9d77145a7e
Reworks opencloud-install.sh to remove localhost mode, always require FQDNs, and streamline Collabora and WOPI configuration. The script now always installs Collabora and WOPI, sets up environment variables accordingly, and simplifies service management. The previous localhost/IP-based mode is preserved in opencloud-install.sh.bak for reference.
264 lines
8.1 KiB
Bash
264 lines
8.1 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Copyright (c) 2021-2026 community-scripts ORG
|
|
# Author: vhsdream
|
|
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
|
|
# Source: https://opencloud.eu
|
|
|
|
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
|
color
|
|
verb_ip6
|
|
catch_errors
|
|
setting_up_container
|
|
network_check
|
|
update_os
|
|
|
|
echo -e "${TAB3}${INFO}${YW} Leave empty to use IP-based localhost mode (no Collabora)${CL}"
|
|
read -r -p "${TAB3}Enter the hostname of your OpenCloud server (eg cloud.domain.tld): " oc_host
|
|
|
|
if [[ -z "$oc_host" ]]; then
|
|
# Localhost/IP mode - no TLS, no Collabora
|
|
OC_HOST="${LOCAL_IP}"
|
|
LOCALHOST_MODE=true
|
|
msg_info "Using localhost mode with IP: ${LOCAL_IP}"
|
|
msg_warn "Collabora requires TLS and will be skipped in localhost mode"
|
|
else
|
|
OC_HOST="$oc_host"
|
|
LOCALHOST_MODE=false
|
|
read -r -p "${TAB3}Enter the hostname of your Collabora server [collabora.${OC_HOST#*.}]: " collabora_host
|
|
COLLABORA_HOST="${collabora_host:-collabora.${OC_HOST#*.}}"
|
|
read -r -p "${TAB3}Enter the hostname of your WOPI server [wopiserver.${OC_HOST#*.}]: " wopi_host
|
|
WOPI_HOST="${wopi_host:-wopiserver.${OC_HOST#*.}}"
|
|
fi
|
|
|
|
# Collabora Online - only install if not in localhost mode (requires TLS)
|
|
if [[ "$LOCALHOST_MODE" != true ]]; then
|
|
msg_info "Installing Collabora Online"
|
|
curl -fsSL https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -o /etc/apt/keyrings/collaboraonline-release-keyring.gpg
|
|
cat <<EOF >/etc/apt/sources.list.d/collaboraonline.sources
|
|
Types: deb
|
|
URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb
|
|
Suites: ./
|
|
Signed-By: /etc/apt/keyrings/collaboraonline-release-keyring.gpg
|
|
EOF
|
|
$STD apt-get update
|
|
$STD apt-get install -y coolwsd code-brand
|
|
systemctl stop coolwsd
|
|
mkdir -p /etc/systemd/system/coolwsd.service.d
|
|
cat <<EOF >/etc/systemd/system/coolwsd.service.d/override.conf
|
|
[Unit]
|
|
Before=opencloud-wopi.service
|
|
EOF
|
|
systemctl daemon-reload
|
|
COOLPASS="$(openssl rand -base64 36)"
|
|
$STD runuser -u cool -- coolconfig set-admin-password --user=admin --password="$COOLPASS"
|
|
echo "$COOLPASS" >~/.coolpass
|
|
msg_ok "Installed Collabora Online"
|
|
fi
|
|
|
|
# OpenCloud
|
|
fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v5.0.1" "/usr/bin" "opencloud-*-linux-amd64"
|
|
|
|
msg_info "Configuring OpenCloud"
|
|
DATA_DIR="/var/lib/opencloud/"
|
|
CONFIG_DIR="/etc/opencloud"
|
|
ENV_FILE="${CONFIG_DIR}/opencloud.env"
|
|
mkdir -p "$DATA_DIR" "$CONFIG_DIR"/assets/apps
|
|
|
|
curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/csp.yaml -o "$CONFIG_DIR"/csp.yaml
|
|
curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/proxy.yaml -o "$CONFIG_DIR"/proxy.yaml.bak
|
|
|
|
if [[ "$LOCALHOST_MODE" == true ]]; then
|
|
OC_URL="http://${OC_HOST}:9200"
|
|
OC_INSECURE="true"
|
|
else
|
|
OC_URL="https://${OC_HOST}"
|
|
OC_INSECURE="false"
|
|
fi
|
|
|
|
# Create web config directory and config.json
|
|
mkdir -p "$CONFIG_DIR"/web
|
|
cat <<EOF >"$CONFIG_DIR"/web/config.json
|
|
{
|
|
"server": "${OC_URL}",
|
|
"theme": "https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/web/themes/opencloud/theme.json",
|
|
"openIdConnect": {
|
|
"metadata_url": "${OC_URL}/.well-known/openid-configuration",
|
|
"authority": "${OC_URL}",
|
|
"client_id": "web",
|
|
"response_type": "code",
|
|
"scope": "openid profile email"
|
|
}
|
|
}
|
|
EOF
|
|
|
|
cat <<EOF >"$ENV_FILE"
