Actualización del sistema
- Ingresar como usuario sudo
sudo su
- Actualizamos los repositorios
apt update
apt upgrade
- Actualizamos la distribución
apt dist-upgrade
Instalación de Collabora
apt install apt-transport-https
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D
echo 'deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-ubuntu1804 ./' >> /etc/apt/sources.list
apt-get update && apt-get install loolwsd code-brand
Instalamos apache
apt install apache2
a2enmod proxy
a2enmod proxy_wstunnel
a2enmod proxy_http
a2enmod ssl
systemctl restart apache2
Configuración de Collabora
nano /etc/loolwsd/loolwsd.xml
<storage desc="Backend storage">
<host desc="Regex pattern of hostname to allow or deny." allow="true">127\.0\.0\.1</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">cloud.siua.ac.cr</host>
<net desc="Network settings">
<proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto>
X
<proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">IPv4</proto>
seccomp
<seccomp desc="Should we use the seccomp system call filtering." type="bool" default="true">true</seccomp>
X
<seccomp desc="Should we use the seccomp system call filtering." type="bool" default="true">false</seccomp>
admin_console
<username desc="The username of the admin console. Ignored if PAM is enabled."></username>
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password."></password>
X
<username desc="The username of the admin console. Ignored if PAM is enabled.">ugit</username>
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password.">CA2</password>
- Guardamos el archivo
- Asumimos que tenemos los certificados de letsencrypt en la ubicación
/etc/apache2/certificados/collabora.siua.ac.cr/
chgrp lool /etc/apache2/certificados/collabora.siua.ac.cr/*
chmod g+r /etc/apache2/certificados/collabora.siua.ac.cr/*
nano /etc/loolwsd/loolwsd.xml
<cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
<cert_file_path desc="Path to the cert file" relative="false">/etc/apache2/certificados<key_file_path desc="Path to the key file" relative="false">/etc/apache2/certificados/collabora.siua.ac.cr/privkey.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/apache2/certificados/collabora.siua.ac.cr/chain.pem</ca_file_path>
- Reiniciamos los servicios y comprobamos que estén corriendo bien
systemctl restart loolwsd.service
systemctl status loolwsd.service
netstat -tulpen | grep 9980
Configurar virtual host
nano /etc/apache2/sites-available/collabora.siua.ac.cr.conf
<VirtualHost *:80>
#************************************************************************
#******************* DATOS DEL SITIO WEB ********************************
#************************************************************************
ServerName collabora.siua.ac.cr
ServerAlias www.collabora.siua.ac.cr
ErrorLog /var/log/apache2/collabora_80.siua.ac.cr-error.log
CustomLog /var/log/apache2/collabora_80.siua.ac.cr-access.log common
#************************************************************************
#********************** DATOS DEL WEBMASTER *****************************
#************************************************************************
ServerAdmin interuniversitariadealajuela@gmail.com
Header add Author "Unidad de Gestion e Innovacion Tecnologica"
#************************************************************************
#********************* DATOS DEL REDIRECIONAMIENTO **********************
#************************************************************************
RedirectMatch permanent ^/(.*) https://collabora.siua.ac.cr/$1
#************************************************************************
#************************* DATOS DEL SITIO WEB **************************
#************************************************************************
DocumentRoot /var/www/html/XXXXXXXXXXXXXXXXXXX
</VirtualHost>
nano /etc/apache2/sites-available/collabora.siua.ac.cr-le-ssl.conf
IfModule mod_ssl.c>
#************************************************************************
#HTTPS://www.collabora.siua.ac.cr
#************************************************************************
<VirtualHost *:443>
ServerName www.collabora.siua.ac.cr
RedirectMatch permanent ^/(.*) https://collabora.siua.ac.cr/$1
#************************************************************************
#*************************** DATOS DEL CERTIFICADO **********************
#************************************************************************
SSLEngine on
SSLCertificateFile /etc/apache2/certificados/collabora.siua.ac.cr/fullchain.pem
SSLCertificateKeyFile /etc/apache2/certificados/collabora.siua.ac.cr/privkey.pem
</VirtualHost>
#************************************************************************
#HTTPS://collabora.siua.ac.cr
#************************************************************************
<VirtualHost *:443>
#************************************************************************
#******************* DATOS DEL SITIO WEB ********************************
#************************************************************************
ServerName collabora.siua.ac.cr
ErrorLog /var/log/apache2/collabora_443.siua.ac.cr-error.log
CustomLog /var/log/apache2/collabora_443.siua.ac.cr-access.log common
#************************************************************************
#********************** DATOS DEL WEBMASTER *****************************
#************************************************************************
ServerAdmin interuniversitariadealajuela@gmail.com
Header add Author "Unidad de Gestion e Innovacion Tecnologica"
#************************************************************************
#************************** DATOS DEL CERTIFICADO ***********************
#************************************************************************
SSLEngine on
SSLCertificateFile /etc/apache2/certificados/collabora.siua.ac.cr/fullchain.pem
SSLCertificateKeyFile /etc/apache2/certificados/collabora.siua.ac.cr/privkey.pem
#************************************************************************
#************************** DATOS DEL SITIO WEB *************************
#************************************************************************
#DocumentRoot /var/www/html/XXXXXXXXXXXXXXXXX
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES25$
SSLHonorCipherOrder on
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Enable and configure SSL Proxy
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
# Make sure to keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
</VirtualHost>
</IfModule>
https://collabora.siua.ac.cr:9980/loleaflet/dist/admin/admin.html