Difference between revisions of "ONLYOFFICE"

From SME Server
Jump to navigationJump to search
 
(30 intermediate revisions by the same user not shown)
Line 1: Line 1:
this page described how to install onlyoffice '''document server''' as a docker container on SME10as '''server gateway'''. So we can use it from nextcloud.
+
{{Languages}}
 +
<!-- here we define the contrib name variable -->
 +
<!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want-->
 +
{{#vardefine:contribname| {{lc: {{#titleparts:  {{BASEPAGENAME}} |1}} }} }}
 +
{{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts:  {{BASEPAGENAME}} |1}} }} }}
 +
<!-- we define the language -->
 +
{{#vardefine:lang| {{lc:  {{#titleparts:    {{PAGENAME}} | | -1}}  }} |en }}{{Infobox contribs
 +
| name = {{#var:contribname}}
 +
| image = Onlyoffice.png
 +
| description_image = {{#var:contribname}} logo
 +
| maintainer = Unnilennium
 +
| licence = Mozilla Public License
 +
| url = https://www.onlyoffice.com
 +
| video =
 +
| category = Cloud
 +
| tags = Online Office,Nextcloud,Document Editor,Cloud
 +
}}
 +
This page describes how to install onlyoffice '''document server''' as a rpm contrib. This is of particular interest if you use [[Nextcloud]]
  
this is early beta.
+
=== Version ===
 +
{{#smeversion: {{#var:smecontribname}} }}
  
== install ==
+
=== Install ===
<syntaxhighlight lang="bash">
+
before proceeding you should have [[Nextcloud]] installed, and having a dedicated domain pointing to your server. This domain should be different from nextcloud domain.  
yum install smeserver-docker
+
You should also consider isntalling and configuring [[Letsencrypt]] to have a dedicated cert per domain.
</syntaxhighlight>then do where you must replace 192.168.80.117 by your SME LAN IP
+
In case you are limited in the use of extra domain you might use a dedicated port to use nginx externally, but this add some limit in term of ssl certificate, and we suggest to reconsider the dedicated domain.
  
<syntaxhighlight lang="bash">
+
<tabs container="">
docker run -i -t -d --name onlyoffice -p 8080:80  \
+
<tab name="For SME 10">
      --dns=192.168.80.117  \
+
yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm --enablerepo=smecontribs
      -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
+
yum install smeserver-extrarepositories-pgsql  smeserver-extrarepositories-onlyoffice -y
      -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
+
db yum_repositories setprop pgsql13 status enabled
      -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
+
signal-event yum-modify
      -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
+
yum --enablerepo=smecontribs install {{#var:smecontribname}}
      -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
 
      -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
 
      onlyoffice/documentserver
 
  
</syntaxhighlight>
+
then, if you have dedicated subdomain and use let's Encrypt (or have trusted certs)
 +
MYDOMAIN="onlyoffice.mydomain.com"
 +
config setprop onlyoffice VirtualHost $MYDOMAIN RejectUnauthorized true access local
 +
db domains set $MYDOMAIN domain Content Primary Description onlyoffice Nameservers localhost letsencryptSSLcert enabled TemplatePath Onlyoffice
 +
signal-event domain-create $MYDOMAIN
 +
expand-template /etc/dehydrated/domains.txt
 +
dehydrated -c
 +
signal-event smeserver-onlyoffice-update
  
needed httpd templates<syntaxhighlight lang="bash">
+
then, if you share one domain/subdomain and you have trusted certificate for it [will use dedicated port 8082, needs opening behind a firewall]
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
+
config setprop onlyoffice RejectUnauthorized true access public
 +
signal-event smeserver-onlyoffice-update
  
</syntaxhighlight><syntaxhighlight lang="perl">
+
then, if you do not have trusted certs, but only self signed, and only one domain/subdomain [will use dedicated port 8082, needs opening behind a firewall]
# /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/80VirtualH-dehydrated
+
config setprop onlyoffice RejectUnauthorized false access public
#Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
+
signal-event smeserver-onlyoffice-update
Alias /.well-known/acme-challenge/ /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/
 
  
<Directory "/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/">
 
    order allow,deny
 
    allow from all
 
    deny from none 
 
    AddDefaultCharset off
 
</Directory>
 
  
</syntaxhighlight>change DOMAIN.COM with you own domain (or docker.DOMAIN.COM and onlyoffice.DOMAIN.COM)<syntaxhighlight lang="perl">
+
NB: in two last situations you could choose private if you only want it to be accessible from LAN.
#/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98onlyoffice
 
<VirtualHost *:443>
 
    ServerName onlyoffice.DOMAIN.COM
 
    ServerAlias onlyoffice.DOMAIN.COM
 
  
    SSLEngine On
+
</tab>
    SSLCertificateFile /etc/dehydrated/certs/docker.DOMAIN.COM/cert.pem
+
</tabs>
    SSLCertificateKeyFile /etc/dehydrated/certs/docker.DOMAIN.COM/privkey.pem
 
