ONLYOFFICE
onlyoffice logo | |
Maintainer | Unnilennium |
---|---|
Url | https://www.onlyoffice.com |
Licence | Mozilla Public License |
Category | |
Tags | Online Office, Nextcloud, Document Editor, Cloud |
this page described how to install onlyoffice document server as a docker container on SME10as server gateway. So we can use it from nextcloud.
this is early beta.
Version
Install
before proceeding you should have Nextcloud installed, and having a dedicated domain pointing to your server. This domain should be different from nextcloud domain. You should also consider isntalling and configuring Letsencrypt to have a dedicated cert per domain. In case you are limited in the use of extra domain you might use a dedicated port to use nginx externally, but this add some limit in term of ssl certificate, and we suggest to reconsider the dedicated domain.
yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm --enablerepo=smecontribs yum install smeserver-extrarepositories-pgsql smeserver-extrarepositories-onlyoffice -y db yum_repositories setprop pgsql13 status enabled signal-event yum-modify yum --enablerepo=smecontribs install smeserver-onlyoffice
then, if you have dedicated subdomain and use let's Encrypt (or have trusted certs)
MYDOMAIN="onlyoffice.mydomain.com" config setprop onlyoffice VirtualHost $MYDOMAIN RejectUnauthorized true access local db domains set $MYDOMAIN domain Content Primary Description onlyoffice Nameservers Self letsencryptSSLcert enabled TemplatePath Onlyoffice signal-event domain-create $MYDOMAIN expand-template /etc/dehydrated/domain.txt dehydrated -c signal-event smeserver-onlyoffice-update
then, if you share one domain/subdomain and you have trusted certificate for it
config setprop onlyoffice RejectUnauthorized true access public signal-event smeserver-onlyoffice-update
then, if you do not have trusted certs, but only self signed, and only one domain/subdomain
config setprop onlyoffice RejectUnauthorized false access public signal-event smeserver-onlyoffice-update
NB: in two last situations you could choose private if you only want it to be accessible from LAN.
- https://helpcenter.onlyoffice.com/installation/docs-community-install-centos.aspx
- https://sourceforge.net/projects/mscorefonts2
- https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx
- https://github.com/ONLYOFFICE/DocumentServer/releases
Configuration
you can list the available configuration with the following command :
config show onlyoffice
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :
property | default | values | |
---|---|---|---|
dbname | onlyoffice | string | for pgsql |
dbuser | onlyoffice | string | for pgsql |
dbpass | **generated** | string | for pgsql |
VirtualHost | domain name | e.g. onlyoffice.domain.com | |
TCPPort | 8082 | port number | port where https connection can be done |
token | *generated* | string > 32 chars | secret key to be able to use the service |
RejectUnauthorized | true/false | true if empty; will reject the connection from untrusted ssl certs to the onlyoffice service. It is also used for nextcloud to reject non trusted cert from onlyoffice. | |
access | local | local,private, public | |
status | enabled | enabled,disabled |
Uninstall
yum remove smeserver-onlyoffice onlyoffice
Bugs
Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-onlyoffice component or use this link
Below is an overview of the current issues for this contrib:
Changelog
Only released version in smecontrib are listed here.
- adapt for onlyoffice 7.3 with systemd services [SME: 12177]
2023/02/07 Jean-Philippe Pialasse 0.0.5-7.sme
- requires documentserver < 7.3 as using supervisord
- fix path to pgsql [SME: 12317]
- fix httpd failure on onlyoffice-documentserver rpm update [SME: 12289]
- fix path to postgresql-13 [SME: 12238]
- fix nginx not starting with onlyoffice 7.2 [SME: 12234]
Docker procedure
docker install
yum install docker-ce docker-ce-cli containerd.io docker-compose --enablerepo=epel,extras
systemctl start docker
systemctl enable docker
cd ~
git clone --recursive https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud
cd docker-onlyoffice-nextcloud
docker-compose up -d
then do where you must replace 192.168.50.117 by your SME LAN IP
docker run -i -t -d --name onlyoffice -p 8080:80 \
--dns=192.168.50.117 \
-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
-v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
-v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
-v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
onlyoffice/documentserver
docker update --restart always onlyoffice
needed httpd templates
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
# /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/80VirtualH-dehydrated
#Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
Alias /.well-known/acme-challenge/ /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/
<Directory "/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/">
order allow,deny
allow from all
deny from none
AddDefaultCharset off
</Directory>
change DOMAIN.COM with you own domain (or docker.DOMAIN.COM and onlyoffice.DOMAIN.COM)
#/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98onlyoffice
<VirtualHost *:443>
ServerName onlyoffice.DOMAIN.COM
ServerAlias onlyoffice.DOMAIN.COM
SSLEngine On
SSLCertificateFile /etc/dehydrated/certs/docker.DOMAIN.COM/cert.pem
SSLCertificateKeyFile /etc/dehydrated/certs/docker.DOMAIN.COM/privkey.pem
SSLCertificateChainFile /etc/dehydrated/certs/docker.DOMAIN.COM/chain.pem
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
SSLProtocol All -SSLv2 -SSLv3
SSLCompression off
SSLHonorCipherOrder on
SetEnvIf Host "^(.*)$" THE_HOST=$1
#needs apache 2.4.7
#RequestHeader setifempty X-Forwarded-Proto https
#RequestHeader setifempty X-Forwarded-Host %\{THE_HOST\}e
#valid alternative :
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Host %\{THE_HOST\}e
ProxyAddHeaders Off
ProxyPass /.well-known/acme-challenge !
ProxyPassMatch (.*)(\/websocket)$ "ws://localhost:8080/$1$2"
ProxyPass / "http://localhost:8080/"
ProxyPassReverse / "http://localhost:8080/"
</VirtualHost>
# PORT FORWARD FROM 80 TO: 443
<virtualhost *:80>
ServerName onlyoffice.DOMAIN.COM
ServerAlias onlyoffice.DOMAIN.COM
SSLProxyEngine On
RewriteEngine on
RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC]
RewriteCond %\{HTTPS\} off
RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L]
</virtualhost>
to allow access to your dns server add the docker network to your local networks (considering the docker network is the following):
db networks set 172.17.0.0 network Mask 255.255.0.0 Router 172.17.0.1 Removable no
signal-event network-create 172.17.0.0
update
docker pull onlyoffice/documentserver:latest
cp -a /app/onlyoffice/DocumentServer/ /backuponlyoffice
docker stop onlyoffice
docker rm onlyoffice
docker run -i -t -d --name onlyoffice -p 8080:80 \
--dns=192.168.80.117 \
-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
-v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
-v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
-v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
onlyoffice/documentserver
#wait 5 min and then
docker restart onlyoffice
then you have to add back your secrets
docker
apt update
mcedit /etc/onlyoffice/documentserver/local.json
exit
docker restart onlyoffice
docker update --restart always onlyoffice
useful commands
# stop onlyoffice
docker stop --name onlyoffice
#list containers
docker container ls -a
#list images
docker images
# access to the container
docker exec -it onlyoffice bash
TODO and known issues
- we could add the certificate folder to the /app externally accessible folder, same thing for the configuration in /etc/onlyoffice/documentserver/local.json. Alternatively we could simply use the environement variable and the docker file to populate them.
- a smeserver-onlyoffice rpm.
- on reboot docker fails to load network if service is started before masq is relaoded, we would either need to create a specific template for that, or restart docker after masq
sources
- https://hub.docker.com/r/onlyoffice/documentserver/
- https://github.com/ONLYOFFICE/Docker-DocumentServer
- https://ma.ttias.be/update-docker-container-latest-version/
- https://www.howtoforge.com/tutorial/how-to-update-onlyoffice-to-version-95-with-docker/
- https://docs.docker.com/config/containers/container-networking/
- https://help.nextcloud.com/t/nextcloud-onlyoffice-integration-document-server-getconverteduri-on-check-error-error-while-downloading-the-document-file-to-be-converted/57393