Select Page

NETWAYS Blog

Migration von GitLab mit Upgrade auf EE

Wer GitLab CE produktiv im Einsatz hat und mit den zusätzlichen Features der EE Version liebäugelt, der wird sich beim Umstieg zwangsläufig mit den Migrationsschritten auseinandersetzen, sofern der GitLab Server nicht von einem Hoster betreut wird. In diesem Post zeige ich, wie der Wechsel inklusive Migration auf einen anderen Server gelingen kann und beziehe mich dabei auf die Omnibus Version basierend auf Ubuntu 18.04. Der Ablauf ist gar nicht so kompliziert. Bügelt man die EE-Version einfach über die aktuelle CE Version, dann hat man nur zwei Schritte zu beachten. Wenn man allerdings einen EE Server parallel hochzieht, um dann auf diesen zu migrieren, so kommen ein paar mehr Schritte hinzu.
Deshalb zeige ich im Folgenden wie man per Backup und Restore auch zum Ziel kommt. Die ersten Schritte sind ziemlich identisch mit dem, was GitLab vorgibt.

  1. Zuerst erstellt man sich ein Backup:
    gitlab-rake gitlab:backup:create STRATEGY=copy

    Einfach um sich den aktuellen Stand vor der Migration zu sichern.
    Hier kann nicht viel schief gehen. Man sollte aber darauf achten, dass genügend Speicherplatz unter /var/opt/gitlab/backups zur Verfügung steht. Es sollten mindestens noch zwei Drittel des Speicherplatzes frei sein. Das resultierende Tar-Archiv sollte man sich anschließend weg kopieren, da im weiteren Verlauf ein weitere Backup erstellt wird.

  2.  Nun führt man das Script von GitLab aus, das die apt-Sourcen hinzufügt und ein paar benötigte Pakete vorinstalliert:
    curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.deb.sh | sudo bash
  3. Jetzt checkt man noch kurz welche Versionsnummer von GitLab CE momentan installiert ist:
    dpkg -l |grep gitlab-ce
  4. Danach installiert man die GitLab EE Version. Dabei wird die CE Version gelöscht und eine Migration durchgeführt. Um den Versionsstand kompatibel zu halten, verwendet man die gleiche Versionsnummer wie aus dem vorherigen Schritt. Lediglich der teil ‘ce’ wird zu ‘ee’ abgeändert:
    apt-get update && sudo apt-get install gitlab-ee=12.1.6-ee.0
  5. Nun erstellt man erneut ein Backup:
    gitlab-rake gitlab:backup:create STRATEGY=copy
  6. Das neu erstellte Backup transferiert man einschließlich der Dateien /etc/gitlab/gitlab-secrets.json und /etc/gitlab/gitlab.rb auf den EE Server. Das lässt sich z.B. per scp bewerkstelligen:
    scp /var/opt/gitlab/backups/*ee_gitlab_backup.tar ziel-server:./
    scp /etc/gitlab/gitlab-secrets.json ziel-server:./
    scp /etc/gitlab/gitlab.rb ziel-server:./
  7. Auf dem Zielserver sollte man natürlich GitLab EE in der entsprechenden Version installieren. Hier hält man sich am besten an die offizielle Anleitung. Nicht vergessen bei der Installation die Versionsnummer anzugeben.
  8. Jetzt verschiebt man die Dateien die man per scp transferiert hat und setzt die Dateiberechtigungen:
    mv ~/*ee_gitlab_backup.tar /var/opt/gitlab/backups
    mv ~/gitlab-secrets.json ~/gitlab.rb /etc/gitlab/
    chown root:root /etc/gitlab/gitlab-secrets.json /etc/gitlab/gitlab.rb
    chown git:git /var/opt/gitlab/backups/*ee_gitlab_backup.tar
  9. Dann startet man den Restore:
    gitlab-rake gitlab:backup:restore

    Man quittiert die einzelnen Abfragen mit ‘yes’. Hat sich die URL für den neuen EE Server geändert, dann sollte man das in der /etc/gitlab.rb anpassen. In diesem Fall sind auch Änderungen an den GitLab Runnern vorzunehmen. Es reicht dann allerdings wenn man auf dem jeweiligen Runner in der Datei config.toml die URL in der [[runners]] Sektion anpasst, da der Token gleich bleibt.

