Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Libreoffice-online
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
timeraider
n00b
n00b


Joined: 27 Jul 2015
Posts: 41

PostPosted: Wed Nov 23, 2016 9:37 am    Post subject: Libreoffice-online Reply with quote

Dear Gentoo community,

I would like to advertise my overlay for libreoffice-online at https://github.com/timeraider4u/libreoffice-online.git with the corresponding ebuilds. With these ebuilds you do not need any Docker container to get the collaborative office suite running but can install them on any workstation or virtual machine directly instead.

Feel free to use, fork and modify them.
Back to top
View user's profile Send private message
MageSlayer
Apprentice
Apprentice


Joined: 26 Jul 2007
Posts: 250
Location: Ukraine

PostPosted: Tue Dec 06, 2016 5:59 pm    Post subject: Reply with quote

Amazing.
I've just wondered if any real-time collaboration is finally available on Linux!

I wondering - should I install OwnCloud/NextCloud/... as well to get a "full" Google Docs-like solution?
Where would it save documents if *Cloud is not installed? Maybe some clarifications/FAQ on github for others to see?
Back to top
View user's profile Send private message
timeraider
n00b
n00b


Joined: 27 Jul 2015
Posts: 41

PostPosted: Wed Dec 07, 2016 4:43 pm    Post subject: Reply with quote

Yes, you are right. I will add some more instructions on how to use it when I have some time.

Basically, as far as I have found out yet, the back-end-storage can be used in two different modes:
filesystem or webdav (I have not had time to test the later one, so no guarantee is given that it will work)

You can configure this in
Code:
/etc/loolwsd/loolwsd.xml
inside the tag
Code:
<storage>...</storage>

The important thing is the boolean value for attribute allow in:
Code:
<filesystem allow="true"/>
.
You can then open the file
Code:
/var/lib/libreoffice-online/home/hello.odt
by opening
https://localhost:9980/loleaflet/loleaflet.html?file_path=file:///var/lib/libreoffice-online/home/hello.odt&host=wss://localhost:9980
in your web-browser.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Mon Aug 13, 2018 12:44 pm    Post subject: Reply with quote

Sorry for digging out this old thread, but I am still looking for a way to implement online office in my nextcloud without the need of docker bloat. Now, if reading the following blog correctly colabora online without docker would mean to compile libreoffice and libreoffice online. Thats where I found this thread and I now am wondering, wether this still works as the github entries are 1-2 years old.

https://blog.emrich-ebersheim.de/2017/03/31/collabora-online-fuer-nextcloud-auf-ubuntu-16-04-ohne-docker/

Could this blog serve for creating an actual ebuild for this? Unfortunatelly I am not capable to create an ebuild myself :oops:

Or is the only way to use docker in the end? I dont hope so, as I read some posts about running nextcloud and online office on the same server and set it up without docker.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15463

PostPosted: Tue Aug 14, 2018 2:19 am    Post subject: Reply with quote

Docker is just a way of bundling together packages so you don't need to know what you're doing to get something going. If a project can be made to run in Docker, then you can get it to run without Docker, if you have enough patience and information about its requirements. Whether that is a worthwhile use of your time is a separate question.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Wed Jan 30, 2019 1:11 am    Post subject: Reply with quote

I am still interested to integrate office document integration in my nextcloud but still not willing to do it the docker way. Is there some information available, on howto to do this with gentoo? I would really like to avoid the docker bloat but if there is no other way I maybe will have to think about docker anyhow.
Back to top
View user's profile Send private message
xdch47
n00b
n00b


Joined: 01 May 2019
Posts: 6

PostPosted: Wed May 01, 2019 9:02 am    Post subject: Reply with quote

Hi,

I just want to invite those of you, who are still interested in the topic to try the ebuild from my overlay ( https://github.com/xdch47/gpo-xdch47/tree/master/www-apps/libreoffice-online ).
It's in a kind of simple and in a quite initial state, so feedback and improvements are welcome :) !

