these questions might not appear if you have used Certbot on this particular Compute Instance before. To request a certificate, follow the guidelines below:

Enter the administrator’s email address when requested to do so. Let’s Encrypt sends renewal notices and other relevant updates to this email address.
Enter Y to agree to the Terms of Service. Enter N to end the program.
Certbot asks for permission to register the address with the Electronic Frontier Foundation. Enter either Y or N. This does not affect the rest of the installation.
Enter the Collabora domain name, for example, collabora.example.com, or choose the correct name from a list. If certbot displays a list, select the number corresponding to the Collabora domain.
The certbot program confirms the results of the certificate request and displays any error messages. certbot automatically schedules the certificate for auto-renewal.

sudo certbot --nginx

Requesting a certificate for collabora.example.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/collabora.example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/collabora.example.com/privkey.pem
This certificate expires on 2023-03-14.

These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate

Successfully deployed certificate for collabora.example.com to /etc/nginx/sites-enabled/collabora
Congratulations! You have successfully enabled HTTPS on https://collabora.example.com

Reload NGINX to incorporate the changes.

sudo systemctl reload nginx

For Nextcloud integration you can read the other article posted here:

Install Collabora Online on Ubuntu 20 for Nextcloud

Share

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.