WaaromZoMoeilijk/collabora_docker_install.sh

## collabora_docker_install.sh
#!/bin/bash
HTTPS_CONF="/etc/apache2/sites-available/$EDITORDOMAIN"
DOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, make sure it looks like this: cloud\.yourdomain\.com" 10 60 cloud\.yourdomain\.com 3>&1 1>&2 2>&3)
EDITORDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Collabora subdomain eg: office.yourdomain.com" 10 60 3>&1 1>&2 2>&3)

# Message
whiptail --msgbox "Please before you start make sure port 443 is directly forwarded to this machine or open!" 20 60 2

# Update & upgrade
    {
    i=1
    while read -r line; do
        i=$(( $i + 1 ))
        echo $i
    done < <(apt-get update && apt-get upgrade -y && apt-get -f install -y)
    } | whiptail --title "Progress" --gauge "Please wait while updating repo's" 6 60 0

# Check if docker is installed

	if [ $(dpkg-query -W -f='${Status}' docker.io 2>/dev/null | grep -c "ok installed") -eq 1 ];
then
        sleep 0

else
    {
    i=1
    while read -r line; do
        i=$(( $i + 1 ))
        echo $i
    done < <(apt-get install docker.io -y)
    } | whiptail --title "Progress" --gauge "Please wait while installing docker" 6 60 0
fi

# Install Collabora docker

docker pull collabora/code
docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=$DOMAIN" --restart always --cap-add MKNOD collabora/code

# Install Apache2

	if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null | grep -c "ok installed") -eq 1 ];
then
        sleep 0

else

    {
    i=1
    while read -r line; do
        i=$(( $i + 1 ))
        echo $i
    done < <(apt-get install apache2 -y)
    } | whiptail --title "Progress" --gauge "Please wait while installing Apache2" 6 60 0

fi

# Enable Apache2 module's

a2enmod proxy
a2enmod proxy_wstunnel
a2enmod proxy_http
a2enmod ssl

# Create Vhost for Collabora online in Apache2

if [ -f "$HTTPS_CONF" ];
then
        echo "Virtual Host exists"
else

	touch "$HTTPS_CONF"
        cat << HTTPS_CREATE > "$HTTPS_CONF"
<VirtualHost *:443>
  ServerName $EDITORDOMAIN

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile /path/to/signed_certificate
  SSLCertificateChainFile /path/to/intermediate_certificate
  SSLCertificateKeyFile /path/to/private/key
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes On

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Main websocket
  ProxyPass   /lool/ws      wss://127.0.0.1:9980/lool/ws

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>
HTTPS_CREATE

if [ -f "$HTTPS_CONF" ];
then
        echo "$HTTPS_CONF was successfully created"
        sleep 2
else
	echo "Unable to create vhost, exiting..."
	exit
fi

fi

# Restart Apache2
service apache2 restart

# Firewall -- not needed for it to work
#if (whiptail --title "Test Yes/No Box" --yes-button "Firewall" --no-button "No Firewall"  --yesno "Do you have a firewall enabled?" 10 60) then
#    echo "You chose yes..."

#if (whiptail --title "Test Yes/No Box" --yes-button "UFW" --no-button "IPtables"  --yesno "Do you have UFW or IPtables enabled?" 10 60) then
#    echo "You chose UFW..."
#        sudo ufw allow 9980
#else
#    echo "You chose IPtables... Please file a PR to add a rule for IPtables."
#fi

#else
#    echo "You chose no, it is highly recommended that you use a firewall! Enable it by typing: sudo ufw enable && sudo ufw allow 9980."
#fi

# Let's Encrypt
##### START FIRST TRY
# Stop Apache to aviod port conflicts
        a2dissite 000-default.conf
        sudo service apache2 stop
# Check if $letsencryptpath exist, and if, then delete.
if [ -d "$letsencryptpath" ]; then
  	rm -R "$letsencryptpath"
fi
# Generate certs
	cd "$dir_before_letsencrypt"
	git clone https://github.com/letsencrypt/letsencrypt
	cd "$letsencryptpath"
        ./letsencrypt-auto certonly --standalone -d "$EDITORDOMAIN"
# Use for testing
#./letsencrypt-auto --apache --server https://acme-staging.api.letsencrypt.org/directory -d EXAMPLE.COM
# Activate Apache again (Disabled during standalone)
        service apache2 start
        a2ensite 000-default.conf
        service apache2 reload
# Check if $certfiles exists
if [ -d "$certfiles" ]; then
# Activate new config
	sed -i "s|SSLCertificateKeyFile /path/to/private/key|SSLCertificateKeyFile $certfiles/$EDITORDOMAIN/privkey.pem|g"
	sed -i "s|SSLCertificateFile /path/to/signed_certificate|SSLCertificateFile $certfiles/$EDITORDOMAIN/cert.pem|g"
	sed -i "s|SSLCertificateChainFile /path/to/intermediate_certificate|SSLCertificateChainFile $certfiles/$EDITORDOMAIN/chain.pem|g"
        service apache2 restart
        bash /var/scripts/test-new-config.sh
# Message
whiptail --msgbox "\
Succesfully installed Collabora online docker, now please head over to your Nextcloud apps and admin panel
and enable the Collabora online connector app and change the URL to whatever subdomain you choose to run Collabora on.\
" $WT_HEIGHT $WT_WIDTH $WT_MENU_HEIGHT

	exit 0
else
        echo -e "\e[96m"
        echo -e "It seems like no certs were generated, we do three more tries."
        echo -e "\e[32m"
        read -p "Press any key to continue... " -n1 -s
        echo -e "\e[0m"
fi

##### START SECOND TRY
# Check if $letsencryptpath exist, and if, then delete.
	if [ -d "$letsencryptpath" ]; then
  	rm -R "$letsencryptpath"
fi

# Generate certs
	cd "$dir_before_letsencrypt"
	git clone https://github.com/letsencrypt/letsencrypt
	cd "$letsencryptpath"
	./letsencrypt-auto -d "$EDITORDOMAIN"

# Check if $certfiles exists
if [ -d "$certfiles" ]; then
# Activate new config
	sed -i "s|SSLCertificateKeyFile /path/to/private/key|SSLCertificateKeyFile $certfiles/$EDITORDOMAIN/privkey.pem|g"
	sed -i "s|SSLCertificateFile /path/to/signed_certificate|SSLCertificateFile $certfiles/$EDITORDOMAIN/cert.pem|g"
	sed -i "s|SSLCertificateChainFile /path/to/intermediate_certificate|SSLCertificateChainFile $certfiles/$EDITORDOMAIN/chain.pem|g"
	service apache2 restart
	bash /var/scripts/test-new-config.sh
# Message
whiptail --msgbox "Succesfully installed Collabora online docker, now please head over to your Nextcloud apps and admin paneland enable the Collabora online connector app and change the URL to whatever subdomain you choose to run Collabora on." $WT_HEIGHT $WT_WIDTH $WT_MENU_HEIGHT

        exit 0
else
	echo -e "\e[96m"
	echo -e "It seems like no certs were generated, something went wrong"
	echo -e "\e[32m"
	read -p "Press any key to continue... " -n1 -s
	echo -e "\e[0m"
fi

exit 0
	#!/bin/bash
	HTTPS_CONF="/etc/apache2/sites-available/$EDITORDOMAIN"
	DOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Nextcloud url, make sure it looks like this: cloud\.yourdomain\.com" 10 60 cloud\.yourdomain\.com 3>&1 1>&2 2>&3)
	EDITORDOMAIN=$(whiptail --title "Techandme.se Collabora" --inputbox "Collabora subdomain eg: office.yourdomain.com" 10 60 3>&1 1>&2 2>&3)

	# Message
	whiptail --msgbox "Please before you start make sure port 443 is directly forwarded to this machine or open!" 20 60 2

	# Update & upgrade
	{
	i=1
	while read -r line; do
	i=$(( $i + 1 ))
	echo $i
	done < <(apt-get update && apt-get upgrade -y && apt-get -f install -y)
	} \| whiptail --title "Progress" --gauge "Please wait while updating repo's" 6 60 0

	# Check if docker is installed

	if [ $(dpkg-query -W -f='${Status}' docker.io 2>/dev/null \| grep -c "ok installed") -eq 1 ];
	then
	sleep 0

	else
	{
	i=1
	while read -r line; do
	i=$(( $i + 1 ))
	echo $i
	done < <(apt-get install docker.io -y)
	} \| whiptail --title "Progress" --gauge "Please wait while installing docker" 6 60 0
	fi

	# Install Collabora docker

	docker pull collabora/code
	docker run -t -d -p 127.0.0.1:9980:9980 -e "domain=$DOMAIN" --restart always --cap-add MKNOD collabora/code

	# Install Apache2

	if [ $(dpkg-query -W -f='${Status}' apache2 2>/dev/null \| grep -c "ok installed") -eq 1 ];
	then
	sleep 0

	else

	{
	i=1
	while read -r line; do
	i=$(( $i + 1 ))
	echo $i
	done < <(apt-get install apache2 -y)
	} \| whiptail --title "Progress" --gauge "Please wait while installing Apache2" 6 60 0

	fi

	# Enable Apache2 module's

	a2enmod proxy
	a2enmod proxy_wstunnel
	a2enmod proxy_http
	a2enmod ssl

	# Create Vhost for Collabora online in Apache2

	if [ -f "$HTTPS_CONF" ];
	then
	echo "Virtual Host exists"
	else

	touch "$HTTPS_CONF"
	cat << HTTPS_CREATE > "$HTTPS_CONF"
	<VirtualHost *:443>
	ServerName $EDITORDOMAIN

	# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
	SSLEngine on
	SSLCertificateFile /path/to/signed_certificate
	SSLCertificateChainFile /path/to/intermediate_certificate
	SSLCertificateKeyFile /path/to/private/key
	SSLProtocol all -SSLv2 -SSLv3
	SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
	SSLHonorCipherOrder on

	# Encoded slashes need to be allowed
	AllowEncodedSlashes On

	# Container uses a unique non-signed certificate
	SSLProxyEngine On
	SSLProxyVerify None
	SSLProxyCheckPeerCN Off
	SSLProxyCheckPeerName Off

	# keep the host
	ProxyPreserveHost On

	# static html, js, images, etc. served from loolwsd
	# loleaflet is the client part of LibreOffice Online
	ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
	ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet

	# WOPI discovery URL
	ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
	ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery

	# Main websocket
	ProxyPass /lool/ws wss://127.0.0.1:9980/lool/ws

	# Admin Console websocket
	ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws

	# Download as, Fullscreen presentation and Image upload operations
	ProxyPass /lool https://127.0.0.1:9980/lool
	ProxyPassReverse /lool https://127.0.0.1:9980/lool
	</VirtualHost>
	HTTPS_CREATE

	if [ -f "$HTTPS_CONF" ];
	then
	echo "$HTTPS_CONF was successfully created"
	sleep 2
	else
	echo "Unable to create vhost, exiting..."
	exit
	fi

	fi

	# Restart Apache2
	service apache2 restart

	# Firewall -- not needed for it to work
	#if (whiptail --title "Test Yes/No Box" --yes-button "Firewall" --no-button "No Firewall" --yesno "Do you have a firewall enabled?" 10 60) then
	# echo "You chose yes..."

	#if (whiptail --title "Test Yes/No Box" --yes-button "UFW" --no-button "IPtables" --yesno "Do you have UFW or IPtables enabled?" 10 60) then
	# echo "You chose UFW..."
	# sudo ufw allow 9980
	#else
	# echo "You chose IPtables... Please file a PR to add a rule for IPtables."
	#fi

	#else
	# echo "You chose no, it is highly recommended that you use a firewall! Enable it by typing: sudo ufw enable && sudo ufw allow 9980."
	#fi

	# Let's Encrypt
	##### START FIRST TRY
	# Stop Apache to aviod port conflicts
	a2dissite 000-default.conf
	sudo service apache2 stop
	# Check if $letsencryptpath exist, and if, then delete.
	if [ -d "$letsencryptpath" ]; then
	rm -R "$letsencryptpath"
	fi
	# Generate certs
	cd "$dir_before_letsencrypt"
	git clone https://github.com/letsencrypt/letsencrypt
	cd "$letsencryptpath"
	./letsencrypt-auto certonly --standalone -d "$EDITORDOMAIN"
	# Use for testing
	#./letsencrypt-auto --apache --server https://acme-staging.api.letsencrypt.org/directory -d EXAMPLE.COM
	# Activate Apache again (Disabled during standalone)
	service apache2 start
	a2ensite 000-default.conf
	service apache2 reload
	# Check if $certfiles exists
	if [ -d "$certfiles" ]; then
	# Activate new config
	sed -i "s\|SSLCertificateKeyFile /path/to/private/key\|SSLCertificateKeyFile $certfiles/$EDITORDOMAIN/privkey.pem\|g"
	sed -i "s\|SSLCertificateFile /path/to/signed_certificate\|SSLCertificateFile $certfiles/$EDITORDOMAIN/cert.pem\|g"
	sed -i "s\|SSLCertificateChainFile /path/to/intermediate_certificate\|SSLCertificateChainFile $certfiles/$EDITORDOMAIN/chain.pem\|g"
	service apache2 restart
	bash /var/scripts/test-new-config.sh
	# Message
	whiptail --msgbox "\
	Succesfully installed Collabora online docker, now please head over to your Nextcloud apps and admin panel
	and enable the Collabora online connector app and change the URL to whatever subdomain you choose to run Collabora on.\
	" $WT_HEIGHT $WT_WIDTH $WT_MENU_HEIGHT

	exit 0
	else
	echo -e "\e[96m"
	echo -e "It seems like no certs were generated, we do three more tries."
	echo -e "\e[32m"
	read -p "Press any key to continue... " -n1 -s
	echo -e "\e[0m"
	fi

	##### START SECOND TRY
	# Check if $letsencryptpath exist, and if, then delete.
	if [ -d "$letsencryptpath" ]; then
	rm -R "$letsencryptpath"
	fi

	# Generate certs
	cd "$dir_before_letsencrypt"
	git clone https://github.com/letsencrypt/letsencrypt
	cd "$letsencryptpath"
	./letsencrypt-auto -d "$EDITORDOMAIN"

	# Check if $certfiles exists
	if [ -d "$certfiles" ]; then
	# Activate new config
	sed -i "s\|SSLCertificateKeyFile /path/to/private/key\|SSLCertificateKeyFile $certfiles/$EDITORDOMAIN/privkey.pem\|g"
	sed -i "s\|SSLCertificateFile /path/to/signed_certificate\|SSLCertificateFile $certfiles/$EDITORDOMAIN/cert.pem\|g"
	sed -i "s\|SSLCertificateChainFile /path/to/intermediate_certificate\|SSLCertificateChainFile $certfiles/$EDITORDOMAIN/chain.pem\|g"
	service apache2 restart
	bash /var/scripts/test-new-config.sh
	# Message
	whiptail --msgbox "Succesfully installed Collabora online docker, now please head over to your Nextcloud apps and admin paneland enable the Collabora online connector app and change the URL to whatever subdomain you choose to run Collabora on." $WT_HEIGHT $WT_WIDTH $WT_MENU_HEIGHT

	exit 0
	else
	echo -e "\e[96m"
	echo -e "It seems like no certs were generated, something went wrong"
	echo -e "\e[32m"
	read -p "Press any key to continue... " -n1 -s
	echo -e "\e[0m"
	fi

	exit 0