Make Collabora proxy work over SSL · encode42.dev/nixos@0e57dec

encode42.dev / nixos

fork atom

Personal-use NixOS configuration

fork atom

Make Collabora proxy work over SSL

encode42.dev 3 months ago 0e57dec9 6b1dce8e

+16 -3

2 changed files

expand all

hosts

index

config

groupware

cells.nix

packages

server

groupware

collabora.nix

+8 -1

hosts/index/config/groupware/cells.nix

··· 1 1 { flakeRoot, ... }: 2 2 3 3 let 4 + hostname = "drive.encrypted.group"; 5 + localHostname = "drive.local.encrypted.group"; # TODO: this can change 6 + 4 7 cellsModule = import (flakeRoot + /packages/server/groupware/cells.nix) { 5 8 hosts = [ 6 9 { ··· 8 11 ssl = "internal"; 9 12 } 10 13 { 11 - name = "drive.encrypted.group"; 14 + name = hostname; 12 15 ssl = "cloudflare"; 13 16 14 17 useLocal = true; ··· 36 39 "/mnt/apps/pydio" 37 40 "/mnt/data/pydio" 38 41 ]; 42 + 43 + services.collabora-online = { 44 + aliasGroups = [ { host = "https://${hostname}:443"; } { host = "https://${localHostname}:443"; } ]; # TODO: messy 45 + }; 39 46 }

+8 -2

packages/server/groupware/collabora.nix

··· 1 - { config, pkgs, ... }: 1 + { config, pkgs, pkgs-personal, ... }: 2 2 3 3 # Socket support: https://github.com/CollaboraOnline/online/issues/7156 4 4 ··· 9 9 10 10 services.collabora-online = { 11 11 enable = true; 12 + 13 + package = pkgs-personal.collabora-online; 12 14 13 15 settings = { 14 16 languagetool = { ··· 38 40 }; 39 41 40 42 ssl = { 41 - enable = false; 43 + # SSL is not needed as Collabora will always be run locally and/or reverse proxied with SSL. 44 + # However, SSL is still required by some services (Pydio Cells) in order to connect through secure websockets. 45 + enable = true; 46 + termination = true; 47 + ssl_verification = false; 42 48 }; 43 49 44 50 wasm = {