« Collabora CODE » : différence entre les versions
Aller à la navigation
Aller à la recherche
| Ligne 50 : | Ligne 50 : | ||
<pre> | <pre> | ||
<VirtualHost *:443> | <VirtualHost *:443> | ||
ServerName collabora. | ServerName collabora.domain.tld | ||
Options -Indexes | Options -Indexes | ||
| Ligne 58 : | Ligne 58 : | ||
SSLCertificateChainFile /path/to/intermediate_certificate | SSLCertificateChainFile /path/to/intermediate_certificate | ||
SSLCertificateKeyFile /path/to/private/key | SSLCertificateKeyFile /path/to/private/key | ||
# Encoded slashes need to be allowed | # Encoded slashes need to be allowed | ||
| Ligne 76 : | Ligne 73 : | ||
# static html, js, images, etc. served from loolwsd | # static html, js, images, etc. served from loolwsd | ||
# loleaflet is the client part of Collabora Online | # loleaflet is the client part of Collabora Online | ||
ProxyPass /loleaflet https:// | ProxyPass /loleaflet https://192.168.30.30:9980/loleaflet retry=0 | ||
ProxyPassReverse /loleaflet https:// | ProxyPassReverse /loleaflet https://192.168.30.30:9980/loleaflet | ||
# WOPI discovery URL | # WOPI discovery URL | ||
ProxyPass /hosting/discovery https:// | ProxyPass /hosting/discovery https://192.168.30.30:9980/hosting/discovery retry=0 | ||
ProxyPassReverse /hosting/discovery https:// | ProxyPassReverse /hosting/discovery https://192.168.30.30:9980/hosting/discovery | ||
# Capabilities | # Capabilities | ||
ProxyPass /hosting/capabilities https:// | ProxyPass /hosting/capabilities https://192.168.30.30:9980/hosting/capabilities retry=0 | ||
ProxyPassReverse /hosting/capabilities https:// | ProxyPassReverse /hosting/capabilities https://192.168.30.30:9980/hosting/capabilities | ||
# Main websocket | # Main websocket | ||
ProxyPassMatch "/lool/(.*)/ws$" wss:// | ProxyPassMatch "/lool/(.*)/ws$" wss://192.168.30.30:9980/lool/$1/ws nocanon | ||
# Admin Console websocket | # Admin Console websocket | ||
ProxyPass /lool/adminws wss:// | ProxyPass /lool/adminws wss://192.168.30.30:9980/lool/adminws | ||
# Download as, Fullscreen presentation and Image upload operations | # Download as, Fullscreen presentation and Image upload operations | ||
ProxyPass /lool https:// | ProxyPass /lool https://192.168.30.30:9980/lool | ||
ProxyPassReverse /lool https:// | ProxyPassReverse /lool https://192.168.30.30:9980/lool | ||
</VirtualHost> | </VirtualHost> | ||
</pre> | </pre> | ||
Version du 23 janvier 2020 à 16:49
Exemple d'installation de Collabora CODE sur un serveur/vm dédié, accessible derrière un serveur proxy situé sur votre instance nextcloud.
Nextcloud est donc installé sur un autre serveur/vm.
L'accès à l'instance Collabora se fera via un serveur proxy situé sur le serveur/vm hébergeant nextcloud.
Installation et configuration de Collabora CODE sur la VM dédié à Collabora
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D echo 'deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian9 ./' >> /etc/apt/sources.list aptitude update aptitude install loolwsd code-brand
Génération du certificat (basé sur https://github.com/CollaboraOnline/Docker-CODE/blob/master/scripts/start-libreoffice.sh)
openssl genrsa -out /etc/loolwsd/root.key.pem 2048 openssl req -x509 -new -nodes -key /etc/loolwsd/root.key.pem -days 9131 -out /etc/loolwsd/ca-chain.cert.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=Dummy Authority" openssl genrsa -out /etc/loolwsd/key.pem 2048 -key /etc/loolwsd/key.pem openssl req -key /etc/loolwsd/key.pem -new -sha256 -out /etc/loolwsd/localhost.csr.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost" openssl x509 -req -in /etc/loolwsd/localhost.csr.pem -CA /etc/loolwsd/ca-chain.cert.pem -CAkey /etc/loolwsd/root.key.pem -CAcreateserial -out /etc/loolwsd/cert.pem -days 9131
Sécurisation du certificat
chgrp lool /etc/loolwsd/key.pem chmod g+r /etc/loolwsd/key.pem
Modification de la configuration :
domain="nextcloud\\\.domain\\\.tld"
perl -pi -e "s/localhost<\/host>/${domain}<\/host>/g" /etc/loolwsd/loolwsd.xml
loolconfig set-admin-password
Note sur loolwsd.xml :
- Les IP/hosts dans storage/wopi peuvent toutes êtres supprimées sauf nextcloud\.domain\.tld
- Les IPs dans net/post_allow peuvent toutes êtres supprimées au profit de l'adresse IP du proxy
Relancez le service :
systemctl restart loolwsd
Sur le serveur nextcloud
Exemple de proxy apache
<VirtualHost *:443> ServerName collabora.domain.tld Options -Indexes # SSL configuration, you may want to take the easy route instead and use Lets Encrypt! SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Encoded slashes need to be allowed AllowEncodedSlashes NoDecode # Container uses a unique non-signed certificate SSLProxyEngine On SSLProxyVerify None SSLProxyCheckPeerCN Off SSLProxyCheckPeerName Off # keep the host ProxyPreserveHost On # static html, js, images, etc. served from loolwsd # loleaflet is the client part of Collabora Online ProxyPass /loleaflet https://192.168.30.30:9980/loleaflet retry=0 ProxyPassReverse /loleaflet https://192.168.30.30:9980/loleaflet # WOPI discovery URL ProxyPass /hosting/discovery https://192.168.30.30:9980/hosting/discovery retry=0 ProxyPassReverse /hosting/discovery https://192.168.30.30:9980/hosting/discovery # Capabilities ProxyPass /hosting/capabilities https://192.168.30.30:9980/hosting/capabilities retry=0 ProxyPassReverse /hosting/capabilities https://192.168.30.30:9980/hosting/capabilities # Main websocket ProxyPassMatch "/lool/(.*)/ws$" wss://192.168.30.30:9980/lool/$1/ws nocanon # Admin Console websocket ProxyPass /lool/adminws wss://192.168.30.30:9980/lool/adminws # Download as, Fullscreen presentation and Image upload operations ProxyPass /lool https://192.168.30.30:9980/lool ProxyPassReverse /lool https://192.168.30.30:9980/lool </VirtualHost>