Build your own cloud infrastructure with Nextcloud and Collabora – IT PRO

Cloud services have revolutionised the way we work, providing easy paths for collaboration over a distance and business-critical features such as automatic off-site backups and version control.

However, potential issues range from not wanting to entrust data to the uncanny tentacles of global megacorporations, to very limited options for intranet-only deployments and the cost of per-user licensing for bundled services that not all users need.

Setting up your own cloud services can in some cases provide financial savings, but it will certainly provide greater control over the data youre responsible for and the way your users can access it.

That can be a distinct advantage when it comes to data protection and financial services regulation. Note, though, that you will be responsible for securing and updating the software that runs your cloud, rather than being able to leave that to a third party.

Advertisement - Article continues below

Advertisement - Article continues below

Well guide you through setting up open source cloud storage suite Nextcloud and Collabora Online, which adds online collaborative document editing to Nextcloud, as well as a few more common business cloud features. For brevity and convenience, well be using containerised versions of the software distributed using Snap and Docker.

The latest version, Nextcloud 18 Hub, includes support for an integrated OnlyOffice editing environment on the same server. This is bleeding edge stuff, so for both this reason and because the OnlyOffice Community Edition it uses supports just 20 simultaneous open documents, we've opted not to use this approach for our tutorial.

Instead, well guide you through setting up the current stable version 16 snap release of Nextcloud and the more fully-featured Collabora document editing environment on a dedicated server, as this is more appropriately scaleable to the needs of most businesses.

In our example deployment, weve given Nextcloud and Collaboras servers each a dedicated VM. The required spec will vary depending on how many users you have, how much they need to store and how frequently theyll access storage and edit documents.

A very basic setup - suitable for a small business or department of three to ten people - works smoothly with a single core and 1GB RAM for the Nextcloud server, and two cores and 2GB RAM for Collabora. The extra memory is particularly important here if you expect multiple users to work on their documents at the same time.

Unless you have very high storage capacity requirements, we suggest using an SSD-based system to improve responsiveness. This tutorial was written using virtual servers hosted on Vultr and that services default Ubuntu 18.04 image, but applies to any comparable virtual or hardware server configuration.

Set up an Ubuntu 18.04 server. If your install image doesnt prompt you to do so, create a new user, add them to the sudoers group and update the server. Youll be logging in as that new user, rather than as root, whenever you need command line access to the Nextcloud server.

Now, were ready to install the Nextcloud snap package, which packs in all required dependencies.

To configure your Nextcloud, connect to your servers IP address in a web browser and follow the prompts to create an admin account. Congratulations, you now have a basic cloud storage server.

To make it easily accessible and appropriately professional looking, well want a domain name for it either a new domain or a subdomain of your existing web address will work well.

Advertisement - Article continues below

With an appropriate domain name registered or subdomain selected, create an A record in your registrars DNS management portal pointing at your new Nextcloud server's IP address.

Now well have to tell your Nextcloud instance what its domain name is. Log in to the server at the command line.

Add your new domain name under trusted_domains, save changes and you should now be able to immediately access your Nextcloud from that URL.

With that done, its time to run through Nextclouds recommended server security tweaks, most importantly HTTPS support.The Nextcloud snap comes with built-in support for generating a LetsEncrypt certificate, so just run:

Then follow through the certificate creation process for your domain name. The Nextcloud Snap includes an integrated auto-renewal routine, but you can also renew your certificates at any point by re-running the creation command above.

Nextcloud needs to be able to communicate with your users for everything from registration emails to editing invitations, so youll need an SMTP server that it can send outbound emails through.

In this example, were integrating Nextcloud with a business that uses G-Suite, so well use Gmail as our SMTP server. However, third-party SMTP providers of this kind may require some extra configuration on their end to work. In this instance, we had to reduce security to allow access. If users arent allowed to manage their own less secure apps, youll have to grand them this permission in the G-Suite admin panels Advanced Security Settings.

If youre testing Nextcloud and using a standard Gmail account for SMTP, youll find the same setting in your personal Google Account Security options.

Advertisement - Article continues below

If you run your own mail server, youll want to create a user for Nextcloud and point it at that.

At this point, you should add a recovery email address and ideally enable two-factor authentication for your admin account. Once you roll Nextcloud out to your users, you should strongly encourage them to do the same.

Advertisement - Article continues below

If all you need is online storage, you're ready to invite users, but if you want to provide more advanced cloud services and apps, such as document editing, youll want to add a few more features.

