HowTo: Ubuntu + Docker + Nextcloud + Talk + Collabora

@noxxville You sure can, and what I would suggest is rather than having them in the same compose file, I would make a completely separate folder with its own compose file and its own copy of all the containers. The main things you would need to change are the port numbers and any duplicate names (services, networks, absolute paths, etc.).

Doing it that way you can easily take one down for maintenance without disturbing the other, or also easily move one to a separate server later if you decide to.

@KarlF12 Ok, of course that makes perfect sense. And as you said, this should be much easier to aministrate. Sometimes it can be so easy ā€¦ :see_no_evil:

I wanted to take a moment to reply and, firstly, say thank you for this. This walkthrough was incredibly useful and functionally essential to my deployment of my own instance using docker.

I also wanted to commend you on your effort. I saw your posts as far back as 2019 when I was triaging a problem related to Collabora not displaying documents (which had to do with PEBKAC on my end, not yours) and developing your skillset then contributing it back.

1 Like

Thank you. Glad it was helpful. I actually started working on an update to this over the weekend for Ubuntu Server 20.04 and Nextcloud 21. I want to integrate both of the high performance backends, and Iā€™m debating leaving the Collabora part off since both Collabora and ONLYOFFICE are integrated now.

I think Iā€™ve got the Files HPB working. I need to do some testing on that and then figure out the Talk HPB. My goal is to get both backends integrated in one docker-compose setup.

3 Likes

Awesome tutorial.

However, in case anyone is trying to run Nextcloud + Collabora inside Docker on and old Debian machine (8 or older), I banged my head against the wall for hours with Collabora failing to respond until I found my way to this answer:

https://help.nextcloud.com/t/collabora-docker-capabilities-problem/4774/10

One simple line in a daemon.json file:

{
ā€œstorage-driverā€: ā€œdevicemapperā€
}

ā€¦restart docker service, and Collabora suddenly sprang to life and started responding. Problem solved.

1 Like

For anyone following this hitting an error like:

SQLSTATE[HY000]: General error: 4047 InnoDB refuses to write tables with ROW_FORMAT=COMPRESSED or KEY_BLOCK_SIZE.

ā€¦ This is due to an issue with new versions of MariaDB. Full details can be found in this thread.

The solution is to add the following to the mariadb portion of your docker-compose.yml:

command: ['--innodb_read_only_compressed=OFF']

For example:

  mariadb:
    image: mariadb
    container_name: nextcloud-mariadb
    restart: unless-stopped
    command: ['--innodb_read_only_compressed=OFF']
    volumes:
      - ${NEXTCLOUD_ROOT}/mariadb:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    networks:
      - nextcloud
1 Like

I have two questions:

  1. Can I upgrade my docker image to a later version of NextCloud? How do I do it?

  2. There seems to be an app (music) that interferes with my docker image and now I cannot login to Nextcloud. Do you know why this happens and how I can fix it?

Thank you for your great work here!

Cordially,
Martin Book

please review the guide of the docker container section Update to a newer version.
You can disable apps from command line using the occ app: commands

For new questions and specific issues with your installations itā€™s recommended to open a new thread rather cluttering another topic.

1 Like

Point taken. I will hope for an answer on those channels. Unfortunately occ app:disable does not work in this case. Do not know why. I just pulled Nextcloud and it seems fine when I am locking at things in terminal in the folder where the docker image is. Unfortunately when I occ upgrade it does not work. There is an error that has got to do with the music app (that I fully regret installing now as I have never ever used it) and I am stuck in maintenance mode. Not very happy about that.

It all started when I tried to update apps in the UI inside Nextcloud. Should not have done it without upgrading Nextcloud first.

Sorry for clutterin, Iā€™ll move along.

Can anyone help with the question? Container NextCloud accepts external storage on the same machine mounted as Snapraid? Openmediavault 5.

Just in case anybody else is having the same problem with Nextcloud 23 and Collabora (Collabora not opening any document):

It seems that the developers of Collabora have changed some directory names, which makes the original 011-collabora.conf invalid.

Here is a fixed version of that file:

<VirtualHost *:80>
  ServerName office.domain.name
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  AllowEncodedSlashes NoDecode
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off
  ProxyPreserveHost On
  # static html, js, images, etc. served from coolwsd
  # browser is the client part of Collabora Online
  ProxyPass           /browser https://127.0.0.1:9980/browser retry=0
  ProxyPassReverse    /browser https://127.0.0.1:9980/browser
  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery
  # Capabilities
  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
  # Main websocket
  ProxyPassMatch      "/cool/(.*)/ws$"      wss://127.0.0.1:9980/cool/$1/ws nocanon
  # Admin Console websocket
  ProxyPass           /cool/adminws wss://127.0.0.1:9980/cool/adminws
  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /cool https://127.0.0.1:9980/cool
  ProxyPassReverse    /cool https://127.0.0.1:9980/cool
  # Compatibility with integrations that use the /lool/convert-to endpoint
  ProxyPass           /lool https://127.0.0.1:9980/cool
  ProxyPassReverse    /lool https://127.0.0.1:9980/cool
</VirtualHost>

<VirtualHost *:443>
  ServerName office.domain.name
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  SSLEngine on
  AllowEncodedSlashes NoDecode
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off
  ProxyPreserveHost On
  # static html, js, images, etc. served from coolwsd
  # browser is the client part of Collabora Online
  ProxyPass           /browser https://127.0.0.1:9980/browser retry=0
  ProxyPassReverse    /browser https://127.0.0.1:9980/browser
  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery
  # Capabilities
  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
  # Main websocket
  ProxyPassMatch      "/cool/(.*)/ws$"      wss://127.0.0.1:9980/cool/$1/ws nocanon
  # Admin Console websocket
  ProxyPass           /cool/adminws wss://127.0.0.1:9980/cool/adminws
  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /cool https://127.0.0.1:9980/cool
  ProxyPassReverse    /cool https://127.0.0.1:9980/cool
  # Compatibility with integrations that use the /lool/convert-to endpoint
  ProxyPass           /lool https://127.0.0.1:9980/cool
  ProxyPassReverse    /lool https://127.0.0.1:9980/cool
  SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>

Cheers!

3 Likes

With 1 remark only, I would completely disable http and move to https only with e.g. following config:

<VirtualHost *:80>

  ServerName office.domain.name
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

  Redirect permanent / https://office.domain.name/

</VirtualHost>
1 Like

If you disable HTTP rather than use a redirect, keep in mind that not all browsers will automatically go to HTTPS. Itā€™s likely to cause confusing among your users when they just type in the FQDN and hit enter.

You have to keep the port open anyway if you use certbot, even if you take away the redirect.

@gas85 did not use exactly the correct word thereā€¦ :wink: HTTP is of course not really disabled on the web server, if you use a VirtualHost on port 80. But with the permanent redirect he added, all HTTP requests are redirected / rewritten directly to HTTPS. And yes, you are right, port 80 has to be left open for this to work. :slight_smile:

1 Like

lool was changed to cool so itā€™s safe to replace. a working config is posted just 3 posts above!

Hi Martin, nobody knows how your system is build and you should check if there is some special setting you have now or if itā€™s safe to start from scratch using template providedā€¦ I would just compare both files and decide which path to followā€¦

First of all, I want to say thank you to @KarlF12 for making this guide. Youā€™re my saviour because this guide is so thorough. Of course for you guys who joined in this discussion too, thank you. Now I have my nextcloud runs perfectly! (except for svg support)

Okay, now I want to share my experience following this guide. I use Ubuntu 20.04, with split horizon dns using pi hole.

  1. In apache, I only set 001-nextcloud.conf and 999-catchall.conf because I donā€™t have plan to use collabora.

  2. Somehow 999-catchall.conf that Karl provide didnā€™t work. I had to add:

<VirtualHost *:80>
  ServerName localhost
  ServerAlias *
  ...
</VirtualHost>

<VirtualHost _default_:443>
  ServerName localhost
  ServerAlias *
  ...
</VirtualHost>

(I followed this guide: centos - Make Apache server only accept requests to domain rather than IP - Server Fault)

  1. I didnā€™t set COLLABORA_FQDN and NEXTCLOUD_IPADDRESS in .env file. In docker-compose.yml, I removed collabora section and also removed extra_hosts on nextcloud section.

  2. After I ran docker-compose successfully, on host, I changed the data folder ownership to www-data:www-data. Little bit confused at first whether to change ownership on the host or inside the container.

  3. Set alias occ to ~/.bashrc and resolved proxy issue. I also configured default phone region by running this command:

occ config:system:set default_phone_region --value="<Your Country Code>"

  1. For Background jobs, I chose cron and configure hostā€™s cronjob. (I followed this guide: https://blog.mariu5.de/~/MariusBlog/the-easiest-way-to-set-up-cron-for-the-nextcloud-docker-image/).

I would be especially thrilled if you would update it up to Nextcloud 23 :slight_smile:
I am still using your guide with slight modifications for reference :smiley:

You know, Iā€™ve thought about it a few times, but Iā€™m debating whether itā€™s obsolete now with the release of Nextcloud AIO. I havenā€™t actually tried it yet, but it looks promising.

Something I wanted to do if I ever did a rewrite was add the two high performance backends. They have them in AIO, and it would take me a lot of time to reinvent the wheel.

At the moment AIO is not a complete replacement of self build docker(-compose). It must be the only system running e.g. you canā€™t add another software behind AIO reverse proxy, you canā€™t install AIO behind existing reverse proxyā€¦ it needs write access to docker-socket (e.g. root on the host). all this points are known but there is no roadmap.

There is a discussion to use AIO as starting point to build fully customizable docker-compose system

If this works we could have a simple ā€œone-clickā€ AIO and customizable docker-compose for more advanced use casesā€¦

1 Like