From f3902f9b1f62aff52827799c4fe8a353e6d22ec3 Mon Sep 17 00:00:00 2001
From: Chris Adam <chris.adam@imio.be>
Date: Fri, 11 Jul 2025 16:12:27 +0200
Subject: [PATCH] Added collabora compatibility

---
 dev.cfg                         |   3 +
 docker/coolwsd.xml              | 364 +++++++++++++
 docker/docker-compose.yaml      |  91 ++++
 docker/nginx/fastcgi.conf       |  26 +
 docker/nginx/mime.types         | 901 ++++++++++++++++++++++++++++++++
 docker/nginx/nginx.conf         | 110 ++++
 docker/nginx/sites/plone61.conf |  66 +++
 docker/nginx/uwsgi_params       |  17 +
 sources-base.cfg                |   2 +-
 sources.cfg                     |   8 +-
 versions-dev.cfg                |   4 +
 11 files changed, 1587 insertions(+), 5 deletions(-)
 create mode 100644 docker/coolwsd.xml
 create mode 100644 docker/docker-compose.yaml
 create mode 100644 docker/nginx/fastcgi.conf
 create mode 100644 docker/nginx/mime.types
 create mode 100644 docker/nginx/nginx.conf
 create mode 100644 docker/nginx/sites/plone61.conf
 create mode 100644 docker/nginx/uwsgi_params

diff --git a/dev.cfg b/dev.cfg
index a04761f..65a74b3 100644
--- a/dev.cfg
+++ b/dev.cfg
@@ -18,6 +18,7 @@ auto-checkout +=
     collective.behavior.talcondition
     collective.classification.folder
     collective.classification.tree
+    collective.collabora
     collective.compoundcriterion
     collective.contact.core
     collective.contact.contactlist
@@ -95,12 +96,14 @@ eggs +=
     Products.Clouseau
 #    Products.PDBDebugMode
     Products.PrintingMailHost
+    collective.collabora
     collective.wfautodoc
 #    imio.restapi
     plone.app.workflowmanager
     wildcard.fixpersistentutilities
 
 zcml +=
+    collective.collabora
     ${debug:zcml}
 
 zope-conf-additional +=
diff --git a/docker/coolwsd.xml b/docker/coolwsd.xml
new file mode 100644
index 0000000..3dbdac5
--- /dev/null
+++ b/docker/coolwsd.xml
@@ -0,0 +1,364 @@
+<!-- -*- nxml-child-indent: 4; tab-width: 4; indent-tabs-mode: nil -*- -->
+<config>
+
+    <!-- For more detailed documentation on typical configuration options please see:
+         https://sdk.collaboraonline.com/docs/installation/Configuration.html -->
+
+    <!-- Note: 'default' attributes are used to document a setting's default value as well as to use as fallback. -->
+    <!-- Note: When adding a new entry, a default must be set in WSD in case the entry is missing upon deployment. -->
+
+    <accessibility desc="Accessibility settings">
+        <enable type="bool" desc="Controls whether accessibility support should be enabled or not." default="false">false</enable>
+    </accessibility>
+
+    <allowed_languages desc="List of supported languages of Writing Aids (spell checker, grammar checker, thesaurus, hyphenation) on this instance. Allowing too many has negative effect on startup performance." default="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru">de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</allowed_languages>
+
+    <!--
+        These are the settings of external (remote) spellchecker and grammar checker services. Currently LanguageTool and Duden Korrekturserver APIs are supported, you can
+        set either of them. By default they are disabled. To turn the support on, please set "enabled" property to true. It works with self hosted or cloud services, free
+        and premium as well. The "base_url" may be https://api.languagetoolplus.com/v2 if the cloud version of LanguageTool is used. Please note that your data in the
+        document e.g. the text part of it will be sent to the cloud API. Please read the respective privacy policies, e.g. https://languagetool.org/legal/privacy.
+    -->
+    <languagetool desc="Remote API settings for spell and grammar checking">
+        <enabled desc="Enable Remote Spell and Grammar Checker" type="bool" default="false"></enabled>
+        <base_url desc="HTTP endpoint for the API server, without /check or /languages postfix at the end." type="string" default=""></base_url>
+        <user_name desc="LanguageTool or Duden account username for premium usage." type="string" default=""></user_name>
+        <api_key desc="API key provided by LanguageTool or Duden account for premium usage." type="string" default=""></api_key>
+        <ssl_verification desc="Enable or disable SSL verification. You may have to disable it in test environments with self-signed certificates." type="string" default="true"></ssl_verification>
+        <rest_protocol desc="REST API protocol. For LanguageTool leave it blank, for Duden Korrekturserver use the string 'duden'." type="string" default=""></rest_protocol>
+    </languagetool>
+
+    <deepl desc="DeepL API settings for translation service">
+        <enabled desc="If true, shows translate option as a menu entry in the compact view and as an icon in the tabbed view." type="bool" default="false">false</enabled>
+        <api_url desc="URL for the API" type="string" default=""></api_url>
+        <auth_key desc="Auth Key generated by your account" type="string" default=""></auth_key>
+    </deepl>
+
+    <sys_template_path desc="Path to a template tree with shared libraries etc to be used as source for chroot jails for child processes." type="path" relative="true" default="systemplate"></sys_template_path>
+    <child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>
+    <mount_jail_tree desc="Controls whether the systemplate and lotemplate contents are mounted or not, which is much faster than the default of linking/copying each file." type="bool" default="true"></mount_jail_tree>
+
+    <server_name desc="External hostname:port of the server running coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default=""></server_name>
+    <file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing cool." type="path" relative="true" default="browser/../"></file_server_root_path>
+    <hexify_embedded_urls desc="Enable to protect encoded URLs from getting decoded by intermediate hops. Particularly useful on Azure deployments" type="bool" default="false"></hexify_embedded_urls>
+    <experimental_features desc="Enable/Disable experimental features" type="bool" default="true">true</experimental_features>
+
+    <memproportion desc="The maximum percentage of available memory consumed by all of the Collabora Online Development Edition processes, after which we start cleaning up idle documents. If cgroup memory limits are set, this is the maximum percentage of that limit to consume." type="double" default="80.0"></memproportion>
+    <num_prespawn_children desc="Number of child processes to keep started in advance and waiting for new clients." type="uint" default="4">4</num_prespawn_children>
+    <!-- <fetch_update_check desc="Every number of hours will fetch latest version data. Defaults to 10 hours." type="uint" default="10">10</fetch_update_check> -->
+    <!-- <allow_update_popup desc="Allows notification about an update in the editor" type="bool" default="true">true</allow_update_popup> -->
+    <per_document desc="Document-specific settings, including LO Core settings.">
+        <max_concurrency desc="The maximum number of threads to use while processing a document." type="uint" default="4">4</max_concurrency>
+        <batch_priority desc="A (lower) priority for use by batch eg. convert-to processes to avoid starving interactive ones" type="uint" default="5">5</batch_priority>
+        <bgsave_priority desc="A (lower) priority for use by background save processes to free time for interactive ones" type="uint" default="5">5</bgsave_priority>
+        <redlining_as_comments desc="If true show red-lines as comments" type="bool" default="false">false</redlining_as_comments>
+        <pdf_resolution_dpi desc="The resolution, in DPI, used to render PDF documents as image. Memory consumption grows proportionally. Must be a positive value less than 385. Defaults to 96." type="uint" default="96">96</pdf_resolution_dpi>
+        <idle_timeout_secs desc="The maximum number of seconds before unloading an idle document. Defaults to 1 hour." type="uint" default="3600">3600</idle_timeout_secs>
+        <idlesave_duration_secs desc="The number of idle seconds after which document, if modified, should be saved. Disabled when 0. Defaults to 30 seconds." type="uint" default="30">30</idlesave_duration_secs>
+        <autosave_duration_secs desc="The number of seconds after which document, if modified, should be saved. Disabled when 0. Defaults to 5 minutes." type="uint" default="300">300</autosave_duration_secs>
+        <background_autosave desc="Allow auto-saves to occur in a forked background process where possible." type="bool" default="true">true</background_autosave>
+        <background_manualsave desc="Allow manual save to occur in a forked background process where possible" type="bool" default="true">true</background_manualsave>
+        <always_save_on_exit desc="On exiting the last editor, always perform a save and upload if the document had been modified. This is to allow the storage to store the document, if it had skipped doing so, previously, as an optimization." type="bool" default="false">false</always_save_on_exit>
+        <limit_virt_mem_mb desc="The maximum virtual memory allowed to each document process. 0 for unlimited." type="uint">0</limit_virt_mem_mb>
+        <limit_stack_mem_kb desc="The maximum stack size allowed to each document process. 0 for unlimited." type="uint">8000</limit_stack_mem_kb>
+        <limit_file_size_mb desc="The maximum file size allowed to each document process to write. 0 for unlimited." type="uint">0</limit_file_size_mb>
+        <limit_num_open_files desc="The maximum number of files allowed to each document process to open. 0 for unlimited." type="uint">0</limit_num_open_files>
+        <limit_load_secs desc="Maximum number of seconds to wait for a document load to succeed. 0 for unlimited." type="uint" default="100">100</limit_load_secs>
+        <limit_store_failures desc="Maximum number of consecutive save-and-upload to storage failures when unloading the document. 0 for unlimited (not recommended)." type="uint" default="5">5</limit_store_failures>
+        <limit_convert_secs desc="Maximum number of seconds to wait for a document conversion to succeed. 0 for unlimited." type="uint" default="100">100</limit_convert_secs>
+        <min_time_between_saves_ms desc="Minimum number of milliseconds between saving the document on disk." type="uint" default="500">500</min_time_between_saves_ms>
+        <min_time_between_uploads_ms desc="Minimum number of milliseconds between uploading the document to storage." type="uint" default="5000">5000</min_time_between_uploads_ms>
+        <cleanup desc="Checks for resource consuming (bad) documents and kills associated kit process. A document is considered resource consuming (bad) if is in idle state for idle_time_secs period and memory usage passed limit_dirty_mem_mb or CPU usage passed limit_cpu_per" enable="true">
+            <cleanup_interval_ms desc="Interval between two checks" type="uint" default="10000">10000</cleanup_interval_ms>
+            <bad_behavior_period_secs desc="Minimum time period for a document to be in bad state before associated kit process is killed. If in this period the condition for bad document is not met once then this period is reset" type="uint" default="60">60</bad_behavior_period_secs>
+            <idle_time_secs desc="Minimum idle time for a document to be candidate for bad state" type="uint" default="300">300</idle_time_secs>
+            <limit_dirty_mem_mb desc="Minimum memory usage for a document to be candidate for bad state" type="uint" default="3072">3072</limit_dirty_mem_mb>
+            <limit_cpu_per desc="Minimum CPU usage for a document to be candidate for bad state" type="uint" default="85">85</limit_cpu_per>
+            <lost_kit_grace_period_secs desc="The minimum grace period for a lost kit process (not referenced by coolwsd) to resolve its lost status before it is terminated. To disable the cleanup of lost kits use value 0" default="120">120</lost_kit_grace_period_secs>
+        </cleanup>
+    </per_document>
+
+    <per_view desc="View-specific settings.">
+        <out_of_focus_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the browser tab is no longer in focus. Defaults to 300 seconds." type="uint" default="300">300</out_of_focus_timeout_secs>
+        <idle_timeout_secs desc="The maximum number of seconds before dimming and stopping updates when the user is no longer active (even if the browser is in focus). Defaults to 15 minutes." type="uint" default="900">900</idle_timeout_secs>
+        <custom_os_info desc="Custom string shown as OS version in About dialog, get from system if empty." type="string" default=""></custom_os_info>
+        <min_saved_message_timeout_secs type="uint" desc="The minimum number of seconds before the last modified message is being displayed." default="6">6</min_saved_message_timeout_secs>
+    </per_view>
+
+    <ver_suffix desc="Appended to etags to allow easy refresh of changed files during development" type="string" default=""></ver_suffix>
+
+    <logging>
+        <color type="bool">true</color>
+        <!--
+             Note to developers: When you do "make run", the logging.level will be set on the
+             coolwsd command line, so if you want to change it for your testing, do it in
+             Makefile.am, not here.
+        -->
+        <level type="string" desc="Can be 0-8 (with the lowest numbers being the least verbose), or none (turns off logging), fatal, critical, error, warning, notice, information, debug, trace" default="warning">warning</level>
+        <level_startup type="string" desc="As for level - but for the initial startup phase which is most problematic, logging reverts to level configured above when startup is complete" default="trace">trace</level_startup>
+        <disabled_areas type="string" desc="High verbosity logging ie. info to trace are disable-able, comma separated: Generic, Pixel, Socket, WebSocket, Http, WebServer, Storage, WOPI, Admin, Javascript" default="Socket,WebSocket,Admin">Socket,WebSocket,Admin,Pixel</disabled_areas>
+        <most_verbose_level_settable_from_client type="string" desc="A loggingleveloverride message from the client can not set a more verbose log level than this" default="notice">notice</most_verbose_level_settable_from_client>
+        <least_verbose_level_settable_from_client type="string" desc="A loggingleveloverride message from a client can not set a less verbose log level than this" default="fatal">fatal</least_verbose_level_settable_from_client>
+        <protocol type="bool" desc="Enable minimal client-site JS protocol logging from the start">false</protocol>
+        <!-- lokit_sal_log example: Log WebDAV-related messages, that is interesting for debugging Insert - Image operation: "+TIMESTAMP+INFO.ucb.ucp.webdav+WARN.ucb.ucp.webdav"
+             See also: https://docs.libreoffice.org/sal/html/sal_log.html -->
+        <lokit_sal_log type="string" desc="Fine tune log messages from LOKit. Default is to suppress log messages from LOKit." default="-INFO-WARN">-INFO-WARN</lokit_sal_log>
+        <file enable="false">
+            <!-- If you use other path than /var/log and you run coolwsd from systemd, make sure that you enable that path in coolwsd.service (ReadWritePaths). -->
+            <property name="path" desc="Log file path.">/var/log/coolwsd.log</property>
+            <property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property>
+            <property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property>
+            <property name="compress" desc="Enable/disable log file compression.">true</property>
+            <property name="purgeAge" desc="The maximum age of log files to preserve. See Poco FileChannel.">10 days</property>
+            <property name="purgeCount" desc="The maximum number of log archives to preserve. Use 'none' to disable purging. See Poco FileChannel.">10</property>
+            <property name="rotateOnOpen" desc="Enable/disable log file rotation on opening.">true</property>
+            <property name="flush" desc="Enable/disable flushing after logging each line. May harm performance. Note that without flushing after each line, the log lines from the different processes will not appear in chronological order.">false</property>
+        </file>
+        <anonymize>
+            <anonymize_user_data type="bool" desc="Enable to anonymize/obfuscate of user-data in logs. If default is true, it was forced at compile-time and cannot be disabled." default="false">false</anonymize_user_data>
+            <anonymization_salt type="uint" desc="The salt used to anonymize/obfuscate user-data in logs. Use a secret 64-bit random number." default="82589933">82589933</anonymization_salt>
+        </anonymize>
+        <docstats type="bool" desc="Enable to see document handling information in logs." default="false">false</docstats>
+        <userstats desc="Enable user stats. i.e: logs the details of a file and user" type="bool" default="false">false</userstats>
+        <disable_server_audit type="bool" desc="Disabled server audit dialog and notification. Admin will no longer see warnings in the application user interface. This doesn't affect log file." default="false">false</disable_server_audit>
+    </logging>
+
+    <!--
+         Note to developers: When you do "make run", the trace_event[@enable] will be set on the
+         coolwsd command line, so if you want to change it for your testing, do it in Makefile.am,
+         not here.
+    -->
+    <trace_event desc="The possibility to turn on generation of a Chrome Trace Event file" enable="false">
+        <path desc="Output path for the Trace Event file, to which they will be written if turned on at run-time" type="string" default="/var/log/coolwsd.trace.json">/var/log/coolwsd.trace.json</path>
+    </trace_event>
+
+    <browser_logging desc="Logging in the browser console" default="false">false</browser_logging>
+
+    <trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="false">
+        <path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/cooltrace-%.gz" compress="true" snapshot="false"></path>
+        <filter>
+            <message desc="Regex pattern of messages to exclude"></message>
+        </filter>
+        <outgoing>
+            <record desc="Whether or not to record outgoing messages" default="false">false</record>
+        </outgoing>
+    </trace>
+
+    <net desc="Network settings">
+      <!-- On systems where localhost resolves to IPv6 [::1] address first, when net.proto is all and net.listen is loopback, coolwsd unexpectedly listens on [::1] only.
+           You need to change net.proto to IPv4, if you want to use 127.0.0.1. -->
+      <proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto>
+      <listen type="string" default="any" desc="Listen address that coolwsd binds to. Can be 'any' or 'loopback'.">any</listen>
+      <!-- this allows you to shift all of our URLs into a sub-path from
+           https://my.com/browser/a123... to https://my.com/my/sub/path/browser/a123... -->
+      <service_root type="path" default="" desc="Prefix all the pages, websockets, etc. with this path.">/collabora</service_root>
+      <post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
+        <host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>
+        <host desc="Ditto, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
+        <host desc="The IPv6 loopback (localhost) address.">::1</host>
+        <host desc="The IPv4 private 172.16.0.0/12 subnet part 1.">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="The IPv4 private 172.16.0.0/12 subnet part 2.">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="The IPv4 private 172.16.0.0/12 subnet part 3.">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="The IPv4 private 10.0.0.0/8 subnet (Podman).">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
+      </post_allow>
+      <lok_allow desc="Allowed hosts as an external data source inside edited files. All allowed post_allow.host and storage.wopi entries are also considered to be allowed as a data source. Used for example in: PostMessage Action_InsertGraphics, =WEBSERVICE() function, external reference in the cell.">
+        <host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>
+        <host desc="Ditto, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
+        <host desc="The IPv6 loopback (localhost) address.">::1</host>
+        <host desc="The IPv4 private 172.16.0.0/12 subnet part 1.">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="The IPv4 private 172.16.0.0/12 subnet part 2.">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="The IPv4 private 172.16.0.0/12 subnet part 3.">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="The IPv4 private 10.0.0.0/8 subnet (Podman).">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
+        <host desc="Localhost access by name">localhost</host>
+      </lok_allow>
+      <content_security_policy desc="Customize the CSP header by specifying one or more policy-directive, separated by semicolons. See w3.org/TR/CSP2"></content_security_policy>
+      <frame_ancestors desc="OBSOLETE: Use content_security_policy. Specify who is allowed to embed the Collabora Online iframe (coolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
+      <connection_timeout_secs desc="Specifies the connection, send, recv timeout in seconds for connections initiated by coolwsd (such as WOPI connections)." type="int" default="30"></connection_timeout_secs>
+
+      <!-- this setting radically changes how online works, it should not be used in a production environment -->
+      <proxy_prefix type="bool" default="false" desc="Enable a ProxyPrefix to be passed int through which to redirect requests"></proxy_prefix>
+    </net>
+
+    <ssl desc="SSL settings">
+        <!-- switches from https:// + wss:// to http:// + ws:// -->
+        <enable type="bool" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">true</enable>
+        <!-- SSL off-load can be done in a proxy, if so disable SSL, and enable termination below in production -->
+        <termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="false">false</termination>
+        <cert_file_path desc="Path to the cert file" relative="false">/etc/coolwsd/cert.pem</cert_file_path>
+        <key_file_path desc="Path to the key file" relative="false">/etc/coolwsd/key.pem</key_file_path>
+        <ca_file_path desc="Path to the ca file" relative="false">/etc/coolwsd/ca-chain.cert.pem</ca_file_path>
+        <ssl_verification desc="Enable or disable SSL verification of hosts remote to coolwsd. If true SSL verification will be strict, otherwise certs of hosts will not be verified. You may have to disable it in test environments with self-signed certificates." type="string" default="false">false</ssl_verification>
+        <cipher_list desc="List of OpenSSL ciphers to accept" default="ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"></cipher_list>
+        <hpkp desc="Enable HTTP Public key pinning" enable="false" report_only="false">
+            <max_age desc="HPKP's max-age directive - time in seconds browser should remember the pins" enable="true">1000</max_age>
+            <report_uri desc="HPKP's report-uri directive - pin validation failure are reported at this URL" enable="false"></report_uri>
+            <pins desc="Base64 encoded SPKI fingerprints of keys to be pinned">
+            <pin></pin>
+            </pins>
+        </hpkp>
+        <sts desc="Strict-Transport-Security settings, per rfc6797. Subdomains are always included.">
+            <enabled desc="Whether or not Strict-Transport-Security is enabled. Enable only when ready for production. Cannot be disabled without resetting the browsers." type="bool" default="false">false</enabled>
+            <max_age desc="Strict-Transport-Security max-age directive, in seconds. 0 is allowed; please see rfc6797 for details. Defaults to 1 year." type="int" default="31536000">31536000</max_age>
+        </sts>
+    </ssl>
+
+    <security desc="Altering these defaults potentially opens you to significant risk">
+      <seccomp desc="Should we use the seccomp system call filtering." type="bool" default="true">true</seccomp>
+
+      <!-- deprecated: If capabilities is 'false', coolwsd will assume mount_namespaces of 'true' to achieve
+           this goal, only avoiding chroot for process isolation if linux namespaces are unavailable -->
+      <capabilities desc="Should we require capabilities to isolate processes into chroot jails" type="bool" default="true">true</capabilities>
+
+      <jwt_expiry_secs desc="Time in seconds before the Admin Console's JWT token expires" type="int" default="1800">1800</jwt_expiry_secs>
+      <enable_macros_execution desc="Specifies whether the macro execution is enabled in general. This will enable Basic and Python scripts to execute both installed and from documents. If it is set to false, the macro_security_level is ignored. If it is set to true, the mentioned entry specified the level of macro security." type="bool" default="false">false</enable_macros_execution>
+      <macro_security_level desc="Level of Macro security. 1 (Medium) Confirmation required before executing macros from untrusted sources. 0 (Low, not recommended) All macros will be executed without confirmation." type="int" default="1">1</macro_security_level>
+      <enable_websocket_urp desc="Should we enable URP (UNO remote protocol) communication over the websocket. This allows full control of the Kit child server to anyone with access to the websocket including executing macros without confirmation or running arbitrary shell commands in the jail." type="bool" default="false">false</enable_websocket_urp>