|
|
OC_URL=${OC_URL}
|
|
OC_INSECURE=${OC_INSECURE}
|
|
IDM_CREATE_DEMO_USERS=false
|
|
OC_LOG_LEVEL=warning
|
|
OC_CONFIG_DIR=${CONFIG_DIR}
|
|
OC_BASE_DATA_PATH=${DATA_DIR}
|
|
STORAGE_SYSTEM_OC_ROOT=${DATA_DIR}/storage/metadata
|
|
|
|
## Web
|
|
WEB_ASSET_CORE_PATH=${CONFIG_DIR}/web/assets
|
|
WEB_ASSET_APPS_PATH=${CONFIG_DIR}/web/assets/apps
|
|
WEB_UI_CONFIG_FILE=${CONFIG_DIR}/web/config.json
|
|
# WEB_ASSET_THEMES_PATH=${CONFIG_DIR}/web/assets/themes
|
|
# WEB_UI_THEME_PATH=
|
|
|
|
## Frontend
|
|
FRONTEND_DISABLE_RADICALE=true
|
|
FRONTEND_GROUPWARE_ENABLED=false
|
|
GRAPH_INCLUDE_OCM_SHAREES=true
|
|
|
|
## Proxy
|
|
PROXY_TLS=false
|
|
PROXY_CSP_CONFIG_FILE_LOCATION=${CONFIG_DIR}/csp.yaml
|
|
|
|
## Collaboration - requires VALID TLS (disabled in localhost mode)
|
|
# COLLABORA_DOMAIN=
|
|
# COLLABORATION_APP_NAME="CollaboraOnline"
|
|
# COLLABORATION_APP_PRODUCT="Collabora"
|
|
# COLLABORATION_APP_ADDR=
|
|
# COLLABORATION_APP_INSECURE=false
|
|
# COLLABORATION_HTTP_ADDR=0.0.0.0:9300
|
|
# COLLABORATION_WOPI_SRC=
|
|
# COLLABORATION_JWT_SECRET=
|
|
|
|
## Notifications - Email settings
|
|
# NOTIFICATIONS_SMTP_HOST=
|
|
# NOTIFICATIONS_SMTP_PORT=
|
|
# NOTIFICATIONS_SMTP_SENDER=
|
|
# NOTIFICATIONS_SMTP_USERNAME=
|
|
# NOTIFICATIONS_SMTP_PASSWORD=
|
|
# NOTIFICATIONS_SMTP_AUTHENTICATION=login
|
|
## Encryption method. Possible values are 'starttls', 'ssltls' and 'none'
|
|
# NOTIFICATIONS_SMTP_ENCRYPTION=starttls
|
|
## Allow insecure connections. Defaults to false.
|
|
# NOTIFICATIONS_SMTP_INSECURE=false
|
|
|
|
## Start additional services at runtime
|
|
## Examples: notifications, antivirus etc.
|
|
## Do not uncomment unless configured above.
|
|
# OC_ADD_RUN_SERVICES="notifications"
|
|
|
|
## OpenID - via web browser
|
|
## uncomment for OpenID in general
|
|
# OC_EXCLUDE_RUN_SERVICES=idp
|
|
# OC_OIDC_ISSUER=<your auth URL>
|
|
# IDP_DOMAIN=<your auth URL>
|
|
# PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
|
|
# PROXY_OIDC_REWRITE_WELLKNOWN=true
|
|
# PROXY_USER_OIDC_CLAIM=preferred_username
|
|
# PROXY_USER_CS3_CLAIM=username
|
|
## automatically create accounts
|
|
# PROXY_AUTOPROVISION_ACCOUNTS=true
|
|
# WEB_OIDC_SCOPE=openid profile email groups
|
|
# GRAPH_ASSIGN_DEFAULT_USER_ROLE=false
|
|
#
|
|
## uncomment below if using PocketID
|
|
# WEB_OIDC_CLIENT_ID=<generated in PocketID>
|
|
# WEB_OIDC_METADATA_URL=<your auth URL>/.well-known/openid-configuration
|
|
|
|
## Full Text Search - Apache Tika
|
|
## Requires a separate install of Tika - see https://community-scripts.github.io/ProxmoxVE/scripts?id=apache-tika
|
|
# SEARCH_EXTRACTOR_TYPE=tika
|
|
# FRONTEND_FULL_TEXT_SEARCH_ENABLED=true
|
|
# SEARCH_EXTRACTOR_TIKA_TIKA_URL=<your-tika-url>
|
|
|
|
