lemur

History

Renich Bon Ćirić c4f1eb6cc9 nats: título de tarea más adecuado Se instalan dos paquetes: nats-server y certbot. El título decía "Install certbot" y eso no era adecuado.		2023-02-28 14:22:51 -06:00
..
ansible	nats: título de tarea más adecuado	2023-02-28 14:22:51 -06:00
containers	Add create images shared library	2022-12-16 17:33:16 -06:00
debian	Debian package build references	2021-09-08 17:01:09 -05:00
hardening	CVE references	2021-09-08 17:50:40 -05:00
info	Diagrama del primer piloto	2021-09-08 00:37:21 -05:00
k8s/operator/docs	Add colors to elements	2022-08-08 20:07:25 -06:00
README.md	Add loolwsd load balance documentation	2021-09-27 21:33:48 -06:00

README.md

= Nextcoloud Appliance

== Server setup

Copy your ssh key to the server for the root user

workstation $ ssh-copy-id root@server_ip

== Ansible Playbooks

Use the ansible playbooks to setup the nextcloud appliance

workstation $ ansible-playbook -i inventory_source, ansible/nextcloud_bootstrap.yaml

Debian 10 needs the Python interpreter setup by setting -e ansible_python_interpreter=/usr/bin/python3 or in the inventory file.

This example runs the playbook with debugging information, for a specific host, and the Python interpreter.

workstation $ ansible-playbook -vvv -u root -i 192.168.1.112, -e ansible_python_interpreter=/usr/bin/python3 nextcloud_appliance.yaml

=== Parameters

There are multiple variables that can be set to customize the nextcloud installation.

To set the Nextcloud instance domain name set the nextcloud_domain_name variable

workstation $ ansible-playbook -vvv -u root -i 192.168.1.112, -e nextcloud_domain_name="nextcloud.example.com" nextcloud_appliance.yaml

== Collabora Office Load Balance

Collabora uses the WOPI procotol. This protocol can be balanced by using the WOPISrc to send the traffic to the proper loolwsd server.

Disable SSL of the loolwsd web service.

==== loolwsd.xml

<enable default="true" desc="Controls whether SSL encryption between browser and loolwsd is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." type="bool">false</enable>
 
<termination default="false" desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool">true</termination>

==== HAProxy

Configure HAProxy to extract the WOPISrc URL parameter and use it to send always the traffic to the same loolwsd backend.

Frontend loolwsdbind \*:443 ssl crt /Path to your certificate_and_key.pem
  http-request set-header X-HAProxy-loolwsd %[url_param(WOPISrc)]
  mode http 
  default_backend loolwsd 
  
backend loolwsd timeout tunnel 3600s 
  mode http 
  balance hdr(X-HAProxy-loolwsd) 
  server lool1 <CE Server 1 IP>:9980 
  server lool2 <CE Server 2 IP>:9980 
  server lool3 <CE Server 3 IP>:99

References:

https://www.microfocus.com/documentation/filr/filr-4/filr-inst/t4duiofh1cz7.html