Collabora+Nextcloud 11 separate containers

ℹ️ Support 📄 Collabora
1

I’m wondering if the Collabora docker needs to be running on the same host as the Nextcloud server or if they could be separated?

For example, I currently have a nextcloud server running in an LXD container. Could I run the collabora docker directly from my host (host is running Nginx as reverse proxy for web sites hosted in the containers) or does the docker need to be nested in the LXD container with the Nextcloud server?

2

You could run the collabora docker on any host the glue is all https and IP.

Just a matter of getting the proxy address right and changing from local host to a designated IP or DNS entry.

I haven’t tried it but my understanding is that the reverse proxy entries provide a secure entrance to the docker container for a limited subset of urls.
The ‘domain=cloud\.nextcloud\.com’ of docker run -t -d -p 127.0.0.1:9980:9980 -e ‘domain=cloud\.nextcloud\.com’ --restart always --cap-add MKNOD collabora/code
Tells collabora where to get the documents so I guess the docker container could be on any host just a matter of setting your reverse proxy to reflect where the container is.
Its the port forwarding of 127.0.0.1:9980:9980 that you will have to get right as it will not be landing on 127:0.01 any more.

3

ok, awesome! Seemed like the glue was in the https and IP, but I wasn’t sure. I launched the collabora docker, however, I seem to be having issues integrating.

At this point, I have the following site setup in the reverse proxy for the nextcloud site (https://cloud.example.com/nextcloud):

server {
listen 80;
server_name cloud.example.com;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl http2;

    include snippets/ssl-example.com.conf;
    include snippets/ssl-params.conf;

    root /var/www/html;

    server_name cloud.example.com;

    location / {
    proxy_pass http://<lxd_nextcloud_server_ip>:80;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    }

}

and the following for the collabora docker:

server {
listen 443 ssl;
server_name office.example.com;

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

# static files
location ^~ /loleaflet {
    proxy_pass https://localhost:9980;
    proxy_set_header Host $http_host;
}

# WOPI discovery URL
location ^~ /hosting/discovery {
    proxy_pass https://localhost:9980;
    proxy_set_header Host $http_host;
}

# Main websocket
location ~ /lool/(.*)/ws$ {
    proxy_pass https://localhost:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
}

# Admin Console websocket
location ^~ /lool/adminws {
    proxy_pass https://localhost:9980;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
}

# download, presentation and image upload
location ^~ /lool {
    proxy_pass https://localhost:9980;
    proxy_set_header Host $http_host;
}

}

I launched the docker with the following command:

sudo docker run -t -d -p 127.0.0.1:9980:9980 -e “domain=cloud\.example\.com” --restart always --cap-add MKNOD collabora/code

I am able to get the nginx default page at the url for the collabora docker and the xml at the hosting/discovery. I added the url that is forward to the collabora docker (like https://cloud.example.com) to the ‘Collabora Online’ app in Nextcloud. However, when I open a document I just get a blank page in Nextcloud.

I don’t get any error message in the Nextcloud interface and the docker logs are clear, so it seems like I’m missing a piece to connect the two containers. I’m not sure what I’m missing though. Do you notice anything wrong with the proxy config? Are there other logs that I can post here that might be helpful? Thank you!

4

The Collabora container might be informative.

So you are getting nextcloud up and running and hitting collabora but its the “this is embarising” empty document error?

docker logs (container-id)

Maybe install curl in that container

docker exec -i -t (container-id) /bin/sh

You should get the url from collabora of the file json it is trying to request try curl with that and see what is happening.

openssl s_client -connect example.com:443 will also give you clues to any cert probs.

Shame its LXD and just not quite docker as a nested docker container would also be quite interesting and easy.

5

When I try to open a document in the nextcloud Files app, I just get a page with the nextcloud banner at the top and a white background. It just seems to hang there, no error message, and it doesn’t seem to open collabora. Almost seems like the app is not enabled in Nextcloud? But the option to set the URL for the Collabora server appeared and saved in the admin page. Maybe I’m missing something simple in Nextcloud to enable the integration?

I read somewhere on the forums that the Office app no longer appears in the app list (top left) in NextCloud 11, so now it’s supposed to launch Collabora when you try to open a document from Files?

I do get the empty document error if I try to open the writer directly (i.e. copying a link from the hosting/discovery xml).

Docker logs don’t seem to show much.

sudo docker logs

loolforkit version details: 2.0.1 - 2.0.1
office version details: { “ProductName”: “Collabora Office”, “ProductVersion”: “5.1”, “ProductExtension”: “.10.15”, “BuildId”: “345fa14e85e6e36ad0280f4e549c70f6b9af1a18” }

6

https://nextcloud.com/collaboraonline/

<VirtualHost *:443>
  ServerName office.nextcloud.com:443

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile /path/to/signed_certificate
  SSLCertificateChainFile /path/to/intermediate_certificate
  SSLCertificateKeyFile /path/to/private/key
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>

If next cloud is in a lxd container then localhost is not actually the localhost of the host which is redirecting to the docker container?
I just have the Apache .conf from the above URL but if apache is in a container running Nextcloud using localhost isn’t going to work and needs the IP of the hosts and a change to the docker run … command?

