Deploy Collabora Online Office on Ubuntu with Let's Encrypt SSL | ComputingForGe...

Welcome to this guide, we will go through how to deploy Collabora Online Office on Ubuntu 20.04|18.04 with Let’s Encrypt SSL. However, before we begin, let us get to know what this tool is all about.

Collabora Online is an open-source LibreOffice-based powerful online office that has support for most document formats i.e spreadsheets, presentations e.t.c. This online office suite can be integrated into any web application. Collabora Online is maintained by Collabora Productivity.

One of the amazing features of Collabora Online is the ability to allow collaborative and real-time editing of word documents, presentations, spreadsheets, and vector graphics.

The other features for Collabora Online Office are:

• Open Source, scalable, saving money
• It has a Long Term Support and signed security updates
• Works in any modern browser with no plugin needed.
• Preserves the layout and formatting of documents
• Ability to integrate with existing infrastructures
• Multiple deployment options
• It has an admin console for monitoring system utilization
• Tailored solutions possible
• Customizable User Interface

Now we should be set to plunge in!

Getting Started.

For this guide, you will require the following:

• 2 Ubuntu 20.04|18.04 servers.(Nextcloud and Collabora office)
• A FQDN for Let’s Encrypt SSL
• Docker Engine
• LAMP stack
• certbot

Now we will begin by meeting all the above requirements before we deploy Collabora Online Office on Ubuntu 20.04|18.04.

Step 1 – Install LAMP stack on Ubuntu 20.04|18.04

The LAMP server can be installed on Ubuntu 20.04|18.04 using a single command as below.

sudo apt-get install lamp-server^

Enable Apache reverse modules.

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod ssl
sudo a2enmod proxy_https
sudo a2enmod proxy_ajp
sudo a2enmod rewrite
sudo a2enmod deflate
sudo a2enmod headers
sudo a2enmod proxy_balancer
sudo a2enmod proxy_connect
sudo a2enmod proxy_html
sudo a2enmod proxy_wstunnel

Step 2 – Install Docker on Ubuntu 20.04|18.04.

Since we will be running Collabora Online Office as a docker container, we need to have docker installed and running on our Ubuntu 20.04|18.04.

Install Docker Container Engine on Ubuntu

sudo curl -sSL https://get.docker.com/ | CHANNEL=stable sh

Start and enable docker on Ubuntu 20.04|18.04.

sudo systemctl enable docker
sudo systemctl start docker

Check the status of the service.

$ systemctl status docker
● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2021-12-18 07:30:14 UTC; 3min 4s ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 14338 (dockerd)
      Tasks: 8
     Memory: 28.9M
     CGroup: /system.slice/docker.service
             └─14338 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Step 3 – Deploy the Collabora Online Office Container.

Begin by installing Nextcloud on your Ubuntu 20.04|18.04 system using the guide below.

• Install Nextcloud on Ubuntu

Ensure that Nexcloud is accessible via HTTPS and accessible by the server running the Collabora service since Collabora Online should use the same protocol as the server installation.

Now that we have met the requirements, we will proceed and deploy the Collabora Online container.

For one next-cloud domain, run container as below. Remember to substitute the subdomain and domain that Nextcloud runs on

sudo docker run -t -d -p 127.0.0.1:9980:9980 \
-e 'domain=subdomain\\.domain\\.com' \
-e 'username=UserName' -e 'password=Your-Password' \
--cap-add MKNOD collabora/code

For example, in my case, this command will appear as below.

sudo docker run -t -d -p 127.0.0.1:9980:9980 \
-e 'domain=nextcloud\\.example\\.com' \
-e 'username=thor' -e 'password=StrongPassword' \
--cap-add MKNOD collabora/code

In this case, I have provided my Nextcloud server URL nextcloud.example.com and also created a Collabora user thor with a password as StrongPassword

If you are using the localhost as the domain, use the --net hostso that the container accesses your Nextcloud server.

sudo docker run -t -d -p 127.0.0.1:9980:9980 \
-e 'domain=localhost --net host' \
-e 'username=thor' -e 'password=StrongPassword' \
-e "extra_params=--o:ssl.enable=false --o:ssl.termination=true" \
--restart always collabora/code

You can as well deploy the Collabora Docker container for more than one Nextcloud-domain.

sudo docker run -t -d -p 127.0.0.1:9980:9980 \
-e 'domain=subdomain1\\.domain\\.com|subdomain2\\.domain\\.com' \
-e 'username=UserName' -e 'password=Your-Password' \
--cap-add MKNOD collabora/code

Now verify if the container is running as below.

