lemur/nextcloud
2022-05-14 00:10:54 -05:00
..
ansible Added ansible.cfg and sample files 2022-05-14 00:10:54 -05:00
debian Debian package build references 2021-09-08 17:01:09 -05:00
hardening CVE references 2021-09-08 17:50:40 -05:00
info Diagrama del primer piloto 2021-09-08 00:37:21 -05:00
README.md Add loolwsd load balance documentation 2021-09-27 21:33:48 -06:00

= Nextcoloud Appliance

== Server setup

Copy your ssh key to the server for the root user

workstation $ ssh-copy-id root@server_ip

== Ansible Playbooks

Use the ansible playbooks to setup the nextcloud appliance

workstation $ ansible-playbook -i inventory_source, ansible/nextcloud_bootstrap.yaml

Debian 10 needs the Python interpreter setup by setting -e ansible_python_interpreter=/usr/bin/python3 or in the inventory file.

This example runs the playbook with debugging information, for a specific host, and the Python interpreter.

workstation $ ansible-playbook -vvv -u root -i 192.168.1.112, -e ansible_python_interpreter=/usr/bin/python3 nextcloud_appliance.yaml

=== Parameters

There are multiple variables that can be set to customize the nextcloud installation.

  • To set the Nextcloud instance domain name set the nextcloud_domain_name variable
workstation $ ansible-playbook -vvv -u root -i 192.168.1.112, -e nextcloud_domain_name="nextcloud.example.com" nextcloud_appliance.yaml

== Collabora Office Load Balance

Collabora uses the WOPI procotol. This protocol can be balanced by using the WOPISrc to send the traffic to the proper loolwsd server.

Disable SSL of the loolwsd web service.

==== loolwsd.xml

<enable default="true" desc="Controls whether SSL encryption between browser and loolwsd is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." type="bool">false</enable>
 
<termination default="false" desc="Connection via proxy where loolwsd acts as working via https, but actually uses http." type="bool">true</termination>

==== HAProxy

Configure HAProxy to extract the WOPISrc URL parameter and use it to send always the traffic to the same loolwsd backend.

Frontend loolwsdbind \*:443 ssl crt /Path to your certificate_and_key.pem
  http-request set-header X-HAProxy-loolwsd %[url_param(WOPISrc)]
  mode http 
  default_backend loolwsd 
  
backend loolwsd timeout tunnel 3600s 
  mode http 
  balance hdr(X-HAProxy-loolwsd) 
  server lool1 <CE Server 1 IP>:9980 
  server lool2 <CE Server 2 IP>:9980 
  server lool3 <CE Server 3 IP>:99

References: