Nextcloud app to sign PDF documents.

Table of contents

• Releases compatibility
• Setup
  • Java and JSignPDF
    • Standalone
    • Using Docker
  • CFSSL
    • CFSS server handmade install
    • With docker-compose
  • Admin settings
  • Validation page
• Integrations
• Full documentation
• Contributing

Releases compatibility

LibreSign	Nextcloud	JSignPDF
6.x	25	2.1.0
5.x	24	2.1.0
4.x	23	2.1.0
3.x	22	2.1.0
2	22	1.6.5

Setup

Java and JSignPDF

Standalone

Run commands:

occ libresign:install --all
occ libresign:configure:cfssl --cn=<yourCN> --ou=<yourOU> --o=<yourO> --c=<yourCountry>

Using Docker

Add the follow to Nextcloud PHP container Dockerfile

# Install Java and JsignPDF
RUN apt-get update # Only include this line if necessary
RUN mkdir -p /usr/share/man/man1
RUN apt-get install -y default-jre unzip
RUN curl -OL https://sourceforge.net/projects/jsignpdf/files/stable/JSignPdf%202.1.0/jsignpdf-2.1.0.zip \
    && unzip jsignpdf-2.1.0.zip -d /opt \
    && rm jsignpdf-2.1.0.zip

CFSSL

CFSS server handmade install

Don't is necessary if you use a docker setup or if you did the standalone setup

Up a cfssl server using this code:

https://github.com/cloudflare/cfssl

The URL of server you will use in Admin settings

PS: Use latest version, on many cases the version of package manage of linux distro is outdated and incompatible with LibreSign

With docker-compose

• Create a folder named cfssl in the same folder as your docker-compose.yml file. This folder will be used on one volume of the cfssl service.
• put the file /cfssl/entrypoint.sh in cfssl folder
• Add the volume ./cfssl:/cfssl in Nextcloud php service
• Create a new server using the following code in your docker-compose.yml file:

  cfssl:
    image: cfssl/cfssl
    volumes:
      - ./cfssl:/cfssl
    working_dir: /cfssl
    entrypoint: /bin/bash
    command:
      - /cfssl/entrypoint.sh

Admin settings

Don't is necessary if you did the standalone setup

Go to Settings > LibreSign and fill the necessary values for root certificate:

CN: CommonName
OU: OrganizationalUnit
O: Organization
C: CountryName
API: http://cfssl:8888/api/v1/cfssl/
Config path: /cfssl/

Go to Settings > Basic Settings and configure email settings. Is mandatory.

Validation page

The validation can be done on a page without access restriction informing the file UUID or the file to be validated.

Route	Description
/apps/libresign/validation	Document validation home page. On this page it is possible to send a binary or enter a file UUID for validation.
/apps/libresign/validation/	Enter the UUID of the file in the URL and go straight to the page informing the signature data.

To have a short URL at the bottom of the document, you can add these directives to your Nginx. Replace domains with those for your application.

server {
    listen 80;
    server_name validate.yourdomain.coop;
    location ~ "\/(?<uuid>[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})" {
        rewrite ^ $scheme://cloud.yourdomain.coop/apps/libresign/validation/$uuid;
    }
    location ~ / {
        return 301 $scheme://cloud.yourdomain.coop/apps/libresign/validation;
    }
}

With this configuration when accessing validate.yourdomain.coop/b9809a7e-ab6e-11eb-bcbc-0242ac130002 you will be redirected to cloud.yourdomain.coop/apps/libresign/validation/b9809a7e-ab6e-11eb-bcbc-0242ac130002

Integrations

• GLPI: Plugin to sign GLPI tickets
• Approval: Approve/reject files based on workflows defined by admins

Full documentation

here

Contributing

here