I tried Collabora CODE with podman and it works, looks great. Thx!
Are there some docs about security.
https://mydomain:9980 is open to the world. Behind a proxy, but everyone can access mydomain:9980/hosting/discovery
Acces sites like https://mydomain:9980/cool/getMetrics and https://mydomain:9980/browser/dist/admin/admin.html are secured by basic auth. Without user/password, there is no access. (I think )
With aliasgroup i set the wopiserver and net.frame_ancestors who is allowed to embed in frame.
Is this the way it works, or do I have to secure it some more, that no unwanted service is using my collabora service in their environment or does some harmful stuff.
Thx
Chris
@chrismaster Welcome to the Collabora Online forums!
To enhance the security and configuration of your Collabora CODE instance, refer to the following resources from the Collabora Online SDK documentation:
-
Security Settings:
- The Collabora Online SDK provides detailed security settings you can configure. Refer to the Security Settings Documentation for guidelines on SSL settings, network settings, and other security measures.
-
Configuration Topics:
- The configuration section includes various topics such as SSL settings, network settings, and more. Review the detailed configurations here: Configuration Documentation.
-
Proxy Settings:
- If you need to run Collabora Online behind a corporate firewall or set up load balancing, you can configure the
coolwsd
daemon to use different ports. By default, it listens on port 9980, but you can change this using the--port
command line option. For more details on setting up a reverse proxy, refer to the Proxy Settings Documentation.
- If you need to run Collabora Online behind a corporate firewall or set up load balancing, you can configure the
Let me know if you need more support.
Thanks,
Darshan