Skip to main content
Super User

Return to Answer

added 302 characters in body
Source Link
user475162
user475162

One warning ahead: You should definitely NOT use the password password for its admin tool. Even if you do intend to restrict access in some way, its too easy to make a mistake there and invite malicious parties.

The certificate of the docker container showing up as not trusted is expected behaviour. That autogenerated certificate does not matter though, if you forward your CODE installation via apache, too.

For reasons beyond¹⁾ the simple "I do not want to care about certificates", the recommended setup of CODE, by design, avoids certificate hassle entirely, by asking you to setup CODE on a different domain (with potentially separate certificate) than your nextcloud installation.

Have your nextcloud on one (sub) domain, such as www.example.com, and configure an additional entry in your apache config, such as code.example.com, which forwards requests to 127.0.0.1:9980 (ignoring the certificate, trusting that no malicious user can setup a different service on that port & device combination).

Follow the official guidelines and then put the https://127.0.0.1:9980 URL into the apache config for code.example.com at (something like) /etc/httpd/conf.d/collaboraonlineCODE.conf and the public domain https://code.example.com of your CODE installation into the nextcloud configuration at (not 127.0.0.1, butsomehting like) https://code.example.com/settings/admin). This ensures you can access CODE the same way as nextcloud - on any computer, not just the one running the installation.

¹⁾ This way, the docker container doesnt contain the certificate, which is a rather sane choice considering CODE is by no means reasonably security hardened.

One warning ahead: You should definitely NOT use the password password for its admin tool. Even if you do intend to restrict access in some way, its too easy to make a mistake there and invite malicious parties.

The certificate of the docker container showing up as not trusted is expected behaviour. That autogenerated certificate does not matter though, if you forward your CODE installation via apache, too.

For reasons beyond¹⁾ the simple "I do not want to care about certificates", the recommended setup of CODE, by design, avoids certificate hassle entirely, by asking you to setup CODE on a different domain (with potentially separate certificate) than your nextcloud installation.

Have your nextcloud on one (sub) domain, such as www.example.com, and configure an additional entry in your apache config, such as code.example.com, which forwards requests to 127.0.0.1:9980 (ignoring the certificate, trusting that no malicious user can setup a different service on that port & device combination).

Follow the official guidelines and then put the public domain of your CODE installation into the nextcloud configuration (not 127.0.0.1, but https://code.example.com)

¹⁾ This way, the docker container doesnt contain the certificate, which is a rather sane choice considering CODE is by no means reasonably security hardened.

One warning ahead: You should definitely NOT use the password password for its admin tool. Even if you do intend to restrict access in some way, its too easy to make a mistake there and invite malicious parties.

The certificate of the docker container showing up as not trusted is expected behaviour. That autogenerated certificate does not matter though, if you forward your CODE installation via apache, too.

For reasons beyond¹⁾ the simple "I do not want to care about certificates", the recommended setup of CODE, by design, avoids certificate hassle entirely, by asking you to setup CODE on a different domain (with potentially separate certificate) than your nextcloud installation.

Have your nextcloud on one (sub) domain, such as www.example.com, and configure an additional entry in your apache config, such as code.example.com, which forwards requests to 127.0.0.1:9980 (ignoring the certificate, trusting that no malicious user can setup a different service on that port & device combination).

Follow the official guidelines and then put the https://127.0.0.1:9980 URL into the apache config for code.example.com at (something like) /etc/httpd/conf.d/collaboraonlineCODE.conf and the public domain https://code.example.com of your CODE installation into the nextcloud configuration at (somehting like) https://example.com/settings/admin. This ensures you can access CODE the same way as nextcloud - on any computer, not just the one running the installation.

¹⁾ This way, the docker container doesnt contain the certificate, which is a rather sane choice considering CODE is by no means reasonably security hardened.

Source Link
user475162
user475162

One warning ahead: You should definitely NOT use the password password for its admin tool. Even if you do intend to restrict access in some way, its too easy to make a mistake there and invite malicious parties.

The certificate of the docker container showing up as not trusted is expected behaviour. That autogenerated certificate does not matter though, if you forward your CODE installation via apache, too.

For reasons beyond¹⁾ the simple "I do not want to care about certificates", the recommended setup of CODE, by design, avoids certificate hassle entirely, by asking you to setup CODE on a different domain (with potentially separate certificate) than your nextcloud installation.

Have your nextcloud on one (sub) domain, such as www.example.com, and configure an additional entry in your apache config, such as code.example.com, which forwards requests to 127.0.0.1:9980 (ignoring the certificate, trusting that no malicious user can setup a different service on that port & device combination).

Follow the official guidelines and then put the public domain of your CODE installation into the nextcloud configuration (not 127.0.0.1, but https://code.example.com)

¹⁾ This way, the docker container doesnt contain the certificate, which is a rather sane choice considering CODE is by no means reasonably security hardened.