ONLYOFFICE
 | |
| onlyoffice logo | |
| Maintainer | Unnilennium |
|---|---|
| Url | https://www.onlyoffice.com |
| Licence | Mozilla Public License |
| Category | |
| Tags | Online Office, Nextcloud, Document Editor, Cloud |
this page described how to install onlyoffice document server as a rpm contrib but also give some direction to install as a docker container on SME10 as server gateway. So we can use it from nextcloud. The docker way is early beta.
Version
Install
before proceeding you should have Nextcloud installed, and having a dedicated domain pointing to your server. This domain should be different from nextcloud domain. You should also consider isntalling and configuring Letsencrypt to have a dedicated cert per domain. In case you are limited in the use of extra domain you might use a dedicated port to use nginx externally, but this add some limit in term of ssl certificate, and we suggest to reconsider the dedicated domain.
yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm --enablerepo=smecontribs yum install smeserver-extrarepositories-pgsql smeserver-extrarepositories-onlyoffice -y db yum_repositories setprop pgsql13 status enabled signal-event yum-modify yum --enablerepo=smecontribs install smeserver-onlyoffice
then, if you have dedicated subdomain and use let's Encrypt (or have trusted certs)
MYDOMAIN="onlyoffice.mydomain.com" config setprop onlyoffice VirtualHost $MYDOMAIN RejectUnauthorized true access local db domains set $MYDOMAIN domain Content Primary Description onlyoffice Nameservers Self letsencryptSSLcert enabled TemplatePath Onlyoffice signal-event domain-create $MYDOMAIN expand-template /etc/dehydrated/domain.txt dehydrated -c signal-event smeserver-onlyoffice-update
then, if you share one domain/subdomain and you have trusted certificate for it [will use dedicated port 8082, needs opening behind a firewall]
config setprop onlyoffice RejectUnauthorized true access public signal-event smeserver-onlyoffice-update
then, if you do not have trusted certs, but only self signed, and only one domain/subdomain [will use dedicated port 8082, needs opening behind a firewall]
config setprop onlyoffice RejectUnauthorized false access public signal-event smeserver-onlyoffice-update
NB: in two last situations you could choose private if you only want it to be accessible from LAN.
- https://helpcenter.onlyoffice.com/installation/docs-community-install-centos.aspx
- https://sourceforge.net/projects/mscorefonts2
- https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx
- https://github.com/ONLYOFFICE/DocumentServer/releases
Configuration
you can list the available configuration with the following command :
config show onlyoffice
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :
| property | default | values | |
|---|---|---|---|
| dbname | onlyoffice | string | for pgsql |
| dbuser | onlyoffice | string | for pgsql |
| dbpass | **generated** | string | for pgsql |
| VirtualHost | domain name | e.g. onlyoffice.domain.com | |
| TCPPort | 8082 | port number | port where https connection can be done |
| token | *generated* | string > 32 chars | secret key to be able to use the service |
| RejectUnauthorized | true/false | true if empty; will reject the connection from untrusted ssl certs to the onlyoffice service. It is also used for nextcloud to reject non trusted cert from onlyoffice. | |
| access | local | local,private, public | |
| status | enabled | enabled,disabled |
Uninstall
yum remove smeserver-onlyoffice onlyoffice
Bugs
Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-onlyoffice component or use this link
Below is an overview of the current issues for this contrib:
Changelog
Only released version in smecontrib are listed here.
- adapt for onlyoffice 7.3 with systemd services [SME: 12177]
2023/02/07 Jean-Philippe Pialasse 0.0.5-7.sme
- requires documentserver < 7.3 as using supervisord
- fix path to pgsql [SME: 12317]
- fix httpd failure on onlyoffice-documentserver rpm update [SME: 12289]
- fix path to postgresql-13 [SME: 12238]
- fix nginx not starting with onlyoffice 7.2 [SME: 12234]
Docker procedure
docker install
yum install docker-ce docker-ce-cli containerd.io docker-compose --enablerepo=epel,extras
systemctl start docker
systemctl enable docker
cd ~
git clone --recursive https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud
cd docker-onlyoffice-nextcloud
docker-compose up -d
then do where you must replace 192.168.50.117 by your SME LAN IP
docker run -i -t -d --name onlyoffice -p 8080:80 \
--dns=192.168.50.117 \
-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
-v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
-v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
-v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
onlyoffice/documentserver
docker update --restart always onlyoffice
needed httpd templates
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
# /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/80VirtualH-dehydrated
#Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
Alias /.well-known/acme-challenge/ /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/
<Directory "/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/">
order allow,deny
allow from all
deny from none
AddDefaultCharset off
</Directory>
change DOMAIN.COM with you own domain (or docker.DOMAIN.COM and onlyoffice.DOMAIN.COM)
#/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98onlyoffice
<VirtualHost *:443>
ServerName onlyoffice.DOMAIN.COM
ServerAlias onlyoffice.DOMAIN.COM
SSLEngine On
SSLCertificateFile /etc/dehydrated/certs/docker.DOMAIN.COM/cert.pem
SSLCertificateKeyFile /etc/dehydrated/certs/docker.DOMAIN.COM/privkey.pem
SSLCertificateChainFile /etc/dehydrated/certs/docker.DOMAIN.COM/chain.pem
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
SSLProtocol All -SSLv2 -SSLv3
SSLCompression off
SSLHonorCipherOrder on
SetEnvIf Host "^(.*)$" THE_HOST=$1
#needs apache 2.4.7
#RequestHeader setifempty X-Forwarded-Proto https
#RequestHeader setifempty X-Forwarded-Host %\{THE_HOST\}e
#valid alternative :
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Host %\{THE_HOST\}e
ProxyAddHeaders Off
ProxyPass /.well-known/acme-challenge !
ProxyPassMatch (.*)(\/websocket)$ "ws://localhost:8080/$1$2"
ProxyPass / "http://localhost:8080/"
ProxyPassReverse / "http://localhost:8080/"
</VirtualHost>
# PORT FORWARD FROM 80 TO: 443
<virtualhost *:80>
ServerName onlyoffice.DOMAIN.COM
ServerAlias onlyoffice.DOMAIN.COM
SSLProxyEngine On
RewriteEngine on
RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC]
RewriteCond %\{HTTPS\} off
RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L]
</virtualhost>
to allow access to your dns server add the docker network to your local networks (considering the docker network is the following):
db networks set 172.17.0.0 network Mask 255.255.0.0 Router 172.17.0.1 Removable no
signal-event network-create 172.17.0.0
update
docker pull onlyoffice/documentserver:latest
cp -a /app/onlyoffice/DocumentServer/ /backuponlyoffice
docker stop onlyoffice
docker rm onlyoffice
docker run -i -t -d --name onlyoffice -p 8080:80 \
--dns=192.168.80.117 \
-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
-v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
-v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
-v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
onlyoffice/documentserver
#wait 5 min and then
docker restart onlyoffice
then you have to add back your secrets
docker
apt update
mcedit /etc/onlyoffice/documentserver/local.json
exit
docker restart onlyoffice
docker update --restart always onlyoffice
useful commands
# stop onlyoffice
docker stop --name onlyoffice
#list containers
docker container ls -a
#list images
docker images
# access to the container
docker exec -it onlyoffice bash
TODO and known issues
- we could add the certificate folder to the /app externally accessible folder, same thing for the configuration in /etc/onlyoffice/documentserver/local.json. Alternatively we could simply use the environement variable and the docker file to populate them.
- a smeserver-onlyoffice rpm.
- on reboot docker fails to load network if service is started before masq is relaoded, we would either need to create a specific template for that, or restart docker after masq
sources
- https://hub.docker.com/r/onlyoffice/documentserver/
- https://github.com/ONLYOFFICE/Docker-DocumentServer
- https://ma.ttias.be/update-docker-container-latest-version/
- https://www.howtoforge.com/tutorial/how-to-update-onlyoffice-to-version-95-with-docker/
- https://docs.docker.com/config/containers/container-networking/
- https://help.nextcloud.com/t/nextcloud-onlyoffice-integration-document-server-getconverteduri-on-check-error-error-while-downloading-the-document-file-to-be-converted/57393
