Secure my Collabora office

djshades2004 · January 27, 2025, 1:56pm

Hi, I currrently have the application installed on the same server as my nextcloud server in docker. this is the command I used:

docker run -t -d -p 192.168.1.182:9980:9980 -e “aliasgroup1=https://nextcloud.domain.online:443” --restart always collabora/code

how can I make sure that no one uses my office server domain located at: office.domain.online.

I have seen details about editing an xml file but how do I do that with a docker container image.

darshan · January 27, 2025, 3:04pm

hii @djshades2004 welcome to the collabora online forum

To ensure that no one else uses your Collabora Office server (hosted at office.domain.online), you can secure it by restricting access to only your Nextcloud server. Here’s how:

Alias Group Security:
In your docker run command, you’ve already added the aliasgroup1 to allow only requests from https://nextcloud.domain.online. This is a good first step.
Edit Security Settings in XML:
To further restrict access, you’ll need to edit the coolwsd.xml configuration file. Since you’re using Docker:
- Access the container:
```
docker exec -it <container_name> bash
```
- Locate the XML file (usually at /etc/coolwsd/coolwsd.xml) and make necessary changes.
Forum Resources:
These threads provide detailed steps to secure your server:
- How to secure CODE in the context of Nextcloud
- Security and Collabora CODE (hosting/discovery)
Explore More Solutions:
There are several other topics on the Collabora Online forums related to securing your setup. Explore the forums to discover more ways to restrict access and ensure a secure deployment.

https://forum.collaboraonline.com/search?q=secure

Thanks
Darshan

djshades2004 · January 27, 2025, 3:36pm

Thank you Darshan for your reply, I wondered what the aliasgroup statement did. Should this be enough for security?

darshan · January 27, 2025, 4:25pm

Hi @djshades2004,

I hope you’re doing well!
To help you secure your environment, I recommend checking out the official documentation here:
Collabora Online Security Settings

It provides detailed guidance on setting up options to enhance the security of your deployment.

Thanks,
Darshan

iamdoubz · January 27, 2025, 5:23pm

You can do quick additional things:

docker run -t -d -p 127.0.0.1:9980:9980 -e “aliasgroup1=https://nextcloud.domain.online:443” --restart always collabora/code

This binds to localhost. You will have to use your reverse proxy to redirect your Collabora office URL to it.

Additionally, you can “map” the quoted xml file to a local file and change the contents of the file to only read from your local IP’s.

docker run -t -d -p 127.0.0.1:9980:9980 -v /local/docker/filepath/coolwsd.xml:/etc/coolwsd/coolwsd.xml:rw -e “aliasgroup1=https://nextcloud.domain.online:443” --restart always collabora/code

You also should add to your environment -e a username and password to further harden your “admin” Collabora path.

Topic		Replies	Views
Help needed with Network settings Installation & Configuration	7	1148	September 19, 2024
How to secure CODE in the context of NextCloud? Installation & Configuration	4	1283	September 22, 2022
Problems after latest raft of Collabora updates in Ubuntu Server 22.04 User Support	0	442	December 13, 2023
How to Secure the Collabora/Languagetool Docker Image Installation & Configuration	3	786	November 29, 2022
Collabora Code & Nextcloud in docker works - but doesn't Installation & Configuration english-en	3	1200	March 7, 2024

Secure my Collabora office

Related topics