The bellow is how to set up Nextcloud and collabora online on openLiteSpeed. If you are having trouble with slow Nextcloud, this aricle might be helpfull.
Setup Environment
- OS Ubuntu 22.04
- NextCloud 24.04
- OpenLiteSpeed 1.7 + PHP 8.1
- Collabora Online 22
- SSL LetsEncrypt
Quick Point
- Increase the number of “num_prespawn_children” in the config xml file of Collabora Online. Also setup only work with IPv4 with “net.proto” value. (Collabora Online works behind openLiteSpeed and the connection between the both program only use IPv4. So IPv6 doesn’t needed.)
-
Generate .htaccess file of NextCloud with the command “occ maintenance:update:htaccess”. And setup rewrite rules of openLiteSpeed from the rewrite section of the generated .htaccess file.
- Set up collabora Online as a backend server of openLiteSpeed Reverse Proxy.
Prerequisites
- OS is installed.
- mariaDB is installed and done initial setup.
- This article set up below site.
NextCloud https://nc.you.com/
Collabora Online https://lool.you.com/
When referring to the site, please replace them with the names of your own site.
Initial setting
DB : Create a database for NextCloud in your DB environment
CREATE DATABASE nc;
CREATE USER 'nextcloud'@'127.0.0.1' IDENTIFIED BY 'yourPassWord';
GRANT ALL ON nc.* TO 'nc'@'127.0.0.1';
FLUSH PRIVILEGES;
Change the linux user to root
Change hosts
vi /etc/hosts
---
127.0.0.1 localhost nc.you.com lool.you.com
127.0.1.1 nc.you.com lool.you.com
---
Install Redis
apt install redis-server -y
vi /etc/redis/redis.conf
---
supervised systemd
maxmemory 16mb
maxmemory-policy volatile-lfu
unixsocket /var/run/redis/redis-server.sock
unixsocketperm 777
timeout 60
---
usermod -a -G redis www-data
systemctl enable redis-server
systemctl restart redis.service
systemctl status redis-server
Install other programs if not installed
apt install -y cron vim build-essential
systemctl start cron
systemctl enable cron
OpenLiteSpeed Port 80 + LetsEncrypt
Install OpenLiteSpeed + php 8.1
wget -O - https://repo.litespeed.sh > enable_lst_debian_repo.sh
bash enable_lst_debian_repo.sh
apt update
apt install openlitespeed -y
systemctl status lshttpd
systemctl enable lshttpd
systemctl start lshttpd
# public folders for http
mkdir /var/www/{nextcloud,80}
chown -R www-data:www-data /var/www/
# folders of the virtual host config files
mkdir -p /usr/local/lsws/conf/vhosts/{nextcloud,httpPort,loolProxy}
chown www-data:www-data /usr/local/lsws/conf/vhosts/{nextcloud,httpPort,loolProxy}
# root folders of vertual hosts
mkdir -p /usr/local/lsws/vhosts/{nextcloud,httpPort,loolProxy}
chown www-data:www-data /usr/local/lsws/vhosts/{nextcloud,httpPort,loolProxy}
# PHP 8.1
apt install -y lsphp81 lsphp81-curl lsphp81-dev lsphp81-mysql lsphp81-redis lsphp81-apcu lsphp81-intl lsphp81-imagick
# to use php-imagick function fully
apt install -y libmagickcore-6.q16-6-extra
# main config file. The below shows only changed lines.
vi /usr/local/lsws/conf/httpd_config.conf
---
serverName nc.you.com
#user nobody
#group nogroup
user www-data
group www-data
#indexFiles index.html, index.php
indexFiles index.html, index.php, index.htm
#path lsphp73/bin/lsphp
path lsphp81/bin/lsphp
---
# re-install. you need this command when changed user and group.
apt -y install --reinstall openlitespeed
# set admin password
/usr/local/lsws/admin/misc/admpass.sh
User name [admin]: your Name
Password: yourPassword
Retype password: yourPassword
# make ram disk
mkdir /tmp/ram
mount -t tmpfs -o size=8m /dev/shm /tmp/ram
vi /etc/fstab
---
tmpfs /tmp/ram tmpfs defaults,noatime,size=8m 0 0
---
# php setting. The below shows only chnaged (or added) lines.
vi /usr/local/lsws/lsphp81/etc/php/8.1/litespeed/php.ini
---
memory_limit = 512M
upload_max_filesize = 64M
max_file_uploads = 100
post_max_size = 40M
output_buffering = Off
date.timezone = "Asia/Tokyo"
[Pdo_mysql]
# the below is depend on you environment
pdo_mysql.default_socket = /var/run/mysqld/mysqld.sock
[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=32
opcache.max_accelerated_files=1000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1
opcache.jit=on
opcache.jit_buffer_size=128M
apc.enabled=1
apc.enable_cli = 1
apc.shm_size=64M
apc.ttl=3600
apc.gc_ttl=3600
---
# nobody user folder. will be made by www-date user automatically.
rm -rf /tmp/lshttpd
# openLiteSpeed admin panel setting
vi /usr/local/lsws/admin/conf/admin_config.conf
---
# change below seciotn like this.
listener adminListener {
address *:7080
secure 0
keyFile /etc/letsencrypt/live/nc.you.com/privkey.pem
certFile /etc/letsencrypt/live/nc.you.com/fullchain.pem
clientVerify 0
}
---
systemctl restart lshttpd
# to use php 8.1 easily
su - www-data
vi ~/.bash_profile
---
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
---
vi ~/.bashrc
---
alias lsphp='/usr/local/lsws/lsphp81/bin/php -c /usr/local/lsws/lsphp81/etc/php/8.1/litespeed/php.ini'
---
source ~/.bashrc
exit
# also root user
vi ~/.bashrc
---
# 以下1行を追加
alias lsphp='/usr/local/lsws/lsphp81/bin/php -c /usr/local/lsws/lsphp81/etc/php/8.1/litespeed/php.ini'
---
source ~/.bashrc
Set up http port 80. (It can also be configured on the admin panel http://nc.you.com:7080/ )
vi /usr/local/lsws/conf/httpd_config.conf
---
# Add below section
virtualhost httpPort {
vhRoot $SERVER_ROOT/vhosts/$VH_NAME/
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
allowSymbolLink 1
enableScript 0
restrained 1
}
# Change below setion like this
listener Default {
address *:80
secure 0
map httpPort nc.you.com, lool.you.com
}
---
# make new file
vi /usr/local/lsws/conf/vhosts/httpPort/vhconf.conf
---
docRoot /var/www/80/
errorlog $SERVER_ROOT/logs/$VH_NAME_error.log {
useServer 0
logLevel ERROR
rollingSize 10k
keepDays 90
}
accesslog $SERVER_ROOT/logs/$VH_NAME_access.log {
useServer 0
logFormat %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"
rollingSize 10k
keepDays 90
}
---
chown lsadm:www-data /usr/local/lsws/conf/vhosts/httpPort/vhconf.conf
LetsEncrypt
apt install certbot -y
# get the SSL certificate. Dont forget to change the e-mail address to your own one.
certbot certonly --non-interactive --agree-tos -m yourmail@mail.com --webroot -w /var/www/80/ -d nc.you.com -d lool.you.com
vi /etc/cron.d/certbot
---
# change
#0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --deploy-hook "systemctl restart lshttpd"
---
openlitespeed global setting
To access https://nc.you.com:7080/
vi /usr/local/lsws/admin/conf/admin_config.conf
---
# change this section like below
listener adminListener {
address *:7080
secure 1
keyFile /etc/letsencrypt/live/nc.you.com/privkey.pem
certFile /etc/letsencrypt/live/nc.you.com/fullchain.pem
clientVerify 0
}
---
Change the global setting.
# The below shows only chnaged (or added) lines.
vi /usr/local/lsws/conf/httpd_config.conf
---
# add below line around top global section around user / group setting
statDir /tmp/ram/
# change below line and add one line of autoIndex,
indexFiles index.html, index.phpi, index.htm
autoIndex 0
# change this secion's maxConns and env
extprocessor lsphp {
maxConns 200
env PHP_LSAPI_CHILDREN=200
env LSAPI_AVOID_FORK=200M
}
---
Install NextCloud
Download and put it on the public folder.
mkdir ~/src/
cd ~/src/
# Check the nextcloud site to chose the latest version. the below is the example of version 24.0.4.
wget https://download.nextcloud.com/server/releases/nextcloud-24.0.4.tar.bz2
tar xf nextcloud-24.0.4.tar.bz2
cp -r ./nextcloud/. /var/www/nextcloud/
mkdir /var/www/nextcloud/{data,.well-known}
mkdir /var/www/nextcloud/.well-known/{carddav,caldav,webfinger,nodeinfo}
chown -R www-data:www-data /var/www/nextcloud/
NextCloud config file setting
vi /var/www/nextcloud/config/config.php
---
# the below is only changed (or added) line. Don't erase other lines
$CONFIG = array (
'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Redis',
'redis' =>
array (
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
'timeout' => 0.0,
),
'memcache.locking' => '\OC\Memcache\Redis',
'overwrite.cli.url' => 'https://nc.you.com/',
'htaccess.RewriteBase' => '/',
---
re-generate .htaccess file.
su - www-data
lsphp /var/www/nextcloud/occ maintenance:update:htaccess
exit
Open the /var/www/nextcloud/.htaccess file and check the <IfModule mod_rewrite.c> sections. (There is more then two secions of “mod_rewrite.c”)
Move the contents of the sections to [rewrite]=>[rules] setting of the virtual host setting of OpenLiteSpeed. Please refere the section in the below virtual host setting. Also, change RewriteRule prefixes with ^ to ^/. Only for .htaccess, the description rules are slightly different from those of Apache.
NextCloud virtual host setting of OpenLiteSpeed
vi /usr/local/lsws/conf/httpd_config.conf
---
# add below sections
virtualhost nextcloud {
vhRoot $SERVER_ROOT/vhosts/$VH_NAME/
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
allowSymbolLink 1
enableScript 1
restrained 1
}
listener nextcloud {
address *:443
secure 1
keyFile /etc/letsencrypt/live/nc.you.com/privkey.pem
certFile /etc/letsencrypt/live/nc.you.com/fullchain.pem
map nextcloud nc.you.com
}
---
# make this file
vi /usr/local/lsws/conf/vhosts/nextcloud/vhconf.conf
---
docRoot /var/www/nextcloud/
enableGzip 1
errorlog $SERVER_ROOT/logs/nextcloud_error.log {
useServer 0
logLevel ERROR
rollingSize 10M
keepDays 30
}
accesslog $SERVER_ROOT/logs/nextcloud_access.log {
useServer 0
logFormat %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"
rollingSize 10M
keepDays 30
}
index {
useServer 0
}
errorpage 403 {
url /
}
errorpage 404 {
url /
}
context / {
allowBrowse 1
extraHeaders Strict-Transport-Security "max-age=15552000; includeSubDomains;preload"
rewrite {
}
addDefaultCharset off
phpIniOverride {
}
}
rewrite {
enable 1
autoLoadHtaccess 0
rules <<<END_rules
RewriteRule ^/data/.*$ - [F,L]
RewriteRule ^/config/.*$ - [F,L]
# add below from .htacccess file. erase this comment line. i dont kwno how to comment.
RewriteCond %{HTTP_USER_AGENT} DavClnt
RewriteRule ^$ /remote.php/webdav/ [L,R=302]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^/.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^/.well-known/caldav /remote.php/dav/ [R=301,L]
RewriteRule ^/remote/(.*) remote.php [QSA,L]
RewriteRule ^/(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
RewriteRule ^/.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
RewriteRule ^/(?:.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
RewriteRule ^/core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
RewriteRule ^/core/preview.png$ index.php [PT,E=PATH_INFO:$1]
RewriteCond %{REQUEST_FILENAME} !.(css|js|svg|gif|png|html|ttf|woff2?|ico|jpg|jpeg|map|webm|mp4|mp3|ogg|wav|wasm|tflite)$
RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php
RewriteCond %{REQUEST_FILENAME} !/core/img/(favicon.ico|manifest.json)$
RewriteCond %{REQUEST_FILENAME} !/(cron|public|remote|status).php
RewriteCond %{REQUEST_FILENAME} !/ocs/v(1|2).php
RewriteCond %{REQUEST_FILENAME} !/robots.txt
RewriteCond %{REQUEST_FILENAME} !/(ocm-provider|ocs-provider|updater)/
RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
RewriteCond %{REQUEST_FILENAME} !/richdocumentscode(_arm64)?/proxy.php$
RewriteRule . index.php [PT,E=PATH_INFO:$1]
END_rules
}
---
# check the config files
/usr/local/lsws/bin/openlitespeed -t
systemctl restart lshttpd
Install Collabola Online
Install it.
cd /usr/share/keyrings
sudo wget https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg
# make a file
vi /etc/apt/sources.list.d/collaboraonline.sources
---
Types: deb
URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-ubuntu2204
Suites: ./
Signed-By: /usr/share/keyrings/collaboraonline-release-keyring.gpg
---
# install
apt update
apt install coolwsd code-brand -y
# setting
loolconfig set ssl.enable false
loolconfig set ssl.termination true
loolconfig set storage.wopi.host nc.you.com
loolconfig set server_name lool.you.com
# set admin password
loolconfig set-admin-password
# change the setting file
vi /etc/coolwsd/coolwsd.xml
---
# change the following three setting
# net.proto => IPv4
# num_prespawn_children => 10
# allowed_languages => en_US
---
systemctl enable coolwsd
systemctl start coolwsd
# check the status
systemctl status coolwsd
virtual host setting of OpenLiteSpeed (reverse proxy with websocket.)
vi /usr/local/lsws/conf/httpd_config.conf
---
# add below section
virtualhost loolProxy {
vhRoot $SERVER_ROOT/vhosts/$VH_NAME/
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
allowSymbolLink 1
enableScript 1
restrained 1
}
# change below seciton (add last one line )
listener nextcloud {
address *:443
secure 1
keyFile /etc/letsencrypt/live/nc.you.com/privkey.pem
certFile /etc/letsencrypt/live/nc.you.com/fullchain.pem
map nextcloud nc.you.com
map loolProxy lool.you.com
}
---
# make this file
vi /usr/local/lsws/conf/vhosts/loolProxy/vhconf.conf
---
docRoot /var/www/80
errorlog $SERVER_ROOT/logs/$VH_NAME_error.log {
useServer 0
logLevel ERROR
rollingSize 10M
keepDays 30
}
accesslog $SERVER_ROOT/logs/$VH_NAME_access.log {
useServer 0
logFormat %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"
rollingSize 10M
keepDays 30
}
extprocessor lool {
type proxy
address 127.0.0.1:9980
maxConns 100
pcKeepAliveTimeout 60
initTimeout 60
retryTimeout 0
respBuffer 0
}
context / {
type proxy
handler lool
addDefaultCharset off
}
websocket / {
address 127.0.0.1:9980
}
---
# check the config files
/usr/local/lsws/bin/openlitespeed -t
systemctl restart lshttpd
In the end
Access https://nc.you.com/ and do initial setting. After login with admin account on your NextCloud, Set up [office] section of setting and cheking “Use you own server” and put the server URL “https://lool.you.com/”.
Next cloud and Collabora online will be work with above settings.