From 9c4c009936a319ed5f3b32db3fb1b91f0e7edf44 Mon Sep 17 00:00:00 2001 From: Anja Barz Date: Tue, 8 Jul 2025 11:24:51 +0200 Subject: [PATCH 1/2] add tutorial for OpenCloud with reverse Proxy --- .../docker-compose/docker-external-proxy.md | 268 +++++++++++++++++- 1 file changed, 265 insertions(+), 3 deletions(-) diff --git a/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md b/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md index 4993a109..f14889df 100644 --- a/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md +++ b/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md @@ -1,7 +1,269 @@ --- sidebar_position: 2 id: external-proxy -title: Behind external Proxy -description: 'OpenCloud behind external Proxy.' -draft: true +title: Behind External Proxy +description: "How to run OpenCloud behind an external Nginx proxy with Certbot (manual setup)." --- + +# 🌐 Running OpenCloud Behind an External Proxy (Nginx + Certbot Setup) + +This guide walks you through setting up OpenCloud behind an external **Nginx reverse proxy** with **Let's Encrypt certificates** using `certbot certonly --webroot`. + +--- + +## ✅ Requirements + +- A **public server** with a static IP +- Proper **DNS records** for your domain: + - `cloud.YOUR.DOMAIN` + - `collabora.YOUR.DOMAIN` + - `wopiserver.YOUR.DOMAIN` +- Installed software: + - [Docker & Docker Compose](https://docs.docker.com/engine/install/) + - `nginx` + - `certbot` + +--- +## Step 1: Connect to Your Server +Log into your server via SSH: + +```bash +ssh root@YOUR.SERVER.IP +``` +--- +## Step 2: Install Docker +Update your system and install Docker. + + +First, perform an update and upgrade: + +```bash +apt update && apt upgrade -y +``` +Install Docker following the [official Docker guide](https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository) + +Once Docker is installed, enable and start the service: + +```bash +systemctl enable docker && systemctl start docker +``` +--- +## Step 3: Clone the OpenCloud Repository +Download the necessary configuration files: + +```bash +git clone https://github.com/opencloud-eu/opencloud.git +``` + +--- + +## Step 4: Install Nginx & Certbot +Now install Nginx & Certbot + + +## 📁 Step 5: Create a Webroot Directory for Certbot + +```bash +sudo mkdir -p /var/www/certbot +sudo chown -R www-data:www-data /var/www/certbot +``` + +--- + +## 🔧 Step 6: Temporary Nginx Config for HTTP Challenge + +Create a temporary config to allow HTTP validation: + +```bash +sudo nano /etc/nginx/sites-available/certbot-challenge +``` + +Paste the following config: + +```nginx +server { + listen 80; + server_name cloud.YOUR.DOMAIN collabora.YOUR.DOMAIN wopiserver.YOUR.DOMAIN; + + root /var/www/certbot; + + location /.well-known/acme-challenge/ { + allow all; + try_files $uri =404; + } +} +``` + +Enable and reload Nginx: + +```bash +sudo ln -s /etc/nginx/sites-available/certbot-challenge /etc/nginx/sites-enabled/ +sudo nginx -t && sudo systemctl reload nginx +``` + +--- + +## 🔐 Step 7: Obtain SSL Certificates + +Use `certbot` to get your TLS certificates: + +```bash +sudo certbot certonly --webroot \ + -w /var/www/certbot \ + -d cloud.YOUR.DOMAIN \ + -d collabora.YOUR.DOMAIN \ + -d wopiserver.YOUR.DOMAIN \ + --email your@email.com \ + --agree-tos \ + --no-eff-email +``` + +Your certificates will be saved under: + +- `/etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem` +- `/etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem` + +--- + +## ⚙️ Step 8: Configure and start OpenCloud + +Clone the OpenCloud Compose repo and set your environment: + +```bash +git clone https://github.com/opencloud-eu/opencloud-compose.git +cd opencloud-compose +cp .env.example .env +nano .env +``` + +Set the following environment variables: + +```env +# INSECURE=true + +COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:external-proxy/opencloud.yml:external-proxy/collabora.yml + +OC_DOMAIN=cloud.YOUR.DOMAIN + +INITIAL_ADMIN_PASSWORD=YOUR.SECRET.PASSWORD + +COLLABORA_DOMAIN=collabora.YOUR.DOMAIN + +WOPISERVER_DOMAIN=wopiserver.YOUR.DOMAIN +``` +The initial Admin password is mandatory for security reasons. + +Start the docker compose setup + +```bash +docker compose up -d +``` + +--- + +## 🧩 Step 9: Set Up the Final Nginx Reverse Proxy + +### Remove the temporary certbot config: + +```bash +sudo rm /etc/nginx/sites-enabled/certbot-challenge +``` + +### Create a new proxy config: + +```bash +sudo nano /etc/nginx/sites-available/opencloud +``` + +Paste the following configuration: + +```nginx +# Redirect HTTP to HTTPS +server { + listen 80; + server_name cloud.YOUR.DOMAIN collabora.YOUR.DOMAIN wopiserver.YOUR.DOMAIN; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +# OpenCloud +server { + listen 443 ssl; + server_name cloud.YOUR.DOMAIN; + + ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; + + location / { + proxy_pass http://127.0.0.1:9200; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# Collabora +server { + listen 443 ssl; + server_name collabora.YOUR.DOMAIN; + + ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; + + location / { + proxy_pass http://127.0.0.1:9980; + proxy_set_header Host $host; + } + + location ~ ^/cool/(.