[Collabora] Configuration with docker-compose

grimy55 · October 7, 2016, 4:58pm

Hi all,

I’m having hard time to make Collabora work by integrating their docker image in my existing docker-compose file running Nextcloud. Nextcloud is running on port 8888 and ssl is independently handled by a reverse-proxy. So ssl should be disabled on Collabora as well. Could you help me on how to add Collabora in the following docker-compose file? Thanks!

db:
  image: mariadb:10
  restart: always
  privileged: true
  environment:
    - MYSQL_ROOT_PASSWORD=<mypassword>
    - MYSQL_USER=<myuser>
    - MYSQL_DATABASE=<mydb>
    - MYSQL_PASSWORD=<mypassword>
    - TZ="America/Chicago"
  volumes:
    - ./mysql:/var/lib/mysql

engine:
  image: wonderfall/nextcloud
  privileged: true
  links:
    - db:db
  ports:
    - "8888:8888"
  environment:
    - UID=1000
    - GID=1000
    - UPLOAD_MAX_SIZE=10G
    - APC_SHM_SIZE=128M
    - OPCACHE_MEM_SIZE=128
    - CRON_PERIOD=15m
  volumes:
    - ./data:/data
    - ./config:/config
    - ./apps:/apps2

Snowyo · October 7, 2016, 10:20pm

Hey,

I’m working on that to. I haven’t got it completely running and my setup differs a little bit from yours, but I might give you a starting point:

You could easily add collabora to the compose file without using https. Basically you just have to translate the docker run command to a compose file entry.

So the section to add would be something like that:

  collabora:
    image: collabora/code
    container_name: collabora
    ports:
      - 9980:9980
    cap_add:
      - MKNOD
    environment:
      - domain=<nextcloud.domain.tld>

Now you have to configure your reverse proxy to forward request to the collabora container (add a VirtualHost/Server):

Then you have to log in as admin and install the [collabora online connector app] (https://apps.owncloud.com/content/show.php/Collabora+Online?content=174727). You might have to manually download and put it into your apps folder.

In the admin settings you have a section Additional settings. There you have to specify the collabora url. Since everything is running in docker the containers names are resolved. Instead of you full ip/domain name you can use the name of the container and use http.

http://collabora:9980

For me this gets everything connected but loading/creating Files does not work with the following error:

{
    "reqId" : "s0SvP1+K6jsHsuHx+Ni3",
    "remoteAddr" : "172.20.0.2",
    "app" : "PHP",
    "message" : "Undefined index: dir at \/var\/www\/html\/apps\/richdocuments\/controller\/documentcontroller.php#295",
    "level" : 3,
    "time" : "2016-10-07T21:57:20+00:00",
    "method" : "POST",
    "url" : "\/index.php\/apps\/richdocuments\/ajax\/documents\/create",
    "user" : "admin"
}

I’m investigating further and hope to find a solution

grimy55 · October 8, 2016, 1:57am

Thanks for your help. I added collabora in the docker-compose file as you suggested. I think the issue I have is that collabora is still waiting for an SSL connection. I try to connect locally to the test page:

https://192.168.0.10:9980/loleaflet/1.8.3/loleaflet.html?file_path=file:///usr/bin/test/data/hello-world.odt

Doing so in HTTP gives a “connection was reset” error.
Doing so in HTTPS shows a Collabora document web page with this overprinted error message “We are sorry, this is an unexpected connection error. Please try again.”

So, right now, I’m wandering if there is a way to run the Collabora server without SSL.

Snowyo · October 8, 2016, 10:30am

Yeah can confirm this, I have the same error.

Snowyo · October 8, 2016, 12:28pm

Hey,
I got it working!

But I am now using a subdomain and ssl encryption, like the guides suggested. With the reverse proxy container I’m using it’s just much easier.

jwilder/nginx-proxy creates the reverse proxy configuration automatically. So I didn’t have to edit any config files. It’s all docker-compose .

