I fully agree with you on this.
Saying the same thing in another thread:
Hello, first of all thank you very much for the tutorial, you have followed all the steps and I can open the collaboration management console and open the collaboration by direct address "https://docs.pdm.es:9980/loleaflet/2.0. 4 /loleaflet.html?file_path=https://cloud.pdm.es/remote.php/webdav/M%C2%AA%20Fernanda%20Arango.docx "with file_path says connecting ⊠and in logs you will find this :
Wsd-05967-5969 16: 21: 28.615904 [client_ws_0003] WRN getNewChild: No child available. Send spawn request to forkit and failing. Wsd / LOOLWSD.cpp: 447
Wsd-05967-5969 16: 21: 28.616069 [client_ws_0003] WRN getNewChild: No child available. Send spawn request to forkit and failing. Wsd / LOOLWSD.cpp: 422
Wsd-05967-5969 16: 21: 28.616161 [client_ws_0003] ERR Error writing to pipeline. Data: [spawn 1
]. (Errno: Broken tube) | Common / IoUtil.cpp: 229
then in the browser it says: "There was a connection error with the document.Try it again"
And âThe service is not available. Please try again and report back to the administrator in case the problem persists.â
With âWOPISr =â it says starting ⊠and never starts checking the logs and this finds it:
Wsd-05967-5967 16: 25: 43.631759 [loolwsd] ERR Forkit process [6735] core-downloaded with SIGSEGV | Wsd / LOOLWSD.cpp: 2082
Frk-06762-6762 16: 25: 44.101717 [loolforkit] SIG Fatal signal received: SIGSEGV
Backtrace 6762:
/ Usr / bin / loolforkit () [0x4792de]
/Lib/x86_64-linux-gnu/libpthread.so.0(+0x11630) [0x7f2dbda65630]
/opt/collaboroffice5.1//program/libmergedlo.so(_ZN14SfxBroadcaster11AddListenerER11SfxListener+0x14) [0x7f2db9ce9154]
/opt/collaboroffice5.1//program/libmergedlo.so(_ZN11SfxListener14StartListeningER14SfxBroadcasterb+0x2b) [0x7f2db9ceb37b]
/opt/collaboroffice5.1//program/libmergedlo.so(+0x194e03f) [0x7f2db996603f]
/opt/collaboroffice5.1//program/libmergedlo.so(+0x194e973) [0x7f2db9966973]
/opt/collaboroffice5.1//program/libmergedlo.so(+0x18f66bd) [0x7f2db990e6bd]
/opt/collaboroffice5.1//program/libmergedlo.so(_ZN14SfxApplication11GetOrCreateEv+0xe4) [0x7f2db9905af4]
/opt/collaboroffice5.1//program/libmergedlo.so(+0x192f1fd) [0x7f2db99471fd]
/opt/collaboroffice5.1//program/libmergedlo.so(_ZN9SfxModuleC1EP6ResMgrbP16SfxObjectFactoryz+0x69) [0x7f2db9947389]
/opt/collaboroffice5.1/program/../program/libsdlo.so(+0x2d8d69) [0x7f2d9dab6d69]
/opt/collaboroffice5.1/program/../program/libsdlo.so(_ZN5SdDLL4InitEv+0xa9) [0x7f2d9dab6669]
/opt/collaboroffice5.1/program/../program/libsdlo.so(sd_component_getFactory+0x143) [0x7f2d9dc376b3]
/opt/collaboroffice5.1//program/libuno_cppuhelpergcc3.so.3(+0x884ab) [0x7f2db30c14ab]
/opt/collaboroffice5.1//program/libuno_cppuhelpergcc3.so.3(_ZN4cppu16preInitBootstrapERKN3com3sun4star3uno9ReferenceINS3_17XComponentContextEEE+0xdd) [0x7f2db30781cd]
/opt/collaboroffice5.1//program/libmergedlo.so(+0x1c4dc59) [0x7f2db9c65c59]
/ Usr / bin / loolforkit (_Z13globalPreinitRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE + 0x5ad) [0x43b2bd]
/ Usr / bin / loolforkit (main + 0xca9) [0x41c289]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f2dbd6ad3f1]
/ Usr / bin / loolforkit (_start + 0x29) [0x41e249]
Sorry my english I do not speak and I use google translate
Kann man denn das Script auf einem Webserver ohne Bedenken ausfĂŒhren? Auf dem Server lĂ€uft i-mscp als OberflĂ€che das alles verwaltet.
Hi there,
Iâve tried to install Collabora Online using the script from @husisusi. Thanks for your great work. Sadly I canât get it work as I want to. Iâve installed it on my server, on which my blog (domain.com), my cloud (domain.com/cloud/) and an email-system are hosted. If Iâm trying to edit a document in NC it tells me âAccess forbiddenâ (âZugriff verbotenâ in german).
Iâve already added my Letsencrypt-certificates to /opt/online/loolswsd.xml:
<!-- Note: 'default' attributes are used to document a setting's default value as well as to use as fallback. -->
<!-- Note: When adding a new entry, a default must be set in WSD in case the entry is missing upon deployment. -->
<tile_cache_path desc="Path to a directory where to keep the tile cache." type="path" relative="false" default="/usr/local/var/cache/loolwsd"></tile_cache_path>
<sys_template_path desc="Path to a template tree with shared libraries etc to be used as source for chroot jails for child processes." type="path" relative="true" default="systemplate"></sys_template_path>
<lo_template_path desc="Path to a LibreOffice installation tree to be copied (linked) into the jails for child processes. Should be on the same file system as systemplate." type="path" relative="false" default="/opt/libreoffice/instdir"></lo_template_path>
<child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>
<server_name desc="Hostname:port of the server running loolwsd. If empty, it's derived from the request." type="string" default=""></server_name>
<file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing loleaflet." type="path" relative="true" default="loleaflet/../"></file_server_root_path>
<num_prespawn_children desc="Number of child processes to keep started in advance and waiting for new clients." type="uint" default="1">1</num_prespawn_children>
<per_document desc="Document-specific settings, including LO Core settings.">
<max_concurrency desc="The maximum number of threads to use while processing a document." type="uint" default="4">4</max_concurrency>
<idle_timeout_secs desc="The maximum number of seconds before unloading an idle document. Defaults to 1 hour." type="uint" default="3600">3600</idle_timeout_secs>
</per_document>
<per_view desc="View-specific settings.">
<out_of_focus_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the browser tab is no longer in focus. Defaults to 60 seconds." type="uint" default="60">60</out_of_focus_timeout_secs>
<idle_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the user is no longer active (even if the browser is in focus). Defaults to 15 minutes." type="uint" default="900">900</idle_timeout_secs>
</per_view>
<loleaflet_html desc="Allows UI customization by replacing the single endpoint of loleaflet.html" type="string" default="loleaflet.html">loleaflet.html</loleaflet_html>
<logging>
<color type="bool">true</color>
<level type="string" desc="Can be 0-8, or none (turns off logging), fatal, critical, error, warning, notice, information, debug, trace" default="trace">trace</level>
<file enable="true">
<property name="path" desc="Log file path.">/var/log/loolwsd.log</property>
<property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property>
<property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property>
<property name="compress" desc="Enable/disable log file compression.">true</property>
<property name="purgeAge" desc="The maximum age of log files to preserve. See Poco FileChannel.">10 days</property>
<property name="purgeCount" desc="The maximum number of log archives to preserve. Use 'none' to disable purging. See Poco FileChannel.">10</property>
<property name="rotateOnOpen" desc="Enable/disable log file rotation on opening.">true</property>
<property name="flush" desc="Enable/disable flushing after logging each line. May harm performance. Note that without flushing after each line, the log lines from the different processes will not appear in chronological order.">false</property>
</file>
</logging>
<loleaflet_logging desc="Logging in the browser console" default="true">true</loleaflet_logging>
<trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="true">
<path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting." compress="true" snapshot="false">/tmp/looltrace-%.gz</path>
<filter>
<message desc="Regex pattern of messages to exclude"></message>
</filter>
<outgoing>
<record desc="Whether or not to record outgoing messages" default="false">false</record>
</outgoing>
</trace>
<ssl desc="SSL settings">
<enable type="bool" default="true">true</enable>
