From 8ef4c44a1ae0bf673fc0f2bb80a3c3a8cfe7a7cd Mon Sep 17 00:00:00 2001
From: Michael Winter <mwinter@unboundedpress.org>
Date: Sat, 3 Jun 2023 16:02:54 +0200
Subject: [PATCH] production working container of collabora

---
 docker-compose.yml               |  4 +--
 nginx/vhost.d/unboundedpress.org | 55 ++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+), 2 deletions(-)
 create mode 100644 nginx/vhost.d/unboundedpress.org

diff --git a/docker-compose.yml b/docker-compose.yml
index ee21326..a9af318 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -296,7 +296,6 @@ services:
     image: collabora/code:22.05.14.3.1
     container_name: collabora
     depends_on:
-      # NOT the reverse proxy, but nginx webserver for nextcloud-fpm image:
       - nextcloud
     cap_add:
      - MKNOD
@@ -307,11 +306,12 @@ services:
       - VIRTUAL_HOST=${DOMAIN},www.${DOMAIN}
       - VIRTUAL_PATH=/collab/
       - VIRTUAL_DEST=/
-      #
       # Extra parameters to Collabora, see also
       # https://www.collaboraoffice.com/code/nginx-reverse-proxy/:
       # SSL terminates at the proxy
       - extra_params=--o:ssl.enable=false --o:ssl.termination=true
+      # NOTE: The file nginx/vhosts.d/unboundedpress.org handles
+      #       routing for collabora on production only
     ports:
       - 9980:9980
 
diff --git a/nginx/vhost.d/unboundedpress.org b/nginx/vhost.d/unboundedpress.org
new file mode 100644
index 0000000..501ab9a
--- /dev/null
+++ b/nginx/vhost.d/unboundedpress.org
@@ -0,0 +1,55 @@
+## Start of configuration add by letsencrypt container
+location ^~ /.well-known/acme-challenge/ {
+    auth_basic off;
+    auth_request off;
+    allow all;
+    root /usr/share/nginx/html;
+    try_files $uri =404;
+    break;
+}
+## End of configuration add by letsencrypt container
+
+
+# The following are all for collabora routing
+
+# static files
+location ^~ /browser {
+  proxy_pass http://unboundedpress.org-cd15914db06db1d6722abd3bcfd0beaa541bbc60;
+  proxy_set_header Host $http_host;
+}
+
+# WOPI discovery URL
+location ^~ /hosting/discovery {
+  proxy_pass http://unboundedpress.org-cd15914db06db1d6722abd3bcfd0beaa541bbc60;
+  proxy_set_header Host $http_host;
+}
+
+# Capabilities
+location ^~ /hosting/capabilities {
+  proxy_pass http://unboundedpress.org-cd15914db06db1d6722abd3bcfd0beaa541bbc60;
+  proxy_set_header Host $http_host;
+}
+
+# main websocket
+location ~ ^/cool/(.*)/ws$ {
+  proxy_pass http://unboundedpress.org-cd15914db06db1d6722abd3bcfd0beaa541bbc60;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection "Upgrade";
+  proxy_set_header Host $http_host;  
+  proxy_read_timeout 36000s;
+}
+
+# download, presentation and image upload
+location ~ ^/(c|l)ool {
+  proxy_pass http://unboundedpress.org-cd15914db06db1d6722abd3bcfd0beaa541bbc60;
+  proxy_set_header Host $http_host;
+}
+
+# Admin Console websocket
+location ^~ /cool/adminws {
+  proxy_pass http://unboundedpress.org-cd15914db06db1d6722abd3bcfd0beaa541bbc60;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection "Upgrade";
+  proxy_set_header Host $http_host;
+  proxy_read_timeout 36000s;
+}