转载本文,实际是解决Collabora Online与dzzoffice连接时,安装Collabora Online后启动报“File not found: /etc/loolwsd/ca-chain.cert.pem”的问题,其实是ssl由true改为false后没有解决
set ssl.termination true
以下是转载原文:
------------------------------------------
This tutorial is going to show you how to install Collabora Online on Ubuntu and then integrate it with an existing Nextcloud server without using Docker.
Collabora Online is a self-hostable and LibreOffice-based open-source online office suite. Its features include:
- Basic editing
- High fidelity, WYSIWYG rendering
- Supports DOC, DOCX, PPT, PPTX, XLS, XLSX, ODF document format
- Import and view Visio, Publisher and 100 more
- Shared Editing
Collabora is a big contributor to the LibreOffice project. All of the Collabora Online codes will be eventually included in LibreOffice.
Note: This tutorial works on Ubuntu 16.04 and Ubuntu 18.04. If you are using another Ubuntu version, you can install Collobaora Online with Docker.
Prerequisites
It’s assumed that you have already set up a Nextcloud server. If you haven’t already done so, you can check out the following guide.
The Collabora Online and Nextcloud server can be on the same machine or on two different machines.
Step 1: Install Collabora Online on Ubuntu From the Official Repository
Collabora has an official package repository for Ubuntu 16.04 and Ubuntu 18.04. Run the following command to add it to your Ubuntu system.
Ubuntu 18.04
echo \'deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-ubuntu1804 ./\' | sudo tee /etc/apt/sources.list.d/collabora.list
Ubuntu 16.04
echo \'deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE ./\' | sudo tee /etc/apt/sources.list.d/collabora.list
Then run the following command to download and import Collabora public key, which allows APT package manager to verify the integrity of packages downloaded from this repository.
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D
Since this repository uses HTTPS connection, we need to install the apt-transport-https and ca-certificates package, so the APT package manager can establish secure connection to the repository.
sudo apt install apt-transport-https ca-certificates
Now update local package index and install Collabora Online. Loolwsd is the LibreOffice Online WebSocket Daemon.
sudo apt update sudo apt install loolwsd code-brand
Step 2: Configure LibreOffice Online WebSocket Daemon
After they are installed, you can check the status of loolwsd.
systemctl status loolwsd
As you can see, it failed to start. We can check journal to see why this happened.
sudo journalctl -eu loolwsd
Sample output:
Apr 21 16:13:06 ubuntu loolwsd[13842]: File not found: /etc/loolwsd/ca-chain.cert.pem Apr 21 16:13:06 ubuntu systemd[1]: loolwsd.service: Main process exited, code=exited, status Apr 21 16:13:06 ubuntu systemd[1]: loolwsd.service: Failed with result \'exit-code\'. Apr 21 16:13:07 ubuntu systemd[1]: loolwsd.service: Service hold-off time over, scheduling r Apr 21 16:13:07 ubuntu systemd[1]: loolwsd.service: Scheduled restart job, restart counter i Apr 21 16:13:07 ubuntu systemd[1]: Stopped LibreOffice Online WebSocket Daemon. Apr 21 16:13:07 ubuntu systemd[1]: loolwsd.service: Start request repeated too quickly. Apr 21 16:13:07 ubuntu systemd[1]: loolwsd.service: Failed with result \'exit-code\'. Apr 21 16:13:07 ubuntu systemd[1]: Failed to start LibreOffice Online WebSocket Daemon.
By default, loolwsd enables TLS connection. However, it didn’t find a TLS certificate file, hence the start failure. It’s better to disable TLS in loolwsd and terminate TLS at a reverse proxy. The loolwsd configuration file is located at /etc/loolwsd/loolwsd.xml. However, it’s an XML file, which is not easy to read and edit. We can use the loolconfig tool to change configurations.
Run the following command to disable TLS in loolwsd.
sudo loolconfig set ssl.enable false
And enable TLS termination at the reverse proxy.
sudo loolconfig set ssl.termination true
By default, loolwsd only allows known hosts to access its service. To allow Nextcloud to access the service, run the following command to add your Nextcloud hostname to the whitelist.
sudo loolconfig set storage.wopi.host nextcloud.example.com
You can also enable the admin account for loolwsd with the following command. You will need to set a username and password for the admin account.
sudo loolconfig set-admin-password
Restart loolwsd for the changes to take effect.
sudo systemctl restart loolwsd
Now it should be running without errors.
systemctl status loolwsd
Output:
Step 3: Set up Reverse Proxy
Nextcloud server requires a TLS certificate on the Collabora Online, so we will need to create a virtual host, give the virtual host a domain name, set up a reverse proxy and install TLS certificate. We can use either Apache or Nginx to achieve this.
Apache
Install Apache web server with the following command:
sudo apt install apache2
Run the following command to create an Apache virtual host file for Collabora Online.
sudo nano /etc/apache2/sites-available/collabora.conf
Put the following text into the file. Replace the domain name with your actual domain name for Collabora Online. Don’t forget to create an A record for this sub-domain.
ServerName collabora.example.com Options -Indexes ErrorLog "/var/log/apache2/collabora_error" # Encoded slashes need to be allowed AllowEncodedSlashes NoDecode # keep the host ProxyPreserveHost On # static html, js, images, etc. served from loolwsd # loleaflet is the client part of Collabora Online ProxyPass /loleaflet http://127.0.0.1:9980/loleaflet retry=0 ProxyPassReverse /loleaflet http://127.0.0.1:9980/loleaflet # WOPI discovery URL ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0 ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery # Capabilities ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0 ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities # Main websocket ProxyPassMatch "/lool/(.*)/ws$" ws://127.0.0.1:9980/lool/$1/ws nocanon # Admin Console websocket ProxyPass /lool/adminws ws://127.0.0.1:9980/lool/adminws # Download as, Fullscreen presentation and Image upload operations ProxyPass /lool http://127.0.0.1:9980/lool ProxyPassReverse /lool http://127.0.0.1:9980/lool
Save and close the file. To be able to proxy traffic using Apache, we need to enable some Apache modules.
sudo a2enmod proxy proxy_wstunnel proxy_http
Enable this virtual host with the following command:
sudo a2ensite collabora.conf
Then restart Apache.
sudo systemctl restart apache2
Nginx
Install Nginx on Ubuntu with the following command:
sudo apt install nginx
Create a virtual host file for Collabora Online.
sudo nano /etc/nginx/conf.d/collabora.conf
Put the following text into the file. Replace the domain name with your actual domain name for Collabora Online. Don’t forget to create an A record for this domain name.
server {
listen 80;
listen [::]:80;
server_name collabora.example.com;
# static files
location ^~ /loleaflet {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass http://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass http://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
Save and close the file. Then test Nginx configurations.
sudo nginx -t
If the test is successful, reload Nginx server.
sudo systemctl reload nginx
Step 4: Obtain and Install TLS Certificate
Now let’s obtain a free TLS certificate from Let’s encrypt. Run the following commands to install Let’s Encrypt client (certbot) from the official certbot PPA.
sudo apt install software-properties-common sudo add-apt-repository ppa:certbot/certbot sudo apt update sudo apt install certbot
If you use Apache web server, then you also need to install the Certbot Apache plugin.
sudo apt install python3-certbot-apache
Then issue the following command to obtain a free TLS/SSL certificate.
sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d collabora.example.com
If you use Nginx web server, then you need to install the Certbot Nginx plugin.
sudo apt install python3-certbot-nginx
Then use the Nginx plugin to obtain and install the certificate by running the following command.
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d collabora.example.com
You will see the following text indicating that you have successfully obtained a TLS certificate.
Final Step: Connect Nextcloud to Collabora Online
In your Nextcloud dashboard, go to the Apps page. Next, go to Office & Text section, find the Collabora Online app, click Download and Enable button.
After this apps is enabled, go to Nextcloud Settings page. Click Collabora Online tab on the left. Enter the domain name of your Collabora Online including https:// prefix, then click Apply button.
Now when you click the add button ( ) in Nextcloud, you will be able to create Word, spreadsheet and presentation documents right from your Nextcloud server.
The loolwsd admin console is available at https://collabora.example.com/loleaflet/dist/admin/admin.html. You need to enter the username and password, which was created at step 2.
文章评论