OK, thanks!
True, compiling all went fine, but Iām unsure, my lool is a seperate machine so when I enter the URL you posted here, what would be my ID ?
You will see your ID if you run:
systemctl status loolwsd
Oh Yes sir that works, great thanks!
Then I need to find out where the access denied SSL issue comes from.
NC and OC will not works with Self-signed certificate.
So I need to update the lool with an LE certificate ? We might need to add some extra docs to your script then ?
thatās a possibility, and it could be easy to set it up
but it might be a pain to manage 2 certs valid only 3 months.
SO, I stick to my previous recommandation 
(setting up a reverse proxy)
Thatās not the scriptās purpose to create a full setup 
(Thereās soooo many different setup possible)
It just try to get closer to the service provided by a collabora container
Hi true, and you get closer to what you want and we try to āfill the gapsā 
But with a reverse proxy, you think about offloading or make sure that reverse proxy accepts any cert from lool ?
Not offloading, this is about creating trust between hosts, the proxy serve as a trusted intermediate between the client and the server - thanks to a signed certificate on the proxy side that is transmitted to the clients.
In the tutorial, the proxy is not configured to check the containerās cert signature. in fact , the container recreate a selfsigned certificate each time it starts.
Also, if youāre self-hosted, you might be limited to 1 host ip per NATed port on your internet router. if you want to access to the service from the outside, unless you really want to use signed cert on Lool and expose 9980 on the internet so you can acces collabora from the outside.
A solution in limiting opened port on the internet is to configure the reverse proxy on the same host than nexcloud so tcp 443 is only transmitted to one host inside your private network.
The advantage of this method is that the conf is already documented and only need few adjustments.
But again, I have very few infos about whatās your setup and what you want.
1 Like
Thanks for clearing out. With offloading you could create a single point of management for your certs and go offloaded from there, or even accept certs whatever you wantā¦ so in the case of a reverse proxy that would be the same.
My setup is simple. Both servers have public fqdn but are only reachable using VPN on their internal network.
NC is reached under files.domain.tld for itās vhost and the lool only on the fqdn of the server like
nc.int.domain.tld
lool.int.domain.tld
NC has a signed cert for *domain.tld
Are the 2 servers in the same lan ?
If itās not the case, then youāll need to install the signed certificate on the lool host using either lool directly or a reverse proxy i you want to stick with tcp 443
the loolās configuration for loading the certs is in /opt/online/loolwsd.xml
<ssl desc="SSL settings">
<enable type="bool" default="true">true</enable>
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>
<cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
</ssl>
As you can see by default lool consider itself to be behind a proxy.
Both servers are in the same domain and the same subnet.
But I think itās nice to describe both ways by default ?
If you only access to nextcloud & libreoffice online through a vpn, you are more free with how you intend to link your services, but using a signed cert for both a reverse proxy and loolwsd may add complexity and could be counter productive in long term exploitation.
We have made a big disgression on the post. You should have enougth information to make your choice of architecture now.
True True, but nowā¦ how
can anyone complile this for arm device(armhf) and provide the easiest way to install,
as i cant do i have failed to do it on my orangepiplus2e.
Please somebody here help,
Thanks
Can you share virtual box image with already compiled version?
I finally got this script to complete (after many many triesā¦). However,what do I do next? There needs to be a step by step manual for us non technical people. Iāve looked high and low online as to what to do, the information here is WAY to vague to even remotely understand. I installed this on a clean build of Ubuntu 16.04, and the service is runningā¦ Now what?
Any help would be greatly appreciated!
Thanks,
-wclang
Hi.
If the script finished successfully, you now have a libreoffice online web service running.
You still need to do the next integration steps into nextcloud. Those steps are almost identical to the Integration tutorial available in the nexcloud main website. - minus the docker part -
Although as you noted, This script is more like an advanced alternative for non-dev ops who wants to get the web service, peoples who have experience in web-site/services integration.
Itāll be hard to provide more help without a minimum of technical background in this topic.
Or else you need the help of a professional.ļø
Regards,
Aal.
1 Like
hi @husisusi.
The script finished with this error:
Running build-time unit tests. For more thorough testing, please run 'make check'.
/opt/libreoffice/instdir/share/fonts/truetype: failed to write cache
/opt/libreoffice/instdir/share/fonts/truetype: failed to write cache
Makefile:2093: recipe for target 'all-local' failed
make[2]: Leaving directory '/opt/online/test'
make[2]: *** [all-local] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2
Makefile:1847: recipe for target 'all-recursive' failed
make[1]: Leaving directory '/opt/online'
Makefile:772: recipe for target 'all' failed
make: Leaving directory '/opt/online'
an idea?!
Nobody cant help me with this issue?!
Hi everybody, first of all thansk @husisusi for your effort! Your script enabled me to have libreoffice online on my server which does not support docker containers.
Can anybody confirm if the script works with the newer collabora 4.0 codebase ?
Sometime ago I tried to upgrade my installed libreoffice and I messed up everything, the only way to recover was specifying older/specific versions of libreoffice and collabora , If I recall correctly