I simply had to tell the reverse proxy to use a https backend and redirect the requests to the collabora port 9980 via environment variables. It’s even possible to use expose instead of ports so the collabora port is not public accessible on the host.

Combined with the letsencrypt-companion I don’t even have to worry about certificates.

Here my compose file:

version: '2'


services:
  proxy:
    image: jwilder/nginx-proxy
    container_name: proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./proxy/conf.d:/etc/nginx/conf.d
      - ./proxy/vhost.d:/etc/nginx/vhost.d
      - ./proxy/html:/usr/share/nginx/html
      - ./proxy/certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier

  letsencrypt-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: letsencrypt-companion
    volumes_from:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./proxy/certs:/etc/nginx/certs:rw


  web:
    image: nginx
    container_name: nextcloud_webserver
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
    links:
      - app
    volumes_from:
      - app
    environment:
      - VIRTUAL_HOST=<cloud.domain.tld>
      - VIRTUAL_NETWORK=nginx-proxy
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=<cloud.domain.tld>
      - LETSENCRYPT_EMAIL=<admin@domain.tld>
    networks:
      - proxy-tier


  app:
    image: indiehosters/nextcloud
    container_name: nextcloud_fpm
    links:
      - db
    volumes:
      - ./nextcloud/apps:/var/www/html/apps
      - ./nextcloud/config:/var/www/html/config
      - ./nextcloud/data:/var/www/html/data
    networks:
      - proxy-tier


  db:
    image: mariadb
    container_name: db
    volumes:
      - ./nextcloud/db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=<password>
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=<userpassword>
    networks:
      - proxy-tier

  redis:
    image: redis
    container_name: redis
    networks:
      - proxy-tier

  collabora:
    image: collabora/code
    container_name: collabora
    expose:
      - 9980
    cap_add:
      - MKNOD
    environment:
      - domain=<cloud.domain.tld>
      - VIRTUAL_HOST=<office.domain.tld>
      - VIRTUAL_NETWORK=nginx-proxy
      - VIRTUAL_PORT=9980
      - VIRTUAL_PROTO=https
      - LETSENCRYPT_HOST=<office.domain.tld>
      - LETSENCRYPT_EMAIL=<admin@domain.tld>
    networks:
      - proxy-tier


networks:
  proxy-tier:
    external:
      name: nginx-proxy

grimy55 · October 9, 2016, 2:17pm

I use an haproxy docker container as a reverse proxy + ssl handling. I don’t use neither nginx-proxy nor let’s encrypt even though that looks pretty nice. That might be the opportunity to look closer at this kind of solution when I’ll have more time. Thx!

grimy55 · October 12, 2016, 6:52pm

Ok, that sounds to work now, but only when the collabora url within Nextcloud settings is set to the collabora website external address (<office.domain.tld>). When it is set to the local url http://collabora:9980, I have the following error:

Collabora Online unknown error: cURL error 52: Empty reply from server Please contact the “http://collabora:9980” administrator.

When using the external url the access is pretty long and I have latency navigating through the documents, Hope that could be solved if I succeed to connect through the local url. If someone could help me understand, that would be nice.
Below is my configurations. the reverse proxy and nextcloud configuration are broken down in two docker-compose.yml:

version: '2'

services:

  proxy_nginx:
    image: jwilder/nginx-proxy
    container_name: proxy_nginx
    privileged: true
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./proxy/certs:/etc/nginx/certs:ro
      - ./proxy/vhost.d:/etc/nginx/vhost.d
      - ./proxy/conf.d:/etc/nginx/conf.d
      - ./proxy/html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - front

  proxy_letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: proxy_letsencrypt
    privileged: true
    volumes:
      - ./proxy/certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
    volumes_from:
      - proxy_nginx

networks:
  front:
    external:
      name: proxy-ssl

and

version: '2'

services:

  app:
    image: wonderfall/nextcloud
    privileged: true
    links:
      - db
      - collabora
    environment:
      - UID=1000
      - GID=1000
      - UPLOAD_MAX_SIZE=10G
      - APC_SHM_SIZE=128M
      - OPCACHE_MEM_SIZE=128
      - CRON_PERIOD=15m
      - VIRTUAL_HOST=<cloud.domain.tld>
      - VIRTUAL_NETWORK=proxy-ssl
      - VIRTUAL_PORT=8888
      - LETSENCRYPT_HOST=<cloud.domain.tld>
      - LETSENCRYPT_EMAIL=<admin@domain.tld>
    volumes:
      - ./data:/data
      - ./config:/config
      - ./apps:/apps2
    networks:
      - front
      - back

  db:
    image: mariadb:10
    restart: always
    privileged: true
    environment:
      - MYSQL_ROOT_PASSWORD=<password>
      - MYSQL_USER=user
      - MYSQL_DATABASE=db
      - MYSQL_PASSWORD=<password>
      - TZ="America/Chicago"
    volumes:
      - ./mysql:/var/lib/mysql
    networks:
      - back

  redis:
    image: redis
    networks:
      - back

  collabora:
    image: collabora/code
    expose:
      - 9980
    cap_add:
      - MKNOD
    environment:
      - domain=<cloud.domain.tld>
      - VIRTUAL_HOST=<office.domain.tld>
      - VIRTUAL_NETWORK=proxy-ssl
      - VIRTUAL_PORT=9980
      - VIRTUAL_PROTO=https
      - LETSENCRYPT_HOST=<office.domain.tld>
      - LETSENCRYPT_EMAIL=<admin@domain.tld>
    networks:
      - front

networks:
  front:
    external:
      name: proxy-ssl
  back:

grimy55 · October 13, 2016, 12:17am

Well, I’ve said it works with the external url which is right… sometimes. It can happen that a document does not open with the following error forwarded by Docker:

collabora_1 | wsd-00029-05 04:02:26.019667 [ client_ws_000b ] Timed out while waiting for document to unload before loading.
collabora_1 | wsd-00029-05 04:02:26.019693 [ client_ws_000b ] DocBroker is invalid or child had SDS. Service Unavailable.
collabora_1 | wsd-00029-05 04:02:26.019732 [ client_ws_000b ] ClientRequestHandler::handleRequest: WebSocketErrorMessageException: Service is unavailable. Please try again later and report to your administrator if the issue persists.

UPDATE: It works much better with the last collabora/code pull. I’ll indicate this thread as solved.

lachmanfrantisek · November 11, 2016, 11:22pm

@Snowyo Thank you for the solution. I have same setting with nginx-proxy and letsencrypt-companion and could not get it work. Adding expose solved the problem.

You saved me lot of time. Thanks.

gdeflaux · May 17, 2017, 6:07pm

Hi guys,

I am reopening this thread because I can’t get my setup to work although my docker-compose.yml file seems to be OK. There must be something I am not seing. I am posting it below. I’d be super grateful for any advice on what is possibly wrong.

My NC install works great, the reverse proxy and the lets encrypt image as well. When I open the Collabora domain in a browser (office.mydomain.com) I get a page with the text “OK” (and an 200 response code).

When I try to open a document, the page loads until I get a 504 Gateway Time-out. When I try to increase the timeout limit I end up seeing a NC error page with the message Access Forbidden.

proxy:
  image: jwilder/nginx-proxy
  volumes:
    - /var/run/docker.sock:/tmp/docker.sock
    - /var/local/nginx/certs:/etc/nginx/certs:ro
    - /var/local/nginx/vhost.d:/etc/nginx/vhost.d
    - /var/local/nginx/html:/usr/share/nginx/html
  ports:
    - "80:80"
    - "443:443"

certs:
  image: jrcs/letsencrypt-nginx-proxy-companion
  volumes:
    - /var/local/nginx/certs:/etc/nginx/certs:rw
    - /var/run/docker.sock:/var/run/docker.sock:ro
  volumes_from:
    - proxy

