Installation

System requirements

For the beginning packages are only provided for the following distributions:

  • Debian 8
  • Debian 9
  • Ubuntu 16.04

More distributions will be added over time.

Additionally we require some LibreOffice packages from the official Document Foundation download repository. At the moment of writing this needs to be 5.4.3.2-2 or greater.

The required packages are:

  • libreoffice5.4 (>= 5.4.3.2-2)
  • libreoffice5.4-ure (>= 5.4.3.2-2)
  • libobasis5.4-calc (>= 5.4.3.2-2)
  • libobasis5.4-core (>= 5.4.3.2-2)
  • libobasis5.4-graphicfilter (>= 5.4.3.2-2)
  • libobasis5.4-images (>= 5.4.3.2-2)
  • libobasis5.4-impress (>= 5.4.3.2-2)
  • libobasis5.4-ooofonts (>= 5.4.3.2-2)
  • libobasis5.4-writer (>= 5.4.3.2-2)
  • libobasis5.4-en-us (>= 5.4.3.2-2)
  • libobasis5.4-en-us-calc (>= 5.4.3.2-2)
  • libobasis5.4-en-us-res (>= 5.4.3.2-2)
  • libobasis5.4-draw (>= 5.4.3.2-2)
  • libobasis5.4-extension-pdf-import (>= 5.4.3.2-2)

For convinience these packages are included in the repository explained below.

Configuring the Kopano package repositories

The package repository can either be accessed by using a combination of username & password (account can be registered at the Kopano Portal) or by using the username serial and your Kopano serial (e.g. Z...) as the password.

Adding the supported repository for Ubuntu 16.04:

URL=https://serial:your-serial@download.kopano.io/supported/documentseditor/Ubuntu_16.04/
echo "deb $URL /" > /etc/apt/sources.list.d/kopano-documentseditor.list
curl $URL/Release.key | apt-key add -
apt update

Adding the community repository for Ubuntu 16.04:

URL=https://download.kopano.io/community/libreofficeonline/Ubuntu_16.04/
echo "deb $URL /" > /etc/apt/sources.list.d/libreoffice-online.list
curl $URL/Release.key | apt-key add -
apt update

See the Kopano Groupware Core Administrator Manual for more information about our package repositories.

Installing Kopano Documents Editor (supported repository)

After the repository has been added Kopano Documents Editor can be installed by retrieving the kopano-documentseditor package with your package manager.

Installing packages on Ubuntu 16.04:

apt install kopano-documentseditor

Installing LibreOffice Online (community repository)

After the repository has been added LibreOffice Online can be installed by retrieving the libreoffice-online package with your package manager.

Installing packages on Ubuntu 16.04:

apt install libreoffice-online

Configuring LibreOffice Online and its dependencies

The configuration for LibreOffice Online and Kopano Documents Editor are the same again.

LibreOffice Online WebSocket server (loolwsd)

loolwsd is configured by default to use ssl by default, but since the package does not provide the configured ssl certificates the initial startup of the deamon will fail. To use loolwsd the admin either has to configure ssl certificates inside /etc/libreoffice-online/loolwsd.xml , or disable ssl altogether and implement a reverse proxy for this (recommended). To disable ssl the admin needs to set <enable type="bool" default="true"> to false.

<ssl desc="SSL settings">
        <enable type="bool" default="true">false</enable>
        <termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
        <cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
        <key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
        <ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
        <hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
                <max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
                <report_uri desc="HPKP's report-uri directive - pin validation failure are reported at this URL" enable="false"></report_uri>
                <pins desc="Base64 encoded SPKI fingerprints of keys to be pinned">
                <pin></pin>
                </pins>
        </hpkp>
</ssl>

Afterwards the deamon can be restarted by issuing systemctl restart libreoffice-online and will be reachable through port 9980. Since loolwsd listens gloablly it is recommended to block network access e.g. via iptables.

Using Apache as a reverse proxy for loolwsd

The following vHost can be used to expose LibreOffice Online on the local network.

<VirtualHost *:443>
  ServerName office.example.com

  # SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
  SSLEngine on
  SSLCertificateFile /path/to/signed_certificate
  SSLCertificateChainFile /path/to/intermediate_certificate
  SSLCertificateKeyFile /path/to/private/key
  SSLProtocol             all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  SSLHonorCipherOrder     on

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # Container uses a unique non-signed certificate
  SSLProxyEngine On
  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool https://127.0.0.1:9980/lool
  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
</VirtualHost>

Using Nginx as a reverse proxy for loolwsd

The following vHost can be used to expose LibreOffice Online on the local network.

server {
    listen       443 ssl;
    server_name  office.example.com;

    ssl_certificate /path/to/ssl_certificate;
    ssl_certificate_key /path/to/ssl_certificate_key;

    # static files
    location ^~ /loleaflet {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # WOPI discovery URL
    location ^~ /hosting/discovery {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # main websocket
    location ~ ^/lool/(.*)/ws$ {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }

    # download, presentation and image upload
    location ~ ^/lool {
        proxy_pass https://localhost:9980;
        proxy_set_header Host $http_host;
    }

    # Admin Console websocket
    location ^~ /lool/adminws {
        proxy_pass https://localhost:9980;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $http_host;
        proxy_read_timeout 36000s;
    }
}