FOSC

Nextcloud & Collabora

Requirements

Our setup relies heavily on traefik and won’t work without it. See our traefik configuration page on how to prepare your system to accept this configuration.

docker-compose.yml

version: '3'

services:

  nginx:
    image: nginx:alpine
    restart: unless-stopped
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./nextcloud:/var/www/html
    labels:
      - traefik.enable=true
      - traefik.http.routers.cloud.entryPoints=web-secure
      - traefik.http.routers.cloud.rule=Host(`cloud.fosc.space`)
      - traefik.http.routers.cloud.tls.certresolver=default
      - traefik.http.routers.cloud.middlewares=cloud@docker
      - traefik.http.middlewares.cloud.headers.customFrameOptionsValue=SAMEORIGIN
      - traefik.http.middlewares.cloud.headers.framedeny=true
      - traefik.http.middlewares.cloud.headers.sslredirect=true
      - traefik.http.middlewares.cloud.headers.stsSeconds=15552000
    depends_on:
      - fpm

  fpm:
    image: nextcloud
    restart: unless-stopped
    volumes:
      - ./nextcloud:/var/www/html
    environment:
      - NEXTCLOUD_TRUSTED_DOMAINS=cloud.fosc.space
      - REDIS_HOST=redis
      - MYSQL_HOST=mariadb
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=hunter2
      - MYSQL_DATABASE=nextcloud
      - NEXTCLOUD_ADMIN_USER=admin
      - NEXTCLOUD_ADMIN_PASSWORD=hunter2
    depends_on:
      - mariadb
      - redis
      - cron

  mariadb:
    image: mariadb
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=hunter2
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD=hunter2
      - MYSQL_DATABASE=nextcloud
    volumes:
      - ./db:/var/lib/mysql

  collabora:
    image: collabora/code
    restart: unless-stopped
    environment:
      - username=admin
      - password=hunter3
      - DONT_GEN_SSL_CERT=true
      - "domain=cloud\\.fosc\\.space"
      - "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:storage.wopi.host[0]=::ffff:[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+ --o:net.post_allow.host[0]=::ffff:[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+ --o:storage.wopi.host[1]=[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+ --o:net.post_allow.host[1]=[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+ --o:storage.wopi.host[2]=cloud.fosc.space"
    labels:
      - traefik.enable=true
      - traefik.http.routers.coll.entryPoints=web-secure
      - traefik.http.routers.coll.rule=Host(`collabora.fosc.space`)
      - traefik.http.routers.coll.tls.certresolver=default
      - traefik.http.services.coll.loadbalancer.server.port=9980

  redis:
    image: redis:alpine
    restart: unless-stopped

  cron:
    image: nextcloud
    restart: always
    volumes:
      - ./nextcloud:/var/www/html
    entrypoint: /cron.sh
    depends_on:
      - mariadb
      - redis

Nextcloud configuration

Once everything is up and running, install the Collabora plugin for Nextcloud and configure the following in its settings page:

URL (and Port) of Collabora Online-server: https://collabora.fosc.space:443

Quirks

To get rid of the secure proxy warning, add a NEXTCLOUD_TRUSTED_PROXIES entry to Nextcloud’s config.php with your host’s hostname or IP address. For some reason, this configuration is not exposed via environment variables and cannot be fixed from docker-compose.