超簡單安裝collabora online Part II (v 2.4.17 )

我以前文章「超簡單安裝collabora online」敘述如何讓nextcloud搭配online document server達到線上編輯功能 ; 後來發現Onlyoffice 更好用, 版面格式比較不會跑掉,就變心改用onlyoffice。

隨著公司越來越多人使用onlyoffice ,沒想到免費版有10人開啟檔案的上限,預算考量,只能另想辦法。

我回過頭來看collabora online , 雖是免費,但官方編譯一樣有20人數限制;照這樣子應該真的要去拍桌,跟老闆說要加錢購買onlyoffice。

可是偶然間發現有個群組, 協助編譯開源版collabora online,並且解除20人限制, 甚至編譯成 docker 版本, 真是佛心來的

以下請參考github與docker網站:

https://github.com/tiredofit/docker-collabora-online

https://hub.docker.com/r/collabora/code/tags

官方文件很少。但不囉嗦, 我測試後直接寫如何安裝。

  • compose 文件
wget https://github.com/tiredofit/docker-collabora-online/raw/master/examples/docker-compose.yml
mv docker-compose.yml.traefik docker-compose.yml
vi docker-compose.yml
#改成醬
#紅色字需要修改
version: '3.7'
services:

  collabora-online-app:
    image: tiredofit/collabora-online:2.4.17
    container_name: collabora-online-app
    hostname: collabora-online.test.com
    expose:
      - 9980
    ports:
      - "9980:9980"
    cap_add:
      - MKNOD
      - NET_ADMIN
    privileged: true
    labels:
      - traefik.enable=true
      - traefik.frontend.rule=Host:collabora-online.test.com
      - traefik.port=9980
      - traefik.protocol=http
      - traefik.docker.network=proxy
      - traefik.backend=collabora-online-app
    volumes:
      - ./logs:/logs
    environment:
      - CONTAINER_NAME=collabora-online-app

      - ADMIN_USER=admin
      - ADMIN_PASS=collabora-online

# 允許哪些網站存取
      - ALLOWED_HOSTS=cloud.test.com,xxx.test.com

      - ENABLE_TLS=FALSE
      - ENABLE_TLS_REVERSE_PROXY=TRUE
    restart: always

  • 修改反向代理
    以下主機名稱需與compose文件相同
<VirtualHost *:443>
  ServerName collabora-online.test.com:443

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLCertificateFile /etc/letsencrypt/live/collabora-online.test.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/collabora-online.test.com/privkey.pem
  SSLCACertificateFile /etc/letsencrypt/live/collabora-online.test.com/fullchain.pem
  SSLProtocol             all -SSLv2 -SSLv3
  SSLEngine on
  SSLHonorCipherOrder     on
  AllowEncodedSlashes NoDecode
  ProxyPreserveHost On


 # static html, js, images, etc. served from coolwsd
 # browser is the client part of Collabora Online
 ProxyPass           /browser http://127.0.0.1:9980/browser retry=0
 ProxyPassReverse    /browser http://127.0.0.1:9980/browser


 # WOPI discovery URL
 ProxyPass           /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
 ProxyPassReverse    /hosting/discovery http://127.0.0.1:9980/hosting/discovery


 # Capabilities
 ProxyPass           /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
 ProxyPassReverse    /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities


 # Main websocket
 ProxyPassMatch      "/cool/(.*)/ws$"      ws://127.0.0.1:9980/cool/$1/ws nocanon


 # Admin Console websocket
 ProxyPass           /cool/adminws ws://127.0.0.1:9980/cool/adminws


 # Download as, Fullscreen presentation and Image upload operations
 ProxyPass           /cool http://127.0.0.1:9980/cool
 ProxyPassReverse    /cool http://127.0.0.1:9980/cool
 # Compatibility with integrations that use the /lool/convert-to endpoint
 ProxyPass           /lool http://127.0.0.1:9980/cool
 ProxyPassReverse    /lool http://127.0.0.1:9980/cool
</VirtualHost>
  • nextcloud 設定
    要安裝Collabora Online

設定URL,開檔需導入到 Collabora Online-server

完成了

  • 檢查運行狀況
    需輸入compose上面的管理者帳號與密碼
https://collabora-online.test.com/browser/dist/admin/admin.html
  • 若上傳字型,需要登入到容器,加上額外字型的設定
docker exec -it <容器名稱> bash
vi etc/coolwsd/coolwsd.xml
<remote_font_config>
  <url desc="URL of optional JSON file that lists fonts to be included in Online" type="string" default="">https://cloud.test.com/apps/richdocuments/settings/fonts.json</url>
</remote_font_config>

nextcloud 綁定ldap, 突然無法登入

nextcloud 綁定公司兩台AD , 一台台北, 一台蘇州 , 兩台不同網域

但是今天發生蘇州網域伺服器停機(停電超過4小時), 居然造成nextcloud所有人員無法登入的情況

查了一下解法, 可以先暫時停用蘇州的ldap連線,

sudo -u www-data php occ ldap:set-config s02 ldapConfigurationActive 0

以下是ldap相關指令, 可以先查詢設定檔案名稱之後, 如s01 , s02 , 再停用連線

ldap
 ldap:check-user               checks whether a user exists on LDAP.
 ldap:create-empty-config      creates an empty LDAP configuration
 ldap:delete-config            deletes an existing LDAP configuration
 ldap:search                   executes a user or group search
 ldap:set-config               modifies an LDAP configuration
 ldap:show-config              shows the LDAP configuration
 ldap:show-remnants            shows which users are not available on
                               LDAP anymore, but have remnants in
                               Nextcloud.
 ldap:test-config              tests an LDAP configuration

