I’ve become increasingly aware (read: paranoid) about the amount of information that Google and Facebook collect about me which they then sell to advertisers for a profit. I don’t appreciate Google reading my emails and personal communications and using that information to sell advertising. Unfortunately for me their services are useful but are replaceable, at leas for me with a fast NBN connection. As such I’ve set off to remove my self as much as possible from their reach.<\/p>\n
I’ve already setup mailinabox<\/a> and Nextcloud<\/a>, but I’ve missed the ability to edit documents online with Google Drive. Thankfully Nextcloud provide an answer with Collabora. Unfortunately their documentation<\/a> isn’t very clear, however with a little playing around I was able to get things working. \ud83d\ude42<\/p>\n On my web server virtual machine, I installed docker and docker.io<\/p>\n Download collabora:<\/p>\n As per the instructions, create a new subdomain (with letsencrypt) called office.warbel.net. If you use letsencrypt, you will need to create a new certificate inclusive of all your domains hosted on the web server.<\/p>\n Run the Collabora image. Being sure to run the image with the domain name of the server that hosts the image,\u00a0NOT\u00a0<\/strong>office.yourdomain.net<\/strong><\/p>\n Run the command to check the status of the image:<\/p>\n Will return: (the name will change, it is random)<\/p>\n To stop, and then kill the docker image:<\/p>\n Once you are confident that the image is up and running create a new site in \/etc\/apache2\/sites-available\/ and call it what you will. I called mine:\u00a0office.warbel.net.conf with the following configuration:<\/p>\n Finally, in nextcloud, add the plugin as per nextclouds documentation and add the domain office.yourdomain.com:443 to the collabora plugin url.<\/p>\n I have a unique custom firewall script that interferes with docker.io. Docker, when it creates a container will add rules to it’s own chain. However my firewall script will delete those chains when it starts. The work around is to restart the docker.io service after the machine boots to recreate the chain and allow networking to start.<\/p>\n I’ve also had to add custom firewall chains to my scripts to allow docker to work.These are (iptables -S):<\/p>\n When the machine restarts I need to manually restart docker to get things going again. I’ll figure out how to fix this later…<\/p>\n I’ve found that every time I’ve killed and started the docker image the space the image takes up remains. Some googling has helped me find a solution<\/a>:<\/p>\n and<\/p>\n Do the job pretty well.<\/p>\n","protected":false},"excerpt":{"rendered":" Background: I’ve become increasingly aware (read: paranoid) about the amount of information that Google and Facebook collect about me which they then sell to advertisers for a profit. I don’t appreciate Google reading my emails and personal communications and using … Continue reading Process:<\/h1>\n
sudo apt install docker docker.io<\/pre>\n
sudo docker pull collabora\/code<\/pre>\n
sudo service apache2 stop\r\nsudo letsencrypt certonly -d bel.warbel.net -d www.warbel.net -d blog.warbel.net -d travel.warbel.net -d mattermost.warbel.net -d office.warbel.net\r\nsudo service apache2 start<\/pre>\n
sudo docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=www\\\\.warbel\\\\.net' --restart always --cap-add MKNOD collabora\/code<\/pre>\n
sudo docker ps<\/pre>\n
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\r\n2e21004691d9 collabora\/code \"\/bin\/sh -c 'bash sta\" 3 days ago Up 3 days 127.0.0.1:9980->9980\/tcp boring_ardinghelli<\/pre>\n
sudo docker stop boring_ardinghelli; sudo docker rm boring_ardinghelli<\/pre>\n
<VirtualHost office.warbel.net:443>\r\n\r\nServerName office.warbel.net\r\nSSLHonorCipherOrder on\r\n\r\n# Encoded slashes need to be allowed\r\nAllowEncodedSlashes NoDecode\r\n\r\n# Container uses a unique non-signed certificate\r\nSSLProxyEngine On\r\nSSLProxyVerify None\r\nSSLProxyCheckPeerCN Off\r\nSSLProxyCheckPeerName Off\r\n\r\n# keep the host\r\nProxyPreserveHost On\r\n\r\n# static html, js, images, etc. served from loolwsd\r\n# loleaflet is the client part of LibreOffice Online\r\nProxyPass \/loleaflet https:\/\/127.0.0.1:9980\/loleaflet retry=0\r\nProxyPassReverse \/loleaflet https:\/\/127.0.0.1:9980\/loleaflet\r\n\r\n# WOPI discovery URL\r\nProxyPass \/hosting\/discovery https:\/\/127.0.0.1:9980\/hosting\/discovery retry=0\r\nProxyPassReverse \/hosting\/discovery https:\/\/127.0.0.1:9980\/hosting\/discovery\r\n\r\n# Main websocket\r\nProxyPassMatch \"\/lool\/(.*)\/ws$\" wss:\/\/127.0.0.1:9980\/lool\/$1\/ws nocanon\r\n\r\n# Admin Console websocket\r\nProxyPass \/lool\/adminws wss:\/\/127.0.0.1:9980\/lool\/adminws\r\n\r\n# Download as, Fullscreen presentation and Image upload operations\r\nProxyPass \/lool https:\/\/127.0.0.1:9980\/lool\r\nProxyPassReverse \/lool https:\/\/127.0.0.1:9980\/lool\r\n\r\n<\/VirtualHost><\/pre>\n
Troubleshooting:<\/h1>\n
-A FORWARD -j DOCKER-ISOLATION\r\n-A FORWARD -o docker0 -j DOCKER\r\n-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\r\n-A FORWARD -i docker0 ! -o docker0 -j ACCEPT\r\n-A FORWARD -i docker0 -o docker0 -j ACCEPT\r\n-A DOCKER -d 172.17.0.2\/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9980 -j ACCEPT\r\n-A DOCKER-ISOLATION -j RETURN<\/pre>\n
Docker taking up too much space.<\/h2>\n
docker rmi $(docker images -f \"dangling=true\" -q)<\/pre>\n
docker rm -v $(docker ps -a -q -f status=exited)<\/pre>\n