Seafile CE + Collabora integration

Yes, will try with hosts file, thanks

I have Seafile CE 6.1.2, and I try to configure CollaboraOffice, but don’t work. If I try to open an odt file, I can only download it, no preview, and no edit options.

My config:

OFFICE_SERVER_TYPE = ‘CollaboraOffice’
ENABLE_OFFICE_WEB_APP = True
OFFICE_WEB_APP_BASE_URL = ‘https://code.xxx.ro/hosting/discovery
WOPI_ACCESS_TOKEN_EXPIRATION = 30 * 60 # seconds
OFFICE_WEB_APP_FILE_EXTENSION = (‘ods’, ‘xls’, ‘xlsb’, ‘xlsm’, ‘xlsx’,‘ppsx’, ‘ppt’, ‘pptm’, ‘pptx’, ‘doc’, ‘docm’, ‘docx’)
ENABLE_OFFICE_WEB_APP_EDIT = True
OFFICE_WEB_APP_EDIT_FILE_EXTENSION = (‘ods’, ‘xls’, ‘xlsb’, ‘xlsm’, ‘xlsx’,‘ppsx’, ‘ppt’, ‘pptm’, ‘pptx’, ‘doc’, ‘docm’, ‘docx’)

I can open the https://code.xxx.ro/hosting/discovery URL, and I get valid XML, and I use this LibreOffice online with nextcloud, and it works fine.

Well, just figured out how to make it work :slight_smile:

My setup: one Ubuntu 16.04 Server VM for Seafile CE, dyndns @no-ip.info, nginx and letsencrypt certificates.

Below the steps:

import the signing key

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D

add the repository URL to /etc/apt/sources.list

echo ‘deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE ./’ >> /etc/apt/sources.list

perform the installation

apt-get update && apt-get install loolwsd code-brand

mkdir /etc/loolwsd
openssl genrsa -out /etc/loolwsd/key.pem 4096
openssl req -out /etc/loolwsd/cert.csr -key /etc/loolwsd/key.pem -new -sha256 -nodes
openssl x509 -req -days 365 -in /etc/loolwsd/cert.csr -signkey /etc/loolwsd/key.pem -out /etc/loolwsd/cert.pem
openssl x509 -req -days 365 -in /etc/loolwsd/cert.csr -signkey /etc/loolwsd/key.pem -out /etc/loolwsd/ca-chain.cert.pem

the following lines are put to the nginx config file for th Seafile CE:

static files

location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}

WOPI discovery URL

location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}

websockets, download, presentation and image upload

location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_set_header Host $http_host;
}

and in /etc/loolwsd/loolwsd.xml i have replaced

localhost

with

myseacloud.no-ip.info

After a restart everything worked fine. Thanks all for the support.

Can you share the seafile config, because I have a working LibreOffice Online, but I can’t integrate in seafile.

Sure, here it is:

https://seacloud.no-ip.info/f/bb6d98a15fd24b68920e/?dl=1

Thanks, it’s work.
It’s seems same with my config, but after I copy your config I can use LibreOffice Online, probably I misstype something.

Could be. Have you also compared the loolwsd.xml files?

No. I copy only the office integration part from seahub_settings.py.

may i have the config file please. im also stucked where you was

Here it is: https://seacloud.no-ip.info/f/372e8861ecd0468e8e60/?dl=1

Hi Korry, I am in the same situation as akoscomp. I have working LibreOffice Online but can’t integrate with seafile.

Would you please share your seafile config file?
Thanks.

Did you check the manual? https://download.seafile.com/published/seafile-manual/deploy/libreoffice_online.md

Yes, I did. Followed the instruction in the manual all the way through and get the error below in seahub log:

2020-03-13 19:43:49,433 [ERROR] seahub.wopi.utils:102 get_wopi_dict HTTPSConnectionPool(host=‘collabora.xxxxxx.com’, port=443): Max retries exceeded with url: /hosting/discovery (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)],)”,),))

I can view the xml file on collabora.xxxxxx.com and the site is using letsencrypt certificate.

Hi,

Please read the first post. You need to generate own certificates:

mkdir /etc/loolwsd
openssl genrsa -out /etc/loolwsd/key.pem 4096
openssl req -out /etc/loolwsd/cert.csr -key /etc/loolwsd/key.pem -new -sha256 -nodes
openssl x509 -req -days 365 -in /etc/loolwsd/cert.csr -signkey /etc/loolwsd/key.pem -out /etc/loolwsd/cert.pem
openssl x509 -req -days 365 -in /etc/loolwsd/cert.csr -signkey /etc/loolwsd/key.pem -out /etc/loolwsd/ca-chain.cert.pem

then to modify loolwsd.xml:

<ssl desc="SSL settings">
        <enable type="bool" default="true">true</enable>
        <termination desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination>
        <cert_file_path desc="Path to the cert file" relative="false">/etc/loolwsd/cert.pem</cert_file_path>
        <key_file_path desc="Path to the key file" relative="false">/etc/loolwsd/key.pem</key_file_path>
        <ca_file_path desc="Path to the ca file" relative="false">/etc/loolwsd/ca-chain.cert.pem</ca_file_path>
        <hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
            <max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
            <report_uri desc="HPKP's report-uri directive - pin validation failure are reported at this URL" enable="false"></report_uri>
            <pins desc="Base64 encoded SPKI fingerprints of keys to be pinned">
            <pin></pin>
            </pins>
        </hpkp>
    </ssl>

and also to replace localhost with your seafile domain:

 <storage desc="Backend storage">
        <filesystem allow="false" />
        <wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
            <host desc="Regex pattern of hostname to allow or deny." allow="true">seacloud.no-ip.info</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="true">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
            <host desc="Regex pattern of hostname to allow or deny." allow="false">192\.168\.1\.1</host>
            <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
        </wopi>

I followed your instruction. After certificate was generated, loolwsd service failed to start due to key.pem access denied.

chgrp lool /etc/loolwsd/key.pem
chmod g+r /etc/loolwsd/key.pem

that fixed loolwsd failed to start problem.
I also replace localhost with my seafile domain and still get the same error.

2020-03-14 18:47:09,956 [ERROR] seahub.wopi.utils:102 get_wopi_dict HTTPSConnectionPool(host='collabora.xxxxxx.com', port=443): Max retries exceeded with url: /hosting/discovery (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

I am running Seafile CE 7.0.5.

OK,
I fixed it. My firewall prevent direct tls handshake to my internal collabora server. After added firewall rule to allow direct tls handshake, it works.

Thanks Korry and everyone for helping with my problem.

2 Likes