Introduction
Nextcloud Office is based on Collabora and can be used to view and edit office documents directly inside the Nextcloud web interface.
This tutorial will describe how to install an own Collabora Online server that can be used with a Nextcloud instance. The Collabora Online server will be configured with Let's Encrypt to provide access via a valid SSL connection.
Prerequisites
You need the following things:
- A server for Collabora
- Ubuntu 24.04 as OS
Other Ubuntu versions should work too.
- A domain/subdomain that points to your planned Collabora server
- Ubuntu 24.04 as OS
- Another server that already has Nextcloud installed
E.g. Hetzner Cloud App Nextcloud
Example terminology
- Subdomain for Collabora server:
office.example.com - Subdomain for Nextcloud server:
nextcloud.example.com
Step 1 - Configure Docker Repository
Docker is needed to run the Collabora Docker container. You have to add the Docker GPG key and the Docker repository in order to be able to install Docker:
sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/nullStep 2 - Install Docker
Now install Docker itself:
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io
sudo docker --versionNext, add yourself to the Docker group:
sudo usermod -aG docker <username>Log out and back in to update your groups.
Step 3 - Start Collabora Container
With Docker installed, you can now start the Collabora Docker container. Set the domain variable to the address of your Nextcloud instance:
docker run -t -d -p 127.0.0.1:9980:9980 -e "aliasgroup1=https://nextcloud.example.com:443" --restart always collabora/codeThe newest container is pulled and started. You can check if it is running via docker ps.
Optionally, you can also use Docker Compose. You can find a general guide for it here.
Now check if you can build a connection:
docker ps
docker exec <container_id> curl -vvv -k https://127.0.0.1:9980/hosting/discovery | head -n 10The output should include HTTP/1.1 200 OK.
In the Docker container, most Collabora files are in /etc/coolwsd and /etc/nginx.
Step 4 - Install Nginx
To make the Collabora container available over the internet, an SSL reverse proxy is used. This tutorial will use Nginx for it.
Install Nginx via command line:
sudo apt update
sudo apt install nginxStep 5 - Install Let's Encrypt Certbot via Snap
For the network connection, a valid SSL certificate is needed. To generate it, the Let's Encrypt's Certbot is used. Install the Certbot via Snap:
sudo apt install snapd
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbotStep 6 - Create SSL Certs
Now request the SSL certificates via Certbot and your servers domain:
sudo certbot certonly --nginx -d office.example.com
[...]
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/office.example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/office.example.com/privkey.pem
[...]Note: Store the paths to the SSL cert and key file as you need them in the next step.
Step 7 - Configure Nginx as Reverse Proxy
Add the following configuration with a text editor of your choice (e.g. nano or vim) to the file /etc/nginx/sites-available/collabora and replace the domain in server_name office.example.com and in both SSL certificate config lines at the top with your own domain:
server {
listen 443 ssl;
# modify this three lines with your own domain:
server_name office.example.com;
ssl_certificate /etc/letsencrypt/live/office.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/office.example.com/privkey.pem;
location / {
proxy_pass https://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# static files
location ^~ /browser {
proxy_pass https://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# Capabilities
location ^~ /hosting/capabilities {
proxy_pass https://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass https://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/(c|l)ool {
proxy_pass https://127.0.0.1:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /cool/adminws {
proxy_pass https://127.0.0.1:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}Now restart Nginx to load the new configuration via the following command:
sudo ln -s /etc/nginx/sites-available/collabora /etc/nginx/sites-enabled/collabora
sudo rm -rf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl restart nginx
sudo systemctl enable nginxFinally, check if you can build a connection:
curl -vvv -k https://office.example.com/hosting/discovery | head -n 10The output should include HTTP/1.1 200 OK.
Step 8 - Activate Nextcloud Office in Nextcloud
The Collabora server itself is now fully configured and usable. You now have to configure Nextcloud Office within your Nextcloud.
In your Nextcloud, activate the app Nextcloud Office. To do that:
- Go to the web interface of your Nextcloud
- Open the app store (user menu top right corner »
+ Apps) - In the left menu bar, select
App bundlesand search forNextcloud Office. Download and enable the appNextcloud Office.
Step 9 - Configure Nextcloud Office App
After the installation of the app, you have to configure it and tell it where your Collabora Online Server is. To do that:
- Go to the settings of your Nextcloud (user menu top right corner »
Administration settings) - In the left menu bar, select
Nextcloud Office(underAdministration). - Select
Use your own serverand add the address of your server (e.g.https://office.example.com).
Click on the Save button in order to save the configuration. If everything works correctly, then the settings dialog should show a working connection to your Collabora server.
Additionally, you should configure the Allow list for WOPI requests to only allow the Collabora Server to fetch documents. This setting is located under the Advanced settings and you have to add the IPv4 and IPv6 address of the Collabora server (e.g. 1.2.3.4,2a01:4f8:aaaa:bbbb:cccc::1).
Step 10 - Renew SSL Cert
Let's Encrypt certs are only valid for a few months and then must be renewed. Certbot already has a systemd timer for this and you only need to activate it:
systemctl enable --now snap.certbot.renew.timerAfter that your SSL certs automatically get renewed when needed.
Step 11 - Whitelist your Nextcloud instance to access Collabora
Currently, anyone can access office.example.com. This section aims to limit access to nextcloud.example.com.
- Follow this Collabora Online guide to install the required packages.
Open the file /etc/coolwsd/coolwsd.xml and change the alias_groups configuration under the storage section.
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="groups">
<!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
add the hosts below. If one host is accessible under multiple ip addresses
or names, add them as aliases. -->
<group>
<host desc="hostname to allow or deny." allow="true">https://nextcloud.example.com</host>
</group>Conclusion
You now have configured an own Collabora server and configured your Nextcloud to use it. Each office document should now be opened editable in the web interface.