nextcloud:
  image: wonderfall/nextcloud:11.0
  links:
    - mariadb:mariadb
  environment:
    - UID=1000
    - GID=1000
    - UPLOAD_MAX_SIZE=10G
    - APC_SHM_SIZE=128M
    - OPCACHE_MEM_SIZE=128
    - REDIS_MAX_MEMORY=64mb
    - CRON_PERIOD=15m
    - TZ=Europe/Berlin
    - ADMIN_USER=admin
    - ADMIN_PASSWORD=<my_pwd>
    - DB_TYPE=mysql
    - DB_NAME=nextcloud
    - DB_USER=nextcloud
    - DB_PASSWORD=<my_pwd>
    - DB_HOST=mariadb
    - VIRTUAL_HOST=files.mydomain.com
    - LETSENCRYPT_HOST=files.mydomain.com
    - LETSENCRYPT_EMAIL=admin@mydomain.com
  volumes:
    - /mnt/goinfre-1/nextcloud/data:/data
    - /mnt/goinfre-1/nextcloud/config:/config
    - /mnt/goinfre-1/nextcloud/apps:/apps2
  ports:
    - "8888:8888"

mariadb:
  image: mariadb:10
  volumes:
    - /var/local/mariadb:/var/lib/mysql
  environment:
    - MYSQL_ROOT_PASSWORD=<my_pwd>
    - MYSQL_DATABASE=nextcloud
    - MYSQL_USER=nextcloud
    - MYSQL_PASSWORD=<my_pwd>

gogs:
  image: gogs/gogs
  volumes:
    - /mnt/goinfre-1/gogs:/data
  ports:
    - "3000:3000"
    - "3022:22"
  environment:
    - VIRTUAL_HOST=code.mydomain.com
    - VIRTUAL_PORT=3000
    - LETSENCRYPT_HOST=code.mydomain.com
    - LETSENCRYPT_EMAIL=admin@mydomain.com
  links:
    - mariadb:mariadb
    
collabora:
  image: collabora/code
  expose:
    - 9980
  environment:
    - domain=files\\.mydomain\\.com
    - VIRTUAL_HOST=office.mydomain.com
    - VIRTUAL_PORT=9980
    - VIRTUAL_PROTO=https
    - LETSENCRYPT_HOST=office.mydomain.com
    - LETSENCRYPT_EMAIL=admin@mydomain.com
  cap_add:
    - MKNOD

almereyda · July 1, 2017, 3:35am

Same here.

Mdaly001 · August 17, 2018, 1:54am

did you ever figure it out? I am stuck as well using haproxy

Pilouuu · October 30, 2018, 4:18pm

Thanks a lot. This worked great for me (after several days of research).

conspacer · April 22, 2019, 9:02am

Confirmed this is working. Make sure in your settings (in the NC GUI) you use the value: http://<office.domain.tld>:80 even though the nginx proxy will cover everything with SSL.

razor7 · June 2, 2020, 2:20pm

Hi! I recently ran out of disk space using docker collabora ce. So I wonder if I can set volumes paths in docker-compose.yml file so I can route heavy folders outside docker volumes. I tryed with old docker-compose.yml volumes stated at first post but it seems that collabora doesn’t use that paths anymore and I’m having a hard time finding them.

Can you please tell me which paths should I redirect to external storage to avoid heavy disk usage on host?

Here’s my working docker-compose.yml file. It works just fine connected to docker nextcloud instance!

version: '3'

services:
  collabora:
    image: 'collabora/code:4.2.3.1'
    restart: always
    container_name: collabora
    ports:
      - 9980:9980
    cap_add:
      - MKNOD
    environment:
      - domain=XXXXXXXXXXX
      - dictionaries='en es'
      - username=XXXXXX
      - password=XXXXXXX
      - VIRTUAL_HOST=XXXXXXXXXXX
      - VIRTUAL_PORT=9980
      - VIRTUAL_PROTO=https
    volumes:
      #- '/media/data/collabora/data:/data'
      #- '/media/data/collabora/config:/config'
      #- '/media/data/collabora/apps2:/apps2'
      - '/media/data/collabora/etc/loolwsd:/etc/loolwsd'

Thanks!

Birgit-Ducarroz · October 14, 2021, 10:38am

Hi.

I try to do the same but without Letsencrypt. I use my own SSL.
So far so good, all works, but when I enable the webdeveloper network inspetor in Firefox I see that my password is sent unencrypted when logging into nextcloud.
Can someone please help me with this issue?

docker-compose.yml

version: '3.9'

volumes:
  nextcloud:
    name: nextcloud
  nextcloud-mariadb:
    name: nextcloud-mariadb

services:
  nginx-proxy:
    restart: always
    environment:
      - TZ=Europe/Zurich
    image: jwilder/nginx-proxy:alpine
    container_name: nextcloud-reverse-proxy
    ports:
      - "8001:443"
    dns_search:
      - "myhost.ch"
    volumes:
      - "/var/run/docker.sock:/tmp/docker.sock:ro"
      - /volume/config/certs/uo:/etc/nginx/certs:ro
      - /volume/config/reverse-proxy/nginx.conf:/etc/nginx/nginx.conf:ro
      - /volume/config/reverse-proxy/dhparam.pem:/etc/nginx/dhparam/dhparam.pem:ro
      - /volume/config/nextcloud/logfiles/error.log:/var/log/nginx/error.log

  php8.0.8-apache:
    restart: always
    image: php:8.0.8-apache
    container_name: nextcloud-php8.0.8-apache
    environment:
      - TZ=Europe/Zurich
    volumes:
      - /volume/usrdata:/var/www/html/

  nextcloud-mariadb:
    image: mariadb
    container_name: nextcloud-mariadb-3306
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --skip-innodb-read-only-compressed
    links:
      - nginx-proxy
    volumes:
      - /volume/usrdata/nextcloud/mariadb:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=mypass
      - MYSQL_PASSWORD=mypass
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - TZ=Europe/Zurich
  app:
    image: nextcloud
    restart: always
    container_name: nextcloud
    links:
      - nextcloud-mariadb
      - nginx-proxy
    volumes:
      - /volume/usrdata/nextcloud:/var/www/html
    environment:
      - VIRTUAL_HOST=myhost.ch
      - MYSQL_PASSWORD=mypass
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=nextcloud-mariadb
      - TZ=Europe/Zurich

nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  10240;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  ' -  [] "" '
                      '  "" '
                      '"" ""';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
    server_tokens off;
    proxy_set_header Proxy "";
    include /etc/nginx/conf.d/*.conf;


     server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
        ssl_certificate /etc/nginx/certs/myhost.ch.crt;
        ssl_certificate_key /etc/nginx/certs/myhost.ch.key;
	return 301 https://$host$request_uri;
    }
}
daemon off;

nextcloud-login-non-encrypted

ferdiga · May 8, 2022, 10:48am

change in configuration after collabora 21.11.2.4.1:

instead of

    environment:
      - "domain=<nc-domain>"

you must use to allow access

    environment:
      - "aliasgroup1=https://<nc.domain>"
      - "aliasgroup2=https://<nc2.domain>"
      - "aliasgroup3=https://<nc3.domain>"

mikebakke · March 17, 2023, 8:54am

Thank you! - this gave me enough to finally get a single Collabora container usable by multiple NC instances. I had been struggling with this for over a week…

As a note - to do this in my compose file I used this format:

environment:
- aliasgroup1=instance1.domain.com
- aliasgroup2=instance2.domain.com

appears slightly different but passes the “good enough and works” check

As a general note - as a relative novice I find the lack of nicely worked examples a constant struggle with the whole NC landscape. As a contrast - I’d mention the CheckMK application where the documentation works for many different skill levels.

Thanks again.

mikebakke · March 17, 2023, 10:53am

Oops - it wasn’t working with multiple, but it does work with a single so that is a major step forward as I couldn’t even get that working before. I had it working fine from a run command but the compose (using the same image) wouldn’t. Good enough now

wwe · March 17, 2023, 4:31pm

multiple domains work fine with multiple docker containers when configured like here