Setting up a Nextcloud server with Collabora Online support to migrate away from Google docs
Since some of us feel the urge to migrate our cloud data away from Google, Microsoft or other US based services, this is one way to set up a self-hosted open source service as a private cloud.
We will need a Nextcloud instance as a frontend for cloud storage and basic file handling for images, PDF, notes, markdown documents etc., and also a Collabora Online instance for providing office document capabilities.
It goes as follows:
We log in to our preferred VPS/root server provider and order a machine with 4 vCPUs and 4-8 GB RAM, which comes usually with 128 to 256 GB HDD space. (I’m with netcup - not affiliated - and took a VPS with 4 vCPUs, 8 GB RAM and 256 GB HDD at 6,84 EUR/month.) We deploy a fresh Ubuntu Server 24.04, we deploy necessary updates, we reboot.
At our DNS registrar, we register A records for nx.example.com and co.example.com for the IP of the new machine, given that we own the domain example.com.
We install an appropriate firewall and/or startup scripts. It makes sense to open ports 80 and 443 for web as well as to install an ssh server for remote access. We open port 9980 tcp only for our client IP.
Now we execute phase 1 of this great Nextcloud install instruction.
Then, we create an Apache configration nx.example.com.conf with the following contents:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName nx.example.com
ServerAlias nx.example.com
DocumentRoot /var/www/nextcloud
<Directory /var/www/nextcloud>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Please be aware that we use the path /var/www/nextcloud
instead of /var/www/html/nextcloud
as per the tutorial.
After enabling the instance by a2ensite nx.example.com.conf
and restarting Apache we switch the server to https:
apt-get install certbot python3-certbot-apache
certbot -d nx.example.com
After that, we have a running nextcloud instance and can login at https://nx.example.com
. We even can view pictures and PDF documents that are supplied with the server as examples. But we cannot open the also supplied docx-Document. In order to do that, we have to setup a Collabora Online instance, which we can do at the same server.
For installing this instance we follow the official instructions until the end of point 4.
In the configuration file /etc/coolwsd/coolwsd.xml
we change the following settings:
Under <ssl desc="SSL settings">
we switch enable
to false
and termination
to true
.
Furthermore, under <net desc="Network settings">
we set the proto
to IPv4
(in case we have IPv4 als the internal IP protocol at our server).
Now, we can call the URL http://nx.example.com:9980
from our browser, and we should get an “OK” as answer. That means, that our Collabora Online instance is working.
Next, we have to make this instance available to our Nextcloud server. In order to do that, we first enable some additional Apache modules for reverse proxying:
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_connect
a2enmod proxy_wstunnel
After that, we can create a new Apache config for our Collabora Online service:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName co.example.com
ServerAlias co.example.com
########################################
# Reverse proxy for Collabora Online #
########################################
AllowEncodedSlashes NoDecode
ProxyPreserveHost On
# static html, js, images, etc. served from coolwsd
# browser is the client part of Collabora Online
ProxyPass /browser http://127.0.0.1:9980/browser retry=0
ProxyPassReverse /browser http://127.0.0.1:9980/browser
# WOPI discovery URL
ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery
# Capabilities
ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities
# Main websocket
ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:9980/cool/$1/ws nocanon
# Admin Console websocket
ProxyPass /cool/adminws ws://127.0.0.1:9980/cool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /cool http://127.0.0.1:9980/cool
ProxyPassReverse /cool http://127.0.0.1:9980/cool
# Compatibility with integrations that use the /lool/convert-to endpoint
ProxyPass /lool http://127.0.0.1:9980/cool
ProxyPassReverse /lool http://127.0.0.1:9980/cool
</VirtualHost>
We activate this service by a2ensite co.example.com
, restart Apache and make the service available as https with certbot -d co.example.com
. Although we cannot access the service directly, this step is important for integration with the Nextcloud service, which is the last step.
We log into our Nextcloud server at https://nx.example.com
, click at our avatar in the upper right corner and switch to + Apps
. At the left pane, we then find under “Featured Apps” the “Nextcloud Office”, which we download and enable. Then, we head over to Avatar -> Administration Settings, click on the magnifying glass in the top pane and serach for “office”. We select “Office Administration”, select “Use your own server” and put in the URL https://co.example com
.
This will NOT work using the same URL as for the nextcloud server, e.g. nx.example.com
, even if both services are located at the same machine!
Last, we edit the Allow list for WOPI requests with the values 127.0.0.1, [our server's IP address]
and set in /etc/php/8.3/php.ini
the values
memory_limit = 512M
upload_max_filesize = 64M
With these settings, we should at least get no red errors at the Nextcloud admin page. Now, we should be able to open the supplied docx document as well. Further tweaking according to the linked documentation.
That’s it, we have an integrated Cloud/Docs server where we can migrate all our files and documents to!
(We can and should now close port 9980 tcp for any external access.)