$ sudo docker ps
CONTAINER ID   IMAGE            COMMAND                  CREATED          STATUS          PORTS                      NAMES
f9fef2d18edd   collabora/code   "/start-collabora-on…"   37 seconds ago   Up 35 seconds   127.0.0.1:9980->9980/tcp   nifty_spence

Step 4 – Configure Apache Reverse Proxy.

Now the container is running on localhost at port 9980 exposed on port 9980/TCP. We now want to configure Apache to be able to access Collabora using an IP address or domain name via HTTPS.

Create a VirtualHost as below.

sudo vi /etc/apache2/sites-available/collabora-online.conf

In the file, add the below content.

<VirtualHost *:443>
ServerName collabora.example.com:443

# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder     on

# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode

# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

# keep the host
ProxyPreserveHost On

# static html, js, images, etc. served from coolwsd
# browser is the client part of LibreOffice Online
ProxyPass           /browser https://127.0.0.1:9980/browser retry=0
ProxyPassReverse    /browser https://127.0.0.1:9980/browser

# WOPI discovery URL
ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

# Main websocket
ProxyPassMatch "/cool/(.*)/ws$" wss://127.0.0.1:9980/cool/$1/ws nocanon

# Admin Console websocket
ProxyPass   /cool/adminws wss://127.0.0.1:9980/cool/adminws

# Download as, Fullscreen presentation and Image upload operations
ProxyPass           /cool https://127.0.0.1:9980/cool
ProxyPassReverse    /cool https://127.0.0.1:9980/cool

# Endpoint with information about availability of various features
ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
</VirtualHost>

Remember to replace collabora.example.com with your appropriate server name. Activate your site.

sudo a2ensite collabora-online.conf
sudo systemctl reload apache2

Install Certbot for Apache.

sudo apt install python3-certbot-apache

Install SSL certificates for your domain name.

sudo certbot --authenticator standalone --installer apache \
-d collabora.example.com --pre-hook "service apache2 stop" \
--post-hook "service apache2 start"

In the code, replace collabora.example.com with your domain name and proceed as below.

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]
.....
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Running pre-hook command: service apache2 stop
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for collabora.example.com
Waiting for verification...
Cleaning up challenges
Running post-hook command: service apache2 start
Created an SSL vhost at /etc/apache2/conf-enabled/collabora-online-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/conf-enabled/collabora-online-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/conf-enabled/collabora-online.conf to ssl vhost in /etc/apache2/conf-enabled/collabora-online-le-ssl.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://collabora.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=collabora.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Now Collabora can be accessed via HTTPS.

Step 5 – Connect Nextcloud to Collabora Online

Login to your Nextcloud dashboard, navigate to the Apps->Office and Text. While here, ensure that Collabora Online is downloaded and enabled as below.

Now head to the Settings->Administration->Office. You need to connect Nextcloud to Collabora Online. Click “use tour own server” and provide the Collabora URL, save and ensure that the server is reachable.

Also, allow Collabora to use Open XML(OOXML) so that the created files are compatible with Microsoft Office software. After the above settings have been made, go to the files tab and create the desired document.

Create a word document by clicking on New document and assigning it a name. Collabora will be launched as below.

Create your file and save it.

There are also several download options for the created file as shown.

You can as well create a Spreadsheet file using Collabora online.

The spreadsheet will be launched as below ready for editing.

Presentations can as well be created with Collabora.

All your created Collabora files will be available under the Files tab as below.

That marks the end of this guide. We have triumphantly deployed Collabora Online Office on Ubuntu 20.04|18.04 with Let’s Encrypt SSL.

See more: