LibreOffice Online

LibreOffice Online is a free online office suite based on the desktop office suite LibreOffice. It comprises a word processor, a spreadsheet and a presentation software.


For this guide you should be familiar with the basic concepts of


LibreOffice Online is prebuilt as Linux distribution packages and as Docker images. As a user one cannot install the former and Docker is not supported in Uberspace. So this guide uses udocker instead, a tool for running docker containers using fake chroot techniques.


LibreOffice and LibreOffice Online are licensed under the MPL-2.0 and LGPL v3+.

Collabora Online Development Edition (CODE) is a distribution of LibreOffice Online. It is licensed like the latter, and its Logo is published under CC0.

udocker is licensed under the Apache License 2.0.

Licensing information about containers on Dockerhub in general is available in Section 6 of its Terms of Service.


LibreOffice Online is only an editor. To store the files and provide access to them you must have WOPI host or a WebDAV server running. For example, Nextcloud with the Collabora app and Seafile Professional Edition integrate LibreOffice Online via WOPI. A list of integrations can be found at the CODE website.

For this guide, WebDAV was not tested. It is assumed that you use a WOPI host accessible at

Setup the domain where your office installation will be accessible.

[isabell@stardust ~]$ uberspace web domain list
[isabell@stardust ~]$

Then, install the latest stable version of udocker:

[isabell@stardust ~]$ curl > $HOME/bin/udocker
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  338k  100  338k    0     0   522k      0 --:--:-- --:--:-- --:--:--  521k
[isabell@stardust ~]$ chmod 0740 $HOME/bin/udocker
[isabell@stardust ~]$ udocker install
Info: setup repo: /home/isabell/.udocker
Info: udocker command line interface 1.1.4
Info: searching for udockertools 1.1.4
Info: installing udockertools 1.1.4
Info: installation of udockertools successful
[isabell@stardust ~]$

This installs the binaries and libraries needed by udocker into $HOME/.udocker/.


There are three officially endorsed docker distributions of LibreOffice:

On first sight, the main differences are the sizes of the docker images and slightly different default configurations and look-and-feels. However, the new notebookbar (ribbon-styled) design introduced in CODE 6.4 does not yet work correctly in the libreoffice/online docker image at the time of writing (2021-02-16).

In the following, LibreOffice refers to both LibreOffice Online and CODE. A listing of the ways to get LibreOffice Online is available on the official download page by The Document Foundation.

Assume you chose collabora/code. Pull the image from dockerhub and create a container:

[isabell@stardust ~]$ udocker pull collabora/code
Downloading layer: sha256:7595c8c21622ea8a8b9778972e26dbbe063f7a1c4b0a28a80a34ebb3d343b586
Downloading layer: sha256:d13af8ca898f36af68711cb67c345f65046a78ccd802453f4b129adf9205b1f8
Downloading layer: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
[isabell@stardust ~]$ udocker create --name=collabora-code collabora/code
[isabell@stardust ~]$


The output of the second command is the UUID of the container named collabora-code. If you leave out the --name flag, you must later use the UUID instead.


First, configure udocker to use fakechroot instead of proot:

[isabell@stardust ~]$ udocker setup --execmode=F1 collabora-code
[isabell@stardust ~]$


By default, udocker uses proot to fake chroot. However, proot does not support real multi-threading and leads to a noticeable lag when editing documents. An overview of the execution modes of udocker can be found in the udocker manual.

Configure webserver


The LibreOffice web server is running on port 9980.

To make the application accessible from the outside, configure a web backend:

[isabell@stardust ~]$ uberspace web backend set / --http --port <port>
Set backend for / to port <port>; please make sure something is listening!
You can always check the status of your backend using "uberspace web backend list".
[isabell@stardust ~]$

If you want to embed LibreOffice in a website served from a domain or port other than, such as a Nextcloud at, you must change the web headers. This is necessary because Uberspace sets X-Frame-Options: SAMEORIGIN by default, which allows embedding only in websites served from the same domain and port.

[isabell@stardust ~]$ uberspace web header suppress X-Frame-Options
[isabell@stardust ~]$

Configuration file

There is a configuration file $HOME/.udocker/containers/collabora-code/ROOT/etc/loolwsd/loolwsd.xml, which contains also explanations of the configuration options. But since some options cannot be set there, in this guide configuration is done via the commandline.

Documentation about the commandline and environment options is available in the docker setup instructions by Collabora.

Setup daemon

Create a service definition file $HOME/etc/services.d/libreoffice.ini and set the file permissions (it will contain a password):

[isabell@stardust ~]$ touch $HOME/etc/services.d/libreoffice.ini
[isabell@stardust ~]$ chmod 0600 $HOME/etc/services.d/libreoffice.ini

Open the file and insert the following content:

    ,dictionaries="de_DE en_GB en_US"
    ,password="<my super secret password>"
command=bash -c '\
    %(ENV_HOME)s/bin/udocker run \
    --user="$(jq -r .container_config.User \
                 < %(ENV_HOME)s/.udocker/containers/"$container"/container.json)" \
    --env=DONT_GEN_SSL_CERT=1 \
    --workdir=/ \
    --env=domain="$(echo "$fileserver" | sed "s/\./\\\\./g")" \
    --env=username="$username" --env=password="$password" \
    --env=dictionaries="$dictionaries" \
    --env="extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:security.capabilities=false $extra_params" \
    "$container" \


  • Replace <my super secret password>. This will be the password for the admin console.


  • You can configure the service via the environment variables (highlighted!).

  • Multiple file server domains can be separated by |.

  • By default, LibreOffice assumes the file server to be a WOPI host.

  • If you setup the web backend to a subpath of the document root, you must also set --o:net.service_root=<subpath> in extra_params.

  • Options given as extra_params override options from the config file. The tags <ssl><enable>true</enable></ssl> in the config file have the same meaning as --o:ssl.enable=true passed on the command line. The set of options given in the example startup script is the minimal required one for the service to run without root capabilities and to let web backends handle TLS.

After creating the configuration, tell supervisord to refresh its configuration and start the service:

[isabell@stardust ~]$ supervisorctl reread
SERVICE: available
[isabell@stardust ~]$ supervisorctl update
SERVICE: added process group
[isabell@stardust ~]$ supervisorctl status
SERVICE                            RUNNING   pid 26020, uptime 0:03:14
[isabell@stardust ~]$

Test and use the service

Run on the command line:

[isabell@stardust ~]$ curl -k
[isabell@stardust ~]$

If you get an OK the service is running and can be accessed.

Now you can navigate to to try out the admin console. You can also configure your file host at to use your libreoffice installation.

Best practices

When you have a settled installation and don’t regularly build new containers from the same image, clean up images using udocker rmi. You don’t need the image when the container is built.


  • Unlike Docker, the processes started by udocker with fakechroot are not isolated. This is less secure than using native Docker.

  • Set restrictive HTTP web headers such as

  • Content-Security-Policy: frame-ancestors 'self' at

  • Content-Security-Policy: child-src 'self' at

  • LibreOffice only allows the configured domain as a file host, but it does not check the path. Hence it is advisable to have only the file host accessible under the given domain.


Some performance statistics can be viewed in the admin console. To tune it, you can set additional configuration options, for example


which sets the maximal percentage of memory consumed by LibreOffice, after which idle documents are cleaned up. Set it to a value below the 1.5 GB limit of your Uberspace, e.g. 5.0,


the number of threads one document renderer may use. An Uberspace has plenty of cpus, so you can set this to a higher value, e.g. 10, if you edit only few different documents simultaneously.


Watch the logs:

[isabell@stardust ~]$ supervisorctl tail -f libreoffice stderr
[isabell@stardust ~]$
  • I restarted the service, but it keeps dying, because it cannot listen at the port. Sometimes the old instance doesn’t shut down correctly, especially if aborted while starting. Kill it in htop.

Other trouble? Mail the author, post under an existing issue or create an issue on GitHub.



Check the CODE feed regularly to stay informed about the newest version of CODE. Unfortunately, there is no automatic way to get informed about docker image updates.

To update, for example to CODE version 6.5, run the following:

[isabell@stardust ~]$ udocker pull collabora/code
[isabell@stardust ~]$ udocker create --name=collabora-code-65 collabora/code
[isabell@stardust ~]$ udocker setup --execmode=F1 collabora-code-65
[isabell@stardust ~]$

Now update the variable container in the service definition $HOME/etc/services.d/libreoffice.ini and run supervisorctl reread && supervisorctl update.

Check the logs, and if anything went wrong, you can still change back container in the service definition to run the old version.

If everything is fine, you can delete the old container:

[isabell@stardust ~]$ udocker rm collabora-code
[isabell@stardust ~]$

Tested with LibreOffice Online 2020-09-08, CODE, udocker 1.1.4, on Uberspace 7.9.0, connected to a Nextcloud 19.0.7 with the app Collabora Online 3.7.14.

Written by: jorsn <>