Categories
Web blog

Nextcloud and Collabora using Docker containers

Recently I moved my Nextcloud and Collabora installations over to Docker containers. Here I explain the process from pulling and starting the containers to configuring the reverse proxies using NGINX.

You’ll need to have Docker installed on your host machine. Also, you’ll need a web server to handle the reverse proxy requests. I’m using NGINX here.

Nextcloud container

The Nextcloud Docker image can be source from Docker Hub here – https://hub.docker.com/_/nextcloud/ – scroll down to the Running this image with Docker Compose heading.

Below is my files structure where I keep the docker compose file:

~/Sites/nextcloud

  • docker-compose.yml

You will want to change the port number in the docker-compose file to an available port on your server. Also, update passwords or decide whether to store them in a file using Docker secrets. Then from here it’s just a simple case of running:

$ docker-compose up -d
...
$ docker ps
CONTAINER ID        IMAGE                           COMMAND                  CREATED             STATUS              PORTS                      NAMES
94e717c242b2        nextcloud                       "/entrypoint.sh ap..."   2 seconds ago          Up 2 seconds           0.0.0.0:8015->80/tcp       nextcloud_app_1
6d292cee74f1        mariadb:10.2.33                 "docker-entrypoint..."   2 seconds ago          Up 2 seconds           3306/tcp                   nextcloud_db_1

Notice I’m using post 8015 as this was available on my server. So if I go to http://mydomain.com:8015 I can see the install screen for Nextcloud.

Installing Collabora container

Nextcloud doesn’t handle office document natively, so you need to setup a Collabora server to allow editing of office documents. Collabora provides an online office suite service that enable you to access documents, author new content and work collaboratively on document files (Word, Excel etc).

The Collabora image can be found here – https://hub.docker.com/r/collabora/code

Below is the command to pull and start the Collabora container:

$ sudo docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=nextcloud\.martyn\.biz' --restart always --cap-add MKNOD collabora/code

Configuring Nginx reverse proxy

A common configuration these days is to have Nginx reverse proxy for Apache that uses Nginx as front end, and Apache as back end. Nginx, doing what it does best, handles the incoming request from the browser and passes it to the apache backend, which is better for handling the dynamic processing of PHP, etc.

Below is the reverse proxy configuration for the Nextcloud container:

server {
    server_name nextcloud.mydomain.com;
    index index.html;

    location / {
        proxy_pass http://localhost:8015/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
        client_max_body_size 0;

        access_log /var/log/nginx/nextcloud.access.log;
        error_log /var/log/nginx/nextcloud.error.log;
    }

    location /.well-known/carddav {
      return 301 $scheme://$host/remote.php/dav;
    }

    location /.well-known/caldav {
      return 301 $scheme://$host/remote.php/dav;
    }

    listen [::]:443 ssl http2; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/nextcloud.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nextcloud.mydomain.com/privkey.pem; # managed by Certbot
    ssl_trusted_certificate /etc/letsencrypt/live/nextcloud.mydomain.com/chain.pem;
}

server {
    if ($host = nextcloud.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name nextcloud.mydomain.com;
    return 404; # managed by Certbot
}

And we need to do another configuration file for the Collabora container. Here is mine taken from the Collabora docs – https://www.collaboraoffice.com/code/nginx-reverse-proxy/

server {
    listen       443 ssl;
    server_name  office.mydomain.com;

    ssl_certificate /etc/letsencrypt/live/office.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/office.mydomain.com/privkey.pem; # managed by Certbot

    # static files
    location ^~ /loleaflet {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Capabilities
    location ^~ /hosting/capabilities {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}

You’ll need to configure your own certificates. I used Certbot to generate the certificates from Let’s Encrypt.

Then we reload the server:

$ sudo service nginx reload

So now, we can go to nextcloud.mydomain.com and continue with the installation using the database credentials from the docker-compose.yml file.

You’ll need to update the Collabora server URL to office.mydomain.com (or whatever server_name is set to in the config file) within Nextcloud settings. Then, you should be able to create, edit and collaborate documents within Files.

Leave a Reply

Your email address will not be published. Required fields are marked *