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
<cert_file_path desc="Path to the cert file" relative="false">/etc/letsencrypt/live/www.domain.com/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/letsencrypt/live/www.domain.com/privkey.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/letsencrypt/live/www.domain.com/chain.pem</ca_file_path>
<hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
<max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
<report_uri desc="HPKP's report-uri directive - pin validation failure are reported at this URL" enable="false"></report_uri>
<pins desc="Base64 encoded SPKI fingerprints of keys to be pinned">
<pin></pin>
</pins>
</hpkp>
</ssl>
<storage desc="Backend storage">
<filesystem allow="false" />
<wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
<host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
<max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
</wopi>
<webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="false">
<host desc="Hostname to allow" allow="false">localhost</host>
</webdav>
</storage>
<tile_cache_persistent desc="Should the tiles persist between two editing sessions of the given document?" type="bool" default="true">true</tile_cache_persistent>
<admin_console desc="Web admin console settings.">
<username desc="The username of the admin console. Must be set."></username>
<password desc="The password of the admin console. Must be set."></password>
</admin_console>
</config>
In the admin section of Collabora in NC Iâve added the correct domain-name https://office.domain.com (and tried it as well with the portnumber).
Here is my Apache-conf of the proxy /etc/apache2/sites-enabled/office.domain.com.conf:
<VirtualHost *:443>
ServerName office.scroom.de:443
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.scroom.de/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.scroom.de/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.scroom.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES$
SSLHonorCipherOrder on
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
</VirtualHost>
Here comes my /var/log/loolwsd.log:
wsd-03333-03333 07:40:59.018767 [ loolwsd ] INF Adding trusted WOPI host: [172.3[01].[0-9]{1,3}.[0-9]{1,3}].| wsd/Storage.cpp:93
wsd-03333-03333 07:40:59.018779 [ loolwsd ] INF Adding trusted WOPI host: [192.168.[0-9]{1,3}.[0-9]{1,3}].| wsd/Storage.cpp:93
wsd-03333-03333 07:40:59.018790 [ loolwsd ] INF Adding blocked WOPI host: [192.168.1.1].| wsd/Storage.cpp:98
wsd-03333-03333 07:40:59.022124 [ loolwsd ] INF SSL Cert file: /etc/letsencrypt/live/www.domain.com/cert.pem| wsd/LOOLWSD.cpp:822
wsd-03333-03333 07:40:59.022154 [ loolwsd ] INF SSL Key file: /etc/letsencrypt/live/www.domain.com/privkey.pem| wsd/LOOLWSD.cpp:825
wsd-03333-03333 07:40:59.022181 [ loolwsd ] INF SSL CA file: /etc/letsencrypt/live/www.domain.com/chain.pem| wsd/LOOLWSD.cpp:828
wsd-03333-03333 07:40:59.030833 [ loolwsd ] FTL Cannot load CA file/directory at /etc/letsencrypt/live/www.domain.com/chain.pem (error:0200100D:system library:fopen:Permission denied)| wsd/LOOLWSD.cpp:2634
wsd-03333-03333 07:40:59.031387 [ loolwsd ] WRN Waking up dead poll thread [delay_poll], started: false, finished: false| ./net/Socket.hpp:506
wsd-03333-03333 07:40:59.031439 [ loolwsd ] DBG Stopping delay_poll.| net/Socket.hpp:326
wsd-03333-03333 07:40:59.031526 [ loolwsd ] WRN Waking up dead poll thread [delay_poll], started: false, finished: false| ./net/Socket.hpp:506
Iâve got nothing in my /var/log/apache2/error.log and I think only this is relevant in my /var/log/apache2/access.log:
1 00.100.100.100 - - [26/May/2017:10:10:42 +0200] âGET /cloud/index.php/apps/richdocuments/index?fileId=12&requesttoken=ENVUFE8lZegkSRvVu3Sb%2B0dIsGtFP3b8vLrLJbchtjg%3D%3AQe0zdglBCYBCem6T2BP9qik%2B4wUxbTq%2F6s%2BuCs8XwgA%3D HTTP/1.1â 200 4074 â-â âMozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0â
::1 - - [26/May/2017:10:10:44 +0200] âOPTIONS * HTTP/1.0â 200 110 â-â "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g mod_wsgi/4.3.0 Python/2.7.12 (internal dummy connection)"
100.100.100.100 - - [26/May/2017:10:10:44 +0200] âGET /cloud/ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1â 200 2124 â-â "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0"
100.100.100.100 - - [26/May/2017:10:10:44 +0200] âGET /cloud/cron.php HTTP/1.1â 200 894 â-â âMozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0â
::1 - - [26/May/2017:10:10:50 +0200] âOPTIONS * HTTP/1.0â 200 110 â-â âApache/2.4.18 (Ubuntu) OpenSSL/1.0.2g mod_wsgi/4.3.0 Python/2.7.12 (internal dummy connection)â
