## Purpose: The Collabora CODE Server is used by Nextcloud Office to open and edit documents and spreadsheets collaboratively. When Nextcloud is not deployed in a [Nextcloud AIO](https://docs.bunny-lab.io/Servers/Containerization/Docker/Compose/Nextcloud-AIO/) way, and is instead installed not as a container, you (may) run into stability issues with Collabora CODE Server just randomly breaking and not allowing users to edit documents. If this happens, you can follow this document to stand-up a dedicated Collabora CODE Server on the same host as your Nextcloud server. !!! info "Assumptions" - It is assumed that you are running an ACME Certificate Bot on your Nextcloud server to generate certificates for Nextcloud. - It is also assumed that you are running Ubuntu Server 24.04.3 LTS. *This document does not outline the process for setting up an ACME Certificate Bot*. - It is lastly assumed that (until changes are made to allow such) this will only work for internal access. Unless you port-forward port `9980` Collabora will not function for public internet-facing access. ### Install Docker and Configure Portainer The first thing you need to do is install Docker then Portainer. You can do this by following the [Portainer Deployment](https://docs.bunny-lab.io/Servers/Containerization/Docker/Deploy%20Portainer/) documentation. ### Portainer Stack ```yaml title="docker-compose.yml" name: app services: code: image: collabora/code container_name: collabora restart: always networks: - collabora-net environment: - domain=${NEXTCLOUD_COLLABORA_URL} - aliasgroup1=${NEXTCLOUD_COLLABORA_URL} - username=${CODESERVER_ADMIN_USER} # Used to login @ https://cloud.bunny-lab.io:9980/browser/dist/admin/admin.html - password=${CODESERVER_ADMIN_PASSWORD} # Used to login @ https://cloud.bunny-lab.io:9980/browser/dist/admin/admin.html # CODE speaks HTTP internally, TLS is terminated at nginx - extra_params=--o:ssl.enable=false --o:ssl.termination=true # no direct port mapping; only reachable via proxy collabora-proxy: image: nginx:alpine container_name: collabora-proxy restart: always depends_on: - code networks: - collabora-net ports: # Host port 9980 -> container port 443 (HTTPS) - "9980:443" volumes: # Our nginx vhost config (this exists outside of the container anywhere you want to put it, by default "/opt/collabora/nginx.conf") - /opt/collabora/nginx.conf:/etc/nginx/conf.d/default.conf:ro # Mount the entire letsencrypt tree so symlinks keep working - /etc/letsencrypt:/etc/letsencrypt:ro networks: collabora-net: driver: bridge ``` ```yaml title=".env" NEXTCLOUD_COLLABORA_URL=cloud\\.bunny-lab\\.io CODESERVER_ADMIN_USER=admin CODESERVER_ADMIN_PASSWORD=ChangeThisPassword ``` ## NGINX Reverse Proxy Configuration If the container does not run on the same host as Traefik, you will need to manually add configuration to Traefik's dynamic config file, outlined below. ```yaml title="/opt/collabora/nginx.conf" map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 443 ssl; server_name cloud.bunny-lab.io; ssl_certificate /etc/letsencrypt/live/cloud.bunny-lab.io/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/cloud.bunny-lab.io/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; # Main proxy to CODE location / { proxy_pass http://collabora:9980; # Required for WebSockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; # Standard headers proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_read_timeout 36000; proxy_connect_timeout 36000; proxy_send_timeout 36000; proxy_buffering off; proxy_request_buffering off; } } ``` ### Configuring Nextcloud Office Now that the Collabora CODE Server was deployed and instructed to use the existing LetsEncrypt SSL Certificates located in `