Installation¶
System requirements¶
For the beginning packages are only provided for the following distributions:
- Debian 8
- Debian 9
- Ubuntu 16.04
More distributions will be added over time.
Additionally we require some LibreOffice packages from the official Document Foundation download repository. At the moment of writing this needs to be 5.4.3.2-2 or greater.
The required packages are:
- libreoffice5.4 (>= 5.4.3.2-2)
- libreoffice5.4-ure (>= 5.4.3.2-2)
- libobasis5.4-calc (>= 5.4.3.2-2)
- libobasis5.4-core (>= 5.4.3.2-2)
- libobasis5.4-graphicfilter (>= 5.4.3.2-2)
- libobasis5.4-images (>= 5.4.3.2-2)
- libobasis5.4-impress (>= 5.4.3.2-2)
- libobasis5.4-ooofonts (>= 5.4.3.2-2)
- libobasis5.4-writer (>= 5.4.3.2-2)
- libobasis5.4-en-us (>= 5.4.3.2-2)
- libobasis5.4-en-us-calc (>= 5.4.3.2-2)
- libobasis5.4-en-us-res (>= 5.4.3.2-2)
- libobasis5.4-draw (>= 5.4.3.2-2)
- libobasis5.4-extension-pdf-import (>= 5.4.3.2-2)
For convinience these packages are included in the repository explained below.
Configuring the Kopano package repositories¶
The package repository can either be accessed by using a combination of username & password (account can be registered at the Kopano Portal) or by using the username serial and your Kopano serial (e.g. Z…) as the password.
Adding the supported repository for Ubuntu 16.04:
URL=https://serial:your-serial@download.kopano.io/supported/documentseditor/Ubuntu_16.04/
echo "deb $URL /" > /etc/apt/sources.list.d/kopano-documentseditor.list
curl $URL/Release.key | apt-key add -
apt update
Adding the community repository for Ubuntu 16.04:
URL=https://download.kopano.io/community/libreofficeonline/Ubuntu_16.04/
echo "deb $URL /" > /etc/apt/sources.list.d/libreoffice-online.list
curl $URL/Release.key | apt-key add -
apt update
See the Kopano Groupware Core Administrator Manual for more information about our package repositories.
Installing Kopano Documents Editor (supported repository)¶
After the repository has been added Kopano Documents Editor can be installed by retrieving the kopano-documentseditor package with your package manager.
Installing packages on Ubuntu 16.04:
apt install kopano-documentseditor
Installing LibreOffice Online (community repository)¶
After the repository has been added LibreOffice Online can be installed by retrieving the libreoffice-online package with your package manager.
Installing packages on Ubuntu 16.04:
apt install libreoffice-online
Configuring LibreOffice Online and its dependencies¶
The configuration for LibreOffice Online and Kopano Documents Editor are the same again.
LibreOffice Online WebSocket server (loolwsd)¶
loolwsd is configured by default to use ssl by default, but since the package does not provide the configured ssl certificates the initial startup of the deamon will fail.
To use loolwsd the admin either has to configure ssl certificates inside /etc/libreoffice-online/loolwsd.xml , or disable ssl altogether and implement a reverse proxy for this (recommended). To disable ssl the admin needs to set <enable type="bool" default="true"> to false.
<ssl desc="SSL settings">
<enable type="bool" default="true">false</enable>
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
<cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
<hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
<max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
<report_uri desc="HPKP's report-uri directive - pin validation failure are reported at this URL" enable="false"></report_uri>
<pins desc="Base64 encoded SPKI fingerprints of keys to be pinned">
<pin></pin>
</pins>
</hpkp>
</ssl>
Afterwards the deamon can be restarted by issuing systemctl restart libreoffice-online and will be reachable through port 9980.
Since loolwsd listens gloablly it is recommended to block network access e.g. via iptables.
Using Apache as a reverse proxy for loolwsd¶
The following vHost can be used to expose LibreOffice Online on the local network.
<VirtualHost *:443>
ServerName office.example.com
# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /path/to/signed_certificate
SSLCertificateChainFile /path/to/intermediate_certificate
SSLCertificateKeyFile /path/to/private/key
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode
# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# keep the host
ProxyPreserveHost On
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
</VirtualHost>
Using Nginx as a reverse proxy for loolwsd¶
The following vHost can be used to expose LibreOffice Online on the local network.
server {
listen 443 ssl;
server_name office.example.com;
ssl_certificate /path/to/ssl_certificate;
ssl_certificate_key /path/to/ssl_certificate_key;
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}