Finally got Collabora Online up and running in my environment, so here’s a quick rundown of the journey and what I learned.
The challenge started when I realized that the built-in CODE server wouldn’t run on Alpine Linux. After checking the forums, I found out that Alpine’s use of musl libc prevents it from executing AppImages, which the built-in CODE server requires. My initial attempt to set up Collabora Online had failed here, but yesterday I managed to work around it successfully!
Setup Overview
I closely followed the steps in the Collabora Integration Guide on the Nextcloud forum, sticking as closely as possible to each instruction. However, I encountered some issues, especially with getting responses back with HTTPS from collabora while reverse proxying it without tls.
Here’s my network setup:
Me <-https-> Nginx Reverse Proxy <-http-> Nextcloud
<-http-> Collabora
My Reverse proxy does the ssl termination on wan side of my network while all trafic behind is http.
But still getting no https:// responses in the xml response of a curl https://collabora.domain.int/hosting/discovery from my setup. I first thought that it is the fault of my reverse proxy but ended up having no
idea on which additional headers can i set.
This are my nginx routes:
# Static files
location ^~ /browser {
proxy_pass http://10.0.20.172:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://10.0.20.172:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://10.0.20.172:9980;
proxy_set_header Host $http_host;
}
# Main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://10.0.20.172:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# Download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass http://10.0.20.172:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass http://10.0.20.172:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
location / {
proxy_pass http://10.0.20.172:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
Debugging Collabora Container Setup
After diving deeper, I found a relevant setting in the Nextcloud AIO (All-in-One) configuration:
COLLABORA_SECCOMP_POLICY=–o:security.seccomp=true
Additionally, I came across a sample Compose setup in a GitHub issue (credit to the original author, though I can’t recall the source). This Compose setup resolved some of the issues I was facing, especially around security and SSL handling:
services:
collabora:
image: collabora/code
container_name: collabora
restart: always
security_opt:
- seccomp:unconfined
cap_add:
- MKNOD
- SYS_CHROOT
- FOWNER
ports:
- 9980:9980
environment:
- domain=domain.int
- server_name=collabora.domain.int
- extra_params=--o:ssl.enable=false --o:ssl.termination=true
Final Thoughts
I’ll be exploring this further as time permits, but for now, I’m just glad it’s up and running!