Recommend way to setup owncloud with collabora code on linux VServer

Server
1

Hello all,

i currently experimenting with OwnCloud and collabora CODE.

initially i just installed and tested with the quick tryout
that is basically:

  • docker run -d -p 80:80 owncloud
  • docker run -t -d -p 9980:9980 -e "extra_params=--o:ssl.enable=false" collabora/code

i got this to work and happily tested things :slight_smile:
as the page warns this is not meant as production system.

so what is the best way to move forward from this?

i am new to the docker world -
so maybe i will have to learn a bunch of things regarding this :slight_smile:

things i already found
but iam unsure if / what combination is the recommend way…

hope someone can give me tips or links to tutorials & or background information regarding this :slight_smile:

sunny greetings
stefan

target ‘requirements’

  • strato VServer
  • Ubuntu 18.04 LTS 64bit
  • CPU vCores: 4
  • RAM 8 GB
  • 2-5 user
2

I have used nginx-proxy and caddy for this, but you’re linking to traefik in your post.

Anyhow they are all reverse proxies it should basically work the same: put it in front of your owncloud as well as the collabora server.

Then all you have to configure in ownCloud is that your collabora endpoint is traefik, which will then forward you to collabora. And in collabora you will have to adjust the config to have traefik as the reverse proxy that is terminating the SSL connection.

The ownCloud and collabora docker containers don’t even need to have their ports publicly exposed, traefik can do the forwarding to them.

However I don’t have any more detailed instructions so you will have to experiment around a little. Would be cool if you could document your process here how you set it up. :wink:

1 Like
3

Thanks @eneubauer for your respons.

i have experimented a little more and have an 99% working system:

What does not work?
new user email link → the initial set password field on this site uses http and therefore breaks…
i found this thread but it only points to the Traefik docker tutorial.
and currently i have no motivation left to learn and experiment with something new again :wink:
fixed:
add

OWNCLOUD_OVERWRITE_PROTOCOL=HTTPS

to your owncloud-docker-server/docker-compose.yml file in the environment: section.

my apache VirtualHost configs:
cloud.conf

<VirtualHost *:80>
    ServerName cloud.example.de
    Options -Indexes

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =cloud.example.de
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

cloud-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName cloud.example.de:443
    Options -Indexes

    ## letsencrypt
    SSLCertificateFile /etc/letsencrypt/live/cloud.example.de/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/cloud.example.de/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    # Encoded slashes need to be allowed
    AllowEncodedSlashes NoDecode

    # Container uses a unique non-signed certificate
    # SSLProxyEngine On
    # SSLProxyVerify None
    # SSLProxyCheckPeerCN Off
    # SSLProxyCheckPeerName Off

    # keep the host
    ProxyPreserveHost On

    # redirect to owncloud
    ProxyPass           / http://127.0.0.1:8080/ retry=0
    ProxyPassReverse    / http://127.0.0.1:8080/

</VirtualHost>
</IfModule>

lool.conf

<VirtualHost *:80>
    ServerName lool.example.de
    Options -Indexes

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =lool.example.de
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

lool-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName lool.example.de:443
    Options -Indexes

    # letsencrypt
    SSLCertificateFile /etc/letsencrypt/live/lool.example.de/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/lool.example.de/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    # Encoded slashes need to be allowed
    AllowEncodedSlashes NoDecode

    # Container uses a unique non-signed certificate
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off

    # keep the host
    ProxyPreserveHost On

    # basic run check
    # ProxyPass           / http://127.0.0.1:9980/ retry=0
    # ProxyPassReverse    / http://127.0.0.1:9980/

    # static html, js, images, etc. served from loolwsd
    # loleaflet is the client part of Collabora Online
    ProxyPass           /loleaflet http://127.0.0.1:9980/loleaflet retry=0
    ProxyPassReverse    /loleaflet http://127.0.0.1:9980/loleaflet

    # WOPI discovery URL
    ProxyPass           /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
    ProxyPassReverse    /hosting/discovery http://127.0.0.1:9980/hosting/discovery

    # Capabilities
    ProxyPass           /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
    ProxyPassReverse    /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities

    # Main websocket
    ProxyPassMatch "/lool/(.*)/ws$" ws://127.0.0.1:9980/lool/$1/ws nocanon

    # Admin Console websocket
    ProxyPass   /lool/adminws ws://127.0.0.1:9980/lool/adminws

    # Download as, Fullscreen presentation and Image upload operations
    ProxyPass           /lool http://127.0.0.1:9980/lool
    ProxyPassReverse    /lool http://127.0.0.1:9980/lool

</VirtualHost>
</IfModule>

[edit: added virtual host configs]
[edit: fixed http passwort set error]

1 Like
4

I would recommend to just redirect all traffic from port 80/http to port 443/https directly in your apache reverse proxy configuration.
I don’t really see how this breaks, perhaps you get some error messages in the logs you could post here?

5

i added the apache virtuahosts configs.
and i think they just do this :wink:

browser console error:

 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 2 content-script.js:40:65
10:01:08.415 JQMIGRATE: Migrate is installed, version 1.4.0 jquery-migrate.min.js:2:552
10:01:09.739 Password fields present in a form with an insecure (http://) form action. This is a security risk that allows user login credentials to be stolen.
Test1
10:01:35.237 Content Security Policy: The page’s settings blocked the loading of a resource at http://cloud.example.de/setpassword/51nxnxnxnxnxnxnxnxnxn/Test1 (“connect-src”). jquery.min.js:4:14952
10:01:35.237
SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data
setpassword.js:34:27
10:01:35.638 Source map error: Error: JSON.parse: unexpected character at line 1 column 1 of the JSON data
Resource URL: https://cloud.example.de/core/vendor/jquery/dist/jquery.min.js?v=51nxnxnxnxnxnxnxnxnxn
Source Map URL: jquery.min.map

in the owncloud logs i did not find any hint on this at all.

i think i have to tell owncloud in the docker image somehow that it is running behind a reverse proxy…

6

Have a look here:
https://doc.owncloud.com/server/admin_manual/configuration/server/reverse_proxy_configuration.html

Also here is a link to the available environment variables in docker:

1 Like
7

ok now as far as i have tested it seems to work :slight_smile:

OWNCLOUD_OVERWRITE_PROTOCOL=HTTPS

added in the owncloud-docker-server/docker-compose.yml file seems to do the trick.

thanks for your tips.

sunny greetings
stefan

1 Like
8

I wish :slight_smile: