Prerequisites
- A XCA PKI database https://youtu.be/ezzj3x207lQ
Installing Collabora Office
- Log into the Linux device
- Run the following commands in a terminal:
# install signing key
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D
# add software repository
sudo echo 'deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian10 ./' >> sudo /etc/apt/sources.list
# update software repositories
sudo apt update
# install loolwsd and code-brand
sudo apt install loolwsd code-brand
# enable required Apache modules
sudo a2enmod proxy proxy_wstunnel proxy_http ssl
Creating SSL Certificates
- Launch XCA
- Open the PKI database if it is not already (File > Open DataBase), enter password
- Click on the Certificates tab, right click on your Intermediate CA certificate
- Select New
- On the Source tab, make sure Use this Certificate for signing is selected
- Verify your Intermediate CA certificate is selected from the drop down
- Click the Subject tab
- Complete the Distinguished Name section
internalName: nettools.i12bretro.local
countryName: US
stateOrProvinceName: Virginia
localityName: Northern
organizationName: i12bretro
organizationUnitName: i12bretro Certificate Authority
commonName: nettools.i12bretro.local - Click the Generate a New Key button
- Enter a name and set the key size to at least 2048
- Click Create
- Click on the Extensions tab
- Select End Entity from the type list
- Click Edit next to Subject Alternative Name
- Add any DNS or IP addresses that the certificate will identify
- Update the validity dates to fit your needs
- Click the Key Usage tab
- Under Key Usage select Digital Signature, Key Encipherment
- Under Extended Key Usage select Web Server and Web Client Authentication
- Click the Netscape tab
- Select SSL Server
- Click OK to create the certificate
Exporting Required Files
- In XCA, click on the Certificates tab
- Right click the Intermediate CA certificate > Export > File
- Set the file name CA.pem and verify the export format is PEM chain (*.pem)
- Click OK
- Right click the SSL certificate > Export > File
- Set the file name with a .crt extension and verify the export format is PEM (*.crt)
- Click OK
- Click the Private Keys tab
- Right click the private key generated for the SSL certificate > Export > File
- Set the file name with a .key extension and verify the export format is PEM private (*.pem)
- Click OK
Applying the Certificates
- Download WinSCP Download
- Extract WinSCP and run the executable
- Connect to the Collabora Online server via WinSCP
- Copy the created .crt, .key and .pem files to ~/
- On the Collabora Online server, run the following command in a terminal
sudo cp ~/nettools.i12bretro.local.crt /etc/ssl/certs/
sudo cp ~/nettools.i12bretro.local.key /etc/ssl/certs/
sudo cp ~/CA.pem /etc/ssl/certs/
# edit the configuration file
sudo nano /etc/loolwsd/loolwsd.xml - Edit the loolwsd.xml file, find the SSL block and update the cert_file_path, key_file_path and ca_file_path values
<cert_file_path desc="Path to the cert file" relative="false">/etc/ssl/certs/nettools.i12bretro.local.crt</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/ssl/certs/nettools.i12bretro.local.key</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/ssl/certs/CA.pem</ca_file_path> - Press CTRL+W and search for <wopi
- Add a new host for the DNS name of the ownCloud server
<host allow=true">nettools.i12bretro.local</host>
- Press CTRL+O, Enter, CTRL+X
- Continue the configuration by running the following commands in terminal:
# create CODE proxy configuration file
sudo nano /etc/apache2/conf-available/code.conf - Paste the following into code.conf
Options -Indexes
#Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off# keep the host
ProxyPreserveHost On# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of Collabora Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery# Capabilities
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool - Press CTRL+O, Enter, CTRL+X to save the changes and exit nano
- Continue the configuration by running the following commands in terminal:
# edit default SSL configuration file
sudo nano /etc/apache2/sites-available/default-ssl.conf - Add the following line just above the </VirtualHost tag
Include /etc/apache2/conf-available/code.conf
- Press CTRL+O, Enter, CTRL+X
- Continue the configuration by running the following commands in terminal:
# edit ownCloud configuration file
sudo nano /var/www/owncloud/config/config.php - Find the trusted_domains array and add the DNS used for the SSL certificate
- Press CTRL+O, Enter, CTRL+X
- Continue with the following commands to restart loolwsd and apache2 to apply the changes:
sudo systemctl restart loolwsd apache2
- Open a web browser and navigate to https://DNS:9980
- If everything is working as expected the message OK should be shown
Adding Collabora Office to ownCloud
- Log into ownCloud with an administrative user
- Click the hamburger menu in the top left corner > Market
- Click Integration under the Categories heading
- Find and click on Collabora Online
- Click the Install button
- Once the installation completes, click the username dropdown > Settings
- Select Admin > Additional from the left navigation menu
- Enter the DNS name for the Collabora Online server URL
- Click Apply
- If the above option does not appear, you can complete the same terminal by running:
cd /var/www/owncloud
sudo -u www-data php occ config:app:set --value https://nettools.i12bretro.local:9980 richdocuments wopi_url
Source: https://www.collaboraoffice.com/code/linux-packages/