Last active
August 31, 2018 14:30
-
-
Save orboan/9f32e16e2034dc67b7b752aa2f830e39 to your computer and use it in GitHub Desktop.
nextcloud - collabora online integration in a Centos 7 local virtual machine with self signed certs using certbot and a local boulder server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ## nextcloud - collabora online integration in a Centos 7 local virtual machine | |
| ## with self signed certs using certbot and a local boulder server | |
| ## | |
| ## Author: Oriol Boix Anfosso <[email protected]> orboan.com | |
| ## This script is licensed under GPLv2 | |
| ## git, certbot, docker and docker-compose must be installed! | |
| ## Be aware in case you already have a directory called certs in your home, not related with this project. | |
| rm -rf $HOME/certs | |
| projects_path=$HOME/projects | |
| mkdir -p $projects_path | |
| username=admin | |
| password=admin | |
| db_username=ncuser | |
| db_database=nextcloud | |
| db_password=nextcloud | |
| db_root_password=mariadb | |
| db_hostname=mariadb | |
| network=nc-coll | |
| collabora_name=collabora | |
| if [ -z "$1" ]; then | |
| domain=cloud.io | |
| else | |
| domain=$1 | |
| fi | |
| ## Cleaning up containers from a previous run of this script | |
| docker rm -f $db_hostname | |
| docker rm -f $collabora_name | |
| docker rm -f $domain | |
| ## check which is the ip associated with the docker0 interface | |
| ipaddr=`ifconfig docker0 | grep "inet addr:" | cut -d: -f2 | awk '{ print $1}'` | |
| ## depending on linux distro you might grep by "inet" instead of "inet addr:" | |
| if [ -z "$ipaddr" ];then | |
| ipaddr=`ifconfig docker0 | grep "inet" | cut -d't' -f2 | awk '{ print $1}'` | |
| fi | |
| ## In case docker0 has ipv6 | |
| ipaddr=`echo $ipaddr | cut -d' ' -f1` | |
| ## Transform docker0 ip into regular expression i.e. adding \ before every . | |
| ## This is because sed works with regular expressions | |
| ipaddr_re=$(echo "$ipaddr" | sed 's/\./\\\./g') | |
| ## Clone letsencrypt boulder server if not present | |
| export GOPATH=$projects_path/letsencrypt | |
| boulderdir=$GOPATH/src/github.com/letsencrypt/boulder | |
| if [ ! -d "$GOPATH" ]; then | |
| git clone https://github.com/orboan/boulder/ $boulderdir | |
| fi | |
| mkdir -p ~/temp/boulder | |
| cp -r $boulderdir/* ~/temp/boulder/ | |
| ## Using sed to change the default ip (127.0.0.1) | |
| ## in boulder docker-compose.yml file for the docker0 ip | |
| ## This is needed if want boulder container communicate with host | |
| sed -i "s/127\.0\.0\.1/${ipaddr_re}/g" ~/temp/boulder/docker-compose.yml | |
| ## Fire up boulder (letsencrypt) containers | |
| cd ~/temp/boulder | |
| docker-compose up -d | |
| echo "Processing... please wait" | |
| docker inspect --format '{{ .NetworkSettings.IPAddress }}:4000' boulder_boulder_1 | xargs wget --retry-connrefused --tries=10 -q --wait=2 --spider | |
| ## File to temporary store the location for certs generated with certbot_test | |
| cbfile=/tmp/cbfile | |
| ## Clone certbot if not present | |
| if [ ! -d "$projects_path/certbot/acme" ]; then | |
| rm -rf $projects_path/certbot | |
| cd $projects_path | |
| git clone https://github.com/orboan/certbot | |
| fi | |
| mkdir -p ~/temp/certbot | |
| cp $projects_path/certbot/tests/integration/_common.sh ~/temp/certbot | |
| ## common.sh path | |
| common_sh_path=$HOME/temp/certbot/_common.sh | |
| function generate_certs { | |
| # Set the certbot_test function and set certs location to $certpath | |
| export root= | |
| source $common_sh_path > $cbfile | |
| certpath=`cat ${cbfile} | awk 'NF>1{print $NF}'` | |
| ## Generate certs for $domain (which is passed in $1) | |
| certbot_test certonly -a standalone -d $1 | |
| ## Move all boulder generated cert files to $HOME/certs | |
| mkdir -p $HOME/certs/$1 | |
| rm -rf $HOME/certs/$1/* | |
| cp $certpath/conf/archive/$1/cert1.pem $HOME/certs/$1/cert.pem | |
| cp $certpath/conf/archive/$1/chain1.pem $HOME/certs/$1/chain.pem | |
| cp $certpath/conf/archive/$1/fullchain1.pem $HOME/certs/$1/fullchain.pem | |
| cp $certpath/conf/archive/$1/privkey1.pem $HOME/certs/$1/privkey.pem | |
| echo "certpath=$certpath" | |
| } | |
| function start_collabora { | |
| docker run -t --name="${collabora_name}" --network=$network -h "${collabora_name}" -d -p 9980:9980 -e "DOMAIN=${domain}" -e USERNAME=${username} -e PASSWORD=${password} orboan/collabora | |
| echo "Processing... please wait" | |
| sleep 20 | |
| docker cp ${collabora_name}:/etc/loolwsd/ca-chain.cert.pem $HOME/certs/ | |
| } | |
| function start_nextcloud { | |
| docker run --name=$domain -d --network=$network -h "$domain" -e "DOMAIN=$domain" -p 443:443 -v ~/certs:/certs orboan/nextcloud | |
| } | |
| function start_mariadb { | |
| mkdir -p $HOME/data | |
| docker run --name=$db_hostname -d --network=$network -h $db_hostname -p 9001:9001 -e USER=${username} -e PASSWORD=${password} -e SHELLINABOX_PORT=9101 -p 9101:4200 -e MYSQL_ROOT_PASSWORD=$db_root_password -e MYSQL_DATABASE1=$db_database -e MYSQL_USER1=$db_username -e MYSQL_PASSWORD1=$db_password -v ~/data:/data -v /var/lib/mysql orboan/dcsss-mariadb | |
| } | |
| sleep 1 | |
| docker network create $network || echo "Network ${network} already exists." | |
| generate_certs $domain | |
| start_collabora | |
| start_mariadb | |
| start_nextcloud || docker restart ${domain} | |
| echo "###### INSTRUCTIONS #######" | |
| echo "0- Make sure you have properly forwarded ports" | |
| echo "1- Open your browser at https://${domain} and add cert exception" | |
| echo "2- Choose storage as mariadb/mysql, with next data:" | |
| echo " Username: $db_username" | |
| echo " Password: $db_password" | |
| echo " Database: $db_database" | |
| echo " DB host: $db_hostname" | |
| echo "3- Enter the nextcloud administrator credentials of your choose (username and password)" | |
| echo "4- In up left corner go to Files > +Apps. > Office & text > Collabora Online > Enable" | |
| echo " You'll be asked for admin password. If it repeats asking the password:" | |
| echo " In the host server run 'sudo ntpdate time.apple.com'" | |
| echo " (ntp should installed, otherwise install it)" | |
| echo "5- Go to top right > admin username > admin > left side menu > Collabora online" | |
| echo " Enter 'https://collabora:9980' and Apply" | |
| echo "6- Go to files > Documents folder > open About.odt" | |
| echo " If odt does not load, you first have to add an exception for its cert to the browser your using: you should accept the cert in browser by navigating to:" | |
| echo "https://${collabora_name}:9980/hosting/discovery or" | |
| echo "https://${collabora_name}:9980/loleaflet/dist/admin/admin.html" | |
| echo "---- credentials: admin/admin ----- Please forward ports accordingly" | |
| echo "You may also try restarting the ${collabora_name} container" | |
| echo | |
| rm -rf ~/temp |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This script is for home, testing and educational purposes of the integration of rich documents in nextcloud.
This script accepts, as a first parameter, the domain you want to use to access to nextcloud from the host OS (host in relation to the CentOS VM).
No DNS is configured, so modify hosts file accordingly.
This is tested in CentOS 7 inside a VirtualBox VM with Internet connection.
This script deploys collabora online and nexcloud using docker containers. It also creates and configures the appropriate self signed certificates using certbot and a local boulder server.
Forward ports in VirtualBox (Network > Advanced > Port forwarding): 9980, 443, and any port to 22 if wanna use ssh.
git, certbot, docker and docker-compose must be installed in CentOS 7.
If having issues when loading rich documents, please take a look at:
https://goo.gl/vf4sbA
You can find a guide in:
http://orboan.com/codenextcloud-integration-using-self-signed-certs/