If Iâm trying to access Collabora Online directly by entering https://office.domain.com/hosting/dicovery in my Browser, I get a page of my blog which tells me that this site doesnât exist.
Can someone help me to get it work?
FTL Cannot load CA file/directory at /etc/letsencrypt/live/www.domain.com/chain.pem (error:0200100D:system library:fopen:Permission denied)| wsd/LOOLWSD.cpp:2634
Maybe you should do something about this first. loolwsd runs as normal user, called âloolâ. Files must be readable by lool.
Then, set the server_name in loolwsd.xml, because you use reverse proxy, and it will redirect request to localhost. Answers from loolwsd server must contain the original host name, otherwise the connection will fail.
1 Like
@timar But I guess it wouldnât be the best solution to make the chain.pem of letsencrypt readable by everyone? Do you maybe have a hint howto solve this without any security problems?
Just for testing purposes Iâve copied the certificates and made a chown lool:lool to them. Iâve added the server_name to the loolwsd.xml:
<server_name desc="Hostname:port of the server running loolwsd. If empty, it's derived from the request." type="string" default="https://office.domain.com/"></server_name>
But Iâm still getting the Access denied message.
<server_name desc="Hostname:port of the server running loolwsd. If empty, it's derived from the request." type="string" default="">office.domain.com</server_name>
Still the access gets denied. I think it might be an apache redirection issue (because my blog gets shown). But I canât find the problem. Can you?
My 000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
My 000-default-le-ssl.conf:
<IfModule mod_ssl.c> <VirtualHost *:443> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com
ServerAdmin webmaster@localhost DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf SSLCertificateFile /etc/letsencrypt/live/www.domain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf ServerName www.domain.com </VirtualHost> </IfModule>
My default-ssl.conf:
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLHonorCipherOrder on
# A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/letsencrypt/live/www.domain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.com/privkey.pem
# Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath /etc/ssl/certs/ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client # authentication or alternatively one huge file containing all # of them (file must be PEM encoded) # Note: Inside SSLCARevocationPath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCARevocationPath /etc/apache2/ssl.crl/ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type): # Client certificate verification type and depth. Types are # none, optional, require and optional_no_ca. Depth is a # number which specifies how deeply to verify the certificate # issuer chain before deciding the certificate is not valid. #SSLVerifyClient require #SSLVerifyDepth 10
# SSL Engine Options: # Set various options for the SSL engine. # o FakeBasicAuth: # Translate the client X.509 into a Basic Authorisation. This means that # the standard Auth/DBMAuth methods can be used for access control. The # user name is the `one line' version of the client's X.509 certificate. # Note that no password is obtained from the user. Every entry in the user # file needs this password: `xxj31ZMTZzkVA'. # o ExportCertData: # This exports two additional environment variables: SSL_CLIENT_CERT and # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the # server (always existing) and the client (only existing when client # authentication is used). This can be used to import the certificates # into CGI scripts. # o StdEnvVars: # This exports the standard SSL/TLS related `SSL_*' environment variables. # Per default this exportation is switched off for performance reasons, # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory>
# SSL Protocol Adjustments: # The safe and default but still SSL/TLS standard compliant shutdown # approach is that mod_ssl sends the close notify alert but doesn't wait for # the close notify alert from client. When you need a different shutdown # approach you can use one of the following variables: # o ssl-unclean-shutdown: # This forces an unclean shutdown when the connection is closed, i.e. no # SSL close notify alert is send or allowed to received. This violates # the SSL/TLS standard but is needed for some brain-dead browsers. Use # this when you receive I/O errors because of the standard approach where # mod_ssl sends the close notify alert. # o ssl-accurate-shutdown: # This forces an accurate shutdown when the connection is closed, i.e. a # SSL close notify alert is send and mod_ssl waits for the close notify # alert of the client. This is 100% SSL/TLS standard compliant, but in # practice often causes hanging connections with brain-dead browsers. Use # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable "nokeepalive" for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. # BrowserMatch "MSIE [2-6]" \ # nokeepalive ssl-unclean-shutdown \ # downgrade-1.0 force-response-1.0
Alias /iredadmin/static "/opt/www/iredadmin/static/" WSGIScriptAlias /iredadmin "/opt/www/iredadmin/iredadmin.py/" Alias /mail "/opt/www/roundcubemail/" Alias /awstats/icon "/usr/share/awstats/icon/" Alias /awstatsicon "/usr/share/awstats/icon/" ScriptAlias /awstats "/usr/lib/cgi-bin/" ServerName domain.com ServerAlias office.domain.com </VirtualHost> </IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
My nextcloud.conf:
Alias /cloud â/var/www/nextcloud/â
<Directory /var/www/nextcloud/> Options +FollowSymlinks AllowOverride All
<IfModule mod_dav.c> Dav off </IfModule>
SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
and my office.domain.com.conf:
<VirtualHost *:443>
ServerName office.domain.com:443
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.domain.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.domain.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-EC$
SSLHonorCipherOrder on
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
</VirtualHost>
</IfModule>
Continued testing, but still with no positive results. If Iâm doing a wget to localhost, I do get a positive response:
root@server:/home/user# wget --no-check-certificate https://localhost:9980/hosting/discovery
--2017-05-31 07:56:34-- https://localhost:9980/hosting/discovery
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:9980... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:9980... connected.
WARNING: no certificate subject alternative name matches
requested host name 'localhost'.
HTTP request sent, awaiting response... 200 OK
Length: 17300 (17K) [text/xml]
Saving to: 'discovery'
discovery 100%[===================>] 16.89K --.-KB/s in 0s
2017-05-31 07:56:35 (84.1 MB/s) - 'discovery' saved [17300/17300]
I do get this file (from my point of view it is looking good):
<wopi-discovery>
<net-zone name="external-http">
<app name="application/vnd.lotus-wordpro">
<action ext="lwp" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="image/svg+xml">
<action ext="svg" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.ms-powerpoint">
<action ext="pot" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.ms-excel">
<action ext="xla" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Writer documents -->
<app name="application/vnd.sun.xml.writer">
<action ext="sxw" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.text">
<action ext="odt" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.text-flat-xml">
<action ext="fodt" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Calc documents -->
<app name="application/vnd.sun.xml.calc">
<action ext="sxc" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.spreadsheet">
<action ext="ods" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.spreadsheet-flat-xml">
<action ext="fods" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Impress documents -->
<app name="application/vnd.sun.xml.impress">
<action ext="sxi" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.presentation">
<action ext="odp" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.presentation-flat-xml">
<action ext="fodp" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Draw documents -->
<app name="application/vnd.sun.xml.draw">
<action ext="sxd" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.graphics">
<action ext="odg" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.graphics-flat-xml">
<action ext="fodg" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Chart documents -->
<app name="application/vnd.oasis.opendocument.chart">
<action ext="odc" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Text master documents -->
<app name="application/vnd.sun.xml.writer.global">
<action ext="sxg" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.text-master">
<action ext="odm" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Math documents -->
<!-- In fact Math documents are not supported at all.
See: https://bugs.documentfoundation.org/show_bug.cgi?id=97006
<app name="application/vnd.sun.xml.math">
<action name="view" ext="sxm"/>
</app>
<app name="application/vnd.oasis.opendocument.formula">
<action name="edit" ext="odf"/>
</app>
-->
<!-- Text template documents -->
<app name="application/vnd.sun.xml.writer.template">
<action ext="stw" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.text-template">
<action ext="ott" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Writer master document templates -->
<app name="application/vnd.oasis.opendocument.text-master-template">
<action ext="otm" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Spreadsheet template documents -->
<app name="application/vnd.sun.xml.calc.template">
<action ext="stc" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.spreadsheet-template">
<action ext="ots" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Presentation template documents -->
<app name="application/vnd.sun.xml.impress.template">
<action ext="sti" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.presentation-template">
<action ext="otp" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Drawing template documents -->
<app name="application/vnd.sun.xml.draw.template">
<action ext="std" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.graphics-template">
<action ext="otg" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Base documents -->
<app name="application/vnd.oasis.opendocument.database">
<action ext="odb" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Extensions -->
<app name="application/vnd.openofficeorg.extension">
<action ext="oxt" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Microsoft Word Template -->
<app name="application/msword">
<action ext="dot" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- OOXML wordprocessing -->
<app name="application/vnd.openxmlformats-officedocument.wordprocessingml.document">
<action ext="docx" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.ms-word.document.macroEnabled.12">
<action ext="docm" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.openxmlformats-officedocument.wordprocessingml.template">
<action ext="dotx" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.ms-word.template.macroEnabled.12">
<action ext="dotm" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- OOXML spreadsheet -->
<app name="application/vnd.openxmlformats-officedocument.spreadsheetml.template">
<action ext="xltx" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.ms-excel.template.macroEnabled.12">
<action ext="xltm" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.openxmlformats-officedocument.spreadsheetml.sheet">
<action ext="xlsx" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.ms-excel.sheet.binary.macroEnabled.12">
<action ext="xlsb" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- OOXML presentation -->
<app name="application/vnd.openxmlformats-officedocument.presentationml.presentation">
<action ext="pptx" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.ms-powerpoint.presentation.macroEnabled.12">
<action ext="pptm" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.openxmlformats-officedocument.presentationml.template">
<action ext="potx" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.ms-powerpoint.template.macroEnabled.12">
<action ext="potm" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<!-- Others -->
<app name="application/vnd.wordperfect">
<action ext="wpd" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-aportisdoc">
<action ext="pdb" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-hwp">
<action ext="hwp" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.ms-works">
<action ext="wps" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-mswrite">
<action ext="wri" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-dif-document">
<action ext="dif" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="text/spreadsheet">
<action ext="slk" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="text/csv">
<action ext="csv" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-dbase">
<action ext="dbf" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.lotus-1-2-3">
<action ext="wk1" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="image/cgm">
<action ext="cgm" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="image/vnd.dxf">
<action ext="dxf" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="image/x-emf">
<action ext="emf" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="image/x-wmf">
<action ext="wmf" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/coreldraw">
<action ext="cdr" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.visio2013">
<action ext="vsd" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.visio">
<action ext="vss" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-mspublisher">
<action ext="pub" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-sony-bbeb">
<action ext="lrf" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-gnumeric">
<action ext="gnumeric" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/macwriteii">
<action ext="mw" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-iwork-numbers-sffnumbers">
<action ext="numbers" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.oasis.opendocument.text-web">
<action ext="oth" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-pagemaker">
<action ext="p65" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/rtf">
<action ext="rtf" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="text/rtf">
<action ext="rtf" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="text/plain">
<action ext="txt" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-fictionbook+xml">
<action ext="fb2" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/clarisworks">
<action ext="cwk" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.corel-draw">
<action ext="cdr" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="image/x-wpg">
<action ext="wpg" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/prs.plucker">
<action ext="pdb" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-iwork-pages-sffpages">
<action ext="pages" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.openxmlformats-officedocument.presentationml.slideshow">
<action ext="ppsx" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-iwork-keynote-sffkey">
<action ext="key" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-abiword">
<action ext="abw" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="image/x-freehand">
<action ext="fh" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.palm">
<action ext="pdb" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.sun.xml.chart">
<action ext="sxs" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.sun.xml.writer.web">
<action ext="stw" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/x-t602">
<action ext="602" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/vnd.sun.xml.report.chart">
<action ext="odc" name="edit" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="image/png">
<action ext="png" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="image/gif">
<action ext="gif" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="image/tiff">
<action ext="tiff" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="image/jpg">
<action ext="jpg" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="image/jpeg">
<action ext="jpeg" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
<app name="application/pdf">
<action ext="pdf" name="view" urlsrc="https://localhost:9980/loleaflet/1588d2f/loleaflet.html?"/>
</app>
</net-zone>
</wopi-discovery>
But if I do the same for the office.domain.com, I do get 404 Error:
root@server:/home/user# wget --no-check-certificate https://office.domain.com/hosting/discovery
--2017-05-31 07:57:31-- https://office.domain.com/hosting/discovery
Resolving office.domain.com (office.domain.com)... IPv6, 10.10.10.10
Connecting to office.domain.com (office.domain.com)|IPv6|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2017-05-31 07:57:32 ERROR 404: Not Found.has anybody got 2.1.1 to work at all? i get the problem with dying children all the time
@g.grosskopf you are wasting your time with collabora.
Install onlyoffice and you will live happily ever after. No fuss no complication and best of all it creates all office documents in real microsoft format.
100% Compatible office 2010, I am not doing marketing neither associated to them . You get 20 simultaneous connection community server free of charge.
Enjoy!!
1 Like
thanks, will try that, only one more try with collabora, and one sad thing, there is no microsoft fonts installer in my repo at the moment, so onlyoffice doesnât install, but will find a way ^^ sounds easier and much much better
edit: sheeesh, i need to switch from apache to nginx now? 
yea, weâll see about that later, thanks for the alternative, it looks amazing
@g.grosskopf no need to change anything on nextcloud.
Just install the onlyoffice on a new ubuntu machine , give the machine the necessary RAM and your are set.
Access it with HTTPS only else it will never work, so you need to create certificates.
Follow the guide I sent you earlier, at least that is how I did it. No one recommends having nextcloud and onlyoffice on the same machine.
@giorgio09 that sounds so easy but out of cost reasons i have just one small vserver, and i canât install virtualbox nor docker on it so everything has to run on the same machine, elseway i would propably have less of a problem with all of this
CODE or Only Office on docker are the easiest ways to install and upgrade.
Then you could try LibreOffice Online.
Iâve tested all of them and they all need a good amount of free RAM.
Iâve set all using Apache with no issues.
Have fun!
thanks, i got onlyoffice running now and since docker is not an option for me, i wonât try collabora again, at least not for another month 
is there actually a difference between libreoffice online and code? i mean when i try to install CODE i allways run into a compilation of loolwsd wich sounds like libreoffice online to me⊠maybe iâm doing something completely wrong all this time xD
Has anyone tried CODE from the repository? There arenât any instructions or HOWTOs on that, only Docker, which I wouldnât use even if I could use Docker right now. Iâd like to give onlyoffice a shot but it sounds like itâs a lot more resource hungry than collabora? And the Microsoft-only formats doesnât work for me as I save in ODF for my documents
dear
can you tell me what do u mean by small vserver ( does it mean opi, rpi, etc.)
please reply,
thanks in adv,