From 9d77145a7e02b9f4c9fe852ec12c4baca9fa4623 Mon Sep 17 00:00:00 2001 From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com> Date: Thu, 29 Jan 2026 11:22:49 +0100 Subject: [PATCH] Refactor OpenCloud installer to simplify Collabora handling Reworks opencloud-install.sh to remove localhost mode, always require FQDNs, and streamline Collabora and WOPI configuration. The script now always installs Collabora and WOPI, sets up environment variables accordingly, and simplifies service management. The previous localhost/IP-based mode is preserved in opencloud-install.sh.bak for reference. --- install/opencloud-install.sh | 139 ++++++---------- ...stall copy.sh => opencloud-install.sh.bak} | 155 ++++++++++++------ 2 files changed, 155 insertions(+), 139 deletions(-) rename install/{opencloud-install copy.sh => opencloud-install.sh.bak} (56%) diff --git a/install/opencloud-install.sh b/install/opencloud-install.sh index 943578598..7d4c9a060 100644 --- a/install/opencloud-install.sh +++ b/install/opencloud-install.sh @@ -13,48 +13,48 @@ setting_up_container network_check update_os -echo -e "${TAB3}${INFO}${YW} Leave empty to use IP-based localhost mode (no Collabora)${CL}" read -r -p "${TAB3}Enter the hostname of your OpenCloud server (eg cloud.domain.tld): " oc_host - -if [[ -z "$oc_host" ]]; then - # Localhost/IP mode - no TLS, no Collabora - OC_HOST="${LOCAL_IP}" - LOCALHOST_MODE=true - msg_info "Using localhost mode with IP: ${LOCAL_IP}" - msg_warn "Collabora requires TLS and will be skipped in localhost mode" -else +if [[ "$oc_host" ]]; then OC_HOST="$oc_host" - LOCALHOST_MODE=false - read -r -p "${TAB3}Enter the hostname of your Collabora server [collabora.${OC_HOST#*.}]: " collabora_host - COLLABORA_HOST="${collabora_host:-collabora.${OC_HOST#*.}}" - read -r -p "${TAB3}Enter the hostname of your WOPI server [wopiserver.${OC_HOST#*.}]: " wopi_host - WOPI_HOST="${wopi_host:-wopiserver.${OC_HOST#*.}}" +fi +read -r -p "${TAB3}Enter the hostname of your Collabora server (eg collabora.domain.tld): " collabora_host +if [[ "$collabora_host" ]]; then + COLLABORA_HOST="$collabora_host" +fi +read -r -p "${TAB3}Enter the hostname of your WOPI server (eg wopiserver.domain.tld): " wopi_host +if [[ "$wopi_host" ]]; then + WOPI_HOST="$wopi_host" fi -# Collabora Online - only install if not in localhost mode (requires TLS) -if [[ "$LOCALHOST_MODE" != true ]]; then - msg_info "Installing Collabora Online" - curl -fsSL https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -o /etc/apt/keyrings/collaboraonline-release-keyring.gpg - cat </etc/apt/sources.list.d/collaboraonline.sources +# Collabora online - this is broken because it adds the Component and apt doesn't like that +# setup_deb822_repo \ +# "collaboraonline" \ +# "https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg" \ +# "https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb/Release" \ +# "./" \ +# "main" + +msg_info "Installing Collabora Online" +curl -fsSL https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -o /etc/apt/keyrings/collaboraonline-release-keyring.gpg +cat </etc/apt/sources.list.d/colloboraonline.sources Types: deb URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb Suites: ./ Signed-By: /etc/apt/keyrings/collaboraonline-release-keyring.gpg EOF - $STD apt-get update - $STD apt-get install -y coolwsd code-brand - systemctl stop coolwsd - mkdir -p /etc/systemd/system/coolwsd.service.d - cat </etc/systemd/system/coolwsd.service.d/override.conf +$STD apt-get update +$STD apt-get install -y coolwsd code-brand +systemctl stop coolwsd +mkdir -p /etc/systemd/system/coolwsd.service.d +cat </etc/systemd/system/coolwsd.service.d/override.conf [Unit] Before=opencloud-wopi.service EOF - systemctl daemon-reload - COOLPASS="$(openssl rand -base64 36)" - $STD runuser -u cool -- coolconfig set-admin-password --user=admin --password="$COOLPASS" - echo "$COOLPASS" >~/.coolpass - msg_ok "Installed Collabora Online" -fi +systemctl daemon-reload +COOLPASS="$(openssl rand -base64 36)" +$STD sudo -u cool coolconfig set-admin-password --user=admin --password="$COOLPASS" +echo "$COOLPASS" >~/.coolpass +msg_ok "Installed Collabora Online" # OpenCloud fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v5.0.1" "/usr/bin" "opencloud-*-linux-amd64" @@ -68,17 +68,9 @@ mkdir -p "$DATA_DIR" "$CONFIG_DIR"/assets/apps curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/csp.yaml -o "$CONFIG_DIR"/csp.yaml curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/proxy.yaml -o "$CONFIG_DIR"/proxy.yaml.bak -if [[ "$LOCALHOST_MODE" == true ]]; then - OC_URL="http://${OC_HOST}:9200" - OC_INSECURE="true" -else - OC_URL="https://${OC_HOST}" - OC_INSECURE="false" -fi - cat <"$ENV_FILE" -OC_URL=${OC_URL} -OC_INSECURE=${OC_INSECURE} +OC_URL=https://${OC_HOST} +OC_INSECURE=false IDM_CREATE_DEMO_USERS=false OC_LOG_LEVEL=warning OC_CONFIG_DIR=${CONFIG_DIR} @@ -101,15 +93,15 @@ GRAPH_INCLUDE_OCM_SHAREES=true PROXY_TLS=false PROXY_CSP_CONFIG_FILE_LOCATION=${CONFIG_DIR}/csp.yaml -## Collaboration - requires VALID TLS (disabled in localhost mode) -# COLLABORA_DOMAIN= -# COLLABORATION_APP_NAME="CollaboraOnline" -# COLLABORATION_APP_PRODUCT="Collabora" -# COLLABORATION_APP_ADDR= -# COLLABORATION_APP_INSECURE=false -# COLLABORATION_HTTP_ADDR=0.0.0.0:9300 -# COLLABORATION_WOPI_SRC= -# COLLABORATION_JWT_SECRET= +## Collaboration - requires VALID TLS +COLLABORA_DOMAIN=${COLLABORA_HOST} +COLLABORATION_APP_NAME="CollaboraOnline" +COLLABORATION_APP_PRODUCT="Collabora" +COLLABORATION_APP_ADDR=https://${COLLABORA_HOST} +COLLABORATION_APP_INSECURE=false +COLLABORATION_HTTP_ADDR=0.0.0.0:9300 +COLLABORATION_WOPI_SRC=https://${WOPI_HOST} +COLLABORATION_JWT_SECRET= ## Notifications - Email settings # NOTIFICATIONS_SMTP_HOST= @@ -174,8 +166,7 @@ Restart=always WantedBy=multi-user.target EOF -if [[ "$LOCALHOST_MODE" != true ]]; then - cat </etc/systemd/system/opencloud-wopi.service +cat </etc/systemd/system/opencloud-wopi.service [Unit] Description=OpenCloud WOPI Server Wants=coolwsd.service @@ -197,49 +188,21 @@ TimeoutStopSec=10 WantedBy=multi-user.target EOF - # Append active Collabora config to env file - cat <>"$ENV_FILE" - -## Collaboration - active configuration -COLLABORA_DOMAIN=${COLLABORA_HOST} -COLLABORATION_APP_NAME="CollaboraOnline" -COLLABORATION_APP_PRODUCT="Collabora" -COLLABORATION_APP_ADDR=https://${COLLABORA_HOST} -COLLABORATION_APP_INSECURE=false -COLLABORATION_HTTP_ADDR=0.0.0.0:9300 -COLLABORATION_WOPI_SRC=https://${WOPI_HOST} -COLLABORATION_JWT_SECRET= -EOF - - $STD runuser -u cool -- coolconfig set ssl.enable false - $STD runuser -u cool -- coolconfig set ssl.termination true - $STD runuser -u cool -- coolconfig set ssl.ssl_verification true - sed -i "s|CSP2\"/>|CSP2\">frame-ancestors https://${OC_HOST}|" /etc/coolwsd/coolwsd.xml -fi - +$STD sudo -u cool coolconfig set ssl.enable false +$STD sudo -u cool coolconfig set ssl.termination true +$STD sudo -u cool coolconfig set ssl.ssl_verification true +sed -i "s|CSP2\"/>|CSP2\">frame-ancestors https://${OC_HOST}|" /etc/coolwsd/coolwsd.xml useradd -r -M -s /usr/sbin/nologin opencloud chown -R opencloud:opencloud "$CONFIG_DIR" "$DATA_DIR" - -if [[ "$LOCALHOST_MODE" == true ]]; then - $STD runuser -u opencloud -- opencloud init --config-path "$CONFIG_DIR" --insecure yes -else - $STD runuser -u opencloud -- opencloud init --config-path "$CONFIG_DIR" --insecure no -fi - +sudo -u opencloud opencloud init --config-path "$CONFIG_DIR" --insecure no OPENCLOUD_SECRET="$(sed -n '/jwt/p' "$CONFIG_DIR"/opencloud.yaml | awk '{print $2}')" -if [[ "$LOCALHOST_MODE" != true ]]; then - sed -i "s/COLLABORATION_JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE" -fi +sed -i "s/JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE" msg_ok "Configured OpenCloud" msg_info "Starting services" -if [[ "$LOCALHOST_MODE" == true ]]; then - systemctl enable -q --now opencloud -else - systemctl enable -q --now coolwsd opencloud - sleep 5 - systemctl enable -q --now opencloud-wopi -fi +systemctl enable -q --now coolwsd opencloud +sleep 5 +systemctl enable -q --now opencloud-wopi msg_ok "Started services" motd_ssh diff --git a/install/opencloud-install copy.sh b/install/opencloud-install.sh.bak similarity index 56% rename from install/opencloud-install copy.sh rename to install/opencloud-install.sh.bak index 7d4c9a060..0ed6cc619 100644 --- a/install/opencloud-install copy.sh +++ b/install/opencloud-install.sh.bak @@ -13,48 +13,48 @@ setting_up_container network_check update_os +echo -e "${TAB3}${INFO}${YW} Leave empty to use IP-based localhost mode (no Collabora)${CL}" read -r -p "${TAB3}Enter the hostname of your OpenCloud server (eg cloud.domain.tld): " oc_host -if [[ "$oc_host" ]]; then + +if [[ -z "$oc_host" ]]; then + # Localhost/IP mode - no TLS, no Collabora + OC_HOST="${LOCAL_IP}" + LOCALHOST_MODE=true + msg_info "Using localhost mode with IP: ${LOCAL_IP}" + msg_warn "Collabora requires TLS and will be skipped in localhost mode" +else OC_HOST="$oc_host" -fi -read -r -p "${TAB3}Enter the hostname of your Collabora server (eg collabora.domain.tld): " collabora_host -if [[ "$collabora_host" ]]; then - COLLABORA_HOST="$collabora_host" -fi -read -r -p "${TAB3}Enter the hostname of your WOPI server (eg wopiserver.domain.tld): " wopi_host -if [[ "$wopi_host" ]]; then - WOPI_HOST="$wopi_host" + LOCALHOST_MODE=false + read -r -p "${TAB3}Enter the hostname of your Collabora server [collabora.${OC_HOST#*.}]: " collabora_host + COLLABORA_HOST="${collabora_host:-collabora.${OC_HOST#*.}}" + read -r -p "${TAB3}Enter the hostname of your WOPI server [wopiserver.${OC_HOST#*.}]: " wopi_host + WOPI_HOST="${wopi_host:-wopiserver.${OC_HOST#*.}}" fi -# Collabora online - this is broken because it adds the Component and apt doesn't like that -# setup_deb822_repo \ -# "collaboraonline" \ -# "https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg" \ -# "https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb/Release" \ -# "./" \ -# "main" - -msg_info "Installing Collabora Online" -curl -fsSL https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -o /etc/apt/keyrings/collaboraonline-release-keyring.gpg -cat </etc/apt/sources.list.d/colloboraonline.sources +# Collabora Online - only install if not in localhost mode (requires TLS) +if [[ "$LOCALHOST_MODE" != true ]]; then + msg_info "Installing Collabora Online" + curl -fsSL https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -o /etc/apt/keyrings/collaboraonline-release-keyring.gpg + cat </etc/apt/sources.list.d/collaboraonline.sources Types: deb URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb Suites: ./ Signed-By: /etc/apt/keyrings/collaboraonline-release-keyring.gpg EOF -$STD apt-get update -$STD apt-get install -y coolwsd code-brand -systemctl stop coolwsd -mkdir -p /etc/systemd/system/coolwsd.service.d -cat </etc/systemd/system/coolwsd.service.d/override.conf + $STD apt-get update + $STD apt-get install -y coolwsd code-brand + systemctl stop coolwsd + mkdir -p /etc/systemd/system/coolwsd.service.d + cat </etc/systemd/system/coolwsd.service.d/override.conf [Unit] Before=opencloud-wopi.service EOF -systemctl daemon-reload -COOLPASS="$(openssl rand -base64 36)" -$STD sudo -u cool coolconfig set-admin-password --user=admin --password="$COOLPASS" -echo "$COOLPASS" >~/.coolpass -msg_ok "Installed Collabora Online" + systemctl daemon-reload + COOLPASS="$(openssl rand -base64 36)" + $STD runuser -u cool -- coolconfig set-admin-password --user=admin --password="$COOLPASS" + echo "$COOLPASS" >~/.coolpass + msg_ok "Installed Collabora Online" +fi # OpenCloud fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v5.0.1" "/usr/bin" "opencloud-*-linux-amd64" @@ -68,9 +68,33 @@ mkdir -p "$DATA_DIR" "$CONFIG_DIR"/assets/apps curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/csp.yaml -o "$CONFIG_DIR"/csp.yaml curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/proxy.yaml -o "$CONFIG_DIR"/proxy.yaml.bak +if [[ "$LOCALHOST_MODE" == true ]]; then + OC_URL="http://${OC_HOST}:9200" + OC_INSECURE="true" +else + OC_URL="https://${OC_HOST}" + OC_INSECURE="false" +fi + +# Create web config directory and config.json +mkdir -p "$CONFIG_DIR"/web +cat <"$CONFIG_DIR"/web/config.json +{ + "server": "${OC_URL}", + "theme": "https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/web/themes/opencloud/theme.json", + "openIdConnect": { + "metadata_url": "${OC_URL}/.well-known/openid-configuration", + "authority": "${OC_URL}", + "client_id": "web", + "response_type": "code", + "scope": "openid profile email" + } +} +EOF + cat <"$ENV_FILE" -OC_URL=https://${OC_HOST} -OC_INSECURE=false +OC_URL=${OC_URL} +OC_INSECURE=${OC_INSECURE} IDM_CREATE_DEMO_USERS=false OC_LOG_LEVEL=warning OC_CONFIG_DIR=${CONFIG_DIR} @@ -93,15 +117,15 @@ GRAPH_INCLUDE_OCM_SHAREES=true PROXY_TLS=false PROXY_CSP_CONFIG_FILE_LOCATION=${CONFIG_DIR}/csp.yaml -## Collaboration - requires VALID TLS -COLLABORA_DOMAIN=${COLLABORA_HOST} -COLLABORATION_APP_NAME="CollaboraOnline" -COLLABORATION_APP_PRODUCT="Collabora" -COLLABORATION_APP_ADDR=https://${COLLABORA_HOST} -COLLABORATION_APP_INSECURE=false -COLLABORATION_HTTP_ADDR=0.0.0.0:9300 -COLLABORATION_WOPI_SRC=https://${WOPI_HOST} -COLLABORATION_JWT_SECRET= +## Collaboration - requires VALID TLS (disabled in localhost mode) +# COLLABORA_DOMAIN= +# COLLABORATION_APP_NAME="CollaboraOnline" +# COLLABORATION_APP_PRODUCT="Collabora" +# COLLABORATION_APP_ADDR= +# COLLABORATION_APP_INSECURE=false +# COLLABORATION_HTTP_ADDR=0.0.0.0:9300 +# COLLABORATION_WOPI_SRC= +# COLLABORATION_JWT_SECRET= ## Notifications - Email settings # NOTIFICATIONS_SMTP_HOST= @@ -166,7 +190,8 @@ Restart=always WantedBy=multi-user.target EOF -cat </etc/systemd/system/opencloud-wopi.service +if [[ "$LOCALHOST_MODE" != true ]]; then + cat </etc/systemd/system/opencloud-wopi.service [Unit] Description=OpenCloud WOPI Server Wants=coolwsd.service @@ -188,21 +213,49 @@ TimeoutStopSec=10 WantedBy=multi-user.target EOF -$STD sudo -u cool coolconfig set ssl.enable false -$STD sudo -u cool coolconfig set ssl.termination true -$STD sudo -u cool coolconfig set ssl.ssl_verification true -sed -i "s|CSP2\"/>|CSP2\">frame-ancestors https://${OC_HOST}|" /etc/coolwsd/coolwsd.xml + # Append active Collabora config to env file + cat <>"$ENV_FILE" + +## Collaboration - active configuration +COLLABORA_DOMAIN=${COLLABORA_HOST} +COLLABORATION_APP_NAME="CollaboraOnline" +COLLABORATION_APP_PRODUCT="Collabora" +COLLABORATION_APP_ADDR=https://${COLLABORA_HOST} +COLLABORATION_APP_INSECURE=false +COLLABORATION_HTTP_ADDR=0.0.0.0:9300 +COLLABORATION_WOPI_SRC=https://${WOPI_HOST} +COLLABORATION_JWT_SECRET= +EOF + + $STD runuser -u cool -- coolconfig set ssl.enable false + $STD runuser -u cool -- coolconfig set ssl.termination true + $STD runuser -u cool -- coolconfig set ssl.ssl_verification true + sed -i "s|CSP2\"/>|CSP2\">frame-ancestors https://${OC_HOST}|" /etc/coolwsd/coolwsd.xml +fi + useradd -r -M -s /usr/sbin/nologin opencloud chown -R opencloud:opencloud "$CONFIG_DIR" "$DATA_DIR" -sudo -u opencloud opencloud init --config-path "$CONFIG_DIR" --insecure no + +if [[ "$LOCALHOST_MODE" == true ]]; then + $STD runuser -u opencloud -- opencloud init --config-path "$CONFIG_DIR" --insecure yes +else + $STD runuser -u opencloud -- opencloud init --config-path "$CONFIG_DIR" --insecure no +fi + OPENCLOUD_SECRET="$(sed -n '/jwt/p' "$CONFIG_DIR"/opencloud.yaml | awk '{print $2}')" -sed -i "s/JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE" +if [[ "$LOCALHOST_MODE" != true ]]; then + sed -i "s/COLLABORATION_JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE" +fi msg_ok "Configured OpenCloud" msg_info "Starting services" -systemctl enable -q --now coolwsd opencloud -sleep 5 -systemctl enable -q --now opencloud-wopi +if [[ "$LOCALHOST_MODE" == true ]]; then + systemctl enable -q --now opencloud +else + systemctl enable -q --now coolwsd opencloud + sleep 5 + systemctl enable -q --now opencloud-wopi +fi msg_ok "Started services" motd_ssh