+      <enable_metrics_unauthenticated desc="When enabled, the /cool/getMetrics endpoint will not require authentication." type="bool" default="false">false</enable_metrics_unauthenticated>
+    </security>
+
+    <certificates>
+      <database_path type="string" desc="Path to the NSS certificates that are available to all users" default=""></database_path>
+    </certificates>
+
+    <watermark>
+      <opacity desc="Opacity of on-screen watermark from 0.0 to 1.0" type="double" default="0.2"></opacity>
+      <text desc="Watermark text to be displayed on the document if entered" type="string"></text>
+    </watermark>
+
+
+    <user_interface>
+      <mode type="string" desc="Controls the user interface style. The 'default' means: Take the value from ui_defaults, or decide for one of compact or tabbed (default|compact|tabbed)" default="default">default</mode>
+      <use_integration_theme desc="Use theme from the integrator" type="bool" default="true">true</use_integration_theme>
+      <statusbar_save_indicator desc="Show saving status indicator in the statusbar" type="bool" default="true">true</statusbar_save_indicator>
+    </user_interface>
+
+    <storage desc="Backend storage">
+        <filesystem allow="false" />
+        <wopi desc="Allow/deny wopi storage." allow="true">
+            <max_file_size desc="Maximum document size in bytes to load. 0 for unlimited." type="uint">0</max_file_size>
+            <locking desc="Locking settings">
+                <refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
+            </locking>
+
+            <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="first">
+            <!-- If you need to use multiple wopi hosts, please change the mode to "groups" and
+                    add the hosts below.  If one host is accessible under multiple ip addresses
+                    or names, add them as aliases. -->
+            <!--<group>
+                    <host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>
+                    <alias desc="regex pattern of aliasname">scheme://aliasname1:port</alias>
+                    <alias desc="regex pattern of aliasname">scheme://aliasname2:port</alias>
+                    
+            </group>-->
+            <!-- More "group"s possible here -->
+            </alias_groups>
+
+            <is_legacy_server desc="Set to true for legacy server that need deprecated headers." type="bool" default="false"></is_legacy_server>
+        </wopi>
+        <ssl desc="SSL settings">
+            <as_scheme type="bool" default="true" desc="When set we exclusively use the WOPI URI's scheme to enable SSL for storage">true</as_scheme>
+            <enable type="bool" desc="If as_scheme is false or not set, this can be set to force SSL encryption between storage and coolwsd. When empty this defaults to following the ssl.enable setting"></enable>
+            <cert_file_path desc="Path to the cert file. When empty this defaults to following the ssl.cert_file_path setting" relative="false"></cert_file_path>
+            <key_file_path desc="Path to the key file. When empty this defaults to following the ssl.key_file_path setting" relative="false"></key_file_path>
+            <ca_file_path desc="Path to the ca file. When empty this defaults to following the ssl.ca_file_path setting" relative="false"></ca_file_path>
+            <cipher_list desc="List of OpenSSL ciphers to accept. If empty the defaults are used. These can be overridden only if absolutely needed."></cipher_list>
+        </ssl>
+    </storage>
+
+    <admin_console desc="Web admin console settings.">
+        <enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
+        <enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
+        <username desc="The username of the admin console. Ignored if PAM is enabled."></username>
+        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password."></password>
+        <logging desc="Log admin activities irrespective of logging.level">
+            <admin_login desc="log when an admin logged into the console" type="bool" default="true">true</admin_login>
+            <metrics_fetch desc="log when metrics endpoint is accessed and metrics endpoint authentication is enabled" type="bool" default="true">true</metrics_fetch>
+            <monitor_connect desc="log when external monitor gets connected" type="bool" default="true">true</monitor_connect>
+            <admin_action desc="log when admin does some action for example killing a process" type="bool" default="true">true</admin_action>
+        </logging>
+    </admin_console>
+
+    <monitors desc="Addresses of servers we connect to on start for monitoring">
+        <!-- <monitor desc="Address of the monitor and interval after which it should try reconnecting after disconnect" retryInterval="20">wss://foobar:234/ws</monitor> -->
+    </monitors>
+
+    <quarantine_files desc="Files are stored here to be examined later in cases of crashes or similar situation." default="false" enable="false">
+        <limit_dir_size_mb desc="Maximum directory size, in MBs. On exceeding the specified limit, older files will be deleted." default="250" type="uint"></limit_dir_size_mb>
+        <max_versions_to_maintain desc="How many versions of the same file to keep." default="5" type="uint"></max_versions_to_maintain>
+        <path desc="Absolute path of the directory under which quarantined files will be stored. Do not use a relative path." type="path" relative="false"></path>
+        <expiry_min desc="Time in mins after quarantined files will be deleted." type="int" default="3000"></expiry_min>
+    </quarantine_files>
+
+    <extra_export_formats desc="Enable various extra export formats for additional compatibility. Note that disabling options here *only* disables them visually: these are all 'safe' to export, it might just be undesirable to show them, so you can't disable exporting these server-side">
+        <impress_swf desc="Enable exporting Adobe flash .swf files from presentations" type="bool" default="false">false</impress_swf>
+        <impress_bmp desc="Enable exporting .bmp bitmap files from presentation slides" type="bool" default="false">false</impress_bmp>
+        <impress_gif desc="Enable exporting .gif image files from presentation slides" type="bool" default="false">false</impress_gif>
+        <impress_png desc="Enable exporting .png image files from presentation slides" type="bool" default="false">false</impress_png>
+        <impress_svg desc="Enable exporting interactive .svg image files from presentations" type="bool" default="false">false</impress_svg>
+        <impress_tiff desc="Enable exporting .tiff image files from presentation slides" type="bool" default="false">false</impress_tiff>
+    </extra_export_formats>
+
+    <remote_config>
+        <remote_url desc="remote server to which you will send request to get remote config in response" type="string" default=""></remote_url>
+    </remote_config>
+
+    <stop_on_config_change desc="Stop coolwsd whenever config files change." type="bool" default="false">false</stop_on_config_change>
+
+    <remote_font_config>
+        <url desc="URL of optional JSON file that lists fonts to be included in Online" type="string" default=""></url>
+    </remote_font_config>
+
+    <home_mode>
+        <enable desc="Enable more configuration options for home users" type="bool" default="false">false</enable>
+    </home_mode>
+
+    <fonts_missing>
+        <handling desc="How to handle fonts missing in a document: 'report', 'log', 'both', or 'ignore'" type="string" default="log">log</handling>
+    </fonts_missing>
+
+    <indirection_endpoint>
+      <url desc="URL endpoint to server which servers routeToken in json format" default=""></url>
+      <migration_timeout_secs desc="The maximum number of seconds waiting for shutdown migration message from indirection server before unloading an document. Defaults to 180 second." type="uint" default="180"></migration_timeout_secs>
+      <geolocation_setup>
+        <enable desc="Enable geolocation_setup when using indirection server with geolocation configuration" type="bool" default="false">false</enable>
+        <timezone desc="IANA timezone of server. For example: Europe/Berlin "></timezone>
+      </geolocation_setup>
+      <server_name desc="server name to show in cluster overview admin panel" type="string" default=""></server_name>
+    </indirection_endpoint>
+
+    
+
+    
+
+    <zotero desc="Zotero plugin configuration. For more details about Zotero visit https://www.zotero.org/">
+        <enable desc="Enable Zotero plugin." type="bool" default="true">true</enable>
+    </zotero>
+
+    <help_url desc="The Help root URL, or empty for no help (hides the Help buttons)" type="string" default="https://help.collaboraoffice.com/help.html?">https://help.collaboraoffice.com/help.html?</help_url>
+
+    <overwrite_mode>
+        <enable desc="Enable overwrite mode (user can use insert key)" type="bool" default="true">true</enable>
+    </overwrite_mode>
+
+    <wasm desc="WASM-specific settings">
+        <enable desc="Enable WASM support" type="bool" default="false"></enable>
+        <force desc="When enabled, all requests are redirected to WASM." type="bool" default="false"></force>
+    </wasm>
+
+    <document_signing desc="Document signing settings">
+        <enable desc="Enable document signing" type="bool" default="true">true</enable>
+    </document_signing>
+
+</config>
diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml
new file mode 100644
index 0000000..92a377d
--- /dev/null
+++ b/docker/docker-compose.yaml
@@ -0,0 +1,91 @@
+# quaive.app.libreoffice docker-compose file
+# ==========================================
+
+# Have Docker installed:
+# https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository
+#
+# https://stackoverflow.com/questions/48957195/how-to-fix-docker-got-permission-denied-issue
+# $ sudo groupadd docker
+# $ sudo usermod -aG docker $USER
+
+# Run:
+# docker compose up
+# or:
+# docker compose start
+
+# Using a .env file
+# -----------------
+#
+# NOTE: Never check a `.env` file in into a repository!
+#
+# Use a .env file to set some parameters for production use.
+# The available environment variables are:
+# SERVER_PORT:     The port you want to expose the LibreOffice / Collabora
+#                  server to the Docker host.
+#                  Default: `9980`.
+# ADMIN_USER:      The username for the LibreOffice / Collabora admin interface.
+#                  Default: `admin`
+# ADMIN_PASS:      The password for the LibreOffice / Collabora admin interface.
+#                  Default: `admin`
+# SSL_TERMINATION: Enable SSL termination by the LibreOffice / Collabora server
+#                  when proxied by another SSL proxy, like nginx. Should be set
+#                  to `true` in production environments.
+#                  Default: `false`.
+#
+# This is an example `.env` file:
+# ```
+# ADMIN_USER=admin
+# ADMIN_PASS=supersecret
+# SSL_TERMINATION=true
+# SERVER_PORT=9980
+# ```
+
+# Service URLs
+# ------------
+#
+# https://host.docker.internal:9980/hosting/discovery
+# https://host.docker.internal:9980/hosting/capabilities
+# https://host.docker.internal:9980/browser/dist/admin/admin.html
+
+# References
+# ----------
+#
+# - https://hub.docker.com/r/collabora/code/tags
+# - https://sdk.collaboraonline.com/docs/installation/CODE_Docker_image.html
+# - https://sdk.collaboraonline.com/docs/installation/Configuration.html
+
+services:
+
+  collabora:
+    image: collabora/code:latest
+    restart: no
+    container_name: collabora-server
+    volumes:
+      - ./coolwsd.xml/:/etc/coolwsd/coolwsd.xml:ro
+    expose:
+      - 9980
+    ports:
+      - "${SERVER_PORT:-9980}:9980"
+    extra_hosts:
+      # For DEVELOPMENT
+      # host.docker.internal points to the IP of the host and can be used by
+      # other docker containers, to reach collabora via the host. This is
+      # necessary for Collabora to be able to make calls to Plone.
+      - "host.docker.internal:host-gateway"
+    environment:
+      - username=${ADMIN_USER:-admin}
+      - password=${ADMIN_PASS:-admin}
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=${SSL_TERMINATION:-false}
+
+  # This demo nginx is configured to listen on host.docker.internal:80
+  # and to proxy /collabora/* to the collabora server.
+  # This enables accessing collabora on the same hostname and port as Plone,
+  # which means the browser will not activate CORS protections.
+  nginx:
+    image: nginx:1.21
+    restart: no
+    container_name: collabora-nginx
+    volumes:
+      - ./nginx/:/etc/nginx/:ro
+    ports:
+      - 80:80
diff --git a/docker/nginx/fastcgi.conf b/docker/nginx/fastcgi.conf
new file mode 100644
index 0000000..091738c
--- /dev/null
+++ b/docker/nginx/fastcgi.conf
@@ -0,0 +1,26 @@
+
+fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;
diff --git a/docker/nginx/mime.types b/docker/nginx/mime.types
new file mode 100644
index 0000000..2024929
--- /dev/null
+++ b/docker/nginx/mime.types
@@ -0,0 +1,901 @@
+types {
+application/A2L					a2l;
+application/AML					aml;
+application/andrew-inset			ez;
+application/ATF					atf;
+application/ATFX				atfx;
+application/ATXML				atxml;
+application/atom+xml				atom;
+application/atomcat+xml				atomcat;
+application/atomdeleted+xml			atomdeleted;
+application/atomsvc+xml				atomsvc;
+application/auth-policy+xml			apxml;
+application/bacnet-xdd+zip			xdd;
+application/calendar+xml			xcs;
+application/cbor				cbor;
+application/ccmp+xml				ccmp;
+application/ccxml+xml				ccxml;
+application/CDFX+XML				cdfx;
+application/cdmi-capability			cdmia;
+application/cdmi-container			cdmic;
+application/cdmi-domain				cdmid;
+application/cdmi-object				cdmio;
+application/cdmi-queue				cdmiq;
+application/CEA					cea;
+application/cellml+xml				cellml cml;
+application/clue_info+xml			clue;
+application/cms					cmsc;
+application/cpl+xml				cpl;
+application/csrattrs				csrattrs;
+application/dash+xml				mpd;
+application/dashdelta				mpdd;
+application/davmount+xml			davmount;
+application/DCD					dcd;
+application/dicom				dcm;
+application/DII					dii;
+application/DIT					dit;
+application/dskpp+xml				xmls;
+application/dssc+der				dssc;
+application/dssc+xml				xdssc;
+application/dvcs				dvc;
+application/ecmascript				es;
+application/efi					efi;
+application/emma+xml				emma;
+application/emotionml+xml			emotionml;
+application/epub+zip				epub;
+application/exi					exi;
+application/fastinfoset				finf;
+application/fdt+xml				fdt;
+application/font-tdpfr				pfr;
+application/geo+json				geojson;
+application/gml+xml				gml;
+application/gzip				gz tgz;
+application/hyperstudio				stk;
+application/inkml+xml				ink inkml;
+application/ipfix				ipfix;
+application/its+xml				its;
+application/javascript				js;
+application/jrd+json				jrd;
+application/json				json;
+application/json-patch+json			json-patch;
+application/ld+json				jsonld;
+application/lgr+xml				lgr;
+application/link-format				wlnk;
+application/lost+xml				lostxml;
+application/lostsync+xml			lostsyncxml;
+application/LXF					lxf;
+application/mac-binhex40			hqx;
+application/mads+xml				mads;
+application/marc				mrc;
+application/marcxml+xml				mrcx;
+application/mathematica				nb ma mb;
+application/mathml+xml				mml;
+application/mbox				mbox;
+application/metalink4+xml			meta4;
+application/mets+xml				mets;
+application/MF4					mf4;
+application/mods+xml				mods;
+application/mp21				m21 mp21;
+application/msword				doc;
+application/mxf					mxf;
+application/n-quads				nq;
+application/n-triples				nt;
+application/ocsp-request			orq;
+application/ocsp-response			ors;
+application/octet-stream		bin lha lzh exe class so dll img iso;
+application/oda					oda;
+application/ODX					odx;
+application/oebps-package+xml			opf;
+application/ogg					ogx;
+application/oxps				oxps;
+application/p2p-overlay+xml			relo;
+application/pdf					pdf;
+application/PDX					pdx;
+application/pgp-encrypted			pgp;
+application/pgp-signature			sig;
+application/pkcs10				p10;
+application/pkcs12				p12 pfx;
+application/pkcs7-mime				p7m p7c;
+application/pkcs7-signature			p7s;
+application/pkcs8				p8;
+application/pkix-cert				cer;
+application/pkix-crl				crl;
+application/pkix-pkipath			pkipath;
+application/pkixcmp				pki;
+application/pls+xml				pls;
+application/postscript				ps eps ai;
+application/provenance+xml			provx;
+application/prs.cww				cw cww;
+application/prs.hpub+zip			hpub;
+application/prs.nprend				rnd rct;
+application/prs.rdf-xml-crypt			rdf-crypt;
+application/prs.xsf+xml				xsf;
+application/pskc+xml				pskcxml;
+application/rdf+xml				rdf;
+application/reginfo+xml				rif;
+application/relax-ng-compact-syntax		rnc;
+application/resource-lists-diff+xml		rld;
+application/resource-lists+xml			rl;
+application/rfc+xml				rfcxml;
+application/rls-services+xml			rs;
+application/rpki-ghostbusters			gbr;
+application/rpki-manifest			mft;
+application/rpki-roa				roa;
+application/rtf					rtf;
+application/scim+json				scim;
+application/scvp-cv-request			scq;
+application/scvp-cv-response			scs;
+application/scvp-vp-request			spq;
+application/scvp-vp-response			spp;
+application/sdp					sdp;
+application/sgml-open-catalog			soc;
+application/shf+xml				shf;
+application/sieve				siv sieve;
+application/simple-filter+xml			cl;
+application/smil+xml				smil smi sml;
+application/sparql-query			rq;
+application/sparql-results+xml			srx;
+application/sql					sql;
+application/srgs				gram;
+application/srgs+xml				grxml;
+application/sru+xml				sru;
+application/ssml+xml				ssml;
+application/tamp-apex-update			tau;
+application/tamp-apex-update-confirm		auc;
+application/tamp-community-update		tcu;
+application/tamp-community-update-confirm	cuc;
+application/tamp-error				ter;
+application/tamp-sequence-adjust		tsa;
+application/tamp-sequence-adjust-confirm	sac;
+application/tamp-update				tur;
+application/tamp-update-confirm			tuc;
+application/tei+xml				tei teiCorpus odd;
+application/thraud+xml				tfi;
+application/timestamp-query			tsq;
+application/timestamp-reply			tsr;
+application/timestamped-data			tsd;
+application/trig				trig;
+application/ttml+xml				ttml;
+application/urc-grpsheet+xml			gsheet;
+application/urc-ressheet+xml			rsheet;
+application/urc-targetdesc+xml			td;
+application/urc-uisocketdesc+xml		uis;
+application/vnd.3gpp.pic-bw-large		plb;
+application/vnd.3gpp.pic-bw-small		psb;
+application/vnd.3gpp.pic-bw-var			pvb;
+application/vnd.3gpp2.sms			sms;
+application/vnd.3gpp2.tcap			tcap;
+application/vnd.3lightssoftware.imagescal	imgcal;
+application/vnd.3M.Post-it-Notes		pwn;
+application/vnd.accpac.simply.aso		aso;
+application/vnd.accpac.simply.imp		imp;
+application/vnd.acucobol			acu;
+application/vnd.acucorp				atc acutc;
+application/vnd.adobe.flash.movie		swf;
+application/vnd.adobe.formscentral.fcdt		fcdt;
+application/vnd.adobe.fxp			fxp fxpl;
+application/vnd.adobe.xdp+xml			xdp;
+application/vnd.adobe.xfdf			xfdf;
+application/vnd.ahead.space			ahead;
+application/vnd.airzip.filesecure.azf		azf;
+application/vnd.airzip.filesecure.azs		azs;
+application/vnd.amazon.mobi8-ebook		azw3;
+application/vnd.americandynamics.acc		acc;
+application/vnd.amiga.ami			ami;
+application/vnd.anki				apkg;
+application/vnd.anser-web-certificate-issue-initiation	cii;
+application/vnd.anser-web-funds-transfer-initiation	fti;
+application/vnd.apple.installer+xml		dist distz pkg mpkg;
+application/vnd.apple.mpegurl			m3u8;
+application/vnd.aristanetworks.swi		swi;
+application/vnd.astraea-software.iota		iota;
+application/vnd.audiograph			aep;
+application/vnd.autopackage			package;
+application/vnd.balsamiq.bmml+xml		bmml;
+application/vnd.balsamiq.bmpr			bmpr;
+application/vnd.blueice.multipass		mpm;
+application/vnd.bluetooth.ep.oob		ep;
+application/vnd.bluetooth.le.oob		le;
+application/vnd.bmi				bmi;
+application/vnd.businessobjects			rep;
+application/vnd.cendio.thinlinc.clientconf	tlclient;
+application/vnd.chemdraw+xml			cdxml;
+application/vnd.chess-pgn			pgn;
+application/vnd.chipnuts.karaoke-mmd		mmd;
+application/vnd.cinderella			cdy;
+application/vnd.citationstyles.style+xml	csl;
+application/vnd.claymore			cla;
+application/vnd.cloanto.rp9			rp9;
+application/vnd.clonk.c4group			c4g c4d c4f c4p c4u;
+application/vnd.cluetrust.cartomobile-config	c11amc;
+application/vnd.cluetrust.cartomobile-config-pkg	c11amz;
+application/vnd.coffeescript			coffee;
+application/vnd.comicbook+zip			cbz;
+application/vnd.commerce-battelle	ica icf icd ic0 ic1 ic2 ic3 ic4 ic5 ic6 ic7 ic8;
+application/vnd.commonspace			csp cst;
+application/vnd.contact.cmsg			cdbcmsg;
+application/vnd.coreos.ignition+json		ign ignition;
+application/vnd.cosmocaller			cmc;
+application/vnd.crick.clicker			clkx;
+application/vnd.crick.clicker.keyboard		clkk;
+application/vnd.crick.clicker.palette		clkp;
+application/vnd.crick.clicker.template		clkt;
+application/vnd.crick.clicker.wordbank		clkw;
+application/vnd.criticaltools.wbs+xml		wbs;
+application/vnd.ctc-posml			pml;
+application/vnd.cups-ppd			ppd;
+application/vnd.curl				curl;
+application/vnd.dart				dart;
+application/vnd.data-vision.rdz			rdz;
+application/vnd.debian.binary-package		deb udeb;
+application/vnd.dece.data			uvf uvvf uvd uvvd;
+application/vnd.dece.ttml+xml			uvt uvvt;
+application/vnd.dece.unspecified		uvx uvvx;
+application/vnd.dece.zip			uvz uvvz;
+application/vnd.denovo.fcselayout-link		fe_launch;
+application/vnd.desmume.movie			dsm;
+application/vnd.dna				dna;
+application/vnd.document+json			docjson;
+application/vnd.doremir.scorecloud-binary-document	scld;
+application/vnd.dpgraph				dpg mwc dpgraph;
+application/vnd.dreamfactory			dfac;
+application/vnd.dtg.local.flash			fla;
+application/vnd.dvb.ait				ait;
+application/vnd.dvb.service			svc;
+application/vnd.dynageo				geo;
+application/vnd.dzr				dzr;
+application/vnd.ecowin.chart			mag;
+application/vnd.enliven				nml;
+application/vnd.epson.esf			esf;
+application/vnd.epson.msf			msf;
+application/vnd.epson.quickanime		qam;
+application/vnd.epson.salt			slt;
+application/vnd.epson.ssf			ssf;
+application/vnd.ericsson.quickcall		qcall qca;
+application/vnd.espass-espass+zip		espass;
+application/vnd.eszigno3+xml			es3 et3;
+application/vnd.etsi.asic-e+zip			asice sce;
+application/vnd.etsi.asic-s+zip			asics;
+application/vnd.etsi.timestamp-token		tst;
+application/vnd.ezpix-album			ez2;
+application/vnd.ezpix-package			ez3;
+application/vnd.fastcopy-disk-image		dim;
+application/vnd.fdf				fdf;
+application/vnd.fdsn.mseed			msd mseed;
+application/vnd.fdsn.seed			seed dataless;
+application/vnd.filmit.zfc			zfc;
+application/vnd.FloGraphIt			gph;
+application/vnd.fluxtime.clip			ftc;
+application/vnd.font-fontforge-sfd		sfd;
+application/vnd.framemaker			fm;
+application/vnd.frogans.fnc			fnc;
+application/vnd.frogans.ltf			ltf;
+application/vnd.fsc.weblaunch			fsc;
+application/vnd.fujitsu.oasys			oas;
+application/vnd.fujitsu.oasys2			oa2;
+application/vnd.fujitsu.oasys3			oa3;
+application/vnd.fujitsu.oasysgp			fg5;
+application/vnd.fujitsu.oasysprs		bh2;
+application/vnd.fujixerox.ddd			ddd;
+application/vnd.fujixerox.docuworks		xdw;
+application/vnd.fujixerox.docuworks.binder	xbd;
+application/vnd.fujixerox.docuworks.container	xct;
+application/vnd.fuzzysheet			fzs;
+application/vnd.genomatix.tuxedo		txd;
+application/vnd.geocube+xml			g3 g³;
+application/vnd.geogebra.file			ggb;
+application/vnd.geogebra.tool			ggt;
+application/vnd.geometry-explorer		gex gre;
+application/vnd.geonext				gxt;
+application/vnd.geoplan				g2w;
+application/vnd.geospace			g3w;
+application/vnd.gmx				gmx;
+application/vnd.google-earth.kml+xml		kml;
+application/vnd.google-earth.kmz		kmz;
+application/vnd.grafeq				gqf gqs;
+application/vnd.groove-account			gac;
+application/vnd.groove-help			ghf;
+application/vnd.groove-identity-message		gim;
+application/vnd.groove-injector			grv;
+application/vnd.groove-tool-message		gtm;
+application/vnd.groove-tool-template		tpl;
+application/vnd.groove-vcard			vcg;
+application/vnd.hal+xml				hal;
+application/vnd.HandHeld-Entertainment+xml	zmm;
+application/vnd.hbci				hbci hbc kom upa pkd bpd;
+application/vnd.hdt				hdt;
+application/vnd.hhe.lesson-player		les;
+application/vnd.hp-HPGL				hpgl;
+application/vnd.hp-hpid				hpi hpid;
+application/vnd.hp-hps				hps;
+application/vnd.hp-jlyt				jlt;
+application/vnd.hp-PCL				pcl;
+application/vnd.hydrostatix.sof-data		sfd-hdstx;
+application/vnd.hzn-3d-crossword		x3d;
+application/vnd.ibm.electronic-media		emm;
+application/vnd.ibm.MiniPay			mpy;
+application/vnd.ibm.modcap			list3820 listafp afp pseg3820;
+application/vnd.ibm.rights-management		irm;
+application/vnd.ibm.secure-container		sc;
+application/vnd.iccprofile			icc icm;
+application/vnd.ieee.1905			1905.1;
+application/vnd.igloader			igl;
+application/vnd.imagemeter.folder+zip		imf;
+application/vnd.imagemeter.image+zip		imi;
+application/vnd.immervision-ivp			ivp;
+application/vnd.immervision-ivu			ivu;
+application/vnd.ims.imsccv1p1			imscc;
+application/vnd.insors.igm			igm;
+application/vnd.intercon.formnet		xpw xpx;
+application/vnd.intergeo			i2g;
+application/vnd.intu.qbo			qbo;
+application/vnd.intu.qfx			qfx;
+application/vnd.ipunplugged.rcprofile		rcprofile;
+application/vnd.irepository.package+xml		irp;
+application/vnd.is-xpr				xpr;
+application/vnd.isac.fcs			fcs;
+application/vnd.jam				jam;
+application/vnd.jcp.javame.midlet-rms		rms;
+application/vnd.jisp				jisp;
+application/vnd.joost.joda-archive		joda;
+application/vnd.kahootz				ktz ktr;
+application/vnd.kde.karbon			karbon;
+application/vnd.kde.kchart			chrt;
+application/vnd.kde.kformula			kfo;
+application/vnd.kde.kivio			flw;
+application/vnd.kde.kontour			kon;
+application/vnd.kde.kpresenter			kpr kpt;
+application/vnd.kde.kspread			ksp;
+application/vnd.kde.kword			kwd kwt;
+application/vnd.kenameaapp			htke;
+application/vnd.kidspiration			kia;
+application/vnd.Kinar				kne knp sdf;
+application/vnd.koan				skp skd skm skt;
+application/vnd.kodak-descriptor		sse;
+application/vnd.las.las+json			lasjson;
+application/vnd.las.las+xml			lasxml;
+application/vnd.llamagraphics.life-balance.desktop	lbd;
+application/vnd.llamagraphics.life-balance.exchange+xml	lbe;
+application/vnd.lotus-1-2-3			123 wk4 wk3 wk1;
+application/vnd.lotus-approach			apr vew;
+application/vnd.lotus-freelance			prz pre;
+application/vnd.lotus-notes			nsf ntf ndl ns4 ns3 ns2 nsh nsg;
+application/vnd.lotus-organizer			or3 or2 org;
+application/vnd.lotus-screencam			scm;
+application/vnd.lotus-wordpro			lwp sam;
+application/vnd.macports.portpkg		portpkg;
+application/vnd.mapbox-vector-tile		mvt;
+application/vnd.marlin.drm.mdcf			mdc;
+application/vnd.maxmind.maxmind-db		mmdb;
+application/vnd.mcd				mcd;
+application/vnd.medcalcdata			mc1;
+application/vnd.mediastation.cdkey		cdkey;
+application/vnd.MFER				mwf;
+application/vnd.mfmp				mfm;
+application/vnd.micrografx.flo			flo;
+application/vnd.micrografx.igx			igx;
+application/vnd.mif				mif;
+application/vnd.Mobius.DAF			daf;
+application/vnd.Mobius.DIS			dis;
+application/vnd.Mobius.MBK			mbk;
+application/vnd.Mobius.MQY			mqy;
+application/vnd.Mobius.MSL			msl;
+application/vnd.Mobius.PLC			plc;
+application/vnd.Mobius.TXF			txf;
+application/vnd.mophun.application		mpn;
+application/vnd.mophun.certificate		mpc;
+application/vnd.mozilla.xul+xml			xul;
+application/vnd.ms-3mfdocument			3mf;
+application/vnd.ms-artgalry			cil;
+application/vnd.ms-asf				asf;
+application/vnd.ms-cab-compressed		cab;
+application/vnd.ms-excel			xls xlm xla xlc xlt xlw;
+application/vnd.ms-excel.template.macroEnabled.12	xltm;
+application/vnd.ms-excel.addin.macroEnabled.12	xlam;
+application/vnd.ms-excel.sheet.binary.macroEnabled.12	xlsb;
+application/vnd.ms-excel.sheet.macroEnabled.12	xlsm;
+application/vnd.ms-fontobject			eot;
+application/vnd.ms-htmlhelp			chm;
+application/vnd.ms-ims				ims;
+application/vnd.ms-lrm				lrm;
+application/vnd.ms-officetheme			thmx;
+application/vnd.ms-powerpoint			ppt pps pot;
+application/vnd.ms-powerpoint.addin.macroEnabled.12	ppam;
+application/vnd.ms-powerpoint.presentation.macroEnabled.12	pptm;
+application/vnd.ms-powerpoint.slide.macroEnabled.12	sldm;
+application/vnd.ms-powerpoint.slideshow.macroEnabled.12	ppsm;
+application/vnd.ms-powerpoint.template.macroEnabled.12	potm;
+application/vnd.ms-project			mpp mpt;
+application/vnd.ms-tnef				tnef tnf;
+application/vnd.ms-word.document.macroEnabled.12	docm;
+application/vnd.ms-word.template.macroEnabled.12	dotm;
+application/vnd.ms-works			wcm wdb wks wps;
+application/vnd.ms-wpl				wpl;
+application/vnd.ms-xpsdocument			xps;
+application/vnd.msa-disk-image			msa;
+application/vnd.mseq				mseq;
+application/vnd.multiad.creator			crtr;
+application/vnd.multiad.creator.cif		cif;
+application/vnd.musician			mus;
+application/vnd.muvee.style			msty;
+application/vnd.mynfc				taglet;
+application/vnd.nervana				entity request bkm kcm;
+application/vnd.nitf				nitf;
+application/vnd.neurolanguage.nlu		nlu;
+application/vnd.nintendo.nitro.rom		nds;
+application/vnd.nintendo.snes.rom		sfc smc;
+application/vnd.noblenet-directory		nnd;
+application/vnd.noblenet-sealer			nns;
+application/vnd.noblenet-web			nnw;
+application/vnd.nokia.n-gage.ac+xml		ac;
+application/vnd.nokia.n-gage.data		ngdat;
+application/vnd.nokia.n-gage.symbian.install	n-gage;
+application/vnd.nokia.radio-preset		rpst;
+application/vnd.nokia.radio-presets		rpss;
+application/vnd.novadigm.EDM			edm;
+application/vnd.novadigm.EDX			edx;
+application/vnd.novadigm.EXT			ext;
+application/vnd.oasis.opendocument.chart			odc;
+application/vnd.oasis.opendocument.chart-template		otc;
+application/vnd.oasis.opendocument.database			odb;
+application/vnd.oasis.opendocument.formula			odf;
+application/vnd.oasis.opendocument.graphics			odg;
+application/vnd.oasis.opendocument.graphics-template		otg;
+application/vnd.oasis.opendocument.image			odi;
+application/vnd.oasis.opendocument.image-template		oti;
+application/vnd.oasis.opendocument.presentation			odp;
+application/vnd.oasis.opendocument.presentation-template	otp;
+application/vnd.oasis.opendocument.spreadsheet			ods;
+application/vnd.oasis.opendocument.spreadsheet-template		ots;
+application/vnd.oasis.opendocument.text				odt;
+application/vnd.oasis.opendocument.text-master			odm;
+application/vnd.oasis.opendocument.text-template		ott;
+application/vnd.oasis.opendocument.text-web			oth;
+application/vnd.olpc-sugar			xo;
+application/vnd.oma.dd2+xml			dd2;
+application/vnd.onepager			tam;
+application/vnd.onepagertamp			tamp;
+application/vnd.onepagertamx			tamx;
+application/vnd.onepagertat			tat;
+application/vnd.onepagertatp			tatp;
+application/vnd.onepagertatx			tatx;
+application/vnd.openblox.game+xml		obgx;
+application/vnd.openblox.game-binary		obg;
+application/vnd.openeye.oeb			oeb;
+application/vnd.openofficeorg.extension		oxt;
+application/vnd.openstreetmap.data+xml		osm;
+application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
+application/vnd.openxmlformats-officedocument.presentationml.slide	sldx;
+application/vnd.openxmlformats-officedocument.presentationml.slideshow	ppsx;
+application/vnd.openxmlformats-officedocument.presentationml.template	potx;
+application/vnd.openxmlformats-officedocument.spreadsheetml.sheet	xlsx;
+application/vnd.openxmlformats-officedocument.spreadsheetml.template	xltx;
+application/vnd.openxmlformats-officedocument.wordprocessingml.document	docx;
+application/vnd.openxmlformats-officedocument.wordprocessingml.template	dotx;
+application/vnd.osa.netdeploy			ndc;
+application/vnd.osgeo.mapguide.package		mgp;
+application/vnd.osgi.dp				dp;
+application/vnd.osgi.subsystem			esa;
+application/vnd.oxli.countgraph			oxlicg;
+application/vnd.palm				prc pdb pqa oprc;
+application/vnd.panoply				plp;
+application/vnd.pawaafile			paw;
+application/vnd.pg.format		    	str;
+application/vnd.pg.osasli			ei6;
+application/vnd.piaccess.application-license	pil;
+application/vnd.picsel				efif;
+application/vnd.pmi.widget			wg;
+application/vnd.pocketlearn			plf;
+application/vnd.powerbuilder6			pbd;
+application/vnd.preminet			preminet;
+application/vnd.previewsystems.box		box vbox;
+application/vnd.proteus.magazine		mgz;
+application/vnd.publishare-delta-tree		qps;
+application/vnd.pvi.ptid1			ptid;
+application/vnd.qualcomm.brew-app-res		bar;
+application/vnd.Quark.QuarkXPress		qxd qxt qwd qwt qxl qxb;
+application/vnd.quobject-quoxdocument		quox quiz;
+application/vnd.rainstor.data			tree;
+application/vnd.rar				rar;
+application/vnd.realvnc.bed			bed;
+application/vnd.recordare.musicxml		mxl;
+application/vnd.rig.cryptonote			cryptonote;
+application/vnd.route66.link66+xml		link66;
+application/vnd.sailingtracker.track		st;
+application/vnd.scribus				scd sla slaz;
+application/vnd.sealed.3df			s3df;
+application/vnd.sealed.csf			scsf;
+application/vnd.sealed.doc			sdoc sdo s1w;
+application/vnd.sealed.eml			seml sem;
+application/vnd.sealed.mht			smht smh;
+application/vnd.sealed.ppt			sppt s1p;
+application/vnd.sealed.tiff			stif;
+application/vnd.sealed.xls			sxls sxl s1e;
+application/vnd.sealedmedia.softseal.html	stml s1h;
+application/vnd.sealedmedia.softseal.pdf	spdf spd s1a;
+application/vnd.seemail				see;
+application/vnd.sema				sema;
+application/vnd.semd				semd;
+application/vnd.semf				semf;
+application/vnd.shana.informed.formdata		ifm;
+application/vnd.shana.informed.formtemplate	itp;
+application/vnd.shana.informed.interchange	iif;
+application/vnd.shana.informed.package		ipk;
+application/vnd.SimTech-MindMapper		twd twds;
+application/vnd.smaf				mmf;
+application/vnd.smart.notebook			notebook;
+application/vnd.smart.teacher			teacher;
+application/vnd.software602.filler.form+xml	fo;
+application/vnd.software602.filler.form-xml-zip	zfo;
+application/vnd.solent.sdkm+xml			sdkm sdkd;
+application/vnd.spotfire.dxp			dxp;
+application/vnd.spotfire.sfs			sfs;
+application/vnd.stepmania.package		smzip;
+application/vnd.stepmania.stepchart		sm;
+application/vnd.sun.wadl+xml			wadl;
+application/vnd.sus-calendar			sus susp;
+application/vnd.syncml+xml			xsm;
+application/vnd.syncml.dm+wbxml			bdm;
+application/vnd.syncml.dm+xml			xdm;
+application/vnd.syncml.dmddf+xml		ddf;
+application/vnd.tao.intent-module-archive	tao;
+application/vnd.tcpdump.pcap			pcap cap dmp;
+application/vnd.theqvd				qvd;
+application/vnd.tml				vfr viaframe;
+application/vnd.tmobile-livetv			tmo;
+application/vnd.trid.tpt			tpt;
+application/vnd.triscape.mxs			mxs;
+application/vnd.trueapp				tra;
+application/vnd.ufdl				ufdl ufd frm;
+application/vnd.uiq.theme			utz;
+application/vnd.umajin				umj;
+application/vnd.unity				unityweb;
+application/vnd.uoml+xml			uoml uo;
+application/vnd.uri-map				urim urimap;
+application/vnd.valve.source.material		vmt;
+application/vnd.vcx				vcx;
+application/vnd.vd-study			mxi study-inter model-inter;
+application/vnd.vectorworks			vwx;
+application/vnd.vidsoft.vidconference		vsc;
+application/vnd.visio				vsd vst vsw vss;
+application/vnd.visionary			vis;
+application/vnd.vsf				vsf;
+application/vnd.wap.sic				sic;
+application/vnd.wap.slc				slc;
+application/vnd.wap.wbxml			wbxml;
+application/vnd.wap.wmlc			wmlc;
+application/vnd.wap.wmlscriptc			wmlsc;
+application/vnd.webturbo			wtb;
+application/vnd.wfa.p2p				p2p;
+application/vnd.wfa.wsc				wsc;
+application/vnd.wmc				wmc;
+application/vnd.wolfram.mathematica.package	m;
+application/vnd.wolfram.player			nbp;
+application/vnd.wordperfect			wpd;
+application/vnd.wqd				wqd;
+application/vnd.wt.stf				stf;
+application/vnd.wv.csp+wbxml			wv;
+application/vnd.xara				xar;
+application/vnd.xfdl				xfdl xfd;
+application/vnd.xmpie.cpkg			cpkg;
+application/vnd.xmpie.dpkg			dpkg;
+application/vnd.xmpie.ppkg			ppkg;
+application/vnd.xmpie.xlim			xlim;
+application/vnd.yamaha.hv-dic			hvd;
+application/vnd.yamaha.hv-script		hvs;
+application/vnd.yamaha.hv-voice			hvp;
+application/vnd.yamaha.openscoreformat		osf;
+application/vnd.yamaha.smaf-audio		saf;
+application/vnd.yamaha.smaf-phrase		spf;
+application/vnd.yaoweme				yme;
+application/vnd.yellowriver-custom-menu		cmp;
+application/vnd.zul				zir zirz;
+application/vnd.zzazz.deck+xml			zaz;
+application/voicexml+xml			vxml;
+application/watcherinfo+xml			wif;
+application/widget				wgt;
+application/wsdl+xml				wsdl;
+application/wspolicy+xml			wspolicy;
+application/xcap-att+xml			xav;
+application/xcap-caps+xml			xca;
+application/xcap-diff+xml			xdf;
+application/xcap-el+xml				xel;
+application/xcap-error+xml			xer;
+application/xcap-ns+xml				xns;
+application/xhtml+xml				xhtml xhtm xht;
+application/xml-dtd				dtd;
+application/xop+xml				xop;
+application/xslt+xml				xsl xslt;
+application/xv+xml				mxml xhvml xvml xvm;
+application/yang				yang;
+application/yin+xml				yin;
+application/zip					zip;
+audio/32kadpcm					726;
+audio/ac3					ac3;
+audio/AMR					amr;
+audio/AMR-WB					awb;
+audio/asc					acn;
+audio/ATRAC-ADVANCED-LOSSLESS			aal;
+audio/ATRAC-X					atx;
+audio/ATRAC3					at3 aa3 omg;
+audio/basic					au snd;
+audio/dls					dls;
+audio/EVRC					evc;
+audio/EVRCB					evb;
+audio/EVRCNW					enw;
+audio/EVRCWB					evw;
+audio/iLBC					lbc;
+audio/L16					l16;
+audio/mobile-xmf				mxmf;
+audio/mp4					m4a;
+audio/mpeg					mp3 mpga mp1 mp2;
+audio/ogg					oga ogg opus spx;
+audio/prs.sid					sid psid;
+audio/qcelp					qcp;
+audio/SMV					smv;
+audio/vnd.audikoz				koz;
+audio/vnd.dece.audio				uva uvva;
+audio/vnd.digital-winds				eol;
+audio/vnd.dolby.mlp				mlp;
+audio/vnd.dts					dts;
+audio/vnd.dts.hd				dtshd;
+audio/vnd.everad.plj				plj;
+audio/vnd.lucent.voice				lvp;
+audio/vnd.ms-playready.media.pya		pya;
+audio/vnd.nortel.vbk				vbk;
+audio/vnd.nuera.ecelp4800			ecelp4800;
+audio/vnd.nuera.ecelp7470			ecelp7470;
+audio/vnd.nuera.ecelp9600			ecelp9600;
+audio/vnd.rip					rip;
+audio/vnd.sealedmedia.softseal.mpeg		smp3 smp s1m;
+font/collection					ttc;
+font/otf					otf;
+font/ttf					ttf;
+font/woff					woff;
+font/woff2					woff2;
+image/bmp					bmp dib;
+image/cgm					cgm;
+image/dicom-rle					drle;
+image/emf					emf;
+image/fits					fits fit fts;
+image/gif					gif;
+image/ief					ief;
+image/jls					jls;
+image/jp2					jp2 jpg2;
+image/jpeg					jpg jpeg jpe jfif;
+image/jpm					jpm jpgm;
+image/jpx					jpx jpf;
+image/ktx					ktx;
+image/png					png;
+image/prs.btif					btif btf;
+image/prs.pti					pti;
+image/svg+xml					svg svgz;
+image/t38					t38;
+image/tiff					tiff tif;
+image/tiff-fx					tfx;
+image/vnd.adobe.photoshop			psd;
+image/vnd.airzip.accelerator.azv		azv;
+image/vnd.dece.graphic				uvi uvvi uvg uvvg;
+image/vnd.djvu					djvu djv;
+image/vnd.dwg					dwg;
+image/vnd.dxf					dxf;
+image/vnd.fastbidsheet				fbs;
+image/vnd.fpx					fpx;
+image/vnd.fst					fst;
+image/vnd.fujixerox.edmics-mmr			mmr;
+image/vnd.fujixerox.edmics-rlc			rlc;
+image/vnd.globalgraphics.pgb			pgb;
+image/vnd.microsoft.icon			ico;
+image/vnd.mozilla.apng				apng;
+image/vnd.ms-modi				mdi;
+image/vnd.radiance				hdr rgbe xyze;
+image/vnd.sealed.png				spng spn s1n;
+image/vnd.sealedmedia.softseal.gif		sgif sgi s1g;
+image/vnd.sealedmedia.softseal.jpg		sjpg sjp s1j;
+image/vnd.tencent.tap				tap;
+image/vnd.valve.source.texture			vtf;
+image/vnd.wap.wbmp				wbmp;
+image/vnd.xiff					xif;
+image/vnd.zbrush.pcx				pcx;
+image/wmf					wmf;
+message/global					u8msg;
+message/global-delivery-status			u8dsn;
+message/global-disposition-notification		u8mdn;
+message/global-headers				u8hdr;
+message/rfc822					eml mail art;
+model/gltf+json					gltf;
+model/iges					igs iges;
+model/mesh					msh mesh silo;
+model/vnd.collada+xml				dae;
+model/vnd.dwf					dwf;
+model/vnd.gdl					gdl gsm win dor lmp rsm msm ism;
+model/vnd.gtw					gtw;
+model/vnd.moml+xml				moml;
+model/vnd.mts					mts;
+model/vnd.opengex				ogex;
+model/vnd.parasolid.transmit.binary		x_b xmt_bin;
+model/vnd.parasolid.transmit.text		x_t xmt_txt;
+model/vnd.valve.source.compiled-map		bsp;
+model/vnd.vtu					vtu;
+model/vrml					wrl vrml;
+model/x3d+xml					x3db;
+model/x3d-vrml					x3dv x3dvz;
+multipart/vnd.bint.med-plus			bmed;
+multipart/voice-message				vpm;
+text/cache-manifest				appcache manifest;
+text/calendar					ics ifb;
+text/css					css;
+text/csv					csv;
+text/csv-schema					csvs;
+text/dns					soa zone;
+text/html					html htm;
+text/jcr-cnd					cnd;
+text/markdown					markdown md;
+text/mizar					miz;
+text/n3						n3;
+text/plain		txt asc text pm el c h cc hh cxx hxx f90 conf log;
+text/provenance-notation			provn;
+text/prs.fallenstein.rst			rst;
+text/prs.lines.tag				tag dsc;
+text/richtext					rtx;
+text/sgml					sgml sgm;
+text/tab-separated-values			tsv;
+text/troff					t tr roff;
+text/turtle					ttl;
+text/uri-list					uris uri;
+text/vcard					vcf vcard;
+text/vnd.a					a;
+text/vnd.abc					abc;
+text/vnd.ascii-art				ascii;
+text/vnd.debian.copyright			copyright;
+text/vnd.DMClientScript				dms;
+text/vnd.dvb.subtitle				sub;
+text/vnd.esmertec.theme-descriptor		jtd;
+text/vnd.fly					fly;
+text/vnd.fmi.flexstor				flx;
+text/vnd.graphviz				gv dot;
+text/vnd.in3d.3dml				3dml 3dm;
+text/vnd.in3d.spot				spot spo;
+text/vnd.ms-mediapackage			mpf;
+text/vnd.net2phone.commcenter.command		ccc;
+text/vnd.si.uricatalogue			uric;
+text/vnd.sun.j2me.app-descriptor		jad;
+text/vnd.trolltech.linguist			ts;
+text/vnd.wap.si					si;
+text/vnd.wap.sl					sl;
+text/vnd.wap.wml				wml;
+text/vnd.wap.wmlscript				wmls;
+text/xml					xml xsd rng;
+text/xml-external-parsed-entity			ent;
+video/3gpp					3gp 3gpp;
+video/3gpp2					3g2 3gpp2;
+video/iso.segment				m4s;
+video/mj2					mj2 mjp2;
+video/mp4					mp4 mpg4 m4v;
+video/mpeg					mpeg mpg mpe m1v m2v;
+video/ogg					ogv;
+video/quicktime					mov qt;
+video/vnd.dece.hd				uvh uvvh;
+video/vnd.dece.mobile				uvm uvvm;
+video/vnd.dece.mp4				uvu uvvu;
+video/vnd.dece.pd				uvp uvvp;
+video/vnd.dece.sd				uvs uvvs;
+video/vnd.dece.video				uvv uvvv;
+video/vnd.dvb.file				dvb;
+video/vnd.fvt					fvt;
+video/vnd.mpegurl				mxu m4u;
+video/vnd.ms-playready.media.pyv		pyv;
+video/vnd.nokia.interleaved-multimedia		nim;
+video/vnd.radgamettools.bink			bik bk2;
+video/vnd.radgamettools.smacker			smk;
+video/vnd.sealed.mpeg1				smpg s11;
+video/vnd.sealed.mpeg4				s14;
+video/vnd.sealed.swf				sswf ssw;
+video/vnd.sealedmedia.softseal.mov		smov smo s1q;
+video/vnd.vivo					viv;
+application/mac-compactpro			cpt;
+application/metalink+xml			metalink;
+application/owl+xml				owx;
+application/rss+xml				rss;
+application/vnd.android.package-archive		apk;
+application/vnd.oma.dd+xml			dd;
+application/vnd.oma.drm.content			dcf;
+application/vnd.oma.drm.dcf			o4a o4v;
+application/vnd.oma.drm.message			dm;
+application/vnd.oma.drm.rights+wbxml		drc;
+application/vnd.oma.drm.rights+xml		dr;
+application/vnd.sun.xml.calc			sxc;
+application/vnd.sun.xml.calc.template		stc;
+application/vnd.sun.xml.draw			sxd;
+application/vnd.sun.xml.draw.template		std;
+application/vnd.sun.xml.impress			sxi;
+application/vnd.sun.xml.impress.template	sti;
+application/vnd.sun.xml.math			sxm;
+application/vnd.sun.xml.writer			sxw;
+application/vnd.sun.xml.writer.global		sxg;
+application/vnd.sun.xml.writer.template		stw;
+application/vnd.symbian.install			sis;
+application/vnd.wap.mms-message			mms;
+application/x-annodex				anx;
+application/x-bcpio				bcpio;
+application/x-bittorrent			torrent;
+application/x-bzip2				bz2;
+application/x-cdlink				vcd;
+application/x-chrome-extension			crx;
+application/x-cpio				cpio;
+application/x-csh				csh;
+application/x-director				dcr dir dxr;
+application/x-dvi				dvi;
+application/x-futuresplash			spl;
+application/x-gtar				gtar;
+application/x-hdf				hdf;
+application/x-java-archive			jar;
+application/x-java-jnlp-file			jnlp;
+application/x-java-pack200			pack;
+application/x-killustrator			kil;
+application/x-latex				latex;
+application/x-netcdf				nc cdf;
+application/x-perl				pl;
+application/x-rpm				rpm;
+application/x-sh				sh;
+application/x-shar				shar;
+application/x-stuffit				sit;
+application/x-sv4cpio				sv4cpio;
+application/x-sv4crc				sv4crc;
+application/x-tar				tar;
+application/x-tcl				tcl;
+application/x-tex				tex;
+application/x-texinfo				texinfo texi;
+application/x-troff-man				man 1 2 3 4 5 6 7 8;
+application/x-troff-me				me;
+application/x-troff-ms				ms;
+application/x-ustar				ustar;
+application/x-wais-source			src;
+application/x-xpinstall				xpi;
+application/x-xspf+xml				xspf;
+application/x-xz				xz;
+audio/midi					mid midi kar;
+audio/x-aiff					aif aiff aifc;
+audio/x-annodex					axa;
+audio/x-flac					flac;
+audio/x-matroska				mka;
+audio/x-mod					mod ult uni m15 mtm 669 med;
+audio/x-mpegurl					m3u;
+audio/x-ms-wax					wax;
+audio/x-ms-wma					wma;
+audio/x-pn-realaudio				ram rm;
+audio/x-realaudio				ra;
+audio/x-s3m					s3m;
+audio/x-stm					stm;
+audio/x-wav					wav;
+chemical/x-xyz					xyz;
+image/webp					webp;
+image/x-cmu-raster				ras;
+image/x-portable-anymap				pnm;
+image/x-portable-bitmap				pbm;
+image/x-portable-graymap			pgm;
+image/x-portable-pixmap				ppm;
+image/x-rgb					rgb;
+image/x-targa					tga;
+image/x-xbitmap					xbm;
+image/x-xpixmap					xpm;
+image/x-xwindowdump				xwd;
+text/html-sandboxed				sandboxed;
+text/x-pod					pod;
+text/x-setext					etx;
+video/webm					webm;
+video/x-annodex					axv;
+video/x-flv					flv;
+video/x-javafx					fxm;
+video/x-matroska				mkv;
+video/x-matroska-3d				mk3d;
+video/x-ms-asf					asx;
+video/x-ms-wm					wm;
+video/x-ms-wmv					wmv;
+video/x-ms-wmx					wmx;
+video/x-ms-wvx					wvx;
+video/x-msvideo					avi;
+video/x-sgi-movie				movie;
+x-conference/x-cooltalk				ice;
+x-epoc/x-sisx-app				sisx;
+}
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
new file mode 100644
index 0000000..bcedf43
--- /dev/null
+++ b/docker/nginx/nginx.conf
@@ -0,0 +1,110 @@
+events {
+        worker_connections 4096;
+        multi_accept on;
+}
+http {
+  # The mime type definitions included with nginx are very incomplete, so
+  # we use a list of mime types from the mailcap package, which is also
+  # used by most other Linux distributions by default.
+  types {
+  	application/wasm          wasm;
+  }
+  # copied over from FlyingCircus
+  include mime.types;
+  include fastcgi.conf;
+  include uwsgi_params;
+  # optimisation
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+  keepalive_timeout 65;
+  types_hash_max_size 4096;
+
+  # TODO SSL termination is not actually configured per-site
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+  # Keep in sync with https://ssl-config.mozilla.org/#server=nginx&config=intermediate
+  ssl_session_timeout 1d;
+  ssl_session_cache shared:SSL:10m;
+  # Breaks forward secrecy: https://github.com/mozilla/server-side-tls/issues/135
+  ssl_session_tickets off;
+  # We don't enable insecure ciphers by default, so this allows
+  # clients to pick the most performant, per https://github.com/mozilla/server-side-tls/issues/260
+  ssl_prefer_server_ciphers off;
+  # OCSP stapling
+  ssl_stapling on;
+  ssl_stapling_verify on;
+
+  ## Compression
+  ## Inspired by https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf#L67-L109
+  gzip              on;
+  gzip_disable      "msie6";
+  gzip_proxied      any;
+  gzip_vary         on;
+  gzip_comp_level   5;
+  gzip_min_length   256;
+  gzip_http_version  1.1;
+  gzip_types
+      application/atom+xml
+      application/x-javascript
+      application/javascript
+      application/json
+      application/ld+json
+      application/manifest+json
+      application/rss+xml
+      application/xml+rss
+      application/vnd.geo+json
+      application/vnd.ms-fontobject
+      application/x-font-ttf
+      application/x-web-app-manifest+json
+      application/xhtml+xml
+      application/xml
+      font/opentype
+      image/bmp
+      image/svg+xml
+      image/x-icon
+      text/cache-manifest
+      text/css
+      text/plain
+      text/javascript
+      text/vcard
+      text/vnd.rim.location.xloc
+      text/vtt
+      text/x-component
+      text/x-cross-domain-policy
+      text/xml;
+  proxy_redirect          off;
+  proxy_connect_timeout   90;
+  proxy_send_timeout      90;
+  proxy_read_timeout      90;
+  proxy_http_version      1.0;
+  proxy_set_header        Host $host;
+  proxy_set_header        X-Real-IP $remote_addr;
+  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header        X-Forwarded-Proto $scheme;
+  proxy_set_header        X-Forwarded-Host $host;
+  proxy_set_header        X-Forwarded-Server $server_name;
+  server_names_hash_bucket_size 64;
+  # $connection_upgrade is used for websocket proxying
+  map $http_upgrade $connection_upgrade {
+          default upgrade;
+          ''      close;
+  }
+  client_max_body_size 10m;
+  server_tokens off;
+  default_type application/octet-stream;
+  charset UTF-8;
+  client_body_timeout 10m;
+  client_header_buffer_size 4k;
+  client_header_timeout 10m;
+  connection_pool_size 256;
+  large_client_header_buffers 4 16k;
+  request_pool_size 4k;
+  send_timeout 10m;
+
+  # The actual sites
+  include sites/*.conf;
+}
+worker_processes 2;
+worker_rlimit_nofile 8192;
+worker_shutdown_timeout 240;
diff --git a/docker/nginx/sites/plone61.conf b/docker/nginx/sites/plone61.conf
new file mode 100644
index 0000000..3bf892c
--- /dev/null
+++ b/docker/nginx/sites/plone61.conf
@@ -0,0 +1,66 @@
+map $http_x_forwarded_proto $the_scheme {
+     default $http_x_forwarded_proto;
+     "" $scheme;
+}
+
+map $http_x_forwarded_host $the_host {
+    default $http_x_forwarded_host;
+    "" $host;
+}
+
+map $http_upgrade $proxy_connection {
+    default upgrade;
+    "" close;
+}
+
+# --- main server definition ---
+
+# In production this needs to move to SSL with a redirect on :80->:443
+server {
+    listen 80;
+    server_name host.docker.internal;
+
+
+    location /collabora {
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $proxy_connection;
+        # Setting the correct Host header is required so that Collabora
+        # binds to the "right" hostname. You can verify that this worked in:
+        # Verify in http://host.docker.internal/collabora/hosting/discovery
+        # See https://sdk.collaboraonline.com/docs/installation/Proxy_settings.html
+        proxy_set_header Host $the_host;
+        proxy_pass http://host.docker.internal:9980;
+        proxy_http_version 1.1;
+    }
+
+    location / {
+        # Only allow GET, HEAD, POST and PURGE requests.
+        # We also need to allow PUT, LOCK and UNLOCK requests for enabling Zope External Editor
+        if ($request_method !~ ^(GET|HEAD|POST|PURGE|PUT|LOCK|UNLOCK)$ ) {
+          return 444;
+        }
+
+        # TODO switch this to "https"
+        set $virt_scheme "http";
+        if ($http_x_forwarded_proto) {
+          set $virt_scheme $http_x_forwarded_proto;
+        }
+        # Plone
+        rewrite ^(.*)$ /VirtualHostBase/$virt_scheme/host.docker.internal/Plone/VirtualHostRoot/$1 break;
+
+        # fall-through (effective when no 'break' rule has been hit)
+        return 404;
+
+        proxy_pass http://172.17.0.1:8081;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Scheme $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header X-If-Modified-Since $http_if_modified_since;
+        proxy_set_header Connection "";
+        proxy_redirect off;
+        proxy_intercept_errors on;
+
+   }
+}
diff --git a/docker/nginx/uwsgi_params b/docker/nginx/uwsgi_params
new file mode 100644
index 0000000..09c732c
--- /dev/null
+++ b/docker/nginx/uwsgi_params
@@ -0,0 +1,17 @@
+
+uwsgi_param  QUERY_STRING       $query_string;
+uwsgi_param  REQUEST_METHOD     $request_method;
+uwsgi_param  CONTENT_TYPE       $content_type;
+uwsgi_param  CONTENT_LENGTH     $content_length;
+
+uwsgi_param  REQUEST_URI        $request_uri;
+uwsgi_param  PATH_INFO          $document_uri;
+uwsgi_param  DOCUMENT_ROOT      $document_root;
+uwsgi_param  SERVER_PROTOCOL    $server_protocol;
+uwsgi_param  REQUEST_SCHEME     $scheme;
+uwsgi_param  HTTPS              $https if_not_empty;
+
+uwsgi_param  REMOTE_ADDR        $remote_addr;
+uwsgi_param  REMOTE_PORT        $remote_port;
+uwsgi_param  SERVER_PORT        $server_port;
+uwsgi_param  SERVER_NAME        $server_name;
diff --git a/sources-base.cfg b/sources-base.cfg
index e01b850..a767765 100644
--- a/sources-base.cfg
+++ b/sources-base.cfg
@@ -4,7 +4,7 @@ eea.facetednavigation = git https://github.com/affinitic/eea.facetednavigation.g
 collective.externaleditor = git ${remotes:sge}/collective.externaleditor.git pushurl=${remotes:sge_push}/collective.externaleditor.git
 collective.portlet.actions = git ${remotes:sge}/collective.portlet.actions.git pushurl=${remotes:sge_push}/collective.portlet.actions.git
 collective.z3cform.select2 = git ${remotes:sge}/collective.z3cform.select2.git pushurl=${remotes:sge_push}/collective.z3cform.select2.git branch=2.x
-imio.dms.mail = git ${remotes:imio}/imio.dms.mail.git pushurl=${remotes:imio_push}/imio.dms.mail.git
+imio.dms.mail = git ${remotes:imio}/imio.dms.mail.git pushurl=${remotes:imio_push}/imio.dms.mail.git branch=DMS-1106/collabora
 imio.transmogrifier.contact = git ${remotes:imio}/imio.transmogrifier.contact.git pushurl=${remotes:imio_push}/imio.transmogrifier.contact.git
 imio.transmogrifier.iadocs = git ${remotes:imio}/imio.transmogrifier.iadocs.git pushurl=${remotes:imio_push}/imio.transmogrifier.iadocs.git
 # for oupeye where versions have been purged
diff --git a/sources.cfg b/sources.cfg
index c5640d1..0f56cbd 100644
--- a/sources.cfg
+++ b/sources.cfg
@@ -4,6 +4,7 @@ collective.behavior.internalnumber = git ${remotes:imio}/collective.behavior.int
 collective.behavior.talcondition = git ${remotes:collective}/collective.behavior.talcondition.git pushurl=${remotes:collective_push}/collective.behavior.talcondition.git
 collective.classification.folder = git ${remotes:imio}/collective.classification.folder.git pushurl=${remotes:imio_push}/collective.classification.folder.git
 collective.classification.tree = git ${remotes:imio}/collective.classification.tree.git pushurl=${remotes:imio_push}/collective.classification.tree.git
+collective.collabora = git https://github.com/collective/collective.collabora.git branch=main
 collective.compoundcriterion = git ${remotes:collective}/collective.compoundcriterion.git pushurl=${remotes:collective_push}/collective.compoundcriterion.git
 collective.contact.core = git ${remotes:collective}/collective.contact.core.git pushurl=${remotes:collective_push}/collective.contact.core.git
 collective.contact.contactlist = git ${remotes:collective}/collective.contact.contactlist.git pushurl=${remotes:collective_push}/collective.contact.contactlist.git
@@ -18,16 +19,15 @@ collective.dms.mailcontent = git ${remotes:collective}/collective.dms.mailconten
 collective.dms.scanbehavior = git ${remotes:collective}/collective.dms.scanbehavior.git pushurl=${remotes:collective_push}/collective.dms.scanbehavior.git
 collective.dms.thesaurus = git ${remotes:collective}/collective.dms.thesaurus.git pushurl=${remotes:collective_push}/collective.dms.thesaurus.git
 collective.documentgenerator = git ${remotes:collective}/collective.documentgenerator.git pushurl=${remotes:collective_push}/collective.documentgenerator.git branch=3.x
-collective.documentviewer = git ${remotes:collective}/collective.documentviewer.git pushurl=${remotes:collective_push}/collective.documentviewer.git rev=4.1.0
 collective.eeafaceted.batchactions = git ${remotes:imio}/collective.eeafaceted.batchactions.git pushurl=${remotes:imio_push}/collective.eeafaceted.batchactions.git
 collective.eeafaceted.collectionwidget = git ${remotes:collective}/collective.eeafaceted.collectionwidget.git pushurl=${remotes:collective_push}/collective.eeafaceted.collectionwidget.git
 collective.eeafaceted.dashboard = git ${remotes:collective}/collective.eeafaceted.dashboard.git pushurl=${remotes:collective_push}/collective.eeafaceted.dashboard.git
 collective.eeafaceted.z3ctable = git ${remotes:collective}/collective.eeafaceted.z3ctable.git pushurl=${remotes:collective_push}/collective.eeafaceted.z3ctable.git
-collective.excelexport = git ${remotes:collective}/collective.excelexport.git pushurl=${remotes:collective_push}/collective.excelexport.git
+collective.excelexport = git ${remotes:collective}/collective.excelexport.git pushurl=${remotes:collective_push}/collective.excelexport.git branch=1.x
 # collective.externaleditor = git ${remotes:sge}/collective.externaleditor.git pushurl=${remotes:sge_push}/collective.externaleditor.git
 collective.iconifieddocumentactions = git ${remotes:imio}/collective.iconifieddocumentactions.git pushurl=${remotes:imio_push}/collective.iconifieddocumentactions.git
 collective.iconifiedcategory = git ${remotes:imio}/collective.iconifiedcategory.git pushurl=${remotes:imio_push}/collective.iconifiedcategory.git
-collective.js.datatables = git ${remotes:collective}/collective.js.datatables.git pushurl=${remotes:collective_push}/collective.js.datatables.git
+collective.js.datatables = git ${remotes:collective}/collective.js.datatables.git pushurl=${remotes:collective_push}/collective.js.datatables.git branch=4.x
 collective.js.tooltipster = git ${remotes:collective}/collective.js.tooltipster.git pushurl=${remotes:collective_push}/collective.js.tooltipster.git
 collective.ckeditortemplates = git ${remotes:collective}/collective.ckeditortemplates.git pushurl=${remotes:collective_push}/collective.ckeditortemplates.git
 collective.messagesviewlet = git ${remotes:collective}/collective.messagesviewlet.git pushurl=${remotes:collective_push}/collective.messagesviewlet.git
@@ -46,7 +46,7 @@ eea.facetednavigation = git ${remotes:collective}/eea.facetednavigation.git push
 # rev=13.8
 eea.faceted.vocabularies = git ${remotes:collective}/eea.faceted.vocabularies.git  pushurl=${remotes:collective_push}/eea.faceted.vocabularies.git
 ftw.labels = git https://github.com/4teamwork/ftw.labels.git pushurl=git@github.com:4teamwork/ftw.labels.git
-imio.actionspanel = git ${remotes:imio}/imio.actionspanel.git pushurl=${remotes:imio_push}/imio.actionspanel.git
+imio.actionspanel = git ${remotes:imio}/imio.actionspanel.git pushurl=${remotes:imio_push}/imio.actionspanel.git branch=DMS-1106/collabora
 imio.annex = git ${remotes:imio}/imio.annex.git pushurl=${remotes:imio_push}/imio.annex.git
 imio.dataexchange.core = git ${remotes:imio}/imio.dataexchange.core.git pushurl=${remotes:imio_push}/imio.dataexchange.core.git
 imio.dashboard = git ${remotes:imio}/imio.dashboard.git pushurl=${remotes:imio_push}/imio.dashboard.git
diff --git a/versions-dev.cfg b/versions-dev.cfg
index ab82c3c..3da4536 100644
--- a/versions-dev.cfg
+++ b/versions-dev.cfg
@@ -10,3 +10,7 @@ plone.app.workflowmanager = 1.1.0
 # Required by:
 # collective.wfautodoc==1.1
 pygraphviz = 1.3.1
+
+# Collabora
+zope.tal = 4.5
+python-dateutil = 2.8.2