| Line 133: |
Line 133: |
| | | | |
| | | | |
| − | === Docker procedure ===
| |
| | | | |
| − | ==== docker install ====
| |
| − | <syntaxhighlight lang="bash">
| |
| − | yum install docker-ce docker-ce-cli containerd.io docker-compose --enablerepo=epel,extras
| |
| − | systemctl start docker
| |
| − | systemctl enable docker
| |
| − | cd ~
| |
| − | git clone --recursive https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud
| |
| − | cd docker-onlyoffice-nextcloud
| |
| − | docker-compose up -d
| |
| − | </syntaxhighlight>then do where you must replace 192.168.50.117 by your SME LAN IP
| |
| − |
| |
| − | <syntaxhighlight lang="bash">
| |
| − | docker run -i -t -d --name onlyoffice -p 8080:80 \
| |
| − | --dns=192.168.50.117 \
| |
| − | -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
| |
| − | -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
| |
| − | -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
| |
| − | -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
| |
| − | -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
| |
| − | -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
| |
| − | onlyoffice/documentserver
| |
| − |
| |
| − | docker update --restart always onlyoffice
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − | needed httpd templates<syntaxhighlight lang="bash">
| |
| − | mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
| |
| − |
| |
| − | </syntaxhighlight><syntaxhighlight lang="perl">
| |
| − | # /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/80VirtualH-dehydrated
| |
| − | #Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
| |
| − | Alias /.well-known/acme-challenge/ /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/
| |
| − |
| |
| − | <Directory "/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/">
| |
| − | order allow,deny
| |
| − | allow from all
| |
| − | deny from none
| |
| − | AddDefaultCharset off
| |
| − | </Directory>
| |
| − |
| |
| − | </syntaxhighlight>change DOMAIN.COM with you own domain (or docker.DOMAIN.COM and onlyoffice.DOMAIN.COM)<syntaxhighlight lang="perl">
| |
| − | #/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98onlyoffice
| |
| − | <VirtualHost *:443>
| |
| − | ServerName onlyoffice.DOMAIN.COM
| |
| − | ServerAlias onlyoffice.DOMAIN.COM
| |
| − |
| |
| − | SSLEngine On
| |
| − | SSLCertificateFile /etc/dehydrated/certs/docker.DOMAIN.COM/cert.pem
| |
| − | SSLCertificateKeyFile /etc/dehydrated/certs/docker.DOMAIN.COM/privkey.pem
| |
| − | SSLCertificateChainFile /etc/dehydrated/certs/docker.DOMAIN.COM/chain.pem
| |
| − |
| |
| − | SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
| |
| − | SSLProtocol All -SSLv2 -SSLv3
| |
| − | SSLCompression off
| |
| − | SSLHonorCipherOrder on
| |
| − |
| |
| − | SetEnvIf Host "^(.*)$" THE_HOST=$1
| |
| − | #needs apache 2.4.7
| |
| − | #RequestHeader setifempty X-Forwarded-Proto https
| |
| − | #RequestHeader setifempty X-Forwarded-Host %\{THE_HOST\}e
| |
| − | #valid alternative :
| |
| − | RequestHeader set X-Forwarded-Proto https
| |
| − | RequestHeader set X-Forwarded-Host %\{THE_HOST\}e
| |
| − | ProxyAddHeaders Off
| |
| − |
| |
| − | ProxyPass /.well-known/acme-challenge !
| |
| − | ProxyPassMatch (.*)(\/websocket)$ "ws://localhost:8080/$1$2"
| |
| − | ProxyPass / "http://localhost:8080/"
| |
| − | ProxyPassReverse / "http://localhost:8080/"
| |
| − |
| |
| − | </VirtualHost>
| |
| − |
| |
| − | # PORT FORWARD FROM 80 TO: 443
| |
| − | <virtualhost *:80>
| |
| − | ServerName onlyoffice.DOMAIN.COM
| |
| − | ServerAlias onlyoffice.DOMAIN.COM
| |
| − | SSLProxyEngine On
| |
| − | RewriteEngine on
| |
| − | RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC]
| |
| − | RewriteCond %\{HTTPS\} off
| |
| − | RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L]
| |
| − | </virtualhost>
| |
| − |
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − | to allow access to your dns server add the docker network to your local networks (considering the docker network is the following): <syntaxhighlight lang="bash">
| |
| − | db networks set 172.17.0.0 network Mask 255.255.0.0 Router 172.17.0.1 Removable no
| |
| − | signal-event network-create 172.17.0.0
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − | === update ===
| |
| − | <syntaxhighlight lang="bash">
| |
| − | docker pull onlyoffice/documentserver:latest
| |
| − |
| |
| − | cp -a /app/onlyoffice/DocumentServer/ /backuponlyoffice
| |
| − |
| |
| − | docker stop onlyoffice
| |
| − | docker rm onlyoffice
| |
| − | docker run -i -t -d --name onlyoffice -p 8080:80 \
| |
| − | --dns=192.168.80.117 \
| |
| − | -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
| |
| − | -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
| |
| − | -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
| |
| − | -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
| |
| − | -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
| |
| − | -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
| |
| − | onlyoffice/documentserver
| |
| − | #wait 5 min and then
| |
| − | docker restart onlyoffice
| |
| − | </syntaxhighlight>then you have to add back your secrets<syntaxhighlight lang="bash">
| |
| − | docker
| |
| − | apt update
| |
| − | mcedit /etc/onlyoffice/documentserver/local.json
| |
| − | exit
| |
| − | docker restart onlyoffice
| |
| − | docker update --restart always onlyoffice
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − | ==== useful commands ====
| |
| − | <syntaxhighlight lang="bash">
| |
| − | # stop onlyoffice
| |
| − | docker stop --name onlyoffice
| |
| − | #list containers
| |
| − | docker container ls -a
| |
| − | #list images
| |
| − | docker images
| |
| − | # access to the container
| |
| − | docker exec -it onlyoffice bash
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − | ==== TODO and known issues ====
| |
| − | # we could add the certificate folder to the /app externally accessible folder, same thing for the configuration in /etc/onlyoffice/documentserver/local.json. Alternatively we could simply use the environement variable and the docker file to populate them.
| |
| − | # a smeserver-onlyoffice rpm.
| |
| − | # on reboot docker fails to load network if service is started before masq is relaoded, we would either need to create a specific template for that, or restart docker after masq
| |
| − |
| |
| − | == sources ==
| |
| − | * https://hub.docker.com/r/onlyoffice/documentserver/
| |
| − | * https://github.com/ONLYOFFICE/Docker-DocumentServer
| |
| − | * https://ma.ttias.be/update-docker-container-latest-version/
| |
| − | * https://www.howtoforge.com/tutorial/how-to-update-onlyoffice-to-version-95-with-docker/
| |
| − | * https://docs.docker.com/config/containers/container-networking/
| |
| − | * https://help.nextcloud.com/t/nextcloud-onlyoffice-integration-document-server-getconverteduri-on-check-error-error-while-downloading-the-document-file-to-be-converted/57393
| |
| | [[Category:Contrib]] | | [[Category:Contrib]] |
