Now that Zimbra Drive is released as an installation option in Zimbra Open-Source edition, I often talk to people that are not aware that Zimbra Drive is developed separately from Nextcloud Zimlet (Zimbra WebDAV Client).

While both products allow you to integrate Nextcloud/ownCloud in your Zimbra, there are some differences. That I’ll show you in this post.

	WebDAV Client	Zimbra Drive
WebDAV protocol	yes	no
OnlyOffice	yes	no
Collabora	no	yes
Markdown	yes*	no	*Support rendering Markdown. Directly edit from Zimbra, the text source file.
Document Preview	yes	yes
Require Nextcloud APP	no	yes
Support SSO to Nextcloud	no*	yes	*WebDAV Client supports storing the password on Zimbra LDAP (in plain text)
Support Windows File Shares via external storage	yes	no*	*You can store the credentials of a share in Nextcloud, but that means all users would use a single set of credentials
Supported by Zimbra	no	yes
Rebranding	yes	no

Zimbra WebDAV Client now fully supports previewing in OnlyOffice (Screenshot).

In my experience, Collabora (LibreOffice) creates documents that are 100% compatible with LibreOffice, while OnlyOffice creates documents that are 100% compatible with Microsoft Office. In addition when one exports to a PDF the documents from Collabora are more compatible with jsPDF (so you can embed it in WordPress).

If it comes to the configuration, Zimbra Drive is pre-configured by the administrator that can set the Nextcloud servers to use per cos/domain etc. Zimbra WebDAV Client allows the admin to set default settings (can be based on Zimbra’s public URL) and set a list of allowed domains. The user is able to configure the settings of Zimbra WebDAV Client to use whatever Nextcloud desired (if the admin allows the domain).

Did I overlook a feature? Comment below and I add it to the table.

Hello All, in this first Zeta Alliance post I am going to show you how to install a Virtual Server with OnlyOffice. The VM will be using Let’s Encrypt for SSL, and the certbot renew cycle is used to  update the docker image as well.

The final idea is to use Zimbra WebDAV Client (Nextcloud Zimlet) together with OnlyOffice for online document editing. I’ll blog about the Nextcloud Zimlet another time.

The VM will need a public port 443 and 8443 exposed to the Internet and I recommend to put it on a separate IP and domain name. You MUST use port 443, but in place of 8443 you can use any port that is higher than 8000.

The VM is kickstarted and the SSL certificate is generated from Let’s Encrypt. Why? Because let’s encrypt does include a working certificate chain AND removes weak ciphers from the cert. This results in less configuration, or you can say OnlyOffice does not work with weak ciphers, broken chains and or wildcard certs.

https://github.com/Zimbra-Community/pgp-zimlet/blob/stable/kvm/centos7-ext4.cfg

yum groupinstall "Basic Web Server"
systemctl start httpd
yum install certbot
yum install certbot-apache
certbot --apache

• Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/onlyoffice.domain.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/onlyoffice.domain.com/privkey.pem

Apache stays on port 443, because that works with Let’s Encrypt.

yum -y install docker
systemctl enable docker
systemctl start docker

https://github.com/ONLYOFFICE/Docker-DocumentServer

mkdir -p /app/onlyoffice/DocumentServer/data/certs/
cp /etc/letsencrypt/live/onlyoffice.domain.com/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
cp /etc/letsencrypt/live/onlyoffice.domain.com/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
cd  /app/onlyoffice/DocumentServer/data/certs/
openssl dhparam -out dhparam.pem 2048

[root@onlyoffice ~]# ls /app/onlyoffice/DocumentServer/data/certs/
dhparam.pem  onlyoffice.crt  onlyoffice.key  onlyoffice.pem
firewall-cmd --add-port=8443/udp --permanent
firewall-cmd --add-port=8443/tcp --permanent
firewall-cmd --reload
#Remove all running containers, there should be none
docker rm -f $(docker ps -a -q)
docker run -i -t -d --restart always --name onlyoffice-document-server -p 8443:443     -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  onlyoffice/documentserver

Now you can look at https://onlyoffice.domain.com:8443/welcome/ and see the Document Server running. Install and configure OnlyOffice app under Office apps in Nextcloud and configure under Admin, the server url. Done!

Restrict users

In the current version of DS you may restrict access from alternative ownCloud, NextCloud or other file storages by editing Document Server configuration file /etc/onlyoffice/documentserver/default.json. Find the section ‘filter’ and change it to the following look :

  "rules": [
    {
      "address": "owncloud_IP_or_DN",
      "allowed": true
    },
    {
      "address": "*",
      "allowed": false
    }
  ],
  "useforrequest": true,
  "errorcode": 403
}

After editing configuration file use the command ‘supervisorctl restart all’. As you are using Docker version at first enter the container with ‘docker exec -it container_ID /bin/bash’ and then perform previously mentioned operations. Thank you for the interest in ONLYOFFICE.

Automatic update of Let’s Encrypt Certificate and docker document server

crontab -e
3 3 * * * /usr/bin/certbot renew --post-hook "/usr/local/sbin/refresh_docker.sh"

And the contents of /usr/local/sbin/refresh_docker.sh

#!/bin/bash
/usr/bin/systemctl restart httpd
/bin/cp -f /etc/letsencrypt/live/onlyoffice.domain.com/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
/bin/cp -f /etc/letsencrypt/live/onlyoffice.domain.com/privkey.pem  /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
/usr/bin/docker rm -f $(/usr/bin/docker ps -a -q)
/usr/bin/docker rmi $(docker images -q)
/usr/bin/docker run -i -t -d --restart always --name onlyoffice-document-server -p 8443:443     -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  onlyoffice/documentserver

To integrate this OnlyOffice in Zimbra, you must set the owncloud_zimlet_enable_onlyoffice property to true, you can find instructions here.