Install Collabora Online with Docker in Ubuntu 18.04 LXD Containers

Collabora Online supports editing your documents in real time with multiple other editors, showing high fidelity, WYSIWYG rendering and preserving the layout and formatting of your documents. My recommendation is to integrate Collabora Online with Nextcloud.

Launch your Ubuntu 18.04 container with public IP-adress:

lxc launch --profile default ubuntu:18.04 CTNAME --target host-1
lxc config set CTNAME volatile.eth0.hwaddr 00:00:00:00:00:00

Allow Security Nesting (Container in Container) and allow the aufs module inside the container:

lxc config set CTNAME security.privileged true
lxc config set CTNAME security.nesting true
lxc config set CTNAME linux.kernel_modules "aufs"

Open your container:

lxc exec CTNAME bash

Update your container and install Docker and Apache2:

apt-get update apt-get upgrade -y
apt-get install docker.io apache2 -y

Enable Apache2 and Docker on boot:

systemctl enable apache2
systemctl enable docker

Change the storage driver to aufs:

nano /etc/docker/daemon.json

And paste the following config:

{
  "storage-driver": "aufs"
}

Restart Docker to apply the changes:

systemctl restart docker

Download Collabora Online and replace the url with your url:

docker pull collabora/code
docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=oo\\.yourdomain\\.com' --restart always --cap-add MKNOD collabora/code

Request a new SSL certificate and place it in:

/etc/ssl/office/office.pem
/etc/ssl/office/office.key

Add your Apache2 configuration:

nano /etc/apache2/sites-enabled/office.conf

Paste the following config and replace the url with your url:

ServerName oo.yourdomain.com:443

# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
SSLCertificateFile /etc/ssl/office/office.pem
SSLCertificateKeyFile /etc/ssl/office/office.key
SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:$
SSLHonorCipherOrder     on

# Encoded slashes need to be allowed
AllowEncodedSlashes NoDecode

# Container uses a unique non-signed certificate
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off

# keep the host
ProxyPreserveHost On

# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

# WOPI discovery URL
ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

# Admin Console websocket
ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

# Download as, Fullscreen presentation and Image upload operations
ProxyPass           /lool https://127.0.0.1:9980/lool
ProxyPassReverse    /lool https://127.0.0.1:9980/lool

# Endpoint with information about availability of various features
ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

Enable the Apache2 website:

a2ensite office.conf

Enable the following modules:

a2enmod proxy
a2enmod proxy_wstunnel
a2enmod proxy_http
a2enmod ssl

Restart Apache2 to apply the changes:

systemctl restart apache2

Configure the firewall:

ufw allow proto tcp to 0.0.0.0/0 port 443
ufw allow proto tcp to 0.0.0.0/0 port 22 (Optional)
ufw enable

Collabora Online is now ready to use!