Collabora, Nextcloud 11, FreeNAS, Nginx

I’m sorry to be so much of a pain, but I’m trying to get the Collabora plugin setup.

My host system is FreeNas 9.10
I’m using NextCloud 11 with NextCloud/nginx installed within a jail on FreeNAS
I have an SSL certificate through LetsEncrypt and all http traffic is directed to my 443 address.

Because of the docker limitations with Collabora and the fact that FreeNAS can’t run docker images, I installed Ubuntu linux within a bhyve virtual machine on FreeNAS and within this installed the collabora docker image.

My local ngnix/NextCloud server is running at 10.0.1.151
Ubuntu/Collabora server is running at 10.0.1.161
I have a domain name registered which points to the nginx server.
Please note the NextCloud server is on a different Local IP than the Collabora server

  1. How exactly do I initiate the docker collabora container with the appropriate parameters
    I’ve tried the following:
    sudo docker run -t -d -p 10.0.1.161:9980:9980 -e ‘domain=xxx.com’ --restart always --cap-add MKNOD collabora/code

  2. How do I set up nginx?? This is what I have – snippet of nginx.config file (I’ll include all if needed)
    server {
    listen 443 ssl http2 default_server;
    #listen [::]:443 ssl http2 default_server;

     server_name xxx.com;
     ssl_certificate /usr/local/etc/letsencrypt/live/xxx.com/fullchain.pem;
     ssl_certificate_key /usr/local/etc/letsencrypt/live/xxx.com/privkey.pem;
    
     root /usr/local/www;
     location = /robots.txt { allow all; access_log off; log_not_found off; }
     location = /favicon.ico { access_log off; log_not_found off; }
    
     # Add headers to serve security related headers
     # Before enabling Strict-Transport-Security headers please read into this
     # topic first.
     # add_header Strict-Transport-Security "max-age=15768000;
     # includeSubDomains; preload;";
     add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
     add_header X-Content-Type-Options nosniff;
     add_header X-Frame-Options "SAMEORIGIN";
     add_header X-XSS-Protection "1; mode=block";
     add_header X-Robots-Tag none;
     add_header X-Download-Options noopen;
     add_header X-Permitted-Cross-Domain-Policies none;
    
     location = /office {
     rewrite ^/office(.*) /$1 break;
     proxy_pass http://10.0.1.161:81;
    

    }

    static files

     location ^~ /loleaflet {
     	proxy_pass https://10.0.1.161:9980;
     	proxy_ssl_verify off;
     	proxy_set_header Host $http_host;
     }
    
     # WOPI discovery URL
     location ^~ /hosting/discovery {
     	proxy_pass https://10.0.1.161:9980;
     	proxy_ssl_verify off;
     	proxy_set_header Host $http_host;
     }
    
     # websockets, download, presentation and image upload
     location ^~ /lool {
     	proxy_pass https://10.0.1.161:9980;
     	proxy_ssl_verify off;
     	proxy_set_header Upgrade $http_upgrade;
     	proxy_set_header Connection "upgrade";
     	proxy_set_header Host $http_host;
     }
    

  1. I can connect locally to the Collabora server at https:/10.0.1.161:9980 but I get a problem with the web browser complaining the certificate is unknown – and when I examine the certificate it says it was issued by localhost. Is this normal? If I choose to bypass the security warning, I get an OK appearing on the web browser

  2. What setting do I use for the Collabora Online Server within the setup on Nextcloud? I tried https://10.0.1.161:9980, however I’m consistently getting an access denied error. I’m assuming this is because things are properly setup in terms of certs however I’m uncertain.

Any help would be appreciated.

normaly you would do something like this:

you start the docker container with “cloud.xxx.com” and set your collabora server to “office.xxx.com” in nextcloud.

in your post you state that collabora shows a self-signed certificate by and for “localhost”. so yes, i’d agree that you have a certificate problem.
two things i notice instantly:

  • the url/domain of the collabora server you set in your nextcloud should be the one with a valid certificate (therefore, localhost is not the best solution)
  • certificates only work if both machines “know” it. maybe it works if your nextcloud instance knows about your “localhost” cert?

Ok – I finally figured this one out guys – And I have to say the documentation is lacking

Setup

  1. Nextcloud on FreeNAS within FreeBSD jail. Nginx webserver running in jail – Local IP address = 10.0.1.151
  2. Byhve hypervisor running Ubuntu Linux with Docker collabora container – Local IP address = 10.0.1.161
  3. Certbot configured and running in the jail with nginx/nextcloud – domain name xxx.com

Started the docker container with the following:
sudo docker run -t -d -p 10.0.1.161:9980:9980 -e ‘domain=xxx.com’ --restart always --cap-add MKNOD collabora/code

Nginx configuration: # static files
location ^~ /loleaflet {
proxy_pass https://10.0.1.161:9980;
proxy_ssl_verify off;
proxy_set_header Host $http_host;
}

    # WOPI discovery URL
    location ^~ /hosting/discovery {
            proxy_pass https://10.0.1.161:9980;
            proxy_ssl_verify off;
            proxy_set_header Host $http_host;
    }

    # websockets, download, presentation and image upload
    location ^~ /lool {
            proxy_pass https://10.0.1.161:9980;
            proxy_ssl_verify off;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $http_host;
    }
  1. Kicker to problem was the collabora plugin within nextcloud. The instructions state to type in location of collobora server – however this isn’t correct if nginx and collabora are running on different IP addresses. The address is the ngnix URL and not the collabora – so in my case I type
    https://xxx.com
    The forwarding to the collabora server is done within the nginx setup itself

Please note — I’m running nextcloud at:
xxx.com/nextcloud and not at nextcloud.xxx.com. In this case the setup might be different since with nextcloud.xxx.com you are using a virtual domain, whereas with xxx.com/nextcloud your are not.

Hopefully this saves someone some effort in the future as the documentation is lacking.

1 Like

Hey @kevdog,

I’m glad you got it working. I wonder how long that took… hope not as long as over here… I’ve been at this for too many days trying to get this to work.

I’m also on FN with bsd jail where nc is running, and a bhyve ubuntu setup with docker.

However, everything here is on apache. And, I’m having to use subdomains. Only after changing docker run ip from the 127 to my local 192 did I actually get anything. Hitting https://192.168.2.9:9980/hosting/discovery gives me xml. But next cloud just gives me access forbidden when trying to open a doc file.

I’ve tried everything I could think of or find… and still no success. Very frustrating.

Would you mind sharing full nginx config in case I end up trying to switch from apache. I’d appreciate it. And extra kudos if you could share any tips on achieving a working setup with subdomains. That would be awesome.

Thank you in advance.

Sorry for late response – I’m not using nginx anymore – I’ve switched to apache. My setup has definitely changed.