ONLYOFFICE

From SME Server
Revision as of 05:12, 6 July 2022 by Unnilennium (talk | contribs)
Jump to navigation Jump to search




Onlyoffice.png
onlyoffice logo
MaintainerUnnilennium
Urlhttps://www.onlyoffice.com
LicenceMozilla Public License
Category

Cloud

Tags Online OfficeNextcloudDocument EditorCloud


this page described how to install onlyoffice document server as a rpm contrib but also give some direction to install as a docker container on SME10 as server gateway. So we can use it from nextcloud. The docker way is early beta.

Version

Contrib 10:
smeserver-onlyoffice
The latest version of smeserver-onlyoffice is available in the SME repository, click on the version number(s) for more information.


Install

before proceeding you should have Nextcloud installed, and having a dedicated domain pointing to your server. This domain should be different from nextcloud domain. You should also consider isntalling and configuring Letsencrypt to have a dedicated cert per domain. In case you are limited in the use of extra domain you might use a dedicated port to use nginx externally, but this add some limit in term of ssl certificate, and we suggest to reconsider the dedicated domain.

yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm --enablerepo=smecontribs
yum install smeserver-extrarepositories-pgsql  smeserver-extrarepositories-onlyoffice -y
db yum_repositories setprop pgsql13 status enabled
signal-event yum-modify
yum --enablerepo=smecontribs install smeserver-onlyoffice

then, if you have dedicated subdomain and use let's Encrypt (or have trusted certs)

MYDOMAIN="onlyoffice.mydomain.com"
config setprop onlyoffice VirtualHost $MYDOMAIN RejectUnauthorized true access local
db domains set $MYDOMAIN domain Content Primary Description onlyoffice Nameservers localhost letsencryptSSLcert enabled TemplatePath Onlyoffice
signal-event domain-create $MYDOMAIN
expand-template /etc/dehydrated/domains.txt
dehydrated -c
signal-event smeserver-onlyoffice-update

then, if you share one domain/subdomain and you have trusted certificate for it [will use dedicated port 8082, needs opening behind a firewall]

config setprop onlyoffice RejectUnauthorized true access public
signal-event smeserver-onlyoffice-update

then, if you do not have trusted certs, but only self signed, and only one domain/subdomain [will use dedicated port 8082, needs opening behind a firewall]

config setprop onlyoffice RejectUnauthorized false access public
signal-event smeserver-onlyoffice-update


NB: in two last situations you could choose private if you only want it to be accessible from LAN.

  1. https://helpcenter.onlyoffice.com/installation/docs-community-install-centos.aspx
  2. https://sourceforge.net/projects/mscorefonts2
  3. https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx
  4. https://github.com/ONLYOFFICE/DocumentServer/releases

Configuration

you can list the available configuration with the following command :

config show onlyoffice

Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :

property default values
dbname onlyoffice string for pgsql
dbuser onlyoffice string for pgsql
dbpass **generated** string for pgsql
VirtualHost domain name e.g. onlyoffice.domain.com
TCPPort 8082 port number port where https connection can be done
token *generated* string > 32 chars secret key to be able to use the service
RejectUnauthorized true/false true if empty; will reject the connection from untrusted ssl certs to the onlyoffice service. It is also used for nextcloud to reject non trusted cert from onlyoffice.
access local local,private, public
status enabled enabled,disabled

Uninstall

yum remove smeserver-onlyoffice  onlyoffice

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-onlyoffice component or use this link


Below is an overview of the current issues for this contrib:

No open bugs found.

Changelog

Only released version in smecontrib are listed here.

smeserver-onlyoffice Changelog: SME 10 (smecontribs)
2023/02/08 Jean-Philippe Pialasse 0.0.5-8.sme
- adapt for onlyoffice 7.3 with systemd services [SME: 12177]

2023/02/07 Jean-Philippe Pialasse 0.0.5-7.sme
- requires documentserver < 7.3 as using supervisord
- fix path to pgsql [SME: 12317]

- redirect to welcome uri
2022/12/26 Jean-Philippe Pialasse 0.0.5-5.sme
- fix httpd failure on onlyoffice-documentserver rpm update [SME: 12289]
2022/11/22 Jean-Philippe Pialasse 0.0.5-4.sme
- fix path to postgresql-13 [SME: 12238]
2022/11/21 Jean-Philippe Pialasse 0.0.5-3.sme
- fix nginx not starting with onlyoffice 7.2 [SME: 12234]



Docker procedure

docker install

yum install docker-ce docker-ce-cli containerd.io docker-compose --enablerepo=epel,extras
systemctl start docker
systemctl enable docker
cd ~ 
git clone --recursive https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud
cd docker-onlyoffice-nextcloud
docker-compose up -d

then do where you must replace 192.168.50.117 by your SME LAN IP

docker run -i -t -d --name onlyoffice -p 8080:80   \
      --dns=192.168.50.117   \
      -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
      -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
      -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
      -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
      -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
      -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
       onlyoffice/documentserver

docker update --restart always onlyoffice

needed httpd templates

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
# /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/80VirtualH-dehydrated
#Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
Alias /.well-known/acme-challenge/ /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/

<Directory "/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/">
    order allow,deny
    allow from all
    deny from none  	
    AddDefaultCharset off
</Directory>

change DOMAIN.COM with you own domain