« Collabora CODE » : différence entre les versions
Aucun résumé des modifications |
Aucun résumé des modifications |
||
Ligne 9 : | Ligne 9 : | ||
=Installation et configuration de Collabora CODE sur la VM dédié à Collabora= | =Installation et configuration de Collabora CODE sur la VM dédié à Collabora= | ||
https://www.collaboraoffice.com/code/linux-packages/ | |||
<pre> | |||
cd /usr/share/keyrings | |||
sudo wget https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg | |||
</pre> | |||
Créez le fichier <code>/etc/apt/sources.list.d/collaboraonline.sources</code> contenant : | |||
<pre> | |||
Types: deb | |||
URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian11 | |||
Suites: ./ | |||
Signed-By: /usr/share/keyrings/collaboraonline-release-keyring.gpg | |||
</pre> | |||
<pre> | <pre> | ||
apt | apt update | ||
apt install coolwsd code-brand | |||
</pre> | </pre> | ||
Génération du certificat (basé sur https://github.com/CollaboraOnline/Docker-CODE/blob/master/scripts/start-libreoffice.sh) | Génération du certificat (basé sur https://github.com/CollaboraOnline/Docker-CODE/blob/master/scripts/start-libreoffice.sh) | ||
<pre> | <pre> | ||
openssl genrsa -out /etc/ | openssl genrsa -out /etc/coolwsd/root.key.pem 2048 | ||
openssl req -x509 -new -nodes -key /etc/ | openssl req -x509 -new -nodes -key /etc/coolwsd/root.key.pem -days 9131 -out /etc/coolwsd/ca-chain.cert.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=Dummy Authority" | ||
openssl genrsa -out /etc/ | openssl genrsa -out /etc/coolwsd/key.pem 2048 -key /etc/coolwsd/key.pem | ||
openssl req -key /etc/ | openssl req -key /etc/coolwsd/key.pem -new -sha256 -out /etc/coolwsd/localhost.csr.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost" | ||
openssl x509 -req -in /etc/ | openssl x509 -req -in /etc/coolwsd/localhost.csr.pem -CA /etc/coolwsd/ca-chain.cert.pem -CAkey /etc/coolwsd/root.key.pem -CAcreateserial -out /etc/coolwsd/cert.pem -days 9131 | ||
</pre> | </pre> | ||
Sécurisation du certificat | Sécurisation du certificat | ||
<pre> | <pre> | ||
chgrp | chgrp cool /etc/coolwsd/key.pem | ||
chmod g+r /etc/ | chmod g+r /etc/coolwsd/key.pem | ||
</pre> | </pre> | ||
Version du 12 décembre 2021 à 11:14
Exemple d'installation de Collabora CODE sur un serveur/vm dédié, accessible derrière un serveur proxy situé sur votre instance nextcloud.
Nextcloud est donc installé sur un autre serveur/vm.
L'accès à l'instance Collabora se fera via un serveur proxy situé sur le serveur/vm hébergeant nextcloud.
Dans cet exemple:
- la VM collabora a l'IP 192.168.30.30
- VM nextcloud a l'IP 192.168.30.15 ainsi qu'une IP publique accessible depuis internet (188.165.180.60, avec l'hostname nextcloud.domain.tld)
- L'hostname collabora.domain.tld renvoi lui aussi vers l'ip publique de nextcloud (188.165.180.60)
Installation et configuration de Collabora CODE sur la VM dédié à Collabora
https://www.collaboraoffice.com/code/linux-packages/
cd /usr/share/keyrings sudo wget https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg
Créez le fichier /etc/apt/sources.list.d/collaboraonline.sources
contenant :
Types: deb URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian11 Suites: ./ Signed-By: /usr/share/keyrings/collaboraonline-release-keyring.gpg
apt update apt install coolwsd code-brand
Génération du certificat (basé sur https://github.com/CollaboraOnline/Docker-CODE/blob/master/scripts/start-libreoffice.sh)
openssl genrsa -out /etc/coolwsd/root.key.pem 2048 openssl req -x509 -new -nodes -key /etc/coolwsd/root.key.pem -days 9131 -out /etc/coolwsd/ca-chain.cert.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=Dummy Authority" openssl genrsa -out /etc/coolwsd/key.pem 2048 -key /etc/coolwsd/key.pem openssl req -key /etc/coolwsd/key.pem -new -sha256 -out /etc/coolwsd/localhost.csr.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost" openssl x509 -req -in /etc/coolwsd/localhost.csr.pem -CA /etc/coolwsd/ca-chain.cert.pem -CAkey /etc/coolwsd/root.key.pem -CAcreateserial -out /etc/coolwsd/cert.pem -days 9131
Sécurisation du certificat
chgrp cool /etc/coolwsd/key.pem chmod g+r /etc/coolwsd/key.pem
Modification de la configuration :
domain="nextcloud\\\.domain\\\.tld" perl -pi -e "s/localhost<\/host>/${domain}<\/host>/g" /etc/loolwsd/loolwsd.xml
loolconfig set-admin-password
Note sur loolwsd.xml :
- Les IP/hosts dans storage/wopi peuvent toutes êtres supprimées sauf nextcloud\.domain\.tld (avec les \)
- Les IPs dans net/post_allow peuvent toutes êtres supprimées au profit de l'adresse IP du proxy (192.168.30.15)
Relancez le service :
systemctl restart loolwsd
Sur le serveur nextcloud
Exemple de proxy apache
Notez que cette configuration est valide si votre instance Collabora utilise un certificat SSL (autosigné ou non). Reportez vous à https://www.collaboraoffice.com/code/apache-reverse-proxy/ pour les autres cas de figure.
<VirtualHost *:443> ServerName collabora.domain.tld Options -Indexes # SSL configuration, you may want to take the easy route instead and use Lets Encrypt! SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Encoded slashes need to be allowed AllowEncodedSlashes NoDecode # Container uses a unique non-signed certificate SSLProxyEngine On SSLProxyVerify None SSLProxyCheckPeerCN Off SSLProxyCheckPeerName Off # keep the host ProxyPreserveHost On # static html, js, images, etc. served from loolwsd # loleaflet is the client part of Collabora Online ProxyPass /loleaflet https://192.168.30.30:9980/loleaflet retry=0 ProxyPassReverse /loleaflet https://192.168.30.30:9980/loleaflet # WOPI discovery URL ProxyPass /hosting/discovery https://192.168.30.30:9980/hosting/discovery retry=0 ProxyPassReverse /hosting/discovery https://192.168.30.30:9980/hosting/discovery # Capabilities ProxyPass /hosting/capabilities https://192.168.30.30:9980/hosting/capabilities retry=0 ProxyPassReverse /hosting/capabilities https://192.168.30.30:9980/hosting/capabilities # Main websocket ProxyPassMatch "/lool/(.*)/ws$" wss://192.168.30.30:9980/lool/$1/ws nocanon # Admin Console websocket ProxyPass /lool/adminws wss://192.168.30.30:9980/lool/adminws # Download as, Fullscreen presentation and Image upload operations ProxyPass /lool https://192.168.30.30:9980/lool ProxyPassReverse /lool https://192.168.30.30:9980/lool </VirtualHost>
Configuration de l'application Collabora de Nextcloud
- Définissez l'hostname à
https://collabora.domain.tld
- cochez la case
Disable certificate verification
si votre proxy utilise un certificat autosigné
Une page d'administration de l'instance collabora est accessible à https://collabora.domain.tld/loleaflet/dist/admin/admin.html