7

I guess to clarify the way I attempted this…I have a VPS that serves as the container host for docker/lxd and it also serves as the reverse proxy (the idea there was that the host/proxy could centrally manage the SSL certs for each domain/subdomain and the containers could come and go). The Collabora Docker is listening on localhost:9980 of the host/Proxy.

user@containerhost: netstat -plnt
tcp 0 0 127.0.0.1:9980 0.0.0.0:* LISTEN -

So the container host/proxy redirects office.example.com to it’s own localhost and cloud.example.com to the nextcloud container. Then the apache server inside the nextcloud container simply serves the nextcloud instance (no virtualhost for Collabora).

8

Hi
apt-cache policy docker-engine
docker-engine:
Установлен: 1.13.0-0~ubuntu-xenial
Кандидат: 1.13.0-0~ubuntu-xenial
Таблица версий:
*** 1.13.0-0~ubuntu-xenial 500

sudo systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Вт 2017-01-24 11:39:34 +07; 58min ago
Docs: https://docs.docker.com
Main PID: 4426 (dockerd)
Tasks: 24
Memory: 42.5M
CPU: 2min 27.001s
CGroup: /system.slice/docker.service
├─4426 /usr/bin/dockerd -H fd://
└─4504 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc

янв 24 11:39:34 MediaServer dockerd[4426]: time=“2017-01-24T11:39:34.136443790+07:00” level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
янв 24 11:39:34 MediaServer dockerd[4426]: time=“2017-01-24T11:39:34.380089761+07:00” level=info msg="Loading containers: done."
янв 24 11:39:34 MediaServer dockerd[4426]: time=“2017-01-24T11:39:34.418774509+07:00” level=error msg="error checking dirperm1: failed to unmount device or resource busy"
янв 24 11:39:34 MediaServer dockerd[4426]: time=“2017-01-24T11:39:34.468426201+07:00” level=info msg="Daemon has completed initialization"
янв 24 11:39:34 MediaServer dockerd[4426]: time=“2017-01-24T11:39:34.468486403+07:00” level=info msg=“Docker daemon” commit=49bf474 graphdriver=aufs version=1.13.0
янв 24 11:39:34 MediaServer dockerd[4426]: time=“2017-01-24T11:39:34.483013835+07:00” level=info msg="API listen on /var/run/docker.sock"
янв 24 11:39:34 MediaServer systemd[1]: Started Docker Application Container Engine.
янв 24 12:35:38 MediaServer dockerd[4426]: time=“2017-01-24T12:35:38.336580848+07:00” level=error msg="Handler for POST /v1.25/containers/create returned error: No such image: hello-world:latest"
янв 24 12:35:46 MediaServer dockerd[4426]: time=“2017-01-24T12:35:46.298585974+07:00” level=error msg="Handler for POST /v1.25/containers/create returned error: device or resource busy"
янв 24 12:41:01 MediaServer dockerd[4426]: time=“2017-01-24T12:41:01.185879173+07:00” level=error msg=“Handler for POST /v1.25/containers/create returned error: device or resource busy”

docker run -t -d -p 127.0.0.1:9980:9980 -e ‘domain=*****.ru’ --restart always --cap-add MKNOD collabora/code
docker: Error response from daemon: device or resource busy.
See ‘docker run --help’.

Given prompt what to do?

9

так чего не работает-то?

10

При запуске контейнера выдается ошибка

docker run -t -d -p 127.0.0.1:9980:9980 -e ‘domain=*****.ru’ --restart always --cap-add MKNOD collabora/code

docker: Error response from daemon: device or resource busy.

docker run hello-world
docker: Error response from daemon: device or resource busy.

11

стопни, грохни и заново скачай контейнер.
Ваще, походу у них с Убунтой беда

12

Уже несколько раз грохал Docker контейнеры вычищал папки и все одно и тоже.

Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-59-generic x86_64)

13

сам движек докера обновлен?

14

да последний Server Version: 1.13.0

15

У меня ещё 1.10.3.
Если docker run hello-world на работает, то проблема не в колаборе, проблема в работе докера. Надо с ним разбираться.
Docker по этой инструкции устанавливал? https://docs.docker.com/engine/installation/linux/ubuntu/

16

Нет, сейчас по ней установлю.

17

Сначала все почисти в репозитории, чтобы лишнего не было http://tech.vyachin.net/2015/02/docker_15.html
Потом переустанови по инструкции выше, и проверь на hello-world.

Если что пиши в личку чтоли…

18

Docker установил по этой инструкции. https://docs.docker.com/engine/installation/linux/ubuntu/1
hello-world Не запускается та же ошибка

sudo apt-get -y install docker-engine=1.13.0-0~ubuntu-xenial
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
Уже установлен пакет docker-engine самой новой версии (1.13.0-0~ubuntu-xenial).
обновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 0 пакетов не обновлено.

root@MediaServer:~# sudo docker run hello-world
Unable to find image ‘hello-world:latest’ locally
latest: Pulling from library/hello-world
78445dd45222: Pull complete
Digest: sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7
Status: Downloaded newer image for hello-world:latest
docker: Error response from daemon: device or resource busy.
See ‘docker run --help’.

19

Yes, mine works fine that way, following the instructions exactly as they are written up. Just be careful to read the instructions carefully to select the right server address to replace each localhost address. And make sure that the docker container is listening on an ip address other than localhost too so that the reverse proxy can see it.