Open seppeel opened 6 years ago
@seppeel One reason for non-auto upgrades could be, that upgrading within the docker container might not make any sense. Normally you want to keep the versioning of the underlying software within a docker image, so if you would want to upgrade from nextcloud 13 to 14 you would pull a new container which would migrate the existing data, if necessary.
If you upgrade manually you might need to do it everytime you pull a new minor version, if the next major version isn't used for the chosen docker image yet. That's a problem I ran into with Piwik/Matomo images all the time.
The docker container takes care of nextcloud updates already everytime the container is started it uses the nextcloud:latest tag keeping it up-to-date with Docker's images.
For Collabora, you can use a docker-compose.override.yml for that too.
oh, ok. so everytime the container is restarted, i should get the nextcloud installation updated? (except major upgrades) thats a good solution, nice. i will try to mess a bit around with a docker-compose.override.yml for collabora online :)
i would love to see collabora online as an optional part of the helper-script for nextcloud, but i would understand if you draw the line for nextcloud stuff here and dont think about adding this. then just close this :)
@seppeel If the container was updated with the latest version of Nextcloud then yes. That's the beauty behind docker. Minimal management of packages :)
As for collabora - I am not a maintainer of Mailcow. I am only a user. So it's up to the maintainers to decide that. That being said the setup for collabora's docker container (https://www.collaboraoffice.com/code/) is simple to install (never done this, but looks easy enough from their install instructions)
For integrating Collabora into my Mailcow setup I used the following docker-compose.override.yml
file next to the existing docker-compose.yml
file from mailcow.
version: '2.1'
services:
nginx-mailcow:
networks:
mailcow-network:
ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
aliases:
- phpfpm
php-fpm-mailcow:
extra_hosts:
- "collabora.my-domain.de:${IPV4_NETWORK:-172.22.1}.253"
collabora:
image: collabora/code
container_name: collabora
cap_add:
- MKNOD
environment:
- domain=cloud.my-domain.de
- dictionaries=de_DE
networks:
- mailcow-network
extra_hosts:
- "cloud.my-domain.de:${IPV4_NETWORK:-172.22.1}.253"
I needed to use a fixed IP value for the nginx container, and add host aliases for it in the php-fpm-mailcow and collabora containers. Otherwise the communication didn't work for me. This setup is a bit older, so it might not be necessary to do it like this anymore. Nextcloud was installed into the nginx/php-fpm containers by the provided helper script.
Watch out for hardware requirements-implications when using collabora CODE, tho. I think it was pretty RAM-hungry.
wow thats nice, thank you.
Watch out for hardware requirements-implications when using collabora CODE, tho. I think it was pretty RAM-hungry.
thats right. my vm is too small right now for that. you will need at least 4gb ram for mailcow + collabora CODE.
Hi, is there a way to get collabora work inside mailcow?
I have a docker-compose.override.yml
with this configuration:
collabora-mailcow:
image: collabora/code
container_name: collabora
cap_add:
- MKNOD
environment:
- domain=office.domain.de
- dictionaries=de_DE
dns:
- 172.22.1.254
dns_search: mailcow-network
networks:
mailcow-network:
aliases:
- collabora
an /opt/mailcow-dockerized/data/conf/nginx/collabora.conf
upstream collabora {
server collabora-mailcow:9980;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
and a new location at the mailcow site /opt/mailcow-dockerized/data/conf/nginx/site.collabora.custom
location /loleaflet {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
proxy_set_header Connection "";
proxy_buffers 32 4k;
proxy_pass http://localhost:9980;
}
location /hosting/discovery {
proxy_set_header Host $http_host;
proxy_pass http://localhost:9980;
}
location /lool {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /hosting/capabilities {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}
everything is up, nexcloud url configured but i can't open any document: Failed to load Collabora Online - please try again later
thx
@doeminik Try setting a fixed IP for the proxy and adding extra hosts inside the php-fpm and collabora containers, to map the external DNS to the internal IP, like I posted it here: https://github.com/mailcow/mailcow-dockerized/issues/1760#issuecomment-424667172
@tisoft i tried it already without success.
Did you had in your configuration also ngix reverse proxy configured or just used the docker-compose.override.yml
?
This is my nxing configuraton for collabora
map $http_x_forwarded_proto $client_req_scheme_nc {
default $scheme;
https https;
}
server {
include /etc/nginx/conf.d/listen_ssl.active;
include /etc/nginx/mime.types;
charset utf-8;
override_charset on;
ssl on;
ssl_certificate /etc/ssl/mail/cert.pem;
ssl_certificate_key /etc/ssl/mail/key.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options "SAMEORIGIN";
server_name collabora.my-domain.de;
# static files
location ^~ /loleaflet {
proxy_pass https://collabora:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://collabora:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass https://collabora:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass https://collabora:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass https://collabora:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
Hi, i am trying to get Collabora working too with Nextcloud. I am happy that you seem to have it working - but can you give me a little tiny howto of how you got there? I am very new to docker and mailcow, so any help would be great!!
Thanky you so much!
At moment I had to deactivate this setup, cause the fixed IP address results in a address conflict with postfix / nginx.
I have a working mailcow+nc+collabora-setting now:
collabora
via their docker CODE image$COLLABORA_DOMAIN
Add $COLLABORA_DOMAIN
to ADDITIONAL_SAN
in mailcow.conf
.
perl -pi -e "s/^ADDITIONAL_SAN.+\$/\$&,$COLLABORA_DOMAIN/" /opt/mailcow-dockerized/mailcow.conf
Add the image as part of the service stuff.
version: '2.1' # if neccesary
services: #if neccesary
collabora-mailcow:
image: collabora/code
privileged: true
security_opt:
- label=disable
cap_add:
- MKNOD
environment:
- aliasgroup1=https://$COLLABORA_DOMAIN:443
- dictionaries= # configure to need
- extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true
- TZ=${TZ}
dns:
- ${IPV4_NETWORK:-172.22.1}.254
dns_search: mailcow-network
networks:
mailcow-network:
aliases:
- collabora
Notes:
collabora
among the containers. The next step relies on this.--o:ssl.enable=false --o:ssl.termination=true
the mailcow nginx can talk plain HTTP to the collabora imageThe privileged
might not be necessary but the official documentation says it's faster:
Note: for the faster jail creation via bind mount, you need to use
docker run
command with the--privileged
flag.
The nginx config is based on the nextcloud.conf
generated by the helper script but slightly adapted.
It also draws from the official nginx configuration but some rules have been simplified
/opt/mailcow-dockerized/data/conf/nginx/collabora.conf
# -*- mode: conf-space; -*-
upstream collabora {
server collabora:9980;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
include /etc/nginx/conf.d/listen_ssl.active;
# "plain" omitted, would interfere with ACME
include /etc/nginx/mime.types;
charset utf-8;
override_charset on;
# this is from the nextcloud and mailcow defaults
ssl_certificate /etc/ssl/mail/cert.pem;
ssl_certificate_key /etc/ssl/mail/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
server_name $COLLABORA_DOMAIN;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
set_real_ip_from fc00::/7;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# This is from the collabora docs but simplified.
# main websocket
location ~ ^/cool/(.*)/ws$ {
proxy_pass http://collabora;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# static files
location /browser {
proxy_pass http://collabora;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location /hosting/discovery {
proxy_pass http://collabora;
proxy_set_header Host $http_host;
}
# Capabilities
location /hosting/capabilities {
proxy_pass http://collabora;
proxy_set_header Host $http_host;
}
# download, presentation and image upload
location /cool {
proxy_pass http://collabora;
proxy_set_header Host $http_host;
}
location /lool {
proxy_pass http://collabora;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location /cool/adminws {
proxy_pass http://collabora;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
docker compose up -d
should just do fine
Enable the Collabora app (NOT the CODE) app and put the resulting url (from https://$COLLABORA_DOMAIN:443
in the server field. (With port, i think).
Unfortunately, the issue still persists. After creating the .conf file, all HTTPS requests to the servers are being dropped.
Update: I did some experimentation with the docker-compose.override.yml file and checked out the nextcloud-aio project. I was able to successfully connect to the mailcow docker network. I'll share my configuration in the coming days.
Update2: It's doesn't work : /
Hi!
Thanks for your great work! I have some feature requests regarding nextcloud
Greetings seppel