HowTo: Install Collabora Online on Ubuntu 16.04. (without Docker!)

Guten Morgen,

vserver bei hosteurope, ubuntu 16.04 server. Ich habe, entsprechend der Anleitung hier das Script von github gecloned nach /tmp und von dort ausgeführt. Es werden jede Menge Pakete heruntergeladen - augenscheinlich fehlerfrei - bevor nach wenigen Minuten folgender Fehler auftritt:

E: Unable to find a source package for libreoffice
lool:x:119:127::/opt/lool:/bin/false
chown: cannot access ‘/home/lool’: No such file or directory
./officeonline-install.sh: eval: line 448: syntax error near unexpected token `)’

Ich würde das schon sehr gerne ans Laufen kriegen, da meine bisherigen Versuche, sowohl mit Docker (geht systembedingt nicht) als auch den Repos von Collabora (Nutzerbeschränkung, funktioniert nicht) fehlgeschlagen sind.

Wenn ich das Verzeichnis /home/lool händisch erstelle, verschwindet zwar der betreffende Fehler, der syntax-error bleibt abre bestehen.

Für jede Hilfe dankbar

Thorsten

I built the Libreoffice’s core successfully . But i have a problem while compiling web socket server. Here’s what i did;

libtoolize
aclocal
automake --add-missing
autoreconf
autoheader

./configure --enable-silent-rules --with-lokit-path=${MASTER}/include --with-lo-path=${MASTER}/instdir --enable-debug --with-poco-includes=/opt/poco/include --with-poco-libs=/opt/poco/lib

after that i run
make

here’s the error :

net/Ssl.cpp: In constructor ‘SslContext::SslContext(const string&, const string&, const string&)’:

net/Ssl.cpp:46:5: error: ‘void OPENSSL_config(const char*)’ is deprecated [-Werror=deprecated-declarations]
OPENSSL_config(nullptr);
^~~~~~~~~~~~~~
In file included from /usr/include/openssl/ct.h:13:0,
from /usr/include/openssl/ssl.h:61,
from net/Ssl.hpp:19,
from net/Ssl.cpp:13:
/usr/include/openssl/conf.h:92:1: note: declared here
DEPRECATEDIN_1_1_0(void OPENSSL_config(const char config_name))
^
net/Ssl.cpp:46:27: error: ‘void OPENSSL_config(const char
)’ is deprecated [-Werror=deprecated-declarations]
OPENSSL_config(nullptr);
^
In file included from /usr/include/openssl/ct.h:13:0,
from /usr/include/openssl/ssl.h:61,
from net/Ssl.hpp:19,
from net/Ssl.cpp:13:
/usr/include/openssl/conf.h:92:1: note: declared here
DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name))
^
net/Ssl.cpp: In member function ‘void SslContext::initDH()’:
net/Ssl.cpp:237:7: error: invalid use of incomplete type ‘DH {aka struct dh_st}’
dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
^~
In file included from /usr/include/openssl/crypto.h:31:0,
from /usr/include/openssl/comp.h:16,
from /usr/include/openssl/ssl.h:47,
from net/Ssl.hpp:19,
from net/Ssl.cpp:13:
/usr/include/openssl/ossl_typ.h:104:16: note: forward declaration of ‘DH {aka struct dh_st}’
typedef struct dh_st DH;
^~~~~
net/Ssl.cpp:238:7: error: invalid use of incomplete type ‘DH {aka struct dh_st}’
dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0);
^~
In file included from /usr/include/openssl/crypto.h:31:0,
from /usr/include/openssl/comp.h:16,
from /usr/include/openssl/ssl.h:47,
from net/Ssl.hpp:19,
from net/Ssl.cpp:13:
/usr/include/openssl/ossl_typ.h:104:16: note: forward declaration of ‘DH {aka struct dh_st}’
typedef struct dh_st DH;
^~~~~
net/Ssl.cpp:239:7: error: invalid use of incomplete type ‘DH {aka struct dh_st}’
dh->length = 160;
^~
In file included from /usr/include/openssl/crypto.h:31:0,
from /usr/include/openssl/comp.h:16,
from /usr/include/openssl/ssl.h:47,
from net/Ssl.hpp:19,
from net/Ssl.cpp:13:
/usr/include/openssl/ossl_typ.h:104:16: note: forward declaration of ‘DH {aka struct dh_st}’
typedef struct dh_st DH;
^~~~~
net/Ssl.cpp:240:13: error: invalid use of incomplete type ‘DH {aka struct dh_st}’
if ((!dh->p) || (!dh->g))
^~
In file included from /usr/include/openssl/crypto.h:31:0,
from /usr/include/openssl/comp.h:16,
from /usr/include/openssl/ssl.h:47,
from net/Ssl.hpp:19,
from net/Ssl.cpp:13:
/usr/include/openssl/ossl_typ.h:104:16: note: forward declaration of ‘DH {aka struct dh_st}’
typedef struct dh_st DH;
^~~~~
net/Ssl.cpp:240:25: error: invalid use of incomplete type ‘DH {aka struct dh_st}’
if ((!dh->p) || (!dh->g))
^~
In file included from /usr/include/openssl/crypto.h:31:0,
from /usr/include/openssl/comp.h:16,
from /usr/include/openssl/ssl.h:47,
from net/Ssl.hpp:19,
from net/Ssl.cpp:13:
/usr/include/openssl/ossl_typ.h:104:16: note: forward declaration of ‘DH {aka struct dh_st}’
typedef struct dh_st DH;
^~~~~
cc1plus: all warnings being treated as errors
make[2]: *** [net/Ssl.o] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

