Mailcow-dockerized: Nextcloud enhancements

@seppeel One reason for non-auto upgrades could be, that upgrading within the docker container might not make any sense. Normally you want to keep the versioning of the underlying software within a docker image, so if you would want to upgrade from nextcloud 13 to 14 you would pull a new container which would migrate the existing data, if necessary.

If you upgrade manually you might need to do it everytime you pull a new minor version, if the next major version isn't used for the chosen docker image yet. That's a problem I ran into with Piwik/Matomo images all the time.

The docker container takes care of nextcloud updates already everytime the container is started it uses the nextcloud:latest tag keeping it up-to-date with Docker's images.

For Collabora, you can use a docker-compose.override.yml for that too.

oh, ok. so everytime the container is restarted, i should get the nextcloud installation updated? (except major upgrades) thats a good solution, nice.
i will try to mess a bit around with a docker-compose.override.yml for collabora online :)

i would love to see collabora online as an optional part of the helper-script for nextcloud, but i would understand if you draw the line for nextcloud stuff here and dont think about adding this.
then just close this :)

@seppeel If the container was updated with the latest version of Nextcloud then yes. That's the beauty behind docker. Minimal management of packages :)

As for collabora - I am not a maintainer of Mailcow. I am only a user. So it's up to the maintainers to decide that. That being said the setup for collabora's docker container (https://www.collaboraoffice.com/code/) is simple to install (never done this, but looks easy enough from their install instructions)

For integrating Collabora into my Mailcow setup I used the following docker-compose.override.yml file next to the existing docker-compose.yml file from mailcow.

version: '2.1'
services:

    nginx-mailcow:
      networks:
        mailcow-network:
          ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
          aliases:
            - phpfpm

    php-fpm-mailcow:
      extra_hosts:
        - "collabora.my-domain.de:${IPV4_NETWORK:-172.22.1}.253"

    collabora:
      image: collabora/code
      container_name: collabora
      cap_add:
        - MKNOD
      environment:
        - domain=cloud.my-domain.de
        - dictionaries=de_DE
      networks:
        - mailcow-network
      extra_hosts:
        - "cloud.my-domain.de:${IPV4_NETWORK:-172.22.1}.253"

I needed to use a fixed IP value for the nginx container, and add host aliases for it in the php-fpm-mailcow and collabora containers. Otherwise the communication didn't work for me. This setup is a bit older, so it might not be necessary to do it like this anymore. Nextcloud was installed into the nginx/php-fpm containers by the provided helper script.

Watch out for hardware requirements-implications when using collabora CODE, tho. I think it was pretty RAM-hungry.

wow thats nice, thank you.

Watch out for hardware requirements-implications when using collabora CODE, tho. I think it was pretty RAM-hungry.

thats right. my vm is too small right now for that. you will need at least 4gb ram for mailcow + collabora CODE.

Hi, is there a way to get collabora work inside mailcow?
I have a docker-compose.override.yml with this configuration:

    collabora-mailcow:
      image: collabora/code
      container_name: collabora
      cap_add:
        - MKNOD
      environment:
        - domain=office.domain.de
        - dictionaries=de_DE
      dns:
        - 172.22.1.254
      dns_search: mailcow-network
      networks:
        mailcow-network:
          aliases:
            - collabora

an /opt/mailcow-dockerized/data/conf/nginx/collabora.conf

upstream collabora {
  server collabora-mailcow:9980;
}

map $http_upgrade $connection_upgrade {
  default upgrade;
  '' close;
}

and a new location at the mailcow site /opt/mailcow-dockerized/data/conf/nginx/site.collabora.custom

location /loleaflet {
proxy_http_version 1.1;
proxy_set_header Host              $http_host;
proxy_set_header X-Real-IP         $remote_addr;
proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout                 900;
proxy_set_header Connection "";
proxy_buffers 32 4k;
proxy_pass http://localhost:9980;
}

location /hosting/discovery {
proxy_set_header Host $http_host;
proxy_pass http://localhost:9980;
}

location /lool {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /hosting/capabilities {
proxy_pass http://localhost:9980;
proxy_set_header Host $http_host;
}

everything is up, nexcloud url configured but i can't open any document: Failed to load Collabora Online - please try again later

thx

@doeminik Try setting a fixed IP for the proxy and adding extra hosts inside the php-fpm and collabora containers, to map the external DNS to the internal IP, like I posted it here: https://github.com/mailcow/mailcow-dockerized/issues/1760#issuecomment-424667172

@tisoft i tried it already without success.
Did you had in your configuration also ngix reverse proxy configured or just used the docker-compose.override.yml ?

This is my nxing configuraton for collabora

map $http_x_forwarded_proto $client_req_scheme_nc {
     default $scheme;
     https https;
}

server {
  include /etc/nginx/conf.d/listen_ssl.active;
  include /etc/nginx/mime.types;
  charset utf-8;
  override_charset on;

  ssl on;
  ssl_certificate /etc/ssl/mail/cert.pem;
  ssl_certificate_key /etc/ssl/mail/key.pem;
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:50m;
  ssl_session_timeout 1d;
  ssl_session_tickets off;
  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Robots-Tag none;
  add_header X-Download-Options noopen;
  add_header X-Permitted-Cross-Domain-Policies none;
  add_header X-Frame-Options "SAMEORIGIN";

  server_name collabora.my-domain.de;

    # static files
    location ^~ /loleaflet {
        proxy_pass https://collabora:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://collabora:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        proxy_pass https://collabora:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        proxy_pass https://collabora:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        proxy_pass https://collabora:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}