meta données pour cette page

Editer des fichiers en ligne avec CollaboraOffice

Une belle alternative à OnlyOffice.

Installation

Dans les précédentes version, c'était loolwsd qui était utilisé à la place de coolwsd.

Dépendances

Nous avons besoin d'ajouté la clé publique sur APT pour ensuite installer le paquet : 

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D
apt-get install dirmngr
echo 'deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian10 ./' > /etc/apt/sources.list.d/collaboraoffice.list
apt update
apt install coolwsd code-brand

On désactive ensuite les chiffrement car ça sera Apache qui fera la terminaison SSL. On édite alors /etc/coolwsd/coolwsd.xml : 

<ssl desc="SSL settings">
   <enable type="bool" desc="Controls whether SSL encryption is enable (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>

On autorise l'usage de cette application par le nextcloud que l'on utilise en front: 

<storage desc="Backend storage">
   <filesystem allow="false" />
   <wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
       <host desc="Regex pattern of hostname to allow or deny." allow="true">drive.domaine.org</host>
       <host desc="Regex pattern of hostname to allow or deny." allow="true">$IP_PUBLIC_DU_SERVEUR</host>

Il restera alors plus qu'a relancer le service: 

systemctl restart coolwsd

On peut suivre les log de l'application via journalctl: 

journalctl -u coolwsd -f

Configuration

On déclare dans un premier temps le vhost : 

vim /etc/apache2/sites-available/collabora.conf

En y ajoutant ces directives: 

<VirtualHost *:80>
#<VirtualHost *:80 *:443>
  ServerName collabora.domaine.org
  Options -Indexes
  
#  SSLEngine on
#  SSLCertificateFile  /etc/letsencrypt/live/collabora.domaine.org/fullchain.pem
#  SSLCertificateKeyFile /etc/letsencrypt/live/collabora.domaine.org/privkey.pem

#  RewriteEngine On
#  RewriteCond %{HTTPS} !=on
#  RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R=permanent]

 ########################################

 # Reverse proxy for Collabora Online
 # https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html#reverse-proxy-with-apache-2-webserver

 ########################################

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from coolwsd
  # loleaflet is the client part of Collabora Online
  ProxyPass           /browser http://127.0.0.1:9980/browser retry=0
  ProxyPassReverse    /browser http://127.0.0.1:9980/browser

  # WOPI discovery URL
  ProxyPass           /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery http://127.0.0.1:9980/hosting/discovery

  # Capabilities
  ProxyPass           /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities

  # Main websocket
  ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /cool/adminws ws://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /cool http://127.0.0.1:9980/lool
  ProxyPassReverse    /cool http://127.0.0.1:9980/lool
  ProxyPass           /lool http://127.0.0.1:9980/lool
  ProxyPassReverse    /lool http://127.0.0.1:9980/lool

  ErrorLog ${APACHE_LOG_DIR}/error.collabora.domaine.org.log
  CustomLog ${APACHE_LOG_DIR}/access.collabora.domaine.org.log combined
</VirtualHost>

Cliquez pour afficher ⇲

Cliquez pour masquer ⇱ 

server {
 listen       80;
 listen       443 ssl;
 server_name  collabora.bruno-tatu.com collabora.autarcie.org;

 ssl_certificate /etc/letsencrypt/live/collabora.bruno-tatu.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/collabora.bruno-tatu.com/privkey.pem;
 include snippets/ssl-params.conf;

  root /var/www/nextcloud;

   location ~ /.well-known {
           allow all;
   }

 # static files
 location ^~ /browser {
   proxy_pass http://127.0.0.1:9980;
   proxy_set_header Host $http_host;
 }

 # WOPI discovery URL
 location ^~ /hosting/discovery {
   proxy_pass http://127.0.0.1:9980;
   proxy_set_header Host $http_host;
 }

 # Capabilities
 location ^~ /hosting/capabilities {
   proxy_pass http://127.0.0.1:9980;
   proxy_set_header Host $http_host;
 }

 # main websocket
 location ~ ^/cool/(.*)/ws$ {
   proxy_pass http://127.0.0.1:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }

 # download, presentation and image upload
 location ~ ^/(c|l)ool {
   proxy_pass http://127.0.0.1:9980;
   proxy_set_header Host $http_host;
 }

 # Admin Console websocket
 location ^~ /cool/adminws {
   proxy_pass http://127.0.0.1:9980;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_set_header Host $http_host;
   proxy_read_timeout 36000s;
 }

}

Ajoutez et adapter les directives pour y ajouter du chiffrement si besoin en jouant au préalable la création d'un certificat via Let's Encrypt. Si la commande fonctinone alors il faudra la rejouer en enlevant les options “–dry-run et –test-cert”: 

certbot certonly --webroot --webroot-path=/var/lib/letsencrypt/ -d collabora.domaine.org --dry-run --test-cert
certbot certonly --webroot --webroot-path=/var/lib/letsencrypt/ -d collabora.domaine.org

On active le vhost et on vérifie qu'il n'y ait pas d'erreurs de syntaxe: 

a2ensite collabora
apache2ctl -t
systemctl reload apache2