Difference between revisions of "Nextcloud"
m (→Install and configure NextCloud) |
(reorder) |
||
| Line 14: | Line 14: | ||
Set up MariaDB from their repositories [https://downloads.mariadb.org/mariadb/repositories/ here], and create a database and user ready for ''NextCloud''. | Set up MariaDB from their repositories [https://downloads.mariadb.org/mariadb/repositories/ here], and create a database and user ready for ''NextCloud''. | ||
| − | == | + | |
| − | + | == Configuring the web-server and SSL certificates == | |
| + | In the ''Nginx'' configuration for this site, add a basic block for handling non-HTTP requests as follows. This will allow the ''LetsEncrypt'' domain validation requests to pass, but all other requests will be bounced to their respective HTTPS counterparts. | ||
| + | <source lang="nginx"> | ||
| + | server { | ||
| + | listen 80; | ||
| + | listen [::]:80; | ||
| + | server_name ~^; | ||
| + | rewrite ^/\.well-known $uri last; | ||
| + | return 301 https://$server_name$request_uri; | ||
| + | } | ||
| + | </source> | ||
| + | |||
| + | We can now install ''LetsEncrypt''. | ||
<source lang="bash"> | <source lang="bash"> | ||
| − | + | cd /var/www | |
| − | + | git clone https://github.com/certbot/certbot.git letsencrypt | |
</source> | </source> | ||
| − | + | And then run it to make our certificates, after it has successfully created them add the command to be called from ''crontab'' daily. | |
| − | + | <source lang="bash"> | |
| + | letsencrypt/letsencrypt-auto certonly -q --keep --renew-with-new-domains --expand --webroot -w /var/www --agree-tos \ | ||
| + | --email "admin@organicdesign.host" -d office.organicdesign.host -d files.organicdesign.host | ||
| + | </source> | ||
| − | + | Now create ''/var/www/nginx.ssl.conf'' with the following content that will be included from all SSL blocks. | |
| + | <source> | ||
| + | ssl on; | ||
| + | ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; | ||
| + | ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; # SSLlabs recommended set | ||
| + | ssl_prefer_server_ciphers on; | ||
| + | ssl_session_timeout 5m; | ||
| + | ssl_session_cache shared:SSL:10m; | ||
| + | ssl_dhparam /var/www/dhparams.pem; | ||
| + | ssl_certificate /etc/letsencrypt/live/office.organicdesign.host/fullchain.pem; | ||
| + | ssl_client_certificate /etc/letsencrypt/live/office.organicdesign.host/chain.pem; | ||
| + | ssl_certificate_key /etc/letsencrypt/live/office.organicdesign.host/privkey.pem; | ||
| + | add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | ||
| + | </source> | ||
| − | + | Don't forget to create the strong ''Diffi-Hellman'' parameters which we referred to in ''nginx.ssl.conf''. | |
| − | |||
<source lang="bash"> | <source lang="bash"> | ||
openssl dhparam -out /var/www/dhparams.pem 2048 | openssl dhparam -out /var/www/dhparams.pem 2048 | ||
</source> | </source> | ||
| − | + | == Install and configure NextCloud == | |
| − | + | [https://nextcloud.com NextCloud] is a "drop-box" style web-application which is completely open-source so you can install it on your own server, and it has built-in integration for working with ''LibreOffice Online''. NextCloud is PHP so first download the source and unpack it into ''/var/www/nextcloud'', ensure it's accessible by ''www-data'', and then add the ''Nginx'' configuration recommended [https://docs.nextcloud.com/server/13/admin_manual/installation/nginx.html here]. In this configuration we need to adjust the domain names and delete the port 80 block since we have an existing one described above to handle ''LetsEncrypt'' domain validation requests. Also remove the SSL lines and replace them with an include of the ''nginx.ssl.conf'' we made above. | |
| − | |||
| − | |||
| − | + | A database and user will need to be created and then you can run through the install by going to the ''files.organicdesign.host'' domain. After you've successfully installed NextCloud, go to the admin updater to check for any problems or optimisations and upgrade to the latest stable version. | |
| − | + | == Install Docker and the Docker image == | |
| + | Bring the machine up to date and run through the [https://docs.docker.com/install/linux/docker-ce/debian/ Docker installation]. | ||
<source lang="bash"> | <source lang="bash"> | ||
| − | + | docker pull collabora/code | |
| − | + | docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=files\\.organicdesign\\.host' --restart always --cap-add MKNOD collabora/code | |
</source> | </source> | ||
| + | |||
| + | Now you can enable the ''Collabora Online'' application in your ''NextCloud'' from ''settings/apps'' and test it out! | ||
[[Category:Procedures]][[Category:Linux]] | [[Category:Procedures]][[Category:Linux]] | ||
Revision as of 13:24, 18 February 2018
|
This is our procedure for installing LibreOffice Online on a Debian-based server. LibreOffice has included a component to allow it to be served over HTTP since version 5.3.
I'm following the instructions created by Collabora and NextCloud from here, and more specifically the Nginx variation here. I'm documenting here my specific configuration to include the LetsEncrypt and other specific configuration aspects that are out of the scope of those instructions so that we have a more easily reproducible procedure.
I'm using two domains here which you'll need to change for your own purposes, office.organicdesign.host for the main LibreOffice Online entry point, and files.organicdesign.host for the NextCloud web-application which is an open-source "drop-box" style system with built-in integrations for LibreOffice Online.
Contents
Set up the server
apt install git net-tools nginx php7.0-fpm php7.0-mysqlnd php7.0-zip php7.0-gd php7.0-curl php7.0-simplexml php7.0-mbstringSet up MariaDB from their repositories here, and create a database and user ready for NextCloud.
Configuring the web-server and SSL certificates
In the Nginx configuration for this site, add a basic block for handling non-HTTP requests as follows. This will allow the LetsEncrypt domain validation requests to pass, but all other requests will be bounced to their respective HTTPS counterparts.
server {
listen 80;
listen [::]:80;
server_name ~^;
rewrite ^/\.well-known $uri last;
return 301 https://$server_name$request_uri;
}We can now install LetsEncrypt.
cd /var/www
git clone https://github.com/certbot/certbot.git letsencryptAnd then run it to make our certificates, after it has successfully created them add the command to be called from crontab daily.
letsencrypt/letsencrypt-auto certonly -q --keep --renew-with-new-domains --expand --webroot -w /var/www --agree-tos \
--email "admin@organicdesign.host" -d office.organicdesign.host -d files.organicdesign.hostNow create /var/www/nginx.ssl.conf with the following content that will be included from all SSL blocks.
ssl on;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; # SSLlabs recommended set
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /var/www/dhparams.pem;
ssl_certificate /etc/letsencrypt/live/office.organicdesign.host/fullchain.pem;
ssl_client_certificate /etc/letsencrypt/live/office.organicdesign.host/chain.pem;
ssl_certificate_key /etc/letsencrypt/live/office.organicdesign.host/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;Don't forget to create the strong Diffi-Hellman parameters which we referred to in nginx.ssl.conf.
openssl dhparam -out /var/www/dhparams.pem 2048Install and configure NextCloud
NextCloud is a "drop-box" style web-application which is completely open-source so you can install it on your own server, and it has built-in integration for working with LibreOffice Online. NextCloud is PHP so first download the source and unpack it into /var/www/nextcloud, ensure it's accessible by www-data, and then add the Nginx configuration recommended here. In this configuration we need to adjust the domain names and delete the port 80 block since we have an existing one described above to handle LetsEncrypt domain validation requests. Also remove the SSL lines and replace them with an include of the nginx.ssl.conf we made above.
A database and user will need to be created and then you can run through the install by going to the files.organicdesign.host domain. After you've successfully installed NextCloud, go to the admin updater to check for any problems or optimisations and upgrade to the latest stable version.
Install Docker and the Docker image
Bring the machine up to date and run through the Docker installation.
docker pull collabora/code
docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=files\\.organicdesign\\.host' --restart always --cap-add MKNOD collabora/codeNow you can enable the Collabora Online application in your NextCloud from settings/apps and test it out!
