Nous avons besoin d'ajouté la clé publique sur APT pour ensuite installer le paquet :
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D apt-get install dirmngr echo 'deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian10 ./' > /etc/apt/sources.list.d/collaboraoffice.list apt update apt install coolwsd code-brand
On désactive ensuite les chiffrement car ça sera Apache qui fera la terminaison SSL. On édite alors /etc/coolwsd/coolwsd.xml :
<ssl desc="SSL settings"> <enable type="bool" desc="Controls whether SSL encryption is enable (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>
On autorise l'usage de cette application par le nextcloud que l'on utilise en front:
<storage desc="Backend storage"> <filesystem allow="false" /> <wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true"> <host desc="Regex pattern of hostname to allow or deny." allow="true">drive.domaine.org</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">$IP_PUBLIC_DU_SERVEUR</host>
Il restera alors plus qu'a relancer le service:
systemctl restart coolwsd
On peut suivre les log de l'application via journalctl:
journalctl -u coolwsd -f
On déclare dans un premier temps le vhost :
vim /etc/apache2/sites-available/collabora.conf
En y ajoutant ces directives:
<VirtualHost *:80> #<VirtualHost *:80 *:443> ServerName collabora.domaine.org Options -Indexes # SSLEngine on # SSLCertificateFile /etc/letsencrypt/live/collabora.domaine.org/fullchain.pem # SSLCertificateKeyFile /etc/letsencrypt/live/collabora.domaine.org/privkey.pem # RewriteEngine On # RewriteCond %{HTTPS} !=on # RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R=permanent] ######################################## # Reverse proxy for Collabora Online # https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-with-apache-2-webserver ######################################## # Encoded slashes need to be allowed AllowEncodedSlashes NoDecode # keep the host ProxyPreserveHost On # static html, js, images, etc. served from coolwsd # loleaflet is the client part of Collabora Online ProxyPass /browser http://127.0.0.1:9980/browser retry=0 ProxyPassReverse /browser http://127.0.0.1:9980/browser # WOPI discovery URL ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0 ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery # Capabilities ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0 ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities # Main websocket ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:9980/lool/$1/ws nocanon # Admin Console websocket ProxyPass /cool/adminws ws://127.0.0.1:9980/lool/adminws # Download as, Fullscreen presentation and Image upload operations ProxyPass /cool http://127.0.0.1:9980/lool ProxyPassReverse /cool http://127.0.0.1:9980/lool ProxyPass /lool http://127.0.0.1:9980/lool ProxyPassReverse /lool http://127.0.0.1:9980/lool ErrorLog ${APACHE_LOG_DIR}/error.collabora.domaine.org.log CustomLog ${APACHE_LOG_DIR}/access.collabora.domaine.org.log combined </VirtualHost>
Ajoutez et adapter les directives pour y ajouter du chiffrement si besoin en jouant au préalable la création d'un certificat via Let's Encrypt. Si la commande fonctinone alors il faudra la rejouer en enlevant les options “–dry-run et –test-cert”:
certbot certonly --webroot --webroot-path=/var/lib/letsencrypt/ -d collabora.domaine.org --dry-run --test-cert certbot certonly --webroot --webroot-path=/var/lib/letsencrypt/ -d collabora.domaine.org
On active le vhost et on vérifie qu'il n'y ait pas d'erreurs de syntaxe:
a2ensite collabora apache2ctl -t systemctl reload apache2