search

mailcow / mailcow-dockerized

mailcow: dockerized - 🐮 + 🐋 = 💕
https://mailcow.email
GNU General Public License v3.0
8.75k stars 1.17k forks source link

Nextcloud enhancements #1760

Open seppeel opened 6 years ago

seppeel commented 6 years ago

Hi!

Thanks for your great work! I have some feature requests regarding nextcloud

Greetings seppel

Braintelligence commented 6 years ago

@seppeel One reason for non-auto upgrades could be, that upgrading within the docker container might not make any sense. Normally you want to keep the versioning of the underlying software within a docker image, so if you would want to upgrade from nextcloud 13 to 14 you would pull a new container which would migrate the existing data, if necessary.

If you upgrade manually you might need to do it everytime you pull a new minor version, if the next major version isn't used for the chosen docker image yet. That's a problem I ran into with Piwik/Matomo images all the time.

mitchellurgero commented 6 years ago

The docker container takes care of nextcloud updates already everytime the container is started it uses the nextcloud:latest tag keeping it up-to-date with Docker's images.

For Collabora, you can use a docker-compose.override.yml for that too.

seppeel commented 6 years ago

oh, ok. so everytime the container is restarted, i should get the nextcloud installation updated? (except major upgrades) thats a good solution, nice. i will try to mess a bit around with a docker-compose.override.yml for collabora online :)

i would love to see collabora online as an optional part of the helper-script for nextcloud, but i would understand if you draw the line for nextcloud stuff here and dont think about adding this. then just close this :)

mitchellurgero commented 6 years ago

@seppeel If the container was updated with the latest version of Nextcloud then yes. That's the beauty behind docker. Minimal management of packages :)

As for collabora - I am not a maintainer of Mailcow. I am only a user. So it's up to the maintainers to decide that. That being said the setup for collabora's docker container (https://www.collaboraoffice.com/code/) is simple to install (never done this, but looks easy enough from their install instructions)

tisoft commented 6 years ago

For integrating Collabora into my Mailcow setup I used the following docker-compose.override.yml file next to the existing docker-compose.yml file from mailcow.

version: '2.1'
services:

    nginx-mailcow:
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
          aliases:
            - phpfpm

    php-fpm-mailcow:
      extra_hosts:
        - "collabora.my-domain.de:${IPV4_NETWORK:-172.22.1}.253"

    collabora:
      image: collabora/code
      container_name: collabora
      cap_add:
        - MKNOD
      environment:
        - domain=cloud.my-domain.de
        - dictionaries=de_DE
      networks:
        - mailcow-network
      extra_hosts:
        - "cloud.my-domain.de:${IPV4_NETWORK:-172.22.1}.253"

I needed to use a fixed IP value for the nginx container, and add host aliases for it in the php-fpm-mailcow and collabora containers. Otherwise the communication didn't work for me. This setup is a bit older, so it might not be necessary to do it like this anymore. Nextcloud was installed into the nginx/php-fpm containers by the provided helper script.

Braintelligence commented 6 years ago

Watch out for hardware requirements-implications when using collabora CODE, tho. I think it was pretty RAM-hungry.

seppeel commented 6 years ago

wow thats nice, thank you.

Watch out for hardware requirements-implications when using collabora CODE, tho. I think it was pretty RAM-hungry.

thats right. my vm is too small right now for that. you will need at least 4gb ram for mailcow + collabora CODE.

doeminik commented 5 years ago

Hi, is there a way to get collabora work inside mailcow? I have a docker-compose.override.yml with this configuration:

    collabora-mailcow:
      image: collabora/code
      container_name: collabora
      cap_add:
        - MKNOD
      environment:
        - domain=office.domain.de
        - dictionaries=de_DE
      dns:
        - 172.22.1.254
      dns_search: mailcow-network
      networks:
        mailcow-network:
          aliases:
            - collabora

an /opt/mailcow-dockerized/data/conf/nginx/collabora.conf

upstream collabora {
  server collabora-mailcow:9980;
}

map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

and a new location at the mailcow site /opt/mailcow-dockerized/data/conf/nginx/site.collabora.custom

location /loleaflet {
proxy_http_version 1.1;
proxy_set_header Host              $http_host;
proxy_set_header X-Real-IP         $remote_addr;
proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout                 900;
proxy_set_header Connection "";
proxy_buffers 32 4k;
proxy_pass http://localhost:9980;
}

location /hosting/discovery {
proxy_set_header Host $http_host;
proxy_pass http://localhost:9980;
}

location /lool {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /hosting/capabilities {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}

everything is up, nexcloud url configured but i can't open any document: Failed to load Collabora Online - please try again later

thx

tisoft commented 5 years ago

@doeminik Try setting a fixed IP for the proxy and adding extra hosts inside the php-fpm and collabora containers, to map the external DNS to the internal IP, like I posted it here: https://github.com/mailcow/mailcow-dockerized/issues/1760#issuecomment-424667172

doeminik commented 5 years ago

@tisoft i tried it already without success. Did you had in your configuration also ngix reverse proxy configured or just used the docker-compose.override.yml ?

tisoft commented 5 years ago

This is my nxing configuraton for collabora

map $http_x_forwarded_proto $client_req_scheme_nc {
     default $scheme;
     https https;
}

server {
  include /etc/nginx/conf.d/listen_ssl.active;
  include /etc/nginx/mime.types;
  charset utf-8;
  override_charset on;

  ssl on;
  ssl_certificate /etc/ssl/mail/cert.pem;
  ssl_certificate_key /etc/ssl/mail/key.pem;
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:50m;
  ssl_session_timeout 1d;
  ssl_session_tickets off;
  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Robots-Tag none;
  add_header X-Download-Options noopen;
  add_header X-Permitted-Cross-Domain-Policies none;
  add_header X-Frame-Options "SAMEORIGIN";

  server_name collabora.my-domain.de;

    # static files
    location ^~ /loleaflet {
        proxy_pass https://collabora:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://collabora:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        proxy_pass https://collabora:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        proxy_pass https://collabora:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        proxy_pass https://collabora:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}
pcace commented 3 years ago

Hi, i am trying to get Collabora working too with Nextcloud. I am happy that you seem to have it working - but can you give me a little tiny howto of how you got there? I am very new to docker and mailcow, so any help would be great!!

Thanky you so much!

bstaeheli commented 3 years ago

At moment I had to deactivate this setup, cause the fixed IP address results in a address conflict with postfix / nginx.

krono commented 2 years ago

I have a working mailcow+nc+collabora-setting now:

Assumptions

Certificate

Add $COLLABORA_DOMAIN to ADDITIONAL_SAN in mailcow.conf.

perl -pi -e "s/^ADDITIONAL_SAN.+\$/\$&,$COLLABORA_DOMAIN/" /opt/mailcow-dockerized/mailcow.conf

Docker

Add the image as part of the service stuff.

version: '2.1' # if neccesary
services: #if neccesary
  collabora-mailcow:
    image: collabora/code
    privileged: true
    security_opt:
      - label=disable
    cap_add:
      - MKNOD
    environment:
      - aliasgroup1=https://$COLLABORA_DOMAIN:443
      - dictionaries= # configure to need
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true
      - TZ=${TZ}
    dns:
      - ${IPV4_NETWORK:-172.22.1}.254
    dns_search: mailcow-network
    networks:
      mailcow-network:
        aliases:
          - collabora

Notes:

NGINX

The nginx config is based on the nextcloud.conf generated by the helper script but slightly adapted. It also draws from the official nginx configuration but some rules have been simplified

/opt/mailcow-dockerized/data/conf/nginx/collabora.conf

# -*- mode: conf-space; -*-
upstream collabora {
  server collabora:9980;
}

map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

server {
  include /etc/nginx/conf.d/listen_ssl.active;
  # "plain" omitted, would interfere with ACME
  include /etc/nginx/mime.types;
  charset utf-8;
  override_charset on;

  # this is from the nextcloud and mailcow defaults
  ssl_certificate /etc/ssl/mail/cert.pem;
  ssl_certificate_key /etc/ssl/mail/key.pem;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
  ssl_session_cache shared:SSL:50m;
  ssl_session_timeout 1d;
  ssl_session_tickets off;
  add_header Referrer-Policy "no-referrer" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header X-Download-Options "noopen" always;
  add_header X-Frame-Options "SAMEORIGIN" always;
  add_header X-Permitted-Cross-Domain-Policies "none" always;
  add_header X-Robots-Tag "none" always;
  add_header X-XSS-Protection "1; mode=block" always;

  server_name $COLLABORA_DOMAIN;

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  gzip on;
  gzip_vary on;
  gzip_comp_level 4;
  gzip_min_length 256;
  gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
  gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
  set_real_ip_from fc00::/7;
  set_real_ip_from 10.0.0.0/8;
  set_real_ip_from 172.16.0.0/12;
  set_real_ip_from 192.168.0.0/16;
  real_ip_header X-Forwarded-For;
  real_ip_recursive on;

  # This is from the collabora docs but simplified.
  # main websocket
  location ~ ^/cool/(.*)/ws$ {
    proxy_pass http://collabora;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
  }

  # static files
  location /browser {
    proxy_pass http://collabora;
    proxy_set_header Host $http_host;
  }

  # WOPI discovery URL
  location /hosting/discovery {
    proxy_pass http://collabora;
    proxy_set_header Host $http_host;
  }

  # Capabilities
  location /hosting/capabilities {
    proxy_pass http://collabora;
    proxy_set_header Host $http_host;
  }

  # download, presentation and image upload
  location /cool {
    proxy_pass http://collabora;
    proxy_set_header Host $http_host;
  }
  location /lool {
    proxy_pass http://collabora;
    proxy_set_header Host $http_host;
  }

  # Admin Console websocket
  location /cool/adminws {
    proxy_pass http://collabora;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $http_host;
    proxy_read_timeout 36000s;
  }

Startup

docker compose up -d should just do fine

Nextcloud

Enable the Collabora app (NOT the CODE) app and put the resulting url (from https://$COLLABORA_DOMAIN:443 in the server field. (With port, i think).

ghost commented 1 year ago

Unfortunately, the issue still persists. After creating the .conf file, all HTTPS requests to the servers are being dropped.

Update: I did some experimentation with the docker-compose.override.yml file and checked out the nextcloud-aio project. I was able to successfully connect to the mailcow docker network. I'll share my configuration in the coming days.

Update2: It's doesn't work : /