Add Servers/Containerization/Docker/Compose/Collabora CODE Server.md
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 7s
All checks were successful
GitOps Automatic Deployment / GitOps Automatic Deployment (push) Successful in 7s
This commit is contained in:
101
Servers/Containerization/Docker/Compose/Collabora CODE Server.md
Normal file
101
Servers/Containerization/Docker/Compose/Collabora CODE Server.md
Normal file
@@ -0,0 +1,101 @@
|
||||
## Purpose:
|
||||
The Collabora CODE Server is used by Nextcloud Office to open and edit documents and spreadsheets collaboratively. When Nextcloud is not deployed in a [Nextcloud AIO](https://docs.bunny-lab.io/Servers/Containerization/Docker/Compose/Nextcloud-AIO/) way, and is instead installed not as a container, you (may) run into stability issues with Collabora CODE Server just randomly breaking and not allowing users to edit documents. If this happens, you can follow this document to stand-up a dedicated Collabora CODE Server on the same host as your Nextcloud server.
|
||||
|
||||
!!! info "Assumptions"
|
||||
|
||||
- It is assumed that you are running an ACME Certificate Bot on your Nextcloud server to generate certificates for Nextcloud.
|
||||
- It is also assumed that you are running Ubuntu Server 24.04.3 LTS. *This document does not outline the process for setting up an ACME Certificate Bot*.
|
||||
- It is lastly assumed that (until changes are made to allow such) this will only work for internal access. Unless you port-forward port `9980` Collabora will not function for public internet-facing access.
|
||||
|
||||
### Install Docker and Configure Portainer
|
||||
The first thing you need to do is install Docker then Portainer. You can do this by following the [Portainer Deployment](https://docs.bunny-lab.io/Servers/Containerization/Docker/Deploy%20Portainer/) documentation.
|
||||
|
||||
### Portainer Stack
|
||||
```yaml title="docker-compose.yml"
|
||||
name: app
|
||||
services:
|
||||
code:
|
||||
image: collabora/code
|
||||
container_name: collabora
|
||||
restart: always
|
||||
networks:
|
||||
- collabora-net
|
||||
environment:
|
||||
- domain=${NEXTCLOUD_COLLABORA_URL}
|
||||
- aliasgroup1=${NEXTCLOUD_COLLABORA_URL}
|
||||
- username=${CODESERVER_ADMIN_USER} # Used to login @ https://cloud.bunny-lab.io:9980/browser/dist/admin/admin.html
|
||||
- password=${CODESERVER_ADMIN_PASSWORD} # Used to login @ https://cloud.bunny-lab.io:9980/browser/dist/admin/admin.html
|
||||
# CODE speaks HTTP internally, TLS is terminated at nginx
|
||||
- extra_params=--o:ssl.enable=false --o:ssl.termination=true
|
||||
# no direct port mapping; only reachable via proxy
|
||||
|
||||
collabora-proxy:
|
||||
image: nginx:alpine
|
||||
container_name: collabora-proxy
|
||||
restart: always
|
||||
depends_on:
|
||||
- code
|
||||
networks:
|
||||
- collabora-net
|
||||
ports:
|
||||
# Host port 9980 -> container port 443 (HTTPS)
|
||||
- "9980:443"
|
||||
volumes:
|
||||
# Our nginx vhost config (this exists outside of the container anywhere you want to put it, by default "/opt/collabora/nginx.conf")
|
||||
- /opt/collabora/nginx.conf:/etc/nginx/conf.d/default.conf:ro
|
||||
|
||||
# Mount the entire letsencrypt tree so symlinks keep working
|
||||
- /etc/letsencrypt:/etc/letsencrypt:ro
|
||||
|
||||
networks:
|
||||
collabora-net:
|
||||
driver: bridge
|
||||
```
|
||||
|
||||
```yaml title=".env"
|
||||
NEXTCLOUD_COLLABORA_URL=cloud\\.bunny-lab\\.io
|
||||
CODESERVER_ADMIN_USER=admin
|
||||
CODESERVER_ADMIN_PASSWORD=ChangeThisPassword
|
||||
```
|
||||
|
||||
## NGINX Reverse Proxy Configuration
|
||||
If the container does not run on the same host as Traefik, you will need to manually add configuration to Traefik's dynamic config file, outlined below.
|
||||
```yaml title="/opt/collabora/nginx.conf"
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name cloud.akafs.org;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/cloud.akafs.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/cloud.akafs.org/privkey.pem;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
# Main proxy to CODE
|
||||
location / {
|
||||
proxy_pass http://collabora:9980;
|
||||
|
||||
# Required for WebSockets
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
# Standard headers
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
|
||||
proxy_read_timeout 36000;
|
||||
proxy_connect_timeout 36000;
|
||||
proxy_send_timeout 36000;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
}
|
||||
```
|
||||
Reference in New Issue
Block a user