Via https://github.com/CollaboraOnline/Docker-CODE/blob/master/scripts/install-libreoffice.sh
Einzel ausfuehren, um sicher zu gehen, dass Alles klappt:
apt update
apt dist-upgrade
apt install apt-transport-https locales-all hyphen-*
echo "deb https://collaboraoffice.com/repos/CollaboraOnline/CODE /" >> /etc/apt/sources.list.d/collabora.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6CCEA47B2281732DF5D504D00C54D189F4BA284D
apt update
apt install loolwsd code-brand
rm /opt/lool/systemplate/etc/resolv.conf
ln -s /etc/resolv.conf /opt/lool/systemplate/etc/resolv.conf
Apache vorbereiten:
a2enmod proxy proxy_wstunnel proxy_http ssl
service apache2 restart
mkdir -p /opt/ssl/
Put certificates into /opt/ssl/.
chown lool:lool /opt/ssl/*
Apache configuration:
<VirtualHost *:443>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /opt/ssl/CERT_FILE_NAME.pem
SSLCertificateChainFile /opt/ssl/CERT_FILE_NAME.pem
SSLCertificateKeyFile /opt/ssl/KEY_FILE_NAME.key
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
AllowEncodedSlashes NoDecode
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
ProxyPreserveHost On
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
</VirtualHost>
service apache2 restart
Edit /etc/loolwsd/loolwsd.xml
- Zertifikate eintragen:
<cert_file_path desc="Path to the cert file" relative="false">/opt/ssl/CERT_FILE_NAME.pem</cert_file_path> <key_file_path desc="Path to the key file" relative="false">/opt/ssl/KEY_FILE_NAME.key</key_file_path> <ca_file_path desc="Path to the ca file" relative="false">/opt/ssl/CERT_FILE_NAME.pem</ca_file_path> - Zum Testen (erlaubt alle Zugriffe):
<host desc="Regex pattern of hostname to allow or deny." allow="true">^.*$</host> - User und PW ausdenken:
<username desc="The username of the admin console. Must be set.">USER_NAME</username> <password desc="The password of the admin console. Must be set.">USER_PW</password>
Check with:
https://DOMAIN_NAME/hosting/discovery
<cert_file_path desc="Path to the cert file" relative="false">/opt/ssl/CERT_FILE_NAME.pem</cert_file_path> =>
<cert_file_path desc="/opt/ssl/" relative="false">CERT_FILE_NAME.pem</cert_file_path> ???