Yes, will try with hosts file, thanks
I have Seafile CE 6.1.2, and I try to configure CollaboraOffice, but don’t work. If I try to open an odt file, I can only download it, no preview, and no edit options.
My config:
OFFICE_SERVER_TYPE = ‘CollaboraOffice’
ENABLE_OFFICE_WEB_APP = True
OFFICE_WEB_APP_BASE_URL = ‘https://code.xxx.ro/hosting/discovery’
WOPI_ACCESS_TOKEN_EXPIRATION = 30 * 60 # seconds
OFFICE_WEB_APP_FILE_EXTENSION = (‘ods’, ‘xls’, ‘xlsb’, ‘xlsm’, ‘xlsx’,‘ppsx’, ‘ppt’, ‘pptm’, ‘pptx’, ‘doc’, ‘docm’, ‘docx’)
ENABLE_OFFICE_WEB_APP_EDIT = True
OFFICE_WEB_APP_EDIT_FILE_EXTENSION = (‘ods’, ‘xls’, ‘xlsb’, ‘xlsm’, ‘xlsx’,‘ppsx’, ‘ppt’, ‘pptm’, ‘pptx’, ‘doc’, ‘docm’, ‘docx’)
I can open the https://code.xxx.ro/hosting/discovery URL, and I get valid XML, and I use this LibreOffice online with nextcloud, and it works fine.
Well, just figured out how to make it work
My setup: one Ubuntu 16.04 Server VM for Seafile CE, dyndns @no-ip.info, nginx and letsencrypt certificates.
Below the steps:
import the signing key
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D
add the repository URL to /etc/apt/sources.list
echo ‘deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE ./’ >> /etc/apt/sources.list
perform the installation
apt-get update && apt-get install loolwsd code-brand
mkdir /etc/loolwsd
openssl genrsa -out /etc/loolwsd/key.pem 4096
openssl req -out /etc/loolwsd/cert.csr -key /etc/loolwsd/key.pem -new -sha256 -nodes
openssl x509 -req -days 365 -in /etc/loolwsd/cert.csr -signkey /etc/loolwsd/key.pem -out /etc/loolwsd/cert.pem
openssl x509 -req -days 365 -in /etc/loolwsd/cert.csr -signkey /etc/loolwsd/key.pem -out /etc/loolwsd/ca-chain.cert.pem
the following lines are put to the nginx config file for th Seafile CE:
static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_set_header Host $http_host;
}
and in /etc/loolwsd/loolwsd.xml i have replaced
localhost
with
myseacloud.no-ip.info
After a restart everything worked fine. Thanks all for the support.
Can you share the seafile config, because I have a working LibreOffice Online, but I can’t integrate in seafile.
Sure, here it is:
https://seacloud.no-ip.info/f/bb6d98a15fd24b68920e/?dl=1
Thanks, it’s work.
It’s seems same with my config, but after I copy your config I can use LibreOffice Online, probably I misstype something.
Could be. Have you also compared the loolwsd.xml files?
No. I copy only the office integration part from seahub_settings.py.
may i have the config file please. im also stucked where you was
Hi Korry, I am in the same situation as akoscomp. I have working LibreOffice Online but can’t integrate with seafile.
Would you please share your seafile config file?
Thanks.
Did you check the manual? https://download.seafile.com/published/seafile-manual/deploy/libreoffice_online.md
Yes, I did. Followed the instruction in the manual all the way through and get the error below in seahub log:
2020-03-13 19:43:49,433 [ERROR] seahub.wopi.utils:102 get_wopi_dict HTTPSConnectionPool(host=‘collabora.xxxxxx.com’, port=443): Max retries exceeded with url: /hosting/discovery (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)],)”,),))
I can view the xml file on collabora.xxxxxx.com and the site is using letsencrypt certificate.
Hi,
Please read the first post. You need to generate own certificates:
mkdir /etc/loolwsd
openssl genrsa -out /etc/loolwsd/key.pem 4096
openssl req -out /etc/loolwsd/cert.csr -key /etc/loolwsd/key.pem -new -sha256 -nodes
openssl x509 -req -days 365 -in /etc/loolwsd/cert.csr -signkey /etc/loolwsd/key.pem -out /etc/loolwsd/cert.pem
openssl x509 -req -days 365 -in /etc/loolwsd/cert.csr -signkey /etc/loolwsd/key.pem -out /etc/loolwsd/ca-chain.cert.pem
then to modify loolwsd.xml:
<ssl desc="SSL settings">
<enable type="bool" default="true">true</enable>
<termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
<cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
<hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
<max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
<report_uri desc="HPKP's report-uri directive - pin validation failure are reported at this URL" enable="false"></report_uri>
<pins desc="Base64 encoded SPKI fingerprints of keys to be pinned">
<pin></pin>
</pins>
</hpkp>
</ssl>
and also to replace localhost with your seafile domain:
<storage desc="Backend storage">
<filesystem allow="false" />
<wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
<host desc="Regex pattern of hostname to allow or deny." allow="true">seacloud.no-ip.info</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
<max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
</wopi>
I followed your instruction. After certificate was generated, loolwsd service failed to start due to key.pem access denied.
chgrp lool /etc/loolwsd/key.pem
chmod g+r /etc/loolwsd/key.pem
that fixed loolwsd failed to start problem.
I also replace localhost with my seafile domain and still get the same error.
2020-03-14 18:47:09,956 [ERROR] seahub.wopi.utils:102 get_wopi_dict HTTPSConnectionPool(host='collabora.xxxxxx.com', port=443): Max retries exceeded with url: /hosting/discovery (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
I am running Seafile CE 7.0.5.
OK,
I fixed it. My firewall prevent direct tls handshake to my internal collabora server. After added firewall rule to allow direct tls handshake, it works.
Thanks Korry and everyone for helping with my problem.