Over the last few weeks, I have been exploring the possibility of hosting my own cloud at home, breaking away from some Google services. I chose to use NextCloud for this purpose, and it has been great for storing my personal files.
Today I decided to work on my resume, and I realized that I had to download it from NextCloud, edit it locally, and then re-upload it. This was very lame compared to Google Drive, where I could just click and edit it directly in the browser.
So, that brought me to setting up NextCloud Office.
What I already had
- Kubernetes cluster: v1.33.3+k3s1
- ArgoCD: v3.0.6+db93798
- NextCloud: 31.0.9 (installed via Helm chart)
Built-in CODE server (no luck)
At first I thought it was as straightforward as just installing the NextCloud Office app from the NextCloud app store. However, I was greeted with this message when I tried to open a document:
Then I found out in the settings (<nextcloud_host>/settings/admin/richdocuments) that I needed to set up a Collabora server in order to use NextCloud Office.
There was a “Use built-in CODE server” option, which seemed like the easiest way to get started, so I installed the suggested app and turned it on.
but the same error message appeared whenever I tried to open a document, and no helpful logs were found in the NextCloud logs.
Separate Collabora server
The next thing I found was the Collabora section on the NextCloud Helm chart page, which allowed me to deploy a separate Collabora server alongside NextCloud.
Following the documentation, I added the following to my helm values:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
collabora:
enabled: true
collabora:
aliasgroups:
- host: "https://collabora.junyi.me" # my collabora domain
- host: "https://cloud.junyi.me" # my nextcloud domain
extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:net.proto=ipv4" # see note below
existingSecret: # points to an existing k8s secret named "collabora"
enabled: true
secretName: collabora
usernameKey: username
passwordKey: password
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/service.sticky.cookie: "true"
hosts:
- host: "collabora.junyi.me"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- "collabora.junyi.me"
secretName: junyi-me-production
resources: # should be enough for my personal use
requests:
cpu: "2"
memory: "8Gi"
limits:
cpu: "4"
memory: "16Gi"
|
The whole ArgoCD application looks like this:
nextcloud.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: nextcloud
namespace: argocd
spec:
destination:
namespace: nextcloud
server: https://kubernetes.default.svc
project: default
source:
repoURL: https://nextcloud.github.io/helm/
chart: nextcloud
targetRevision: 7.0.4
helm:
valuesObject:
replicaCount: 2
ingress:
className: traefik
enabled: true
hostname: cloud.junyi.me
annotations:
traefik.ingress.kubernetes.io/service.sticky.cookie: "true"
tls:
- hosts:
- "junyi.me"
secretName: junyi-me-production
secretName: junyi-me-production
nextcloud:
host: cloud.junyi.me
username: <redacted>
password: <redacted>
trustedDomains:
- junyi.me
configs:
local.config.php: |
<?php
$CONFIG = array (
'allow_local_remote_servers' => true,
);
proxy.config.php: |-
<?php
$CONFIG = array (
'trusted_proxies' => array(
0 => '127.0.0.1',
1 => '10.0.0.0/8',
),
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
);
collabora:
enabled: true
collabora:
aliasgroups:
- host: "https://collabora.junyi.me"
- host: "https://cloud.junyi.me"
extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:net.proto=ipv4"
existingSecret:
enabled: true
secretName: collabora
usernameKey: username
passwordKey: password
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/service.sticky.cookie: "true"
hosts:
- host: "collabora.junyi.me"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- "collabora.junyi.me"
secretName: junyi-me-production
resources:
requests:
cpu: "2"
memory: "8Gi"
limits:
cpu: "4"
memory: "16Gi"
internalDatabase:
enabled: false
externalDatabase:
enabled: true
type: postgresql
existingSecret:
enabled: true
secretName: nextcloud-db
hostKey: POSTGRES_HOST
databaseKey: POSTGRES_DB
usernameKey: POSTGRES_USER
passwordKey: POSTGRES_PASSWORD
persistence:
enabled: true
existingClaim: sdvault-nextcloud
phpClientHttpsFix:
enabled: true
redis:
enabled: true
metrics:
enabled: true
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/metrics"
syncPolicy:
automated:
prune: true
selfHeal: true
|
After both NextCloud and Collabora were deployed, there are two things to configure via the NextCloud admin settings.
First, configure Office to use the Collabora server:
Then, add the Collabora server to the WOPI allow list. Since I’m running Collabora on k8s and pod IPs are subject to change, I just added the whole subnet for my cluster’s internal IP range.
At first, even though NextCloud and Collabora were both up and running, NextCloud would claim not being able to connect to the Collabora server (claims to be using http instead of https for some reason…).
Adding this under collabora.collabora solved the issue:
extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:net.proto=ipv4"
Now I can finally work on my resume (totally not procrastinating here).
