The Way to Your Own Cloud (Part 15) – Your Own Office

Last week I showed how you can set up a solid foundation for knowledge management with a wiki.

Today we take it a step further: an online office where you can edit texts, spreadsheets or presentations directly in the browser.

For this we use Collabora Online – an open-source alternative to Google Docs or Microsoft 365. The best part: several people can work on the same document at the same time – without your data ending up with Google or Microsoft.

Setup

Since Collabora Online does not require a database, you can start directly with the setup.

First, create the working directory:

sudo mkdir -p /opt/collabora

cd /opt/collabora

Inside it, create the file docker-compose.yaml:

services:
  collabora:
    image: localhost:5000/collabora/code:latest
    container_name: collabora
    restart: unless-stopped
    environment:
      - domain=www.your-domain.tld
      - username=random_user_name
      - password=<STRONG-PASSWORD>
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
    ports:
      - "9980:9980"

👉 Note: For random_user_name, choose a fictional name that does not reveal your identity.

Mirror the official image into the local registry as usual:

docker pull collabora/code:latest

docker tag collabora/code:latest localhost:5000/collabora/code:latest

docker push localhost:5000/collabora/code:latest

Start the service:

docker compose up -d

For external accessibility you will again need a dedicated port. The easiest way is to generate one randomly:

echo $(shuf -i 1024-65535 -n 1)

Then create a new NGINX configuration under /etc/nginx/sites-available/collabora:

server {
    listen <RANDOM-PORT> ssl;
    server_name www.your-domain.tld;

    ssl_certificate /etc/letsencrypt/live/www.your-domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.your-domain.tld/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Enable and restart NGINX:

sudo ln -s /etc/nginx/sites-available/collabora /etc/nginx/sites-enabled/

sudo systemctl restart nginx

Open the firewall:

sudo ufw allow <RANDOM-PORT>

sudo ufw reload

Connect with NextCloud

  1. Log into Nextcloud as admin.
  2. Navigate to Apps → Office & Text.
  3. Install the NextCloud Office app.
  4. Under Settings → Administration → Collabora Online, enter the address: https://www.your-domain.tld:<RANDOM-PORT>

From then on you can create and collaboratively edit office documents directly from within Nextcloud.

Backup

Collabora mainly stores configuration data and logs.

To integrate it into the backup system, simply create a plugin at /opt/backup/plugins/collabora.sh:

#!/bin/bash
PLUGIN_OUTPUT_DIR="$1"

log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S.%3N')] $*"
}

COLLABORA_DIR="/opt/collabora"
BACKUP_FILE="$PLUGIN_OUTPUT_DIR/collabora_$(date '+%Y-%m-%d').tar.gz"

log "[INFO] Backing up Collabora data..."
tar -czf "$BACKUP_FILE" -C "$COLLABORA_DIR" .

if [ $? -eq 0 ]; then
    log "[INFO] Backup successful: $BACKUP_FILE"
else
    log "[ERROR] Backup failed!"
fi

Make it executable with:

chmod +x /opt/backup/plugins/collabora.sh

to integrate it into the backup system.

Conclusion

With Collabora Online you have your very own Google Docs in your private cloud.

Texts, spreadsheets and presentations can be collaboratively edited from anywhere – without data leaks to Microsoft or Google.

Quick & Dirty

su -

DOMAIN="www.your-domain.tld"
PORT=$(shuf -i 1024-65535 -n 1)
USERNAME="random_user_name"
PASSWORD="STRONG_PASSWORD"

mkdir -p /opt/collabora && cd /opt/collabora

cat <<EOF > docker-compose.yaml
services:
  collabora:
    image: localhost:5000/collabora/code:latest
    container_name: collabora
    restart: unless-stopped
    environment:
      - domain="$DOMAIN"
      - username="$USERNAME"
      - password="$PASSWORD"
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
    ports:
      - "9980:9980"
EOF

docker pull collabora/code:latest
docker tag collabora/code:latest localhost:5000/collabora/code:latest
docker push localhost:5000/collabora/code:latest

docker compose up -d

cat <<EOF | sudo tee /etc/nginx/sites-available/collabora
server {
    listen $PORT ssl;
    server_name $DOMAIN;

    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:9980;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
}
EOF

sudo ln -s /etc/nginx/sites-available/collabora /etc/nginx/sites-enabled/
sudo systemctl restart nginx

sudo ufw allow $PORT
sudo ufw reload

cat <<'EOF' > /opt/backup/plugins/collabora.sh
#!/bin/bash
PLUGIN_OUTPUT_DIR="$1"

log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S.%3N')] $*"
}

COLLABORA_DIR="/opt/collabora"
BACKUP_FILE="$PLUGIN_OUTPUT_DIR/collabora_$(date '+%Y-%m-%d').tar.gz"

log "[INFO] Backup of Collabora data ..."
tar -czf "$BACKUP_FILE" -C "$COLLABORA_DIR" .

if [ $? -eq 0 ]; then
    log "[INFO] Backup successful: $BACKUP_FILE"
else
    log "[ERROR] Backup failed!"
fi
EOF

chmod +x /opt/backup/plugins/collabora.sh