Hi The binary packages on https://www.collaboraoffice.com/code/ for Debian/Ubuntu/... need some improvements. They are not working out of the box after installation and debugging is hard because the logfile is disabled by default. Logfile: Please consider to change the default value in "/etc/loolwsd/loolwsd.xml" for "<file enable="false">" from "false" to "true" (or add a sed to the postinstall script). Add this to the postinstall script so the logfile works: touch /var/log/loolwsd.log chown lool /var/log/loolwsd.log Logrotate: If there is an logfile there should be logrotate. Please add "/etc/logrotate.d/loolwsd" to the package. Yes there is a build in logrodate which may be fail because of permissions or something else (So I think logrotate is the better solution) /etc/logrotate.d/loolwsd (works for me, maybe there is a better solution): /var/log/loolwsd.log { rotate 7 daily missingok notifempty delaycompress compress create 644 lool root postrotate service loolwsd restart endscript } Certificates: This is the reason why the package is not working out of the box (certificates are missing). Please add this to the postinstall script (or tweak this): openssl genrsa -out /etc/loolwsd/key.pem 4096 openssl req -out /etc/loolwsd/cert.csr -key /etc/loolwsd/key.pem -new -sha256 -nodes -subj "/CN=$(hostname).$(dnsdomainname)" openssl x509 -req -days 3650 -in /etc/loolwsd/cert.csr -signkey /etc/loolwsd/key.pem -out /etc/loolwsd/cert.pem openssl x509 -req -days 3650 -in /etc/loolwsd/cert.csr -signkey /etc/loolwsd/key.pem -out /etc/loolwsd/ca-chain.cert.pem chown lool:lool /etc/loolwsd/key.pem chmod 600 /etc/loolwsd/key.pem This will create self signed certificates valid for 10 years (like the apache snakeoil certificates) This changes should work on all Debian based distributions (debian/ubuntu). The logrotate part maybe need some changes for centos or opensuse. Thanks
Thanks for your suggestions. Loolwsd logs to system journal, you can see the logs with 'journalctl -u loolwsd'. With this in mind, I don't think logging under /var/log and logrotate should be configured by default. Certificates: I think it's hard to develop a foolproof solution here (e.g. we don't want to overwrite certs). In fact, when loolwsd is behind a reverse proxy on the same host or on a safe internal network, even ssl is not necessary. You still need a key.pem for the admin console access token generation, but you don't need the certs.
A if for the certs should be relatively easy: if [ ! -e "/etc/loolwsd/key.pem" ] && [ ! -e "/etc/loolwsd/cert.pem" ] && [ ! -e "/etc/loolwsd/cert.csr" ] && [ ! -e "/etc/loolwsd/ca-chain.cert.pem" ] then openssl genrsa ... ... fi A logfile in "/var/log" is currently much more intuitive. But I see the idea behind journalctl Maybe the things I describe here should be in a "how to install" guide on https://www.collaboraoffice.com/code/ site. There are already proxy configs for apache and nginx, an extra note that the packages do not work out of the box you need to ... is maybe enough
OK, here is some update. https://www.collaboraoffice.com/code/ page was rewritten last week. Hopefully it became clearer. There is also an extra note: "The default configuration is looking for an SSL certificate and key, which are not present, so probably itβs the best to disable SSL, and optionally enable SSL termination, then set up the reverse proxy." So let's close this, I also find it off-topic to discuss contents of Collabora website and CODE packages on TDF Bugzilla.