Onlyoffice vs Collabora in Nextcloud
-
I've decided to go with OO because of its strong use of native MS Office file formats. I have Nextcloud, nginx, and onlyoffice all running as VMs and both NC and OO have certs and can be accessed via https. NC can connect to OO fine and I can generate a new document in NC - however, the document opens as a blank page and throws an error inside the webpage if you look at the logs. I am sure that it is a problem with the .conf file in nginx but I haven't been able to narrow it down. I think it has something to do with connecting to the OO server as http behind the proxy. Most of the documentation shows using certs directly on the OO server but that defeats the purpose of my proxy.
-
@brandon220 said in Onlyoffice vs Collabora in Nextcloud:
I've decided to go with OO because of its strong use of native MS Office file formats. I have Nextcloud, nginx, and onlyoffice all running as VMs and both NC and OO have certs and can be accessed via https. NC can connect to OO fine and I can generate a new document in NC - however, the document opens as a blank page and throws an error inside the webpage if you look at the logs. I am sure that it is a problem with the .conf file in nginx but I haven't been able to narrow it down. I think it has something to do with connecting to the OO server as http behind the proxy. Most of the documentation shows using certs directly on the OO server but that defeats the purpose of my proxy.
That's the same state I remember getting stuck at.
-
@travisdh1 I was really hoping to get it working. It would be a great tool and I know I would use it. I've read so much about it and keep getting stuck. I don't know why it has to be that difficult and why they put so much info out on a Docker setup. Not everyone wants to use docker in production. Maybe I'm alone in that way of thinking ?
-
@brandon220 said in Onlyoffice vs Collabora in Nextcloud:
@travisdh1 I was really hoping to get it working. It would be a great tool and I know I would use it. I've read so much about it and keep getting stuck. I don't know why it has to be that difficult and why they put so much info out on a Docker setup. Not everyone wants to use docker in production. Maybe I'm alone in that way of thinking ?
This guy post nothing but Nextcloud related howto.
https://www.c-rieger.de/nextcloud-and-only-office-nginx/ -
@black3dynamite I have read a lot of his documentation. The problem is that it uses Docker and no proxy server. There HAS to be a way to get it working behind a proxy. I also have everything on Fedora and CentOS. I could build this following his guide in my lab and it would probably work but that doesn't help my existing systems.
-
Ok onlyoffice seems easier. It's pretty easy with the container. I'm not running NGINX in front of it but it should be pretty much the same.
Here's what I used:
Nextcloud
podman run -d -p 8080:80 nextcloudOnlyoffice
podman run -i -t -d -p 80:80 --restart=always onlyoffice/documentserverEach container is running in it's own Vagrant box so when I pointed Nextcloud to Onlyoffice I just used the IP of the Vagrant box that Onlyoffice is in.
-
@stacksofplates Ok. Fair Enough... I have the NC server and the nginx both as VMs (fedora 30) in Hyper-V. Would you recommend setting up another Fedora 30 vm just to run Docker or perhaps another OS? I have ZERO experience with Docker.
-
I still need this to work with nginx as I will be adding more web-facing servers soon. It would keep the cert management and renewal a lot more simplified.
-
@brandon220 said in Onlyoffice vs Collabora in Nextcloud:
@stacksofplates Ok. Fair Enough... I have the NC server and the nginx both as VMs (fedora 30) in Hyper-V. Would you recommend setting up another Fedora 30 vm just to run Docker or perhaps another OS? I have ZERO experience with Docker.
You could. I'd just spin up a Fedora 30 vm, install podman and run the command I showed. Then just point NextCloud to that.
You don't need Docker. You just need a container runtime engine, podman is pretty awesome
Make sure to open whatever port you use on the host. If you want to use 80, you'll need to be root. If you use something like 8080:80 you can do it without root.
-
When I enter the OO server in the app on NC (16), it will only allow me to put in an http address. How did you get around this?
-
@brandon220 said in Onlyoffice vs Collabora in Nextcloud:
When I enter the OO server in the app on NC (16), it will only allow me to put in an http address. How did you get around this?
Not sure. I didn't have HTTPS set up. Are you accessing Nextcloud without HTTPS? I thought it was forced to use whatever method you are using to connect.
-
@stacksofplates I am accessing as HTTPS. That is my issue with the proxy. It is breaking the connection to the document server somehow. I installed podman and I get errors when trying to pull down the container. Troubleshooting that now.
-
@brandon220 said in Onlyoffice vs Collabora in Nextcloud:
@stacksofplates I am accessing as HTTPS. That is my issue with the proxy. It is breaking the connection to the document server somehow. I installed podman and I get errors when trying to pull down the container. Troubleshooting that now.
What address are you using for the document server? Are you using the internal address or the FQDN from the proxy and doing it through the proxy?
-
Will you show us your nginx config for OnlyOffice?
-
@stacksofplates FQDN because of the requirement for https. I only have 1 static ip on the WAN side hence the reason for the proxy. I could try putting certs directly on the OO server and using a different port. Just seems like a bunch of extra steps versus they way I would think it should work.
-
@black3dynamite Yes, I can grab it and post it this afternoon.
-
@brandon220 said in Onlyoffice vs Collabora in Nextcloud:
@stacksofplates FQDN because of the requirement for https. I only have 1 static ip on the WAN side hence the reason for the proxy. I could try putting certs directly on the OO server and using a different port. Just seems like a bunch of extra steps versus they way I would think it should work.
No you shouldn't need to do that. So you're accessing Nextcloud through HTTPS and it's forcing you to use HTTP to connect to OO? I wonder if it's because the interface on Nextcloud isn't using HTTPS because you're terminating the TLS at NGINX not the Nextcloud server itself. Just to get it working see if you can enter the IP of the OO server through HTTP there.
-
@stacksofplates True.... I was overthinking it.
If I try to use the local ip, it throws a mixed content error regarding https.Error when trying to connect (Mixed Active Content is not allowed. HTTPS address for Document Server is required.)
-
@brandon220 said in Onlyoffice vs Collabora in Nextcloud:
@stacksofplates True.... I was overthinking it.
If I try to use the local ip, it throws a mixed content error regarding https.Error when trying to connect (Mixed Active Content is not allowed. HTTPS address for Document Server is required.)
ok kind of cheating but what if you do
-p 443:80to the container instead of-p 80:80? Does it let you fake https then? I mean this would happen regardless of if it's a container or not. I guess I can see the point of Nextcloud wanting to not have mixed protocols but what about running things on localhost beside it? That seems like a strange decision. -
server { client_max_body_size 40M; server_name office.domain.org; proxy_set_header X-Forwarded-Host $http_host/editors; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-NginX-Proxy true; proxy_redirect off; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://192.168.1.106; add_header X-Frame-Options "ALLOW-FROM https://nc.domain.org/" always; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } ssl_stapling on; ssl_stapling_verify on; ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; # listen 80; listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/office.domain.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/office.domain.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { listen 80; location / { proxy_pass_header Server; proxy_pass http://nc/; } } server { client_max_body_size 40M; listen 80; server_name office.domain.org; return 301 https://$host$request_uri;
