How secure is Collabora Online DE?

Hello All,

So I have Collabora running on I’m a little concerned with the security of this setup. It’s an application available to the internet and no login. To get my setup working (non-docker install;apt-get), I had to modify the configuration to allow MOPI domain of So theoretically Collabora is only accessible from a local network or

This still gives my bad vibes, the discovery service is available, which means you can all URLs and pass it ‘stuff’. I assume the server won’t ‘let’ anything happen unless it’s from the correct domain/host/IP, etc… However I don’t know enough of the Collabora API to validate this…

So base question: How secure is this? An open non-secured webapp available to the internet? Thx!

Well, i asked myself the same question today and unfortunately noone replied to you here.
My setup is a little bit different from what i usually seen. I run collabora online on the same domain as my nextcloud instance. (Same apache virtualhost). The CODE itself runs inside a docker, and the nextcloud in the host itself. I use self signed certificates.

How did you get it working with self-signed certificates?

You can just add your own CA cert (used to self-sign) to linux’s trusted ca certificate folder.

Am on OS X

It should not matter. just find where OSX saves its trusted certificate list.

Very secure - checkout eg. “The Security Onion” slide here for example: of course - adding extra layers such as VPNs around that can’t hurt too - but shouldn’t be necessary.