diff --git a/roles/web-app-nextcloud/config/main.yml b/roles/web-app-nextcloud/config/main.yml
index b345fe21..fdca117d 100644
--- a/roles/web-app-nextcloud/config/main.yml
+++ b/roles/web-app-nextcloud/config/main.yml
@@ -10,6 +10,7 @@ server:
       font-src:
         - "data:"
       connect-src:
+        - "wss://collabora.{{ PRIMARY_DOMAIN }}"
         - "{{ WEB_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
       frame-src:
         - "{{ WEB_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
diff --git a/roles/web-app-nextcloud/tasks/main.yml b/roles/web-app-nextcloud/tasks/main.yml
index 11e0d0a8..67381a00 100644
--- a/roles/web-app-nextcloud/tasks/main.yml
+++ b/roles/web-app-nextcloud/tasks/main.yml
@@ -5,8 +5,9 @@
   vars:
     flush_handlers: true
   when:    
-  - run_once_web_svc_collabora is not defined
-  - NEXTCLOUD_COLLABORA_ENABLED
+    - run_once_web_svc_collabora is not defined
+    - NEXTCLOUD_COLLABORA_ENABLED | bool
+
 
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
@@ -59,7 +60,6 @@
 - name: Load system configuration steps
   include_tasks: "{{ item }}"
   loop:
-    - 02_upgrade.yml
     - 03_admin.yml
     - 04_system_config.yml
 
diff --git a/roles/web-app-nextcloud/tasks/plugins/user_ldap.yml b/roles/web-app-nextcloud/tasks/plugins/user_ldap.yml
index d58fc134..14be2541 100644
--- a/roles/web-app-nextcloud/tasks/plugins/user_ldap.yml
+++ b/roles/web-app-nextcloud/tasks/plugins/user_ldap.yml
@@ -3,4 +3,7 @@
 
 - name: Set Nextcloud LDAP bind password
   command: >
-    {{ NEXTCLOUD_DOCKER_EXEC_OCC }} ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"
\ No newline at end of file
+    {{ NEXTCLOUD_DOCKER_EXEC_OCC }} ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"
+  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
\ No newline at end of file
diff --git a/roles/web-app-nextcloud/vars/main.yml b/roles/web-app-nextcloud/vars/main.yml
index d807511f..83b5fd61 100644
--- a/roles/web-app-nextcloud/vars/main.yml
+++ b/roles/web-app-nextcloud/vars/main.yml
@@ -68,4 +68,5 @@ nextcloud_docker_include_instructions_file:     "/tmp/includes.php"
 
 ## Execution
 NEXTCLOUD_DOCKER_EXEC:                          "docker exec -u {{ NEXTCLOUD_DOCKER_USER }} {{ NEXTCLOUD_CONTAINER }}" # General execute composition
-NEXTCLOUD_DOCKER_EXEC_OCC:                      "{{NEXTCLOUD_DOCKER_EXEC}} {{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}occ"   # Execute docker occ command
\ No newline at end of file
+NEXTCLOUD_DOCKER_EXEC_OCC:                      "{{NEXTCLOUD_DOCKER_EXEC}} {{ NEXTCLOUD_DOCKER_WORK_DIRECTORY }}occ"   # Execute docker occ command
+# NEXTCLOUD_COLLOBORA_CONF_EXEC:                  "docker exec {{ applications | get_app_conf('web-svc-collabora', 'docker.services.collabora.name') }} coolconfig"
\ No newline at end of file
diff --git a/roles/web-svc-collabora/tasks/01_core.yml b/roles/web-svc-collabora/tasks/01_core.yml
new file mode 100644
index 00000000..3f79b143
--- /dev/null
+++ b/roles/web-svc-collabora/tasks/01_core.yml
@@ -0,0 +1,20 @@
+- name: Update Collabora systemplate to include new fonts
+  command: "{{ COLLABORA_DOCKER_CONF_EXEC }} update-system-template"
+  register: collabora_fonts
+  changed_when: >
+    (not ASYNC_ENABLED | bool )
+    and
+    ('updated' in (collabora_fonts.stdout | default('')))
+  async: "{{ ASYNC_TIME  if (ASYNC_ENABLED | default(false) | bool) else omit }}"
+  poll:  "{{ ASYNC_POLL if (ASYNC_ENABLED | default(false) | bool) else omit }}"
+  when: MODE_UPDATE | bool
+
+- name: Allow Nextcloud host IP for Collabora preview conversion
+  command: "{{ COLLABORA_DOCKER_CONF_EXEC }} set net.post_allow.host {{ networks.internet.ip4 }}"
+  register: collabora_preview
+  changed_when: >
+    (not ASYNC_ENABLED | bool )
+    and
+    ('already present' not in (collabora_preview.stdout | default('')))
+  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
\ No newline at end of file
diff --git a/roles/web-svc-collabora/tasks/main.yml b/roles/web-svc-collabora/tasks/main.yml
index f944d4f7..9c768869 100644
--- a/roles/web-svc-collabora/tasks/main.yml
+++ b/roles/web-svc-collabora/tasks/main.yml
@@ -2,5 +2,9 @@
   - name: "load docker, proxy for '{{ application_id }}'"
     include_role:
       name: cmp-docker-proxy
+    vars:
+      docker_compose_flush_handlers: true
+  - name: "Load core functions for '{{ application_id }}'"
+    include_tasks: 01_core.yml
   - include_tasks: utils/run_once.yml
   when: run_once_web_svc_collabora is not defined
\ No newline at end of file
diff --git a/roles/web-svc-collabora/templates/env.j2 b/roles/web-svc-collabora/templates/env.j2
index 101b20d0..adec67ff 100644
--- a/roles/web-svc-collabora/templates/env.j2
+++ b/roles/web-svc-collabora/templates/env.j2
@@ -1,4 +1,2 @@
-domain={{ (domains | get_domain('web-app-nextcloud')) | regex_replace('\\.', '\\\\.') }}
-{# username=admin #}
-{# password={{ applications | get_app_conf('web-svc-collabora', 'credentials.admin_password', False, 'ChangeMe!') }}" #}
-extra_params=--o:ssl.enable=false --o:ssl.termination=true
\ No newline at end of file
+domain={{ COLLABORA_ALLOWED_DOMAINS }}
+extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:net.service_root=/ --o:net.wopi_allowed_hosts={{ COLLABORA_ALLOWED_HOSTS }}
\ No newline at end of file
diff --git a/roles/web-svc-collabora/vars/main.yml b/roles/web-svc-collabora/vars/main.yml
index 510f9109..a3f541d4 100644
--- a/roles/web-svc-collabora/vars/main.yml
+++ b/roles/web-svc-collabora/vars/main.yml
@@ -6,6 +6,9 @@ container_port:         9980
 container_healthcheck:  "/hosting/discovery"
 
 # Collabora
-COLLABORA_CONTAINER:  "{{ applications | get_app_conf(application_id, 'docker.services.collabora.name') }}"
-COLLABORA_IMAGE:      "{{ applications | get_app_conf(application_id, 'docker.services.collabora.image') }}"
-COLLABORA_VERSION:    "{{ applications | get_app_conf(application_id, 'docker.services.collabora.version') }}"
\ No newline at end of file
+COLLABORA_CONTAINER:        "{{ applications | get_app_conf(application_id, 'docker.services.collabora.name') }}"
+COLLABORA_IMAGE:            "{{ applications | get_app_conf(application_id, 'docker.services.collabora.image') }}"
+COLLABORA_VERSION:          "{{ applications | get_app_conf(application_id, 'docker.services.collabora.version') }}"
+COLLABORA_DOCKER_CONF_EXEC: "docker exec {{ COLLABORA_CONTAINER }} coolconfig"
+COLLABORA_ALLOWED_DOMAINS:  "(.*\\.|){{ PRIMARY_DOMAIN | regex_replace('\\.', '\\\\.') }}"
+COLLABORA_ALLOWED_HOSTS:    "{{ domains | get_domain('web-app-nextcloud') }}"
\ No newline at end of file