Click on your profile icon and select Apps. Here, you'll see all the default features of Nextcloud, such as its gallery display for images, plain text editor and PDF viewer, as well as any pending updates for them.

In the pane on the left, a category list lets you view a full range of official and third-party Nextcloud apps. There's a lot here, so you'll want to take a look through everything to see what your users are likely to need.

Nextcloud's app library includes Google Drive, Microsoft OneDrive and Dropbox integrations that can help users transfer files from third-party cloud services to Nextcloud, multimedia file playback and conversion, single sign-on and additional two-factor authentication support, web form creation, WebRTC-based video and voice conferencing, end-to-end encryption and real-time tracking of associated mobile devices, as well as more traditional office suite functionality.

Advertisement - Article continues below

For this tutorial, we're going to add a calendar, task list, and contact management. Go to Office & text and select Download and enable on Calendar, Contacts and Tasks. You may be prompted to enter your password. Once you've added these and returned to the main Nextcloud interface, you'll be able to access these via extra buttons that'll appear on the interface's top bar.

A fast guide to finding your cloud solution

One size doesn't fit all in the cloud, so how do you find the best option for your business?

Nextcloud includes a simple integrated text editor by default, but if you need proper online document creation and editing, the Nexcloud Collabora Online app is an elegant solution. To use it, however, you'll need to set up a Collabora Online server.

Based on LibreOffice, Collaboras features include full version control, commenting, collaborative document editing, and it allows you to create word processor documents, spreadsheets and presentations. Documents are saved in standard Open Document formats, and the synced versions thatll be saved on users devices can be opened in any compatible word processor, although you only get access to collaborative editing via the web interface.

Collabora is available as a Docker image. As it can become rather memory-hungry if you've got lots of users editing documents at the same time, we recommend giving it its own server, which also makes life a little easier when it comes to setup and configuration.

Spin up a fresh Ubuntu 18.04 server and update it. We'll be expanding on Nextcloud's official Collabora deployment instructionsfor this section and working on the assumption that Collabora will only need to serve a single Nextcloud instance.

While some previous iterations of Docker liked to run as root, which is reflected in the Collabora setup instructions linked above, you can and should use a normal user in the sudoers group. So, if your installation image doesnt do this for you by default:

adduser usernameadduser username sudosu usernamesudo apt updatesudo apt dist-upgrade

sudo apt install docker.iosudo docker pull collabora/codesudo docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=subdomain\.yournextclouddomain\.tld' -e 'dictionaries=en en-gb' --restart always --cap-add MKNOD collabora/code

These parameters include British, as well as US, English dictionaries - you can add others as needed. The path specified in the docker run command above must match the URL that your users will be using to connect to Nextcloud.

Advertisement - Article continues below

Youll also need Apache to act as a forward proxy for the Docker images.

Before you can configure it properly, though, well need to set up TLS certificates for the subdomain itll be using. Were again using Lets Encrypt certificates in this tutorial.

In this particular configuration, the easiest option is to stop Apache before using the Lets Encrypt certbots certificate-only generation mode.

Enter the domain name you want to use for the Collabora server - we suggest using a subdomain on the same domain youre using for your Nextcloud server. Remember to create an A record in your DNS settings to point the subdomain at your new Collabora server before you try to generate the certificate.

Certbot automatically sets up a cron job to handle the required three-monthly renewals of Lets Encrypt certificates, but well have to make a couple of modifications to make sure it stops and restarts Apache properly. First, test renewal, as itll have to stop your server.

If that runs without any errors, we need to create scripts for those pre and post hooks into the appropriate directories.

sudo nano /etc/letsencrypt/renewal-hooks/pre/stop_apache#!/bin/bashservice apache2 stop

sudo nano /etc/letsencrypt/renewal-hooks/post/start_apache#!/bin/bashservice apache2 start

sudo chmod u+x /etc/letsencrypt/renewal-hooks/post/start_apachesudo chmod u+x /etc/letsencrypt/renewal-hooks/pre/stop_apache

See if these are working by runningsudo certbot renew --dry-run

You can also confirm that theres a systemd timer in place for certbot thus:

Were using Apache as a proxy here, so youll need to enter the URL of the Collabora Online server the one you just got a certificate for and the path to the certificates we created earlier.