Troubleshooting:

Es ist allerdings auch möglich, dass es zu Problemen mit den Runnern kommt. Dies zeigt sich z.B. dadurch, dass der Runner in seinen Logs 500er-Fehler beim Verbindungsversuch zum GitLab meldet. In diesem Fall sollte man zuerst versuchen den Runner neu zu registrieren. Falls die Fehler bestehen bleiben, ist es möglich, dass diese durch einen CI-Job verursacht werden, der während der Migration noch lief. So war es zumindest bei mir der Fall. Mit Hilfe der Anleitung zum Troubleshooting und den Infos aus diesem Issue kam ich dann zum Ziel:

gitlab-rails dbconsole
UPDATE ci_builds SET token_encrypted = NULL WHERE status in ('created', 'pending');

Wenn man sich das alles sparen möchte, dann lohnt es sich einen Blick auf unsere GitLab Angebote der NETWAYS Web Services zu werfen.

Gabriel Hartmann
Gabriel Hartmann
Systems Engineer

Gabriel hat 2016 als Auszubildender Fachinformatiker für Systemintegrator bei NETWAYS angefangen und 2019 die Ausbildung abgeschlossen. Als Mitglied des Web Services Teams kümmert er sich seither um viele technische Themen, die mit den NETWAYS Web Services und der Weiterentwicklung der Plattform zu tun haben. Aber auch im Support engagiert er sich, um den Kunden von NWS bei Fragen und Problemen zur Seite zu stehen.

Quick and Dirty: OpenStack + CoreOS + GitLab Runner

Wer in GitLab die CI/CD-Features nutzen möchte und nicht zufällig einen ungenutzten Kubernetes-Cluster übrig hat, mit dem man GitLab’s Auto DevOps Funktion einrichten kann, der benötigt zumindest einen GitLab Runner, um Build-Jobs und Tests zum Laufen zu bekommen.
Der GitLab Runner ist eine zusätzliche Anwendung, welche sich ausschließlich darum kümmert, bei einer GitLab-CE/-EE Instanz die CI/CD-Aufträge abzuholen und diese abzuarbeiten. Der Runner muss dabei nicht zwingend auf dem selben System wie das GitLab installiert sein und kann somit auch extern auf einem anderen Host laufen. Der Hintergrund, weshalb man das auch so umsetzen sollte, ist eigentlich recht klar: ein GitLab Runner steht bei einer aktiven CI/CD-Pipeline oftmals unter hoher Last und würde er auf dem gleichen Host wie das GitLab selbst laufen, so könnte er dessen Performance stark beeinträchtigen. Deshalb macht es Sinn, den GitLab Runner z.B. auf eine VM in OpenStack auszulagern.
In diesem Blogpost werde ich kurz darauf eingehen, wie man schnell und einfach eine GitLab Runner VM per CLI in OpenStack aufsetzen kann. Da ich den Runner als Docker-Container starten möchte, bietet sich CoreOS an. CoreOS kommt mit Docker vorinstalliert und es bietet die Möglichkeit per Ignition Config nach dem Start des Betriebssystems Container, oder auch andere Prozesse, automatisch starten zu lassen.

Sobald man sich bei seinem OpenStack-Anbieter in sein Projekt eingeloggt hat, kann man sich dort unter “API Zugriff” die OpenStack-RC-Datei herunterladen. Damit kann man sich dann recht einfach per CLI bei OpenStack authentifizieren. Voraussetzung für die Nutzung der CLI ist, dass man bei sich den OpenStack Command-Line Client installiert hat.
Sobald man beides hat, kann es auch schon losgehen:

    1. Runner Registration Token abholen
      Dazu loggt man sich als Admin in sein GitLab-CE/-EE ein und navigiert zu “Admin Area” -> “Overview” -> “Runners”. Hier findet man den aktuellen Registration Token.
    2. CoreOS Ignition Config
      Die Konfigurationsdatei für CoreOS nennt man z.B. config.ign. Diese legt man sich ebenfalls auf dem Rechner ab.
      Der Inhalt muss im nächsten Schritt geringfügig angepasst werden.

      config.ign

      { "ignition": { "version": "2.2.0", "config": {} }, "storage": { "filesystems": [{ "mount": { "device": "/dev/disk/by-label/ROOT", "format": "btrfs", "wipeFilesystem": true, "label": "ROOT" } }] }, "storage": { "files": [{ "filesystem": "root", "path": "/etc/hostname", "mode": 420, "contents": { "source": "data:,core1" } }, { "filesystem": "root", "path": "/home/core/config.toml", "mode": 644, "contents": { "source": "data:,concurrent=4" } } ] }, "systemd": { "units": [ { "name": "gitlab-runner.service", "enable": true, "contents": "[Service]\nType=simple\nRestart=always\nRestartSec=10\nExecStartPre=/sbin/rngd -r /dev/urandom\nExecStart=/usr/bin/docker run --rm --name gitlab-runner -e 'GIT_SSL_NO_VERIFY=true' -v /home/core:/etc/gitlab-runner -v /var/run/docker.sock:/var/run/docker.sock gitlab/gitlab-runner:v11.8.0 \n\n[Install]\nWantedBy=multi-user.target" }, { "name": "gitlab-runner-register.service", "enable": true, "contents": "[Unit]\nRequires=gitlab-runner.service\n[Service]\nType=simple\nRestart=on-failure\nRestartSec=20\nExecStart=/usr/bin/docker exec gitlab-runner gitlab-runner register -n --env 'GIT_SSL_NO_VERIFY=true' --url https://$URL -r $TOKEN --description myOpenStackRunner--locked=false --executor docker --docker-volumes /var/run/docker.sock:/var/run/docker.sock --docker-image ruby:2.5 \n\n[Install]\nWantedBy=multi-user.target" } ] }, "networkd": {}, "passwd": { "users": [ { "name": "core", "sshAuthorizedKeys": [ "$your-ssh-pub-key" ] } ] } }
    3. Ignition Config anpassen
      Beim Systemd-Unit “gitlab-runner-register.service” setzt man im Content bei den Variablen “$URL” den FQDN der eigenen GitLab-Instanz und bei “$TOKEN” den in Schritt 1 kopierten Registration Token ein.
      Außerdem kann man gleich noch seinen SSH-Key mitgeben, damit man später auch per SSH auf die VM zugreifen kann. Diesen hinterlegt man unter dem Abschnitt “passwd” im Platzhalter “$your-ssh-pub-key”.
    4. CLI Commands
      Nun kann man sich auch schon das Kommando zum anlegen der VM zusammenbauen.
      Als erstes muss man sich bei OpenStack authentifizieren, indem man die Datei sourced, die man sich eingangs aus seinem OpenStack Projekt geladen hat und dabei sein OpenStack Passwort angibt:

      source projectname-openrc.sh

      Man sollte außerdem sicherstellen, dass in dem Projekt ein CoreOS Image zur Verfügung steht.
      Anschließend kann man nach folgendem Schema die Runner-VM anlegen:

      openstack server create --network 1826-openstack-7f8d2 --user-data config.ign --flavor s1.medium --image CoreOS_Live "GitLab Runner"

      Network, Flavor und Image sollten aber individuell noch angepasst werden.

    Nach ca. zwei Minuten sollte dann der Runner auch schon zur Verfügung stehen. Überprüfen lässt sich das, indem man sich als Admin in seine GitLab-Instanz einloggt und im Bereich unter “Admin Area” -> “Overview” -> “Runners” nach einem Runner mit dem Namen “myOpenStackRunner” nachsieht.

    Wer noch auf der Suche nach einem OpenStack-Provider ist, der wird bei den NETWAYS Web Services fündig. Mit nur wenigen Clicks hat man sein eigenes OpenStack-Projekt und kann sofort loslegen.

Gabriel Hartmann
Gabriel Hartmann
Systems Engineer

Gabriel hat 2016 als Auszubildender Fachinformatiker für Systemintegrator bei NETWAYS angefangen und 2019 die Ausbildung abgeschlossen. Als Mitglied des Web Services Teams kümmert er sich seither um viele technische Themen, die mit den NETWAYS Web Services und der Weiterentwicklung der Plattform zu tun haben. Aber auch im Support engagiert er sich, um den Kunden von NWS bei Fragen und Problemen zur Seite zu stehen.

Rocket.Chat vs Slack

Team oriented Instant-Messaging has become quite popular in recent years with Slack. Its success is undeniable: more than 6 million people use Slack every day.
The name Slack is an acronym for “Searchable Log of All Conversation and Knowledge” and might be an understatement to its todays capabilities.
But nevertheless searching through all conversations, files, and users is where it still shines.
Next to that, the main functionality is the team/group orientated messaging and the ability to integrate it with variety of other online services like Dropbox, Google Drive, GitHub etc. Some other cool features are (group) video calls and screen-sharing.
But Slack also comes with some limitations. You can use it for free, but you will be limited to access only the last 10000 messages.
Also the number of apps and integrations is limited and you can video chat only with one other user at a time.
To unlock those limitations you will have to choose one of the payment plans. And that’s where it can get expensive if you want to provide your growing company or a team with full featured accounts. For a team of 50 users you’ll have to spend at least 312 Euro per month.
One competitor of Slack is Rocket.Chat which is a open-source project that has been in very active development over the past years.
In this post I will briefly highlight the differences and the benefits of this chat solution in comparison to Slack.
Open Source
The first difference that I already mentioned is that Rocket.Chat is open source while Slack is not. Therefore you can access all its features for free and everyone can contribute to the development and implement new features. I have been watching the project on GitHub over the past year and there have been some great UI changes in the last couple of releases that gave it a more modern look and feel than before.
Self-Hosted
The fact that it is open-source makes it possible that you can download the software for free and install and run it on your own server. You are completely in control of where your chat data is stored. This can be an advantage if you know how to properly secure your server but it also can be of danger if you don’t. When it comes to security even Slack had some issues in the past with their service. In 2015 Slack was hacked – the hackers were able to access the main database for four days, giving them the chance to steal all user-profiles.
Customization
In Rocket.Chat you can personalize the whole design. You can even replace the Rocket.Chat icons with your own logos or add your own CSS styles, fonts and scripts.
Slack also provides some options to customize the look but not in the extend of what is possible with Rocket.Chat.
Roles and Permissions
With Slack you can specify which user-role a user should have in the Slack-Workspaces. Those are predefinded role-sets from Slack with different permissions.
Rocket.Chat takes it a step further. You have more presets and you even have the option to create you own role-presets.
Workspaces, Channels and OTR
In comparison to Slack, Rocket.Chat does not have anything similar like the Workspaces in Slack. But it has channels, private channels, direct messaging and even OTR (Off-the-Record) chats.
The last one is something that is currently not available in Slack. If you start a Off-the-Record session in Rocket.Chat with another user, all messages will be end-to-end encrypted and will be deleted after the session. This is perfect if you want to exchange some sensitive information with someone else.
Integrations, Bots and Apps
Slack features hundreds of apps that you can simply add with a few clicks. Some of them act as bots for other external services like for example Jira and Bitbucket.
This is something that Rocket.chat currently has not built in. But the Roadmap concerning Rocket.Chat bots looks very promising.
What you can do is install a Hubot on your server, hook it up to your Rocket.Chat and feed it with some scripts to achieve similar functionality.
There are already many hubot scripts on GitHub but it is just not as convenient to set up as installing an app in Slack.
Something else that both Slack and Rocket.Chat can do is Zapier integrations with other web services.
Rocket.Chat still has to catch up when it comes to the number of available Zapier integrations (10 for Rocket.Chat vs 100 for Slack) but there are already some useful integrations like Twitter, Github and Gmail. Another feature that Rocket.Chat has built in is a helpdesk chat called Livechat. This is a great feature if you have a WebShop or something similar where you would like to provide some additional support for your customers. You just have to enable it in Rocket.Chat and copy the Livechat script to your website. To learn more about it you should read Georgs blog post about that.
Summary
The benefits of Rocket.Chat are:
– the fact that it is open source and therefore free
– you can host it on your own server or on a server of the hosting provider you trust
– you have some additional freedom and control when it comes to visual customization and configuring user-roles
The downsides are:
– you will have to set it up on your own and manage stuff like backups, security and getting it fixed in case of a failure
– you don’t get the variety of apps and integration services as with Slack
If you are looking for a great managed Rocket.Chat solution you should have a look at our Netways Web Services and try Rocket.Chat 30 days for free.
And in case you didn’t know:
If you start both Rocket.chat and Icinga 2 Master a NWS integration job will kick in and configure both your apps so that your Icinga 2 Master will send monitoring alerts to a channel of your Rocket.Chat.
We also support Slack-Notifications in our Icinga 2 Master apps to send monitoring alerts directly to a provided Slack channel.

Gabriel Hartmann
Gabriel Hartmann
Systems Engineer

Gabriel hat 2016 als Auszubildender Fachinformatiker für Systemintegrator bei NETWAYS angefangen und 2019 die Ausbildung abgeschlossen. Als Mitglied des Web Services Teams kümmert er sich seither um viele technische Themen, die mit den NETWAYS Web Services und der Weiterentwicklung der Plattform zu tun haben. Aber auch im Support engagiert er sich, um den Kunden von NWS bei Fragen und Problemen zur Seite zu stehen.

Setting up a TURN Server for Nextcloud Video Calls

We recently had an support inquiry from one of our Nextcloud customers at Netways Web Services. He told us that he had installed the Nextcloud Video Calls app from the Nextcloud Appstore but was not able to make any video calls. He and the person on the other end always got a black video screen when attempting to call each other.
After some research I identified the potential cause of the problem. It turned out that a TURN server was required (pardon the pun).
 

TURN – what is that?

The Nextcloud Video Calls app contains a WebRTC-based server called spreed. WebRTC uses the ICE (Interactive Connectivity Establishment) framework to overcome networking complexities (like NATs) where connecting the participating clients directly isn’t possible. But it will need at least a STUN server to accomplish that. STUN standing for “Session Traversal Utilities for NAT” will enable the clients to discover their public IP addresses and the NAT where they are behind. Note that this server is only used to initially establish the connection. Once the connection is set up the media will stream directly between the clients. The Nextcloud Video Calls app is preconfigured with “stun.nextcloud.com:443” as STUN server. But this doesn’t always work – just like our customer experienced it, for some clients a STUN server won’t be enough to establish the connection. That might be the case if one or multiple participants are behind a symmetric NAT where UDP hole punching does not work. And that’s where the TURN server comes in. “Traversal Using Relay NAT” (TURN) extends STUN capabilities to make media traversal possible even if the clients are behind symmetric NATs. But that means that the whole traffic will flow through the TURN server since it is acting as a relay. Therefore most TURN servers use credential or shared secret mechanisms to authenticate the clients. So after all you end up having two options: either you find a TURN server provider that you can trust and who is willing to grant you access to his service or you set up your own TURN server.
 

How to set up a TURN Server

We decided to set up our own TURN. Like most of the tutorials recommend we installed Coturn. Our “TURN-VM” is running Ubuntu 16.04 and has a public IP address – this is actually quite important since the TURN server needs at least one dedicated public IP address to work properly. In order to have full STUN/TURN server functionality it’s even required to have two public IP addresses.
Now let’s start – first install coturn:

apt-get install coturn

Next enable coturn as service (use the editor of your choice):

vim /etc/default/coturn

Now uncomment the last line, save and close the file:

#
# Uncomment it if you want to have the turnserver running as
# an automatic system service daemon
#
TURNSERVER_ENABLED=1

We will have a look at the config file of Coturn. It has a lot of lines so I will only go over settings that are relevant in conjunction with Nextcloud’s spreed video calls. Open the turnserver.conf with an editor

vim /etc/turnserver.conf

and have a look at the following lines

#listening-port=3478
#tls-listening-port=5349

Those are the default listening ports coturn will use. In my case I changed them to

listening-port=80
tls-listening-port=443

because I don’t have a webserver running on the VM and I already had the ports open in the firewall. This is important – make sure that the server is reachable on these ports and no firewall is blocking them.
Note that the tls-listening-port is only relevant if you plan on using TLS-encrypted connections.
You’ll find the following line a couple of lines below the tls-listening-port:

#listening-ip=172.17.19.101

If you leave it as a comment then Coturn will listen on all the IP addresses available for this host. I uncommented it and changed it to the actual public IP address of this server

listening-ip=185.XX.XXX.XXX

Further down I did the same for the relay-ip:

relay-ip=185.XX.XXX.XXX

Now look for “fingerprint” and “lt-cred-mech” and uncomment:

fingerprint
lt-cred-mech

A couple of lines below you’ll find

#use-auth-secret

and

#static-auth-secret=north

uncomment both, then open up another shell window and generate a secret for example with

openssl rand -hex 32
751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdXXXXXXXXXXXXXXXXX

copy the generated secret string and paste it into the turnserver.conf

use-auth-secret
static-auth-secret=751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdXXXXXXXXXXXXXXXXX

Enabling “use-auth-secret” and setting a “static-auth-secret” will prevent unauthorized usage of your TURN server and is highly recommended!
Head further down and look for

#realm=mycompany.org

then uncomment and change it to the FQDN of the TURN server

realm=xxxxx.netways.de

The next line to uncomment and change is

total-quota=100

then uncomment

stale-nonce

If you want to use TLS then you should get a SSL certificate and key for example via Letsencrypt and then set the following lines of the turnserver.conf to the path where those files are located, in my case:

cert=/ssl/nws.crt
pkey=/ssl/nws.pem

also set cipher-list to

cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"

If you don’t plan on using this TURN server as STUN then you can uncomment

no-stun

Now some last uncommenting

no-loopback-peers
no-multicast-peers

and you should be ready to start your coturn server. Save the file and close the editor.
Start/restart coturn for example with

service coturn restart

or

/etc/init.d/coturn restart

You may want to watch the logfile to see if everthing is fine

tail -f /var/log/turn_YYYY-MM-DD.log
0: log file opened: /var/log/turn_2017-08-15.log
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
0: Wait for relay ports initialization...
0:   relay 185.XX.XXX.XXX initialization...
0:   relay 185.XX.XXX.XXX initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: turn server id=2 created
0: IPv4. TLS/SCTP listener opened on : 185.XX.XXX.XXX:80
0: IPv4. TLS/TCP listener opened on : 185.XX.XXX.XXX:80
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/SCTP listener opened on : 185.XX.XXX.XXX:443
0: IPv4. TLS/TCP listener opened on : 185.XX.XXX.XXX:443
..
.

So now we are ready to test if it is working.
 
 

How to test my TURN Server

Visit this page and see if you can get a proper response from your Coturn server.
The field for “STUN or TURN URI” should look something like this:

turn:xxxxx.netways.de:443?transport=tcp

but you can also use the IP:

turn:185.XX.XXX.XXX:443?transport=tcp

adding the part “?transport=tcp” is important as I was not able to get my TURN server to respond without TCP only.
Next click on “Gather candidates”.
What you would want as a result should look similar to this:

Time Component  Type Foundation Protocol    Address	 Port	         Priority
0.006	1	host	0	 UDP	10.0.10.144	60925	126 | 32512 | 255
0.009	1	host	1	 TCP	10.0.10.144	63376	125 | 32640 | 255
0.010	1	host	1	 TCP	10.0.10.144	9	125 | 32704 | 255
0.015	2	host	0	 UDP	10.0.10.144	47302	126 | 32512 | 254
0.016	2	host	1	 TCP	10.0.10.144	64892	125 | 32640 | 254
0.016	2	host	1	 TCP	10.0.10.144	9	125 | 32704 | 254
0.031	1	srflx	2	 TCP	XXX.XX.XX.XX	3362	 99 | 32607 | 255
0.051	2	srflx	2	 TCP	XXX.XX.XX.XX	3364	 99 | 32607 | 254
0.069	                                                                     Done

If you get a timeout with “Not reachable?” then probably a firewall is blocking the connection. Check again if the ports for the TURN server are open and if you can reach it externally via Telnet or something similar.
 
If everything works as expected you can continue and enter FQDN, port and shared secret in the video calls settings of your Nextcloud:

Also make sure that “TURN server protocols” is set to “TCP only”.
Finally test if video calls work with participants from different networks, through NAT’s and firewalls.
 
Well, that’s at least how I got it working and our NWS Nextcloud customer confirmed that he was able to make video calls without black screens as soon as he added in the TURN server details that I sent him.
Feel free to check out our Software as a Service platform NWS where you can test Nextcloud 30 days for free.

Gabriel Hartmann
Gabriel Hartmann
Systems Engineer

Gabriel hat 2016 als Auszubildender Fachinformatiker für Systemintegrator bei NETWAYS angefangen und 2019 die Ausbildung abgeschlossen. Als Mitglied des Web Services Teams kümmert er sich seither um viele technische Themen, die mit den NETWAYS Web Services und der Weiterentwicklung der Plattform zu tun haben. Aber auch im Support engagiert er sich, um den Kunden von NWS bei Fragen und Problemen zur Seite zu stehen.

Nextcloud with Collabora Online

Nextcloud offers plenty of different useful apps. Many of them work straight away with no further configuration, but some of them require you to complete additional setup steps or even to have extra services running. One of them is Collabora Online. In this post I won’t go into detail about the setup steps and the problems you might experience. Instead I’ll show how well Collabora Online integrates into Nextcloud.
 

 

 
 
 

How to Collaborate

So how do you get started if you have Nextcloud and Collabora up and running? First you need some additional users to share your files with. I would recommend to create some groups if you plan on sharing files with multiple users at once. Then add users to these groups. Create some folders for different purposes and share them with the groups. The folders will appear on the other users accounts as soon as they log in to Nextcloud or reload the page.
So now you’ll be able to collaborate on editing the files located inside the shared folders. You can create new spreadsheet (.ods), text document (.odt) and presentation files (.odp) right from your Nextcloud or you can also upload and edit existing files in all kinds of different office file formats. In the following short video I documented the steps of sharing and collaborative editing.
 


 
Another way of sharing files in groups is to enable the “Group folders” module in the Nextcloud Appstore and then create some folders from the Admin-Panel in the “Group folders” section. It simplifies the process of sharing folders in groups and you can even set quota limits for the shared folders.
 


Group folders

 
Something to note: if your Nextcloud is reachable from multiple domains and you want to use collaborative editing, then you and the person with whom you want to edit a document with should access Nextcloud from the same domain. If you try to use collaborative editing by accessing from different domains or sub-domains, it wont work, you won’t see the changes made by the other person inside the document in real-time.
What if you want to collaborate with a person who has no user account on your Nextcloud? You can share files via link, set optionally an expiration date and a password and then start collaborating with anyone. Just provide them with the shared link (and password if set) and they will be able to use Collabora aswell.
 

CODE and alternatives

Collabora itself is based on LibreOffice and has a lot of features built-in that you may know from other office applications. But there are some limitations in terms of concurrent open documents and simultaneous connections. In the free version CODE (Collabora Online Development Edition) it is limited to 10 documents and 20 connections at once. There is another online office suite that you can use with Nextcloud, it’s called Onlyoffice. For Nextcloud you would set up a Onlyoffice Document Server and then get the Onlyoffice App from the Nextcloud Appstore. In comparison to CODE it requires more hardware resources. At least 1 CPU core (with 2 GHz), 2 GB of RAM and 40 GB of disk space. Collabora on the other hand will be fine with 1 CPU Core, 512 MB of RAM and 1.5 GB disk space.
 

Try Nextcloud with CODE for free

If you want to try it yourself you can quickly spin up a Nextcloud app using our Netways Web Services and test Nextcloud with Collabora Online for 30 days for free. We now include Collabora preconfigured in all our Nextcloud plans.
 

Gabriel Hartmann
Gabriel Hartmann
Systems Engineer

Gabriel hat 2016 als Auszubildender Fachinformatiker für Systemintegrator bei NETWAYS angefangen und 2019 die Ausbildung abgeschlossen. Als Mitglied des Web Services Teams kümmert er sich seither um viele technische Themen, die mit den NETWAYS Web Services und der Weiterentwicklung der Plattform zu tun haben. Aber auch im Support engagiert er sich, um den Kunden von NWS bei Fragen und Problemen zur Seite zu stehen.

Veranstaltungen

Dec 01

Icinga 2 Fundamentals Training | Online

December 1 @ 09:00 - December 4 @ 17:00
Dec 03

DevOps Meetup

December 3 @ 17:30 - 20:30
Dec 08

Terraform mit OpenStack Training | Online

December 8 @ 09:00 - December 9 @ 17:00
Dec 08

Icinga 2 Advanced Training | Online

December 8 @ 09:00 - December 10 @ 17:00
Dec 15

GitLab Training | Online

December 15 @ 09:00 - December 16 @ 17:00