*)/ws$ { + proxy_pass http://127.0.0.1:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + } +} + +# WOPI Server +server { + listen 443 ssl; + server_name wopiserver.YOUR.DOMAIN; + + ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; + + location / { + proxy_pass http://127.0.0.1:9300; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} +``` +Thanks to [mitexleo](https://github.com/mitexleo) for the Ngnix example configuration on GitHub + +Enable and reload Nginx: + +```bash +sudo ln -s /etc/nginx/sites-available/opencloud /etc/nginx/sites-enabled/ +sudo nginx -t && sudo systemctl reload nginx +``` + +--- + +## 🔁 Step 10: Test Certificate Renewal + +```bash +sudo certbot renew --dry-run +``` + +--- + +Your OpenCloud instance is now running securely behind a fully configured external Nginx reverse proxy with HTTPS. From a6fc355f4e5718613e5ca3292aca5588cb7b8d40 Mon Sep 17 00:00:00 2001 From: Alex Ackermann Date: Tue, 15 Jul 2025 13:40:38 +0200 Subject: [PATCH 2/2] lint --- .../docker-compose/docker-external-proxy.md | 28 +++++++++++++------ 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md b/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md index f14889df..3af5b23f 100644 --- a/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md +++ b/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md @@ -2,7 +2,7 @@ sidebar_position: 2 id: external-proxy title: Behind External Proxy -description: "How to run OpenCloud behind an external Nginx proxy with Certbot (manual setup)." +description: 'How to run OpenCloud behind an external Nginx proxy with Certbot (manual setup).' --- # 🌐 Running OpenCloud Behind an External Proxy (Nginx + Certbot Setup) @@ -21,25 +21,30 @@ This guide walks you through setting up OpenCloud behind an external **Nginx rev - Installed software: - [Docker & Docker Compose](https://docs.docker.com/engine/install/) - `nginx` - - `certbot` + - `certbot` --- + ## Step 1: Connect to Your Server + Log into your server via SSH: ```bash ssh root@YOUR.SERVER.IP ``` + --- + ## Step 2: Install Docker -Update your system and install Docker. +Update your system and install Docker. First, perform an update and upgrade: ```bash apt update && apt upgrade -y ``` + Install Docker following the [official Docker guide](https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository) Once Docker is installed, enable and start the service: @@ -47,8 +52,11 @@ Once Docker is installed, enable and start the service: ```bash systemctl enable docker && systemctl start docker ``` + --- + ## Step 3: Clone the OpenCloud Repository + Download the necessary configuration files: ```bash @@ -58,8 +66,8 @@ git clone https://github.com/opencloud-eu/opencloud.git --- ## Step 4: Install Nginx & Certbot -Now install Nginx & Certbot +Now install Nginx & Certbot ## 📁 Step 5: Create a Webroot Directory for Certbot @@ -125,7 +133,7 @@ Your certificates will be saved under: --- -## ⚙️ Step 8: Configure and start OpenCloud +## ⚙️ Step 8: Configure and start OpenCloud Clone the OpenCloud Compose repo and set your environment: @@ -151,25 +159,26 @@ COLLABORA_DOMAIN=collabora.YOUR.DOMAIN WOPISERVER_DOMAIN=wopiserver.YOUR.DOMAIN ``` + The initial Admin password is mandatory for security reasons. Start the docker compose setup ```bash docker compose up -d -``` +``` --- ## 🧩 Step 9: Set Up the Final Nginx Reverse Proxy -### Remove the temporary certbot config: +### Remove the temporary certbot config ```bash sudo rm /etc/nginx/sites-enabled/certbot-challenge ``` -### Create a new proxy config: +### Create a new proxy config ```bash sudo nano /etc/nginx/sites-available/opencloud @@ -247,7 +256,8 @@ server { } } ``` -Thanks to [mitexleo](https://github.com/mitexleo) for the Ngnix example configuration on GitHub + +Thanks to [mitexleo](https://github.com/mitexleo) for the Ngnix example configuration on GitHub Enable and reload Nginx: