Collabora

Links

Collabora Enterprise

Ein Upgrade von 4.0 auf 6.4 verläuft wie folgt:

yum clean all
yum-config-manager --disable collaboraoffice.com_repos_CollaboraOnline_4_customer-centos7-AnyCustomer-XXX
wget https://www.collaboraoffice.com/repos/CollaboraOnline/6.4/customer-centos7-AnyCustomer-XXX/repodata/repomd.xml.key
rpm --import repomd.xml.key
yum-config-manager --add-repo https://www.collaboraoffice.com/repos/CollaboraOnline/6.4/customer-centos7-AnyCustomer-XXX
yum update

Danach müssen auch die neuen Dictionaries installiert werden:

yum install hunspell hunspell-* mythes mythes-* collaboraoffice6.4-dict-* collaboraofficebasis6.4-*

Konfiguration

Die Original-Konfiguration findet inkl. inline-Dokumentation sich hier: https://github.com/CollaboraOnline/online/blob/master/coolwsd.xml.in. Auf https://github.com/CollaboraOnline/online/blob/master/wsd/COOLWSD.cpp sieht man, welche Default-Werte Collabora anwendet, falls die XML-Datei falsch oder nicht vorhanden ist.

Admin-Account setzen. Wird für das Admin-Interface auf https://collabora:9980/browser/dist/admin/admin.html benötigt:

coolconfig set-admin-password
# Enter admin username [admin]: collabora-admin
# Enter admin password:
# Confirm admin password:
# Saving configuration to : /etc/loolwsd/loolwsd.xml ...
# Saved
systemctl restart loolwsd

Defaults nach COOLWSD.cpp (Stand 2023-12-29):

accessibility.enable: "false"
admin_console.enable_pam: "false"
allowed_languages: "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"
browser_logging: "false"
certificates.database_path: ""
child_root_path: "jails"
deepl.api_url: ""
deepl.auth_key: ""
deepl.enabled: "false"
experimental_features: "false"
feature_lock.calc_unlock_highlights: CALC_UNLOCK_HIGHLIGHTS
feature_lock.draw_unlock_highlights: DRAW_UNLOCK_HIGHLIGHTS
feature_lock.impress_unlock_highlights: IMPRESS_UNLOCK_HIGHLIGHTS
feature_lock.is_lock_readonly: "false"
feature_lock.locked_commands: LOCKED_COMMANDS
feature_lock.locked_hosts.fallback[@disabled_commands]: "false"
feature_lock.locked_hosts.fallback[@read_only]: "false"
feature_lock.locked_hosts.host[0]: "localhost"
feature_lock.locked_hosts.host[0][@disabled_commands]: "false"
feature_lock.locked_hosts.host[0][@read_only]: "false"
feature_lock.locked_hosts[@allow]: "false"
feature_lock.unlock_description: UNLOCK_DESCRIPTION
feature_lock.unlock_link: UNLOCK_LINK
feature_lock.unlock_title: UNLOCK_TITLE
feature_lock.writer_unlock_highlights: WRITER_UNLOCK_HIGHLIGHTS
feedback.show: "true"
file_server_root_path: "browser/.."
help_url: HELP_URL
hexify_embedded_urls: "false"
home_mode.enable: "false"
indirection_endpoint.url: ""
languagetool.api_key: ""
languagetool.base_url: ""
languagetool.enabled: "false"
languagetool.rest_protocol: ""
languagetool.ssl_verification: "true"
languagetool.user_name: ""
logging.anonymize.allow_logging_user_data: false
logging.anonymize.anonymization_salt: 82589933
logging.anonymize.filenames: "false" // Deprecated
logging.anonymize.usernames: "false" // Deprecated
logging.color: "true"
logging.docstats: "false"
logging.file.property[0]: "coolwsd.log"
logging.file.property[0][@name]: "path"
logging.file.property[1]: "never"
logging.file.property[1][@name]: "rotation"
logging.file.property[2]: "true"
logging.file.property[2][@name]: "compress"
logging.file.property[3]: "false"
logging.file.property[3][@name]: "flush"
logging.file.property[4]: "10 days"
logging.file.property[4][@name]: "purgeAge"
logging.file.property[5]: "10"
logging.file.property[5][@name]: "purgeCount"
logging.file.property[6]: "true"
logging.file.property[6][@name]: "rotateOnOpen"
logging.file.property[7]: "false"
logging.file.property[7][@name]: "archive"
logging.file[@enable]: "false"
logging.least_verbose_level_settable_from_client: "fatal"
logging.level: "trace"
logging.level_startup: "trace"
logging.lokit_sal_log: "-INFO-WARN"
logging.most_verbose_level_settable_from_client: "notice"
logging.protocol: "false"
logging.userstats: "false"
mount_jail_tree: "true"
net.connection_timeout_secs: "30"
net.content_security_policy: ""
net.frame_ancestors: ""
net.listen: "any"
net.proto: "all"
net.proxy_prefix: "false"
net.service_root: ""
num_prespawn_children: "1"
per_document.always_save_on_exit: "false"
per_document.autosave_duration_secs: "300"
per_document.batch_priority: "5"
per_document.cleanup.bad_behavior_period_secs: "60"
per_document.cleanup.cleanup_interval_ms: "10000"
per_document.cleanup.idle_time_secs: "300"
per_document.cleanup.limit_cpu_per: "85"
per_document.cleanup.limit_dirty_mem_mb: "3072"
per_document.cleanup.lost_kit_grace_period_secs: "120"
per_document.cleanup[@enable]: "false"
per_document.idle_timeout_secs: "3600"
per_document.idlesave_duration_secs: "30"
per_document.limit_convert_secs: "100"
per_document.limit_file_size_mb: "0"
per_document.limit_load_secs: "100"
per_document.limit_num_open_files: "0"
per_document.limit_stack_mem_kb: "8000"
per_document.limit_store_failures: "5"
per_document.limit_virt_mem_mb: "0"
per_document.max_concurrency: "4"
per_document.min_time_between_saves_ms: "500"
per_document.min_time_between_uploads_ms: "5000"
per_document.pdf_resolution_dpi: "96"
per_document.redlining_as_comments: "false"
per_view.group_download_as: "true"
per_view.idle_timeout_secs: "900"
per_view.out_of_focus_timeout_secs: "120"
product_name: APP_NAM
quarantine_files.expiry_min: "30"
quarantine_files.limit_dir_size_mb: "250"
quarantine_files.max_versions_to_maintain: "2"
quarantine_files.path: "quarantine"
quarantine_files[@enable]: "false"
remote_config.remote_url: ""
restricted_commands: ""
security.capabilities: "true"
security.enable_metrics_unauthenticated: "false"
security.jwt_expiry_secs: "1800"
security.seccomp: "true"
server_name: ""
ssl.ca_file_path: COOLWSD_CONFIGDIR "/ca-chain.cert.pem"
ssl.cert_file_path: COOLWSD_CONFIGDIR "/cert.pem"
ssl.enable: "true"
ssl.hpkp.max_age[@enable]: "true"
ssl.hpkp.report_uri[@enable]: "false"
ssl.hpkp[@enable]: "false"
ssl.hpkp[@report_only]: "false"
ssl.key_file_path: COOLWSD_CONFIGDIR "/key.pem"
ssl.sts.enabled: "false"
ssl.sts.max_age: "31536000"
ssl.termination: "true"
stop_on_config_change: "false"
storage.filesystem[@allow]: "false"
storage.wopi.alias_groups[@mode]: "first"
storage.wopi.locking.refresh: "900"
storage.wopi.max_file_size: "0"
storage.wopi[@allow]: "true"
support_key: ""
sys_template_path: "systemplate"
trace.outgoing.record: false
trace.path: ""
trace.path[@compress]: "true"
trace.path[@snapshot]: "false"
trace[@enable]: "false"
trace_event.path: COOLWSD_TRACEEVENTFILE
trace_event[@enable]: "false"
user_interface.mode: "default"
user_interface.use_integration_theme: "true"
welcome.enable: "false"
zotero.enable: "true"

Monitoring/Metrics

URL: https://collabora:9980/cool/getMetric (nach HTTP Basic Auth; Doku)

Die Lizenznutzung kann derzeit (2021-06) nicht überwacht werden. Andere Metriken lassen sich dagegen im Prometheus-Format per REST überwachen. Die Liste findet sich hier: https://github.com/CollaboraOnline/online/blob/master/wsd/metrics.txt, der REST-Endpoint lautet https://collabora:9980/cool/getMetric.

Troubleshooting

Nach einem Update INF  Socket #21 SSL BIO error: closed (0).| ./net/SslSocket.hpp:263?

Klingt nach SSL Handshaking-Problem zwischen Reverse Proxy und https auf collabora:9980. Ein Aufruf von https://collabora:9980/hosting/discovery bestätigt auch „Proxy Error: Error during SSL handshake“.

Problem hier war ein abgelaufenes Zertifikat auf dem Collabora. Da das Zertifikat auf Collabora eh nicht interessiert, auf dem Reverse Proxy die Anweisungen

SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerExpire Off
SSLProxyCheckPeerName Off

um SSLProxyCheckPeerExpire ergänzt, fertig.

Built on 2024-02-26