hey folks, i’m back trying to install Collabora instead of onlyoffice because onlyoffice f*ed up my nextcloud admin page and i would love to come to the bright side of open source again with true open office document support.

I installed the official repo and boom starting loolwsd gives me instructions to go to the admin page and boom again it fails with this:

kit-13005-12993 09:16:47.270413 [ loolkit ] ERR Failed to install seccomp syscall filter| common/Seccomp.cpp:199
kit-13005-12993 09:16:47.270488 [ loolkit ] ERR LibreOfficeKit security lockdown failed. Exiting.| kit/Kit.cpp:1763
wsd-12991-12991 09:17:18.004398 [ loolwsd ] FTL Failed to fork child processes.| wsd/LOOLWSD.cpp:2487
Failed to fork child processes.
wsd-12991-12991 09:17:18.004645 [ loolwsd ] FTL Failed to fork child processes.| wsd/LOOLWSD.cpp:2634
Failed to fork child processes.
wsd-12991-12991 09:17:18.005005 [ loolwsd ] WRN Waking up dead poll thread [admin], started: false, finished: false| ./net/Socket.hpp:507
wsd-12991-12991 09:17:18.005034 [ loolwsd ] WRN Waking up dead poll thread [admin], started: false, finished: false| ./net/Socket.hpp:507
wsd-12991-12991 09:17:18.005515 [ loolwsd ] WRN Waking up dead poll thread [delay_poll], started: false, finished: false| ./net/Socket.hpp:507
wsd-12991-12991 09:17:18.005536 [ loolwsd ] WRN Waking up dead poll thread [delay_poll], started: false, finished: false| ./net/Socket.hpp:507
-12991 09:17:18.007153 [ loolwsd ] WRN Waking up dead poll thread [accept_poll], started: false, finished: false| ./net/Socket.hpp:507
-12991 09:17:18.007180 [ loolwsd ] WRN Waking up dead poll thread [accept_poll], started: false, finished: false| ./net/Socket.hpp:507
-12991 09:17:18.007201 [ loolwsd ] WRN Waking up dead poll thread [websrv_poll], started: false, finished: false| ./net/Socket.hpp:507
-12991 09:17:18.007220 [ loolwsd ] WRN Waking up dead poll thread [websrv_poll], started: false, finished: false| ./net/Socket.hpp:507
-12991 09:17:18.007228 [ loolwsd ] WRN Waking up dead poll thread [accept_poll], started: false, finished: false| ./net/Socket.hpp:507
-12991 09:17:18.007235 [ loolwsd ] WRN Waking up dead poll thread [accept_poll], started: false, finished: false| ./net/Socket.hpp:507
-12991 09:17:18.007446 [ loolwsd ] WRN Waking up dead poll thread [websrv_poll], started: false, finished: false| ./net/Socket.hpp:507
-12991 09:17:18.007463 [ loolwsd ] WRN Waking up dead poll thread [websrv_poll], started: false, finished: false| ./net/Socket.hpp:507
frk-12993-12993 09:17:18.016653 [ forkit ] FTL Pipe closed.| common/IoUtil.cpp:309

did anyone of you experience this before?

Error building against OpenSSL 1.1.0
@ozturkemre

Libreoffice/online team has provided a patch for this problem:
https://cgit.freedesktop.org/libreoffice/online/commit/?id=702bbdd5d8dd31eda8a2dfdb726be3c6cd978ec2
(also see original bug report: https://bugs.documentfoundation.org/show_bug.cgi?id=111429 )

after patching /opt/online/net/Ssl.ccp, the compiling finishes without error.

1 Like

Has anybody managed to build a newer, say 2.1.4 version of loowsd using this script? I can’t seem to figure out how to achieve that. Whatever I am trying to pass to the script, it always grabs loolwsd 2.1.2.

1 Like

Thanks - just what I needed.

Help Please:

After hours of installing:

make: Verzeichnis „/opt/online“ wird betreten
make all-recursive
make[1]: Verzeichnis „/opt/online“ wird betreten
Making all in .
make[2]: Verzeichnis „/opt/online“ wird betreten
CXX common/loolstress-Protocol.o
CXX common/loolstress-Log.o
CXX common/loolstress-Util.o
CXX net/clientnb.o
CXX tools/Connect.o
CXX tools/KitClient.o
CXX wsd/loolwsd_fuzzer-Admin.o
CXX wsd/loolwsd_fuzzer-AdminModel.o
CXX wsd/loolwsd_fuzzer-Auth.o
CXX wsd/loolwsd_fuzzer-DocumentBroker.o
CXX wsd/loolwsd_fuzzer-LOOLWSD.o
CXX wsd/loolwsd_fuzzer-ClientSession.o
CXX wsd/loolwsd_fuzzer-FileServer.o
In file included from wsd/LOOLWSD.cpp:106:0:
./common/UnitHTTP.hpp:86:18: error: ‘virtual bool UnitHTTPServerRequest::expectContinue() const’ marked ‘override’, but does not override
** virtual bool expectContinue() const override**
^
Makefile:1303: die Regel für Ziel „wsd/loolwsd_fuzzer-LOOLWSD.o“ scheiterte
make[2]: *** [wsd/loolwsd_fuzzer-LOOLWSD.o] Fehler 1
make[2]: *** Auf noch nicht beendete Prozesse wird gewartet …
make[2]: Verzeichnis „/opt/online“ wird verlassen
Makefile:1703: die Regel für Ziel „all-recursive“ scheiterte
make[1]: *** [all-recursive] Fehler 1
make[1]: Verzeichnis „/opt/online“ wird verlassen
Makefile:736: die Regel für Ziel „all“ scheiterte
make: *** [all] Fehler 2
make: Verzeichnis „/opt/online“ wird verlassen

You’d probably better head over to the github page and raise an issue there. Also, providing no more info on the environment you are trying to build lool/loolwsd on, will likely not spurr any helpful replies…

1 Like

Ubuntu 16.04 all Updates installed
Mariadb newest version
Apache 2 newest version
NC newest version

Hmm…excactly the config, on which I have build this at least 4 times in a row… The only difference is, that I don’t have NC on the same host. It may really be worth it, opening an issue on github for that.

Im now using the Docker Image :slight_smile:

I just managed to install my Collabora Online, after about 9 months of suffering, the friendly user interface today finally opened uppon me and i was able to work in it, here’s what happened:

I had a seccomp error when starting loolwsd and tried everything i could find on the internet, the error would not go away, turns out i needed to install seccomp, a kernel module for linux, thus i tried that, wich was impossible since i had a VServer at Strato and they host their VServers with the software Virtuozzo to save some change on energy and save the environment, wich is a cause i support but wich bugged me a bit, the wise men and women at libre office land gave me the quest, i was forced to wander the lonely path of recompiling libre office online and loolwsd by myself stripping it of the seccomp support, i abstracted this old guide, adding a “–disable-seccomp” to the loolwsd configure and got stuck again with weird bugs while compiling libre office.

I then asked the humble codewarriors at the libre office irc and plead for help, they wouldn’t help me, but then one noticed my name, my father is a well known Figure in the land of LibreOffice and so they opened the gates and introduced me, questioned me, frawned at my request, but hinted me at a problem i never thought existed. The memory of my server was running low while creating LibreOffice, and i created the wrong github version as well, collabora-2-1 in the online repository and collabora/cp-5-3 in the core it shall be.

I then went forth to build the core again in a way that did not allow any test, as tests consumed the memory, this was frowned uppon by the wise men and women at libreoffice, but was seen as the only option as my server didn’t even allow me to enable swap files. Then i found out, that even this was not an option for my weak and cheap server, so i went forth as to compile it on a vserver, running into harddrive space issues because of my own fault but later building it to completion, i copied the compiled version, wich i failed to do right, as it stopped working on the server. But then i noticed something, the heavily modded minecraft server munched away allmost 2 gigabytes of my server’s 4 gigabyte of memory, so i stopped the minecraft server, and compiled libre office again with no tests, this time successfull. after compiling the local online github version i found more bugs, wich happened due to the github versions on the server not being 2-1 and 5-3, so i changed the branches to match the required. After this compiled, i went and tried again, and it failed, i noticed that one branch was not updated since long, so i git pulled and recompiled.

Heureka, it worked. loolwsd would start, and not crash again.

then i spent a day getting something to work ssl wise and later got something to run with a selfmade root ca and a self signed certificate and the Gates of Collabora Online opened up on me. Heureka.

I now need to share the root CA certificate with everyone who wants to use collabora in my cloud, but at last, it works.

I know that at some point, there might have been easier, or even faster ways to do this, but after 9 Months of compiling, recompiling asking, building, cloning and generating i just want to say to the people out there with the crappy vservers and the ton of building problems and problems like
"ERR Failed to install seccomp syscall filter| common/Seccomp.cpp:199":

There is Hope, there is a Way, and i hope you find a faster Path than the one i went.

Greetings,
Gerrit

for the certificate: have a look at loolwsd.xml - you can add your own certificate here.

i know, i did, but i have to add my own ca certificate there as well right?

Yes you have to write the path of your cert, chain and private key.

Look inside /etc/loolwsd/loolwsd.xml

Oh, that’s sad, because that’s what i did, and with a selfmade CA for a self signed Certificate i have to install the CA on every Client.

Why don’t you use Let’s Encrypt for having a Good Cert, okay it’s for 90 Days only, but you can make a cron with a script for renewing automaticaly the cert.

For having/renewing automaticaly a cert, you have to use Apache2 or Ngnix on your collabora server and have the port
443 opened and working from the outside.


and the user manual : https://certbot.eff.org/docs/

actually i’m allready using certbot for my site, but i read some rumors about safety being an issue with collabora, and since i allready had to compile it without a certain security kernel module, i want to keep the lool user’s reading rights at a minimum, i’m not sure if one could read out the privkey with collabora then and do awfull stuff with it :confused: i haven’t completely modeled my attacker jet or tried it myself, but a private key sounds like something i wouldn’t wanna rist getting readable from the outside, also i would have to even the path into the other privkeys because i can’t just rip the privkey out as it’s a link to a file that changes every 90 days, i would have to manually go in every 90 days to coppy out the privkey or endanger the other privkeys

The private key for your collabora host won’t be the same as your nextcloud instance.
But using a selfsign cert on the collabora host will give you problems for using it