Add localhost mode and conditional Collabora install

Introduces a localhost/IP-based mode for OpenCloud installation, allowing setup without Collabora or TLS when no hostname is provided. Collabora Online and WOPI services are now only installed and configured if a valid hostname is entered, with environment and service files adjusted accordingly. This improves flexibility for local testing and simplifies configuration for non-production environments.
2026-01-29 09:38:07 +01:00 · 2026-01-29 09:38:07 +01:00 · 646291e7c1
commit 646291e7c1
parent 8a1f604080
2 changed files with 298 additions and 51 deletions
--- a/install/opencloud-install
+++ b/install/opencloud-install
@ -0,0 +1,210 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: vhsdream
+# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
+# Source: https://opencloud.eu
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+read -r -p "${TAB3}Enter the hostname of your OpenCloud server (eg cloud.domain.tld): " oc_host
+if [[ "$oc_host" ]]; then
+  OC_HOST="$oc_host"
+fi
+read -r -p "${TAB3}Enter the hostname of your Collabora server (eg collabora.domain.tld): " collabora_host
+if [[ "$collabora_host" ]]; then
+  COLLABORA_HOST="$collabora_host"
+fi
+read -r -p "${TAB3}Enter the hostname of your WOPI server (eg wopiserver.domain.tld): " wopi_host
+if [[ "$wopi_host" ]]; then
+  WOPI_HOST="$wopi_host"
+fi
+
+# Collabora online - this is broken because it adds the Component and apt doesn't like that
+# setup_deb822_repo \
+#   "collaboraonline" \
+#   "https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg" \
+#   "https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb/Release" \
+#   "./" \
+#   "main"
+
+msg_info "Installing Collabora Online"
+curl -fsSL https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -o /etc/apt/keyrings/collaboraonline-release-keyring.gpg
+cat <<EOF >/etc/apt/sources.list.d/colloboraonline.sources
+Types: deb
+URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb
+Suites: ./
+Signed-By: /etc/apt/keyrings/collaboraonline-release-keyring.gpg
+EOF
+$STD apt-get update
+$STD apt-get install -y coolwsd code-brand
+systemctl stop coolwsd
+mkdir -p /etc/systemd/system/coolwsd.service.d
+cat <<EOF >/etc/systemd/system/coolwsd.service.d/override.conf
+[Unit]
+Before=opencloud-wopi.service
+EOF
+systemctl daemon-reload
+COOLPASS="$(openssl rand -base64 36)"
+$STD sudo -u cool coolconfig set-admin-password --user=admin --password="$COOLPASS"
+echo "$COOLPASS" >~/.coolpass
+msg_ok "Installed Collabora Online"
+
+# OpenCloud
+fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v5.0.1" "/usr/bin" "opencloud-*-linux-amd64"
+
+msg_info "Configuring OpenCloud"
+DATA_DIR="/var/lib/opencloud/"
+CONFIG_DIR="/etc/opencloud"
+ENV_FILE="${CONFIG_DIR}/opencloud.env"
+mkdir -p "$DATA_DIR" "$CONFIG_DIR"/assets/apps
+
+curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/csp.yaml -o "$CONFIG_DIR"/csp.yaml
+curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/proxy.yaml -o "$CONFIG_DIR"/proxy.yaml.bak
+
+cat <<EOF >"$ENV_FILE"
+OC_URL=https://${OC_HOST}
+OC_INSECURE=false
+IDM_CREATE_DEMO_USERS=false
+OC_LOG_LEVEL=warning
+OC_CONFIG_DIR=${CONFIG_DIR}
+OC_BASE_DATA_PATH=${DATA_DIR}
+STORAGE_SYSTEM_OC_ROOT=${DATA_DIR}/storage/metadata
+
+## Web
+WEB_ASSET_CORE_PATH=${CONFIG_DIR}/web/assets
+WEB_ASSET_APPS_PATH=${CONFIG_DIR}/web/assets/apps
+WEB_UI_CONFIG_FILE=${CONFIG_DIR}/web/config.json
+# WEB_ASSET_THEMES_PATH=${CONFIG_DIR}/web/assets/themes
+# WEB_UI_THEME_PATH=
+
+## Frontend
+FRONTEND_DISABLE_RADICALE=true
+FRONTEND_GROUPWARE_ENABLED=false
+GRAPH_INCLUDE_OCM_SHAREES=true
+
+## Proxy
+PROXY_TLS=false
+PROXY_CSP_CONFIG_FILE_LOCATION=${CONFIG_DIR}/csp.yaml
+
+## Collaboration - requires VALID TLS
+COLLABORA_DOMAIN=${COLLABORA_HOST}
+COLLABORATION_APP_NAME="CollaboraOnline"
+COLLABORATION_APP_PRODUCT="Collabora"
+COLLABORATION_APP_ADDR=https://${COLLABORA_HOST}
+COLLABORATION_APP_INSECURE=false
+COLLABORATION_HTTP_ADDR=0.0.0.0:9300
+COLLABORATION_WOPI_SRC=https://${WOPI_HOST}
+COLLABORATION_JWT_SECRET=
+
+## Notifications - Email settings
+# NOTIFICATIONS_SMTP_HOST=
+# NOTIFICATIONS_SMTP_PORT=
+# NOTIFICATIONS_SMTP_SENDER=
+# NOTIFICATIONS_SMTP_USERNAME=
+# NOTIFICATIONS_SMTP_PASSWORD=
+# NOTIFICATIONS_SMTP_AUTHENTICATION=login
+## Encryption method. Possible values are 'starttls', 'ssltls' and 'none'
+# NOTIFICATIONS_SMTP_ENCRYPTION=starttls
+## Allow insecure connections. Defaults to false.
+# NOTIFICATIONS_SMTP_INSECURE=false
+
+## Start additional services at runtime
+## Examples: notifications, antivirus etc.
+## Do not uncomment unless configured above.
+# OC_ADD_RUN_SERVICES="notifications"
+
+## OpenID - via web browser
+## uncomment for OpenID in general
+# OC_EXCLUDE_RUN_SERVICES=idp
+# OC_OIDC_ISSUER=<your auth URL>
+# IDP_DOMAIN=<your auth URL>
+# PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
+# PROXY_OIDC_REWRITE_WELLKNOWN=true
+# PROXY_USER_OIDC_CLAIM=preferred_username
+# PROXY_USER_CS3_CLAIM=username
+## automatically create accounts
+# PROXY_AUTOPROVISION_ACCOUNTS=true
+# WEB_OIDC_SCOPE=openid profile email groups
+# GRAPH_ASSIGN_DEFAULT_USER_ROLE=false
+#
+## uncomment below if using PocketID
+# WEB_OIDC_CLIENT_ID=<generated in PocketID>
+# WEB_OIDC_METADATA_URL=<your auth URL>/.well-known/openid-configuration
+
+## Full Text Search - Apache Tika
+## Requires a separate install of Tika - see https://community-scripts.github.io/ProxmoxVE/scripts?id=apache-tika
+# SEARCH_EXTRACTOR_TYPE=tika
+# FRONTEND_FULL_TEXT_SEARCH_ENABLED=true
+# SEARCH_EXTRACTOR_TIKA_TIKA_URL=<your-tika-url>
+
+## External storage test - Only NFS v4.2+ is supported
+## User files
+# STORAGE_USERS_POSIX_ROOT=<path-to-your-bind_mount>
+EOF
+
+cat <<EOF >/etc/systemd/system/opencloud.service
+[Unit]
+Description=OpenCloud server
+After=network-online.target
+
+[Service]
+Type=simple
+User=opencloud
+Group=opencloud
+EnvironmentFile=${ENV_FILE}
+ExecStart=/usr/bin/opencloud server
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat <<EOF >/etc/systemd/system/opencloud-wopi.service
+[Unit]
+Description=OpenCloud WOPI Server
+Wants=coolwsd.service
+After=opencloud.service coolwsd.service
+
+[Service]
+Type=simple
+User=opencloud
+Group=opencloud
+EnvironmentFile=${ENV_FILE}
+ExecStartPre=/bin/sleep 10
+ExecStart=/usr/bin/opencloud collaboration server
+Restart=always
+KillSignal=SIGKILL
+KillMode=mixed
+TimeoutStopSec=10
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+$STD sudo -u cool coolconfig set ssl.enable false
+$STD sudo -u cool coolconfig set ssl.termination true
+$STD sudo -u cool coolconfig set ssl.ssl_verification true
+sed -i "s|CSP2\"/>|CSP2\">frame-ancestors https://${OC_HOST}</content_security_policy>|" /etc/coolwsd/coolwsd.xml
+useradd -r -M -s /usr/sbin/nologin opencloud
+chown -R opencloud:opencloud "$CONFIG_DIR" "$DATA_DIR"
+sudo -u opencloud opencloud init --config-path "$CONFIG_DIR" --insecure no
+OPENCLOUD_SECRET="$(sed -n '/jwt/p' "$CONFIG_DIR"/opencloud.yaml | awk '{print $2}')"
+sed -i "s/JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE"
+msg_ok "Configured OpenCloud"
+
+msg_info "Starting services"
+systemctl enable -q --now coolwsd opencloud
+sleep 5
+systemctl enable -q --now opencloud-wopi
+msg_ok "Started services"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/opencloud-install.sh
+++ b/install/opencloud-install.sh
@ -13,30 +13,29 @@ setting_up_container
 network_check
 update_os

+echo -e "${TAB3}${INFO}${YW} Leave empty to use IP-based localhost mode (no Collabora)${CL}"
 read -r -p "${TAB3}Enter the hostname of your OpenCloud server (eg cloud.domain.tld): " oc_host
-if [[ "$oc_host" ]]; then
+
+if [[ -z "$oc_host" ]]; then
+  # Localhost/IP mode - no TLS, no Collabora
+  OC_HOST="${LOCAL_IP}"
+  LOCALHOST_MODE=true
+  msg_info "Using localhost mode with IP: ${LOCAL_IP}"
+  msg_warn "Collabora requires TLS and will be skipped in localhost mode"
+else
  OC_HOST="$oc_host"
-fi
-read -r -p "${TAB3}Enter the hostname of your Collabora server (eg collabora.domain.tld): " collabora_host
-if [[ "$collabora_host" ]]; then
-  COLLABORA_HOST="$collabora_host"
-fi
-read -r -p "${TAB3}Enter the hostname of your WOPI server (eg wopiserver.domain.tld): " wopi_host
-if [[ "$wopi_host" ]]; then
-  WOPI_HOST="$wopi_host"
+  LOCALHOST_MODE=false
+  read -r -p "${TAB3}Enter the hostname of your Collabora server [collabora.${OC_HOST#*.}]: " collabora_host
+  COLLABORA_HOST="${collabora_host:-collabora.${OC_HOST#*.}}"
+  read -r -p "${TAB3}Enter the hostname of your WOPI server [wopiserver.${OC_HOST#*.}]: " wopi_host
+  WOPI_HOST="${wopi_host:-wopiserver.${OC_HOST#*.}}"
 fi

-# Collabora online - this is broken because it adds the Component and apt doesn't like that
-# setup_deb822_repo \
-#   "collaboraonline" \
-#   "https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg" \
-#   "https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb/Release" \
-#   "./" \
-#   "main"
-
+# Collabora Online - only install if not in localhost mode (requires TLS)
+if [[ "$LOCALHOST_MODE" != true ]]; then
  msg_info "Installing Collabora Online"
  curl -fsSL https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -o /etc/apt/keyrings/collaboraonline-release-keyring.gpg
-cat <<EOF >/etc/apt/sources.list.d/colloboraonline.sources
+  cat <<EOF >/etc/apt/sources.list.d/collaboraonline.sources
 Types: deb
 URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb
 Suites: ./
@ -52,9 +51,10 @@ Before=opencloud-wopi.service
 EOF
  systemctl daemon-reload
  COOLPASS="$(openssl rand -base64 36)"
-$STD sudo -u cool coolconfig set-admin-password --user=admin --password="$COOLPASS"
+  $STD runuser -u cool -- coolconfig set-admin-password --user=admin --password="$COOLPASS"
  echo "$COOLPASS" >~/.coolpass
  msg_ok "Installed Collabora Online"
+fi

 # OpenCloud
 fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v5.0.1" "/usr/bin" "opencloud-*-linux-amd64"
@ -68,9 +68,17 @@ mkdir -p "$DATA_DIR" "$CONFIG_DIR"/assets/apps
 curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/csp.yaml -o "$CONFIG_DIR"/csp.yaml
 curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/proxy.yaml -o "$CONFIG_DIR"/proxy.yaml.bak

+if [[ "$LOCALHOST_MODE" == true ]]; then
+  OC_URL="http://${OC_HOST}:9200"
+  OC_INSECURE="true"
+else
+  OC_URL="https://${OC_HOST}"
+  OC_INSECURE="false"
+fi
+
 cat <<EOF >"$ENV_FILE"
-OC_URL=https://${OC_HOST}
-OC_INSECURE=false
+OC_URL=${OC_URL}
+OC_INSECURE=${OC_INSECURE}
 IDM_CREATE_DEMO_USERS=false
 OC_LOG_LEVEL=warning
 OC_CONFIG_DIR=${CONFIG_DIR}
@ -93,15 +101,15 @@ GRAPH_INCLUDE_OCM_SHAREES=true
 PROXY_TLS=false
 PROXY_CSP_CONFIG_FILE_LOCATION=${CONFIG_DIR}/csp.yaml

-## Collaboration - requires VALID TLS
-COLLABORA_DOMAIN=${COLLABORA_HOST}
-COLLABORATION_APP_NAME="CollaboraOnline"
-COLLABORATION_APP_PRODUCT="Collabora"
-COLLABORATION_APP_ADDR=https://${COLLABORA_HOST}
-COLLABORATION_APP_INSECURE=false
-COLLABORATION_HTTP_ADDR=0.0.0.0:9300
-COLLABORATION_WOPI_SRC=https://${WOPI_HOST}
-COLLABORATION_JWT_SECRET=
+## Collaboration - requires VALID TLS (disabled in localhost mode)
+# COLLABORA_DOMAIN=
+# COLLABORATION_APP_NAME="CollaboraOnline"
+# COLLABORATION_APP_PRODUCT="Collabora"
+# COLLABORATION_APP_ADDR=
+# COLLABORATION_APP_INSECURE=false
+# COLLABORATION_HTTP_ADDR=0.0.0.0:9300
+# COLLABORATION_WOPI_SRC=
+# COLLABORATION_JWT_SECRET=

 ## Notifications - Email settings
 # NOTIFICATIONS_SMTP_HOST=
@ -166,6 +174,7 @@ Restart=always
 WantedBy=multi-user.target
 EOF

+if [[ "$LOCALHOST_MODE" != true ]]; then
  cat <<EOF >/etc/systemd/system/opencloud-wopi.service
 [Unit]
 Description=OpenCloud WOPI Server
@ -188,21 +197,49 @@ TimeoutStopSec=10
 WantedBy=multi-user.target
 EOF

-$STD sudo -u cool coolconfig set ssl.enable false
-$STD sudo -u cool coolconfig set ssl.termination true
-$STD sudo -u cool coolconfig set ssl.ssl_verification true
+  # Append active Collabora config to env file
+  cat <<EOF >>"$ENV_FILE"
+
+## Collaboration - active configuration
+COLLABORA_DOMAIN=${COLLABORA_HOST}
+COLLABORATION_APP_NAME="CollaboraOnline"
+COLLABORATION_APP_PRODUCT="Collabora"
+COLLABORATION_APP_ADDR=https://${COLLABORA_HOST}
+COLLABORATION_APP_INSECURE=false
+COLLABORATION_HTTP_ADDR=0.0.0.0:9300
+COLLABORATION_WOPI_SRC=https://${WOPI_HOST}
+COLLABORATION_JWT_SECRET=
+EOF
+
+  $STD runuser -u cool -- coolconfig set ssl.enable false
+  $STD runuser -u cool -- coolconfig set ssl.termination true
+  $STD runuser -u cool -- coolconfig set ssl.ssl_verification true
  sed -i "s|CSP2\"/>|CSP2\">frame-ancestors https://${OC_HOST}</content_security_policy>|" /etc/coolwsd/coolwsd.xml
+fi
+
 useradd -r -M -s /usr/sbin/nologin opencloud
 chown -R opencloud:opencloud "$CONFIG_DIR" "$DATA_DIR"
-sudo -u opencloud opencloud init --config-path "$CONFIG_DIR" --insecure no
+
+if [[ "$LOCALHOST_MODE" == true ]]; then
+  $STD runuser -u opencloud -- opencloud init --config-path "$CONFIG_DIR" --insecure yes
+else
+  $STD runuser -u opencloud -- opencloud init --config-path "$CONFIG_DIR" --insecure no
+fi
+
 OPENCLOUD_SECRET="$(sed -n '/jwt/p' "$CONFIG_DIR"/opencloud.yaml | awk '{print $2}')"
-sed -i "s/JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE"
+if [[ "$LOCALHOST_MODE" != true ]]; then
+  sed -i "s/COLLABORATION_JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE"
+fi
 msg_ok "Configured OpenCloud"

 msg_info "Starting services"
+if [[ "$LOCALHOST_MODE" == true ]]; then
+  systemctl enable -q --now opencloud
+else
  systemctl enable -q --now coolwsd opencloud
  sleep 5
  systemctl enable -q --now opencloud-wopi
+fi
 msg_ok "Started services"

 motd_ssh