HowTo: Install Onlineoffice on Ubuntu/Debian (No Docker No Limitation)


#101

OK, thanks!

True, compiling all went fine, but I’m unsure, my lool is a seperate machine so when I enter the URL you posted here, what would be my ID ?


#102

You will see your ID if you run:
systemctl status loolwsd


#103

Oh Yes sir that works, great thanks!

Then I need to find out where the access denied SSL issue comes from.


#104

NC and OC will not works with Self-signed certificate.


#105

So I need to update the lool with an LE certificate ? We might need to add some extra docs to your script then ?


#106

that’s a possibility, and it could be easy to set it up
but it might be a pain to manage 2 certs valid only 3 months.
SO, I stick to my previous recommandation :wink: (setting up a reverse proxy)

That’s not the script’s purpose to create a full setup :slight_smile:
(There’s soooo many different setup possible)
It just try to get closer to the service provided by a collabora container


#107

Hi true, and you get closer to what you want and we try to “fill the gaps” :slight_smile:

But with a reverse proxy, you think about offloading or make sure that reverse proxy accepts any cert from lool ?


#108

Not offloading, this is about creating trust between hosts, the proxy serve as a trusted intermediate between the client and the server - thanks to a signed certificate on the proxy side that is transmitted to the clients.
In the tutorial, the proxy is not configured to check the container’s cert signature. in fact , the container recreate a selfsigned certificate each time it starts.
Also, if you’re self-hosted, you might be limited to 1 host ip per NATed port on your internet router. if you want to access to the service from the outside, unless you really want to use signed cert on Lool and expose 9980 on the internet so you can acces collabora from the outside.
A solution in limiting opened port on the internet is to configure the reverse proxy on the same host than nexcloud so tcp 443 is only transmitted to one host inside your private network.
The advantage of this method is that the conf is already documented and only need few adjustments.
But again, I have very few infos about what’s your setup and what you want.


#109

Thanks for clearing out. With offloading you could create a single point of management for your certs and go offloaded from there, or even accept certs whatever you want… so in the case of a reverse proxy that would be the same.

My setup is simple. Both servers have public fqdn but are only reachable using VPN on their internal network.

NC is reached under files.domain.tld for it’s vhost and the lool only on the fqdn of the server like

nc.int.domain.tld
lool.int.domain.tld

NC has a signed cert for *domain.tld


#110

Are the 2 servers in the same lan ?
If it’s not the case, then you’ll need to install the signed certificate on the lool host using either lool directly or a reverse proxy i you want to stick with tcp 443
the lool’s configuration for loading the certs is in /opt/online/loolwsd.xml

    <ssl desc="SSL settings">
        <enable type="bool" default="true">true</enable>
        <termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>
        <cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
        <key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
        <ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
    </ssl>

As you can see by default lool consider itself to be behind a proxy.


#111

Both servers are in the same domain and the same subnet.

But I think it’s nice to describe both ways by default ?


#112

If you only access to nextcloud & libreoffice online through a vpn, you are more free with how you intend to link your services, but using a signed cert for both a reverse proxy and loolwsd may add complexity and could be counter productive in long term exploitation.
We have made a big disgression on the post. You should have enougth information to make your choice of architecture now. :slight_smile:


#113

True True, but now… how :slight_smile:


#114

can anyone complile this for arm device(armhf) and provide the easiest way to install,
as i cant do i have failed to do it on my orangepiplus2e.
Please somebody here help,
Thanks


#115

Can you share virtual box image with already compiled version?


#116

I finally got this script to complete (after many many tries…). However,what do I do next? There needs to be a step by step manual for us non technical people. I’ve looked high and low online as to what to do, the information here is WAY to vague to even remotely understand. I installed this on a clean build of Ubuntu 16.04, and the service is running… Now what?

Any help would be greatly appreciated!

Thanks,

-wclang


#117

Hi.
If the script finished successfully, you now have a libreoffice online web service running.
You still need to do the next integration steps into nextcloud. Those steps are almost identical to the Integration tutorial available in the nexcloud main website. - minus the docker part -
Although as you noted, This script is more like an advanced alternative for non-dev ops who wants to get the web service, peoples who have experience in web-site/services integration.
It’ll be hard to provide more help without a minimum of technical background in this topic.:thinking:
Or else you need the help of a professional.:slight_smile:
Regards,
Aal.


#118

hi @husisusi.

The script finished with this error:

 Running build-time unit tests.  For more thorough testing, please run 'make check'.

/opt/libreoffice/instdir/share/fonts/truetype: failed to write cache
/opt/libreoffice/instdir/share/fonts/truetype: failed to write cache
Makefile:2093: recipe for target 'all-local' failed
make[2]: Leaving directory '/opt/online/test'
make[2]: *** [all-local] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2
Makefile:1847: recipe for target 'all-recursive' failed
make[1]: Leaving directory '/opt/online'
Makefile:772: recipe for target 'all' failed
make: Leaving directory '/opt/online'

an idea?!


#119

Nobody cant help me with this issue?!


#120

Hi everybody, first of all thansk @husisusi for your effort! Your script enabled me to have libreoffice online on my server which does not support docker containers.

Can anybody confirm if the script works with the newer collabora 4.0 codebase ?

Sometime ago I tried to upgrade my installed libreoffice and I messed up everything, the only way to recover was specifying older/specific versions of libreoffice and collabora , If I recall correctly