使用docker安裝nextcloud

新版安裝方式請到這裡查看

-------------------以下是舊版安裝方式-------------------

  1. 建立volume
  2. 設定mariadb data
  3. 執行
  4. 設定trusted_domain

建立volume

 docker volume create nextcloud-www
 docker volume create nextcloud-app
 docker volume create nextcloud-config
 docker volume create nextcloud-data
 docker volume create nextcloud-theme 

確認 mariadb 資料庫伺服器是否準備好

執行docker指令

docker run -d -p <對應的port>:80 -v nextcloud-www:/var/www/html -v nextcloud-app:/var/www/html/custom_apps -v nextcloud-config:/var/www/html/config -v nextcloud-data:/var/www/html/data -v nextcloud-theme:/var/www/html/themes/mycustom --link <docker資料庫名稱>:mysql -e MYSQL_DATABASE=nextcloud -e MYSQL_USER=root -e MYSQL_PASSWORD=<密碼> -e MYSQL_HOST=mysql --restart=always --name nextcloud nextcloud 

若有apache或是nginx作為反向proxy, 將https帶到nextcloud, 需設定trust_domain(網站會提醒)

httpd設定

# for CalDav
RewriteEngine On 
RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L] 
# form redirect
<VirtualHost *:80>
    ServerName <server name>
    Redirect permanent / https://<server name>/
</VirtualHost>

<VirtualHost *:443> 
  # form security
  <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  </IfModule>
</VirtualHost>

nextcloud config設定

若使用httpd proxy 的方式需要加入以下設定, 以免登入轉圈圈無法進入頁面, 修改 config.php 檔案

'overwritehost' => '<主機名稱>',
'overwriteprotocol' => 'https',

執行command

 docker exec --user www-data <CONTAINER_ID> php occ 
例入遇到上傳檔案失敗, 或是一些檔案錯誤可執行
docker exec --user www-data <container id> php occ files:scan --all

超簡單安裝collabora online

** 2022/11/29
因多人使用限制, 想從onlyoffice轉回來Collabora Online , 但沒想到這邊也限制人數, 無論如何以下的設定已經過時,先不要用

collabora online 加上 nextcloud 或 owncloud 可以實現線上協同編輯的功能, 很猛!

docker run -t -d -p 9980:9980 -e "domain=<your-dot-escaped-domain>" -e "username=admin" -e "password=your_password" --restart always --name collabora collabora/code
EX:
docker run -t -d -p 9980:9980 -e "domain=next\\.test\\.com" -e "username=admin" -e "password=your_password" --restart always --name collabora collabora/code 

以上安裝collabora online 指令中, domain=nextcloud\\.fromtw\\.com代表允許next.fromtw.com這個網址使用協同編輯,

若需要多個網址,請加上 |

記得搭配 letsencrypt 讓collabora 擁有 https 加密功能 ,   安裝完畢,

ps. 網址https://collabora.test.com/loleaflet/dist/admin/admin.html , 可查詢是否成功.(需輸入以上設定帳密)

**nextcloud,

找出 collabora online app 並安裝 , 並設定collabora online的https網址, 這樣就能實現文件線上協同編輯的功能.

**owncloud,

需要到 https://marketplace.owncloud.com/apps/richdocuments 這個地方下載, 然後複製到owncloud app區解開才能安裝, 安裝後找出設定,把collabor的網址輸入進去就可以使用了

ps. 若collabora online 為內部service, 需要透過對外的httpd proxy接應, 因此httpd proxy的設定如下:

 <VirtualHost *:443>
  ServerName collabora.fromtw.com:443
  Options -Indexes

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/collabora.fromtw.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/collabora.fromtw.com/privkey.pem
  SSLCACertificateFile /etc/letsencrypt/live/collabora.fromtw.com/fullchain.pem
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of Collabora Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Capabilities
  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
  ProxyPass / https://localhost:9980/
  ProxyPassReverse / https://localhost:9980/
</VirtualHost>

安裝owncloud-使用docker

owncloud 是個很方便的雲端檔案管理系統, 安裝簡便, 功能強大,最重要的是免費, 開放原始碼!

安裝的方式很多, 咖啡偶建議使用最夯的docker方式安裝, 方便以後升級, 備份與還原.

安裝前, 需要確保基本環境已經建置, 因此請參考本站docker建置基礎文章-"docker環境建立須知",

再安裝owncloud方為適當

 10011_(Docker)如何安裝owncloud.txt