ServerName your.collabora.subdomain:443

# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!SSLEngine onSSLCertificateFile /etc/letsencrypt/live/certificate.domain.here/cert.pemSSLCertificateChainFile /etc/letsencrypt/live/certificate.domain.here/chain.pemSSLCertificateKeyFile /etc/letsencrypt/live/certificate.domain.here/privkey.pemSSLProtocol all -SSLv2 -SSLv3SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-G$SSLHonorCipherOrder on

# Encoded slashes need to be allowedAllowEncodedSlashes NoDecode

# Container uses a unique non-signed certificateSSLProxyEngine OnSSLProxyVerify NoneSSLProxyCheckPeerCN OffSSLProxyCheckPeerName Off

# keep the hostProxyPreserveHost On

# static html, js, images, etc. served from loolwsd# loleaflet is the client part of LibreOffice OnlineProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet

# WOPI discovery URLProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery

# Main websocketProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon

# Admin Console websocketProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws

# Download as, Fullscreen presentation and Image upload operationsProxyPass /lool https://127.0.0.1:9980/loolProxyPassReverse /lool https://127.0.0.1:9980/lool

# Endpoint with information about availability of various featuresProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities

sudo service apache2 restart

Your Collabora server should now be good to go. Log into your Nextcloud web interface as an admin, open the Settings screen and scroll down the left-hand pane until you get to Collabora Online Development Edition.

Click on that and enter the URL and port of your Collabora subdomain your.collabora.subdomain:443 and click apply.

With all your apps up and running, its finally time to invite your users. In the Nextcloud web interface, click on your profile icon on the top right of the interface and select users.

Create new users by clocking the +New user button in the left-hand pane then filling in the account settings you want to give them in the entry that appears at the to of the user list on the right.

Advertisement - Article continues below

You can set a password for them, which they should change after first logging in, and inform them of it. Alternately you can leave this password field blank and have them use the password reset feature to create their own password.

When they first log in, users should set their language and locale preferences in the Personal info section of the settings screen, again accessible by clicking on the user icon at top right. Locale determines the first day of the week for the calendar, which is set to the US Sunday-first system by default, and the language in which days are named.

As well as the website, client applications are available for Windows, Linux, macOS, Android and iOS. Users will be prompted to download these when they first connect, and they're always available via the Mobile & desktop entry in the settings screen, accessible by selecting settings from the menu that appears when you click on your user icon at top right.

Users can also search for Nextcloud clients in mobile app stores and link them by manually entering your cloud server's URL. This section also includes links to information for syncing calendar and contact data.

If you want your Android users to be able to edit documents from the Nextcloud mobile app, you should use your device management system to roll out the apk file that can be downloaded directly from Nextcloud or have them install the app from the F-Droid store, as the Google Play version is, at time of writing, lagging behind when it comes to support for Collabora Office.

The mobile apps Auto upload options allow you to select specific directories on your phone to be automatically backed up to Nextcloud, whether thats your photo gallery or critical document folder.

Assuming youve enabled the contacts app for Nextcloud, the mobile clients will be able to automatically back up your contacts to the service every day, and you can use Bitfires DAVx5 app for real-time calendar and contact syncing once added, Nextcloud calendars and contacts can be accessed via your preferred app.

Tasklist management for the Tasks feature is supported in DAVx5 via OpenTasks for Android, which users are prompted to install. Sync schedules can be customised as needed, with features including the option of only syncing over Wi-Fi, and everything works seamlessly in the background.

The desktop clients let you configure file syncing and create a default Nextcloud folder, whose contents will be automatically kept in sync with your Nextcloud server. You'll want to set it to launch on system startup. You can also apply bandwidth limits and throttling, which may be helpful to those working from home or on the road.

Nextcloud and its broad range of apps and connectivity tools have great potential for any business that wishes to either switch away from or supplement third-party cloud services.

For a more customised installation or to support large numbers of users, you may wish to build from source once youve familiarised yourself with Nextclouds systems, but the containerised versions of Nextcloud and Collabora are regularly updated and meet the core requirements for a small self-managed business cloud.

Report: The State of Software Security

This annual report explores important trends in software security

A fast guide to finding your cloud solution

One size doesn't fit all in the cloud, so how do you find the best option for your business?

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Small & Medium Business Trends Report

Insights from 2,000+ business owners and leaders worldwide

Read this article:
Build your own cloud infrastructure with Nextcloud and Collabora - IT PRO

Related Posts

Comments are closed.