    SSLCertificateChainFile /etc/dehydrated/certs/docker.DOMAIN.COM/chain.pem
 
  
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
 
    SSLProtocol All -SSLv2 -SSLv3
 
    SSLCompression off
 
    SSLHonorCipherOrder on
 
  
    SetEnvIf Host "^(.*)$" THE_HOST=$1
 
    #needs apache 2.4.7
 
    #RequestHeader setifempty X-Forwarded-Proto https
 
    #RequestHeader setifempty X-Forwarded-Host %\{THE_HOST\}e
 
    #valid alternative :
 
    RequestHeader set X-Forwarded-Proto https
 
    RequestHeader set X-Forwarded-Host %\{THE_HOST\}e
 
    ProxyAddHeaders Off
 
  
    ProxyPass /.well-known/acme-challenge !
+
===Configuration===
    ProxyPassMatch (.*)(\/websocket)$ "ws://localhost:8080/$1$2"
+
you can list the available configuration with the following command :
    ProxyPass / "http://localhost:8080/"
+
config show {{#var:contribname}}
    ProxyPassReverse / "http://localhost:8080/"
+
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :
 +
{| class="wikitable"
 +
!property
 +
!default
 +
!values
 +
!
 +
|-
 +
|dbname
 +
|onlyoffice
 +
|string
 +
|for pgsql
 +
|-
 +
|dbuser
 +
|onlyoffice
 +
|string
 +
|for pgsql
 +
|-
 +
|dbpass
 +
|**generated**
 +
|string
 +
|for pgsql
 +
|-
 +
|VirtualHost
 +
|
 +
|domain name
 +
|e.g. onlyoffice.domain.com
 +
|-
 +
|TCPPort
 +
|8082
 +
|port number
 +
|port where https connection can be done
 +
|-
 +
|token
 +
|*generated*
 +
|string > 32 chars
 +
|secret key to be able to use the service
 +
|-
 +
|RejectUnauthorized
 +
|
 +
|true/false
 +
|true if empty; will reject the connection from untrusted ssl certs to the onlyoffice service. It is also used for nextcloud to reject non trusted cert from onlyoffice.
 +
|-
 +
|access
 +
|local
 +
|local,private, public
 +
|
 +
|-
 +
|status
 +
|enabled
 +
|enabled,disabled
 +
|}
  
</VirtualHost>
+
===Uninstall===
 +
yum remove {{#var:smecontribname}}  {{#var:contribname}}
  
# PORT FORWARD FROM 80 TO: 443
+
=== Bugs===
<virtualhost *:80>
+
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
    ServerName onlyoffice.DOMAIN.COM
+
and select the {{#var:smecontribname}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{#var:smecontribname}}|title=this link}}
    ServerAlias onlyoffice.DOMAIN.COM
 
    SSLProxyEngine On
 
    RewriteEngine on
 
    RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC]
 
    RewriteCond %\{HTTPS\} off
 
    RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L]
 
</virtualhost>
 
  
</syntaxhighlight>
+
Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{#var:smecontribname}} |noresultsmessage=No open bugs found.}}
  
to allow access to your dns server add the docker network to your local networks  (considering the docker network is the following): <syntaxhighlight lang="bash">
+
===Changelog===
db networks set 172.17.0.0 network Mask 255.255.0.0 Router 172.17.0.1 Removable no
+
Only released version in smecontrib are listed here.
signal-event network-create 172.17.0.0
+
{{#smechangelog: {{#var:smecontribname}} }}
</syntaxhighlight>
 
  
== update ==
 
<syntaxhighlight lang="bash">
 
docker pull onlyoffice/documentserver:latest
 
  
cp -a /app/onlyoffice/DocumentServer/ /backuponlyoffice
+
===See Also===
 +
# https://helpcenter.onlyoffice.com/installation/docs-community-install-centos.aspx
 +
# https://sourceforge.net/projects/mscorefonts2
 +
# https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx
 +
# https://github.com/ONLYOFFICE/DocumentServer/releases
 +
# https://helpcenter.onlyoffice.com/onlyoffice-editors/onlyoffice-document-editor/helpfulhints/advancedsettings.aspx
  
docker stop onlyoffice
 
docker rm onlyoffice
 
docker run -i -t -d --name onlyoffice -p 8080:80  \
 
      --dns=192.168.80.117  \
 
      -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
 
      -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
 
      -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
 
      -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
 
      -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
 
      -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
 
      onlyoffice/documentserver
 
#wait 5 min and then
 
docker restart onlyoffice
 
</syntaxhighlight>then you have to add back your secrets<syntaxhighlight lang="bash">
 
docker
 
apt update
 
mcedit  /etc/onlyoffice/documentserver/local.json
 
exit
 
docker restart onlyoffice
 
</syntaxhighlight>
 
  
== useful commands ==
+
[[Category:Contrib]]
<syntaxhighlight lang="bash">
 
# stop onlyoffice
 
docker stop --name onlyoffice
 
#list containers
 
docker container ls -a
 
#list images
 
docker images
 
# access to the container
 
docker exec -it onlyoffice bash
 
</syntaxhighlight>
 
 
 
== sources ==
 
* https://hub.docker.com/r/onlyoffice/documentserver/
 
* https://github.com/ONLYOFFICE/Docker-DocumentServer
 
* https://ma.ttias.be/update-docker-container-latest-version/
 
* https://www.howtoforge.com/tutorial/how-to-update-onlyoffice-to-version-95-with-docker/
 
* https://docs.docker.com/config/containers/container-networking/
 
* https://help.nextcloud.com/t/nextcloud-onlyoffice-integration-document-server-getconverteduri-on-check-error-error-while-downloading-the-document-file-to-be-converted/57393
 

Latest revision as of 02:08, 8 July 2022




onlyoffice
Onlyoffice.png
onlyoffice logo
MaintainerUnnilennium
Urlhttps://www.onlyoffice.com
LicenceMozilla Public License
Category

Cloud

Tags Online OfficeNextcloudDocument EditorCloud


This page describes how to install onlyoffice document server as a rpm contrib. This is of particular interest if you use Nextcloud

Version

Contrib 10:
smeserver-onlyoffice
The latest version of smeserver-onlyoffice is available in the SME repository, click on the version number(s) for more information.


Install

before proceeding you should have Nextcloud installed, and having a dedicated domain pointing to your server. This domain should be different from nextcloud domain. You should also consider isntalling and configuring Letsencrypt to have a dedicated cert per domain. In case you are limited in the use of extra domain you might use a dedicated port to use nginx externally, but this add some limit in term of ssl certificate, and we suggest to reconsider the dedicated domain.

yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm --enablerepo=smecontribs
yum install smeserver-extrarepositories-pgsql  smeserver-extrarepositories-onlyoffice -y
db yum_repositories setprop pgsql13 status enabled
signal-event yum-modify
yum --enablerepo=smecontribs install smeserver-onlyoffice

then, if you have dedicated subdomain and use let's Encrypt (or have trusted certs)

MYDOMAIN="onlyoffice.mydomain.com"
config setprop onlyoffice VirtualHost $MYDOMAIN RejectUnauthorized true access local
db domains set $MYDOMAIN domain Content Primary Description onlyoffice Nameservers localhost letsencryptSSLcert enabled TemplatePath Onlyoffice
signal-event domain-create $MYDOMAIN
expand-template /etc/dehydrated/domains.txt
dehydrated -c
signal-event smeserver-onlyoffice-update

then, if you share one domain/subdomain and you have trusted certificate for it [will use dedicated port 8082, needs opening behind a firewall]

config setprop onlyoffice RejectUnauthorized true access public
signal-event smeserver-onlyoffice-update

then, if you do not have trusted certs, but only self signed, and only one domain/subdomain [will use dedicated port 8082, needs opening behind a firewall]

config setprop onlyoffice RejectUnauthorized false access public
signal-event smeserver-onlyoffice-update


NB: in two last situations you could choose private if you only want it to be accessible from LAN.


Configuration

you can list the available configuration with the following command :

config show onlyoffice

Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :

property default values
dbname onlyoffice string for pgsql
dbuser onlyoffice string for pgsql
dbpass **generated** string for pgsql
VirtualHost domain name e.g. onlyoffice.domain.com
TCPPort 8082 port number port where https connection can be done
token *generated* string > 32 chars secret key to be able to use the service
RejectUnauthorized true/false true if empty; will reject the connection from untrusted ssl certs to the onlyoffice service. It is also used for nextcloud to reject non trusted cert from onlyoffice.
access local local,private, public
status enabled enabled,disabled

Uninstall

yum remove smeserver-onlyoffice  onlyoffice

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-onlyoffice component or use this link


Below is an overview of the current issues for this contrib:

No open bugs found.

Changelog

Only released version in smecontrib are listed here.

smeserver-onlyoffice Changelog: SME 10 (smecontribs)
2023/02/08 Jean-Philippe Pialasse 0.0.5-8.sme
- adapt for onlyoffice 7.3 with systemd services [SME: 12177]

2023/02/07 Jean-Philippe Pialasse 0.0.5-7.sme
- requires documentserver < 7.3 as using supervisord
- fix path to pgsql [SME: 12317]

- redirect to welcome uri
2022/12/26 Jean-Philippe Pialasse 0.0.5-5.sme
- fix httpd failure on onlyoffice-documentserver rpm update [SME: 12289]
2022/11/22 Jean-Philippe Pialasse 0.0.5-4.sme
- fix path to postgresql-13 [SME: 12238]
2022/11/21 Jean-Philippe Pialasse 0.0.5-3.sme
- fix nginx not starting with onlyoffice 7.2 [SME: 12234]


See Also

  1. https://helpcenter.onlyoffice.com/installation/docs-community-install-centos.aspx
  2. https://sourceforge.net/projects/mscorefonts2
  3. https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx
  4. https://github.com/ONLYOFFICE/DocumentServer/releases
  5. https://helpcenter.onlyoffice.com/onlyoffice-editors/onlyoffice-document-editor/helpfulhints/advancedsettings.aspx