Get Rewarded! We will reward you with up to €50 credit on your account for every tutorial that you write and we publish!

Install and Configure Nextcloud Office

profile picture
Author
Alexander Pücker
Published
2024-09-18
Time to read
8 minutes reading time

Introduction

Nextcloud Office is based on Collabora and can be used to view and edit office documents directly inside the Nextcloud web interface.

This tutorial will describe how to install an own Collabora Online server that can be used with a Nextcloud instance. The Collabora Online server will be configured with Let's Encrypt to provide access via a valid SSL connection.

Prerequisites

You need the following things:

  • A server for Collabora
    • Ubuntu 24.04 as OS

      Other Ubuntu versions should work too.

    • A domain/subdomain that points to your planned Collabora server
  • Another server that already has Nextcloud installed

    E.g. Hetzner Cloud App Nextcloud

Example terminology

  • Subdomain for Collabora server: office.example.com
  • Subdomain for Nextcloud server: nextcloud.example.com

Step 1 - Configure Docker Repository

Docker is needed to run the Collabora Docker container. You have to add the Docker GPG key and the Docker repository in order to be able to install Docker:

sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Step 2 - Install Docker

Now install Docker itself:

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io
sudo docker --version

Next, add yourself to the Docker group:

sudo usermod -aG docker <username>

Log out and back in to update your groups.

Step 3 - Start Collabora Container

See CODE Docker image

With Docker installed, you can now start the Collabora Docker container. Set the aliasgroup1 variable to the address of your Nextcloud instance:

docker run -t -d -p 127.0.0.1:9980:9980 -e "aliasgroup1=https://nextcloud.example.com:443" --restart always collabora/code

The newest container is pulled and started. You can check if it is running via docker ps.

Optionally, you can also use Docker Compose. You can find a general guide for it here.

Now check if you can build a connection:

docker ps
docker exec <container_id> curl -vvv -k https://127.0.0.1:9980/hosting/discovery | head -n 10

The output should include HTTP/1.1 200 OK.

In the Docker container, most Collabora files are in /etc/coolwsd and /etc/nginx.

Step 4 - Install Nginx

To make the Collabora container available over the internet, an SSL reverse proxy is used. This tutorial will use Nginx for it.

Install Nginx via command line:

sudo apt update
sudo apt install nginx

Step 5 - Install Let's Encrypt Certbot via Snap

For the network connection, a valid SSL certificate is needed. To generate it, the Let's Encrypt's Certbot is used. Install the Certbot via Snap:

sudo apt install snapd
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Step 6 - Create SSL Certs

Now request the SSL certificates via Certbot and your servers domain:

sudo certbot certonly --nginx -d office.example.com
[...]
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/office.example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/office.example.com/privkey.pem
[...]

Note: Store the paths to the SSL cert and key file as you need them in the next step.

Step 7 - Configure Nginx as Reverse Proxy

Add the following configuration with a text editor of your choice (e.g. nano or vim) to the file /etc/nginx/sites-available/collabora and replace the domain in server_name office.example.com and in both SSL certificate config lines at the top with your own domain:

server {
    listen 443 ssl;
    # modify this three lines with your own domain:
    server_name office.example.com;
    ssl_certificate /etc/letsencrypt/live/office.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/office.example.com/privkey.pem;

    location / {
        proxy_pass https://127.0.0.1:9980;
        proxy_set_header Host $http_host;
    }

    # static files
    location ^~ /browser {
        proxy_pass https://127.0.0.1:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://127.0.0.1:9980;
        proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        proxy_pass https://127.0.0.1:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/cool/(.*)/ws$ {
        proxy_pass https://127.0.0.1:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/(c|l)ool {
        proxy_pass https://127.0.0.1:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /cool/adminws {
        proxy_pass https://127.0.0.1:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

Now restart Nginx to load the new configuration via the following command:

sudo ln -s /etc/nginx/sites-available/collabora /etc/nginx/sites-enabled/collabora
sudo rm -rf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl restart nginx
sudo systemctl enable nginx

Finally, check if you can build a connection:

curl -vvv -k https://office.example.com/hosting/discovery | head -n 10

The output should include HTTP/1.1 200 OK.

Step 8 - Activate Nextcloud Office in Nextcloud

The Collabora server itself is now fully configured and usable. You now have to configure Nextcloud Office within your Nextcloud.

In your Nextcloud, activate the app Nextcloud Office. To do that:

  • Go to the web interface of your Nextcloud
  • Open the app store (user menu top right corner » + Apps)
  • In the left menu bar, select App bundles and search for Nextcloud Office. Download and enable the app Nextcloud Office.

Step 9 - Configure Nextcloud Office App

After the installation of the app, you have to configure it and tell it where your Collabora Online Server is. To do that:

  • Go to the settings of your Nextcloud (user menu top right corner » Administration settings)
  • In the left menu bar, select Nextcloud Office (under Administration).
  • Select Use your own server and add the address of your server (e.g. https://office.example.com).

Nextcloud Collabora Settings

Click on the Save button in order to save the configuration. If everything works correctly, then the settings dialog should show a working connection to your Collabora server.

Additionally, you should configure the Allow list for WOPI requests to only allow the Collabora Server to fetch documents. This setting is located under the Advanced settings and you have to add the IPv4 and IPv6 address of the Collabora server (e.g. 1.2.3.4,2a01:4f8:aaaa:bbbb:cccc::1).

Step 10 - Renew SSL Cert

Let's Encrypt certs are only valid for a few months and then must be renewed. Certbot already has a systemd timer for this and you only need to activate it:

systemctl enable --now snap.certbot.renew.timer

After that your SSL certs automatically get renewed when needed.

Step 11 - Further configuration

For more fine grained configuration, you can copy the coolwsd.xml configuration file to edit it and then mount it.

  • First, copy the config file and adjust the read permissions, so we don't get any errors when mounting it.

    docker cp <container_id>:/etc/coolwsd/coolwsd.xml .
    chmod 644 coolwsd.xml
  • Then, stop and remove the container we started in step 3.

    docker stop <container_id>
    docker rm <container_id>
  • Edit the coolwsd.xml to your liking

  • Finally, start the container again, mounting the local coolwsd.xml as a config file:

    If you dont specify the aliasgroup1 environment variable, you should add your nextcloud domain with an alias group to the config file to limit the access to office.example.com (see the docs)

    docker run -t -d \
      -p 127.0.0.1:9980:9980 \
      -e "aliasgroup1=https://nextcloud.example.com:443" \
      -v ./coolwsd.xml:/etc/coolwsd/coolwsd.xml \
      --restart always collabora/code

Conclusion

You now have configured an own Collabora server and configured your Nextcloud to use it. Each office document should now be opened editable in the web interface.

License: MIT
Want to contribute?

Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!

Report Issue

Discover our

Storage Share

Easily store and share files. Access your data at any time and from any place.

Want to contribute?

Get Rewarded: Get up to €50 credit on your account for every tutorial you write and we publish!

Find out more