Install Collabora Online on Enterprise Linux 7 [Obsolete]

Collaborative editing, using Collabora Online, is an additional function that can be added to the out of the box Kolab 16 installation.

This article outlines how to install Collabora Online to a Kolab 16 installation on CentOS 7 or Red Hat Enterprise Linux 7, when Kolab is secured via Let’s encrypt.

Ensure you have Kolab 16 installed first by following the guide for CentOS 7 or the guide for Red Hat Enterprise Linux 7 and have secured Kolab with Let’s encrypt.

Chwala needs to be updated to the latest version; 0.5.3 or later:

# yum update chwala

Install the extra repository configuration:

# yum install kolab-16-extras-collab

Now Collabora Online can be installed directly from the Kolab mirror:

# yum install collabora-online-brand loolwsd

Now the configuration file/etc/loolwsd/loolwsd.xml needs to be updated. As a minimum, edit the values listed below (tag attributes omitted for brevity):

<cert_file_path (...)>/etc/letsencrypt/live/<domain.tld>/cert.pem</cert_file_path>
<key_file_path (...)>/etc/letsencrypt/live/<domain.tld>/privkey.pem</key_file_path>
<ca_file_path (...)>/etc/letsencrypt/live/<domain.tld>/fullchain.pem</ca_file_path>
<username (...)">collabora.admin</username>
<password (...)">My-Long-Password</password>

Make sure that they user lool has at least reading rights to the .pem files

Enable and start the loolwsd daemon:

# systemctl enable loolwsd
# systemctl start loolwsd

Add a new file:/etc/httpd/conf.d/proxy.conf

with the following lines:

SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
SSLProxyCheckPeerExpire Off
SSLProxyProtocol all

<ifModule !mod_proxy_wstunnel.c>
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
</ifModule>

AllowEncodedSlashes NoDecode

ProxyPreserveHost On

# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass        /loleaflet           https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet           https://127.0.0.1:9980/loleaflet

# WOPI discovery URL
ProxyPass        /hosting/discovery   https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery   https://127.0.0.1:9980/hosting/discovery

# Main websocket
ProxyPass        /lool/ws              wss://127.0.0.1:9980/lool/ws
ProxyPassMatch   /lool/(.*)/ws$        wss://127.0.0.1:9980/lool/$1/ws nocanon

# Admin Console websocket
ProxyPass        /lool/adminws         wss://127.0.0.1:9980/lool/adminws

# Download as, Fullscreen presentation and Image upload operations
ProxyPass        /lool                 https://127.0.0.1:9980/lool
ProxyPassReverse /lool                 https://127.0.0.1:9980/lool

Make sure that this file is included by adding the following line to /etc/httpd/conf.d/<domain.tld>-le-ssl.conf (within the VirtualHost):

Include /etc/httpd/conf.d/proxy.conf

Add the WOPI configuration to /etc/roundcubemail/config.inc.php:

$config['fileapi_wopi_office'] = 'https://' . $_SERVER['HTTP_HOST'];

To get the ducks in a row, restart the loolws and http daemons:

# systemctl restart loolwsd
# systemctl restart httpd

If your kolab is not secured with certificates from Let’s encrypt, but from some other SSL certificate provider, then  use this method