## External storage test - Only NFS v4.2+ is supported
|
|
## User files
|
|
# STORAGE_USERS_POSIX_ROOT=<path-to-your-bind_mount>
|
|
EOF
|
|
|
|
cat <<EOF >/etc/systemd/system/opencloud.service
|
|
[Unit]
|
|
Description=OpenCloud server
|
|
After=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=opencloud
|
|
Group=opencloud
|
|
EnvironmentFile=${ENV_FILE}
|
|
ExecStart=/usr/bin/opencloud server
|
|
Restart=always
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
if [[ "$LOCALHOST_MODE" != true ]]; then
|
|
cat <<EOF >/etc/systemd/system/opencloud-wopi.service
|
|
[Unit]
|
|
Description=OpenCloud WOPI Server
|
|
Wants=coolwsd.service
|
|
After=opencloud.service coolwsd.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=opencloud
|
|
Group=opencloud
|
|
EnvironmentFile=${ENV_FILE}
|
|
ExecStartPre=/bin/sleep 10
|
|
ExecStart=/usr/bin/opencloud collaboration server
|
|
Restart=always
|
|
KillSignal=SIGKILL
|
|
KillMode=mixed
|
|
TimeoutStopSec=10
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
# Append active Collabora config to env file
|
|
cat <<EOF >>"$ENV_FILE"
|
|
|
|
## Collaboration - active configuration
|
|
COLLABORA_DOMAIN=${COLLABORA_HOST}
|
|
COLLABORATION_APP_NAME="CollaboraOnline"
|
|
COLLABORATION_APP_PRODUCT="Collabora"
|
|
COLLABORATION_APP_ADDR=https://${COLLABORA_HOST}
|
|
COLLABORATION_APP_INSECURE=false
|
|
COLLABORATION_HTTP_ADDR=0.0.0.0:9300
|
|
COLLABORATION_WOPI_SRC=https://${WOPI_HOST}
|
|
COLLABORATION_JWT_SECRET=
|
|
EOF
|
|
|
|
$STD runuser -u cool -- coolconfig set ssl.enable false
|
|
$STD runuser -u cool -- coolconfig set ssl.termination true
|
|
$STD runuser -u cool -- coolconfig set ssl.ssl_verification true
|
|
sed -i "s|CSP2\"/>|CSP2\">frame-ancestors https://${OC_HOST}</content_security_policy>|" /etc/coolwsd/coolwsd.xml
|
|
fi
|
|
|
|
useradd -r -M -s /usr/sbin/nologin opencloud
|
|
chown -R opencloud:opencloud "$CONFIG_DIR" "$DATA_DIR"
|
|
|
|
if [[ "$LOCALHOST_MODE" == true ]]; then
|
|
$STD runuser -u opencloud -- opencloud init --config-path "$CONFIG_DIR" --insecure yes
|
|
else
|
|
$STD runuser -u opencloud -- opencloud init --config-path "$CONFIG_DIR" --insecure no
|
|
fi
|
|
|
|
OPENCLOUD_SECRET="$(sed -n '/jwt/p' "$CONFIG_DIR"/opencloud.yaml | awk '{print $2}')"
|
|
if [[ "$LOCALHOST_MODE" != true ]]; then
|
|
sed -i "s/COLLABORATION_JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE"
|
|
fi
|
|
msg_ok "Configured OpenCloud"
|
|
|
|
msg_info "Starting services"
|
|
if [[ "$LOCALHOST_MODE" == true ]]; then
|
|
systemctl enable -q --now opencloud
|
|
else
|
|
systemctl enable -q --now coolwsd opencloud
|
|
sleep 5
|
|
systemctl enable -q --now opencloud-wopi
|
|
fi
|
|
msg_ok "Started services"
|
|
|
|
motd_ssh
|
|
customize
|
|
cleanup_lxc
|