In case that /var and /usr are on different partition/subvol's I recommend to copy /usr/lib64/libreoffice to the same partition and adapt the lo_template_path in /etc/libreoffice-online/loolwsd.xml
(Otherwise the jails will copy instead of symlinking all lib's, what takes quite a while)

Setup:
Code:

loolconfig update-system-template
loolconfig set-admin-password

rc-service loolwsd start

--> Test the admin console: https://localhost:9980/loleaflet/dist/admin/admin.html

Nextcloud integration:
Works fine so far (allow your hostnames in the wopi section!), except the pdf export (lool (secomp??) bug).
--> Configure apache/nginx as reverse proxy (template configuration are available at /etc/apache2/conf-available/loolwsd.conf /etc/nginx/snippets/loolwsd.conf)
--> Add the collabora nextcould app and insert our lool-hostname

Done!
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Fri May 10, 2019 7:53 pm    Post subject: Reply with quote

Hey xdch47 and thanks for joining this forum to offer us this opportunity to test. I will check and try your ebuild.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Thu May 16, 2019 4:19 pm    Post subject: Reply with quote

It successfully built and setup, but service is crashing when launching it. Please tell me, where I can find information helping to identify why it is crashing.

Code:
/etc/init.d/loolwsd start
 * Starting loolwsd ...                                                                                      [ ok ]

/etc/init.d/loolwsd status
 * status: crashed


And regarding the vhost configuration here is what I have prepared sofar.
http://dpaste.com/3GGRG17

ls -l /var/www/lool/htdocs/
Code:
lrwxrwxrwx 1 root root 30 16. Mai 15:47 lool -> /usr/share/libreoffice-online/


Would that be correct?

On a browser issuing http://lool.mydomain.com -> shows me the content of /usr/share/libreoffice-online.

Executing loolwsd as user lool:
Code:
su - lool
lool@srvhostname ~ $ loolwsd --debug
Unknown option specified: debug
-29283 2019-05-17 12:32:11.165189 [ loolwsd ] WRN  Waking up dead poll thread [delay_poll], started: false, finished: false| ./net/Socket.hpp:622
-29283 2019-05-17 12:32:11.165317 [ loolwsd ] WRN  Waking up dead poll thread [delay_poll], started: false, finished: false| ./net/Socket.hpp:622
<shutdown>-29283 2019-05-17 12:32:11.165431 [ loolwsd ] WRN  Waking up dead poll thread [accept_poll], started: false, finished: false| ./net/Socket.hpp:622
<shutdown>-29283 2019-05-17 12:32:11.165488 [ loolwsd ] WRN  Waking up dead poll thread [accept_poll], started: false, finished: false| ./net/Socket.hpp:622
<shutdown>-29283 2019-05-17 12:32:11.165512 [ loolwsd ] WRN  Waking up dead poll thread [websrv_poll], started: false, finished: false| ./net/Socket.hpp:622
<shutdown>-29283 2019-05-17 12:32:11.165529 [ loolwsd ] WRN  Waking up dead poll thread [websrv_poll], started: false, finished: false| ./net/Socket.hpp:622
<shutdown>-29283 2019-05-17 12:32:11.165544 [ loolwsd ] WRN  Waking up dead poll thread [accept_poll], started: false, finished: false| ./net/Socket.hpp:622
<shutdown>-29283 2019-05-17 12:32:11.165559 [ loolwsd ] WRN  Waking up dead poll thread [accept_poll], started: false, finished: false| ./net/Socket.hpp:622
<shutdown>-29283 2019-05-17 12:32:11.165579 [ loolwsd ] WRN  Waking up dead poll thread [prisoner_poll], started: false, finished: false| ./net/Socket.hpp:622
<shutdown>-29283 2019-05-17 12:32:11.165604 [ loolwsd ] WRN  Waking up dead poll thread [prisoner_poll], started: false, finished: false| ./net/Socket.hpp:622
<shutdown>-29283 2019-05-17 12:32:11.165619 [ loolwsd ] WRN  Waking up dead poll thread [websrv_poll], started: false, finished: false| ./net/Socket.hpp:622
<shutdown>-29283 2019-05-17 12:32:11.165630 [ loolwsd ] WRN  Waking up dead poll thread [websrv_poll], started: false, finished: false| ./net/Socket.hpp:622


I also tried to change log level to debug but I see no log in /var/log/ named libreoffice-online.log and no entries in /var/log/messages either
Back to top
View user's profile Send private message
xdch47
n00b
n00b


Joined: 01 May 2019
Posts: 6

PostPosted: Mon May 20, 2019 5:51 pm    Post subject: Reply with quote

Hi

logfile should be found at
Code:

ls -l /var/log/libreoffice-online
-rw-r--r-- 1 lool lool 199346 20. Mai 19:30 loolwsd.log


did you ran something to update / create the systemtemplates ?
e.g.
Code:

loolconfig update-system-template


do you have access to the admin console ?
-> http://lool.mydomain.com/loleaflet/dist/admin/admin.html
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Mon May 20, 2019 7:12 pm    Post subject: Reply with quote

Yes, following your description I issued:
loolconfig update-system-template
Code:

Running the following command:
su lool --shell=/bin/sh -c 'loolwsd-systemplate-setup /var/lib/libreoffice-online/systemplate  /usr/lib64/libreoffice >/dev/null 2>&1'


loolwsd.log

As /etc/init.d/loolwsd status is showing
crashed

There is no listening port for loolwsd. (checked with netstat -plnt)

No access to admin console - Browser is showing
Code:
Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Apache Server at lool.mydomain.com Port 443
Back to top
View user's profile Send private message
xdch47
n00b
n00b


Joined: 01 May 2019
Posts: 6

PostPosted: Tue May 21, 2019 7:00 am    Post subject: Reply with quote

hi,
could be an ipv6 related configuration problem. maybe you can try to set the protocol to IPv4

edit loolwsd.xml or use loolconfig
Code:

loolconfig set net.proto IPv4


Quote:


ls -l /var/www/lool/htdocs/
Code:
lrwxrwxrwx 1 root root 30 16. Mai 15:47 lool -> /usr/share/libreoffice-online/


Would that be correct?

On a browser issuing http://lool.mydomain.com -> shows me the content of /usr/share/libreoffice-online.


this is not necessary afaik. i think loolwsd is an acronym: LibreOffice-OnLine-WebServer-Damon
so your webserver does not need to have access to those files - libreoffice-online comes along with it's own webserver
your websever can be used as a reverse proxy to access the loolwsd locally running on port 9980.
for the reverse proxy configuration have a look at /etc/apache2/conf-available/loolwsd.conf
however, if your going to access externally you that make sure that your ip address is allowed - see the <net></net> of loolwsd.xml

hopefully,
that helps !


Last edited by xdch47 on Tue May 21, 2019 10:29 am; edited 1 time in total
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Tue May 21, 2019 10:27 am    Post subject: Reply with quote

Hey, xdch47, it does :)

You were right. Setting the protocol to IPv4 lets the service start successfully, and netstat shows, it listens to port 9980 and 9981.
Code:
tcp        0      0 0.0.0.0:9980            0.0.0.0:*               LISTEN      30368/loolwsd       
tcp        0      0 127.0.0.1:9981          0.0.0.0:*               LISTEN      30368/loolwsd


I modified vhost configuration to the following and now I can access LibreoOffice Online - Administratorkonsole via http://lool.mydomain.com/loleaflet/dist/admin/admin.html but not via lool.mydomain.com where webserver shows forbidden, I guess this is normal? Adding a line lool.mydomain.com in wopi section and configuring libreoffice online app works fine, so I think I should be good, and there is no need to access libreofficeonline directly via lool.mydomain.com? Finally what would I need to be able to export documents as pdf?

Code:
## Another Virtual hosts statemes ending in </VirtualHost> ###

<VirtualHost *:80>
        ServerName lool.mydomain.com
# Redirect to SSL
         RewriteEngine On
         RewriteCond %{HTTPS} !on
         RewriteRule ^/(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R]
</VirtualHost>
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
<VirtualHost *:443>
                ServerName lool.mydomain.com
# Apache2 reverse proxy configuration for Collabora Online / LibreOffice Online
# Internet <-- SSL --> Reverse Proxy <-- No SSL --> loolwsd
# Make sure that you enable the following Apache2 modules: proxy, proxy_wstunnel, and proxy_http.
# Create a virtual host for Collabora Online / LibreOffice Online and include this configuration file.

  Options -Indexes

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet http://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet http://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery http://127.0.0.1:9980/hosting/discovery

  # Capabilities
  ProxyPass           /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" ws://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws ws://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool http://127.0.0.1:9980/lool
  ProxyPassReverse    /lool http://127.0.0.1:9980/lool

                ErrorLog /var/log/apache2/lool.mydomain.com-ssl_error_log
                <IfModule log_config_module>
                                TransferLog /var/log/apache2/lool.mydomain.com-ssl_access_log
                </IfModule>

                SSLEngine on
      SSLCipherSuite "EECDH+AESGCM EDH+AESGCM EECDH -RC4 EDH -CAMELLIA -SEED !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
      SSLCertificateFile /path/to/cert/fullchain.pem
                SSLCertificateKeyFile /path/to/cert/privkey.pem
                SSLUseStapling on
      Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>

                <IfModule setenvif_module>
                                BrowserMatch ".*MSIE.*" \
                                                nokeepalive ssl-unclean-shutdown \
                                                downgrade-1.0 force-response-1.0
                </IfModule>

                <IfModule log_config_module>
                                CustomLog /var/log/apache2/ssl_request_log \
                                                "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
                </IfModule>
</VirtualHost>


Again thank you alot for making this possible by sharing your ebuild :D


Last edited by Elleni on Tue May 21, 2019 5:54 pm; edited 1 time in total
Back to top
View user's profile Send private message
xdch47
n00b
n00b


Joined: 01 May 2019
Posts: 6

PostPosted: Tue May 21, 2019 5:47 pm    Post subject: Reply with quote

nice !

yes, it fine to use it without certificate the reverse proxy-way - no need for direct access.

it seems that for pdf export there is a seccomp problem - maybe as a work around seccomp could be disabled - have not tested yet.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Tue May 21, 2019 6:14 pm    Post subject: Reply with quote

Indeed :D

Did a quick test putting seccomp to false and restarting loolwsd, but it does not work yet. Nevermind - I am happy, I have got running. This is so cool :)
Back to top
View user's profile Send private message
xdch47
n00b
n00b


Joined: 01 May 2019
Posts: 6

PostPosted: Tue May 21, 2019 7:47 pm    Post subject: Reply with quote

the pdf issue might be related to this: https://bugs.documentfoundation.org/show_bug.cgi?id=121429

dev-libs/nss does not place the libraries at usr/lib/*/nss/*.so as assumed here https://gerrit.libreoffice.org/plugins/gitiles/online/+/ae005d654c4b2304e41231b76ccd08ebc27ca55c%5E%21

however even after verifying that all libraries exist (lddtree -R does a great job!) I did not get pdf export working… :( :(
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Fri May 24, 2019 7:10 pm    Post subject: Reply with quote

Sooner or later we'll find out or it will be fixed, no doubt :)

I have a question: Compared to my desktop there are much less fonts in libreoffice-online. How would I get the same fonts, you get in normal gentoo installation?
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Mon Aug 19, 2019 7:28 pm    Post subject: Reply with quote

After having updated my nextcloud server and thus libreoffice to version 6.3.0.4, libreoffice-online does not work anymore on my nextcloud instance. I can still access the webinterface on
Code:

https://lool.mydomain.com/loleaflet/dist/admin/admin.html


But trying to open a document I get a message, like colabora online cannot be loaded, try again later within nextcloud. I guess, there could be needed an updated libreoffice-online ebuild?

loolwsd.log
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Tue Nov 05, 2019 12:01 am    Post subject: Reply with quote

I have a question concerning letsencrypt certificate renewal for libreoffice-online. When stopping apache and spinning the webserver, certbot brings with it, it works. But how can I enable getting automatic certificate renewal for my lool.mydomain.com with webroot option without stopping my local apache on the server?

Certbot fails for this domain as lool.mydomain.com is not accessible (403 forbidden).

http://lool.mydomain.com/loleaflet/dist/admin/admin.html is working (but is asking for username and password as expected) and I am out of ideas howto automate certificate renewal including lool domain. For every other domain it works just fine.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15463

PostPosted: Tue Nov 05, 2019 2:27 am    Post subject: Reply with quote

As I understand certbot, if you want to use HTTP/S based validation, then you need to serve to the validation bot the expected proof of ownership token. The easiest way to do this would be to configure Apache not to restrict access to the directory where the proof of ownership is hosted. There is no reason to stop the local Apache and run a Certbot HTTP server. You can instead configure Apache to serve the relevant directory, and have Certbot store the proof files there. The Certbot Apache plugin is intended for this use case.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Tue Nov 05, 2019 5:52 am    Post subject: Reply with quote

Hello Hu,

you are right, and while it works as intended on every other subdomain I host, it does not for lool.mydomain.ch because there is proxy pass configured for libreoffice-online, and I dont know, how to modify the corresponding vhost in order to let letsencrypt do it's magic for lool.mydomain.com
Code:
## Another Virtual hosts statemes ending in </VirtualHost> ###

<VirtualHost *:80>
        ServerName lool.mydomain.com.ch
# Redirect to SSL
         RewriteEngine On
         RewriteCond %{HTTPS} !on
         RewriteRule ^/(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R]
</VirtualHost>
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
<VirtualHost *:443>
                ServerName lool.mydomain.com
# Apache2 reverse proxy configuration for Collabora Online / LibreOffice Online
# Internet <-- SSL --> Reverse Proxy <-- No SSL --> loolwsd
# Make sure that you enable the following Apache2 modules: proxy, proxy_wstunnel, and proxy_http.
# Create a virtual host for Collabora Online / LibreOffice Online and include this configuration file.

  Options -Indexes

  # Encoded slashes need to be allowed
  AllowEncodedSlashes NoDecode

  # keep the host
  ProxyPreserveHost On

  # static html, js, images, etc. served from loolwsd
  # loleaflet is the client part of LibreOffice Online
  ProxyPass           /loleaflet http://127.0.0.1:9980/loleaflet retry=0
  ProxyPassReverse    /loleaflet http://127.0.0.1:9980/loleaflet

  # WOPI discovery URL
  ProxyPass           /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
  ProxyPassReverse    /hosting/discovery http://127.0.0.1:9980/hosting/discovery

  # Capabilities
  ProxyPass           /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
  ProxyPassReverse    /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities

  # Main websocket
  ProxyPassMatch "/lool/(.*)/ws$" ws://127.0.0.1:9980/lool/$1/ws nocanon

  # Admin Console websocket
  ProxyPass   /lool/adminws ws://127.0.0.1:9980/lool/adminws

  # Download as, Fullscreen presentation and Image upload operations
  ProxyPass           /lool http://127.0.0.1:9980/lool
  ProxyPassReverse    /lool http://127.0.0.1:9980/lool

                ErrorLog /var/log/apache2/lool.mydomain.om-ssl_error_log
                <IfModule log_config_module>
                                TransferLog /var/log/apache2/loolmydomain.com-ssl_access_log
                </IfModule>

                SSLEngine on
      SSLCipherSuite "EECDH+AESGCM EDH+AESGCM EECDH -RC4 EDH -CAMELLIA -SEED !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
      SSLCertificateFile /etc/letsencrypt/path/to/certificate/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/path/to/certificate/privkey.pem
                SSLUseStapling on
      Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>

                <IfModule setenvif_module>
                                BrowserMatch ".*MSIE.*" \
                                                nokeepalive ssl-unclean-shutdown \
                                                downgrade-1.0 force-response-1.0
                </IfModule>

                <IfModule log_config_module>
                                CustomLog /var/log/apache2/ssl_request_log \
                                                "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
                </IfModule>
</VirtualHost>


certbot renew --dry-run gives
Code:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mydomain.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for lool.mydomain.com
Cleaning up challenges
Attempting to renew cert (mydomain.com) from /etc/letsencrypt/renewal/mydomain.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/mydomain.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/mydomain.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s


As alternative I could setup a cron job to first stop apache service, then let certbot renew the certificate for my domains by spinning its own webserver, and restart apache afterwards. This should work, as it's the way I was able to install the certificate including lool.mydomain.com, but I have to find out, how to implement this either. :lol:
Back to top
View user's profile Send private message
guitou
Guru
Guru


Joined: 02 Oct 2003
Posts: 460
Location: France

PostPosted: Tue Nov 05, 2019 12:23 pm    Post subject: Reply with quote

Hello.

If possible, you may try DNS challenge for your certificate, but you will still need to reload apache server anyway (to take new certificate into account).

++
Gi)
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Tue Nov 05, 2019 5:25 pm    Post subject: Reply with quote

Yeah, well as a workaround I am also thinking of just stopping apache2 a minute before if needed I run certbot without webroot option as this is working as intended and gets the certificate for all needed domains using its own webserver. After that I can start apache within --renew-hook option. I already had used this option for restarting mail and apache services.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15463

PostPosted: Wed Nov 06, 2019 3:19 am    Post subject: Reply with quote

Elleni wrote:
you are right, and while it works as intended on every other subdomain I host, it does not for lool.mydomain.ch because there is proxy pass configured for libreoffice-online, and I dont know, how to modify the corresponding vhost in order to let letsencrypt do it's magic for lool.mydomain.com
Why do you think ProxyPass is a problem here? As I read the documentation, if you are using the webroot plugin, and you let the server serve files from the /.well-known directory, automated renewal through http proof of ownership should work. Your shown configuration does not assign special meaning to that path. What happens if you manually post files in that directory, then try to retrieve them from that path on the server via curl? Does it try to serve them? Does it try to proxy the request to LOOL (which, by the way, is a terrible, if obvious, name for this product)?
Elleni wrote:
certbot renew --dry-run gives
Code:
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
You probably want webroot enabled here.
Elleni wrote:
Code:
Attempting to renew cert (mydomain.com) from /etc/letsencrypt/renewal/mydomain.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
You did not tell Certbot to cooperate with your webserver, so it tried to assume exclusive control of the http port. This failed. Tell it to cooperate.
Elleni wrote:
As alternative I could setup a cron job to first stop apache service, then let certbot renew the certificate for my domains by spinning its own webserver, and restart apache afterwards. This should work, as it's the way I was able to install the certificate including lool.mydomain.com, but I have to find out, how to implement this either. :lol:
That might work, but it is fragile, disruptive, and a horrible workaround for a problem that should be easily solvable correctly.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1075

PostPosted: Wed Nov 06, 2019 7:12 pm    Post subject: Reply with quote

Hu wrote:
Why do you think ProxyPass is a problem here? As I read the documentation, if you are using the webroot plugin, and you let the server serve files from the /.well-known directory, automated renewal through http proof of ownership should work. Your shown configuration does not assign special meaning to that path. What happens if you manually post files in that directory, then try to retrieve them from that path on the server via curl? Does it try to serve them? Does it try to proxy the request to LOOL (which, by the way, is a terrible, if obvious, name for this product)? You did not tell Certbot to cooperate with your webserver, so it tried to assume exclusive control of the http port. This failed. Tell it to cooperate.


Why you mean it is a terrible name? :twisted: I am open for better suggestions :)
Hu wrote:
You probably want webroot enabled here.

Once successfully acquired the certificates, certbot will use configuration stored @/etc/letsencrypt/renewal/mydomain.conf thus authenticator = webroot
Code:
 renew_before_expiry = 30 days
version = 0.39.0
archive_dir = /etc/letsencrypt/archive/mydomain.com
cert = /etc/letsencrypt/live/mydomain.com/cert.pem
privkey = /etc/letsencrypt/live/mydomain.com/privkey.pem
chain = /etc/letsencrypt/live/mydomain.com/chain.pem
fullchain = /etc/letsencrypt/live/mydomain.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory
renew_hook = /usr/local/bin/restart_services.sh
[[webroot_map]]
www.mydomain.com = /var/www/webroot1
www.mydomain2.com = /var/www/webroot2
sub.mydomain.com = /var/www/webroot3
(...)


I just had to add (dummy) Document Root and Directory entries in lool vhost configuration file. Certbot can now successfully access lool.mydomain.com thus renews certificate with webroot option for lool subdomain too, while apparently proxypass is still working. So the problem is solved - Thank you for asking the right questions which lead me to the solution :)

Code:

<VirtualHost *:80>
         ServerName lool.mydomain.com
         DocumentRoot "/var/www/dummy/path"
          <Directory "/var/www/dummy">
               ....
         </Directory>
              ....

<VirtualHost *:443>
         ServerName lool.mydomain.com
         DocumentRoot "/var/www/dummy/path"
        ......
         <Directory "/var/www/dummy">
         </Directory>
        ......

Leaves us with your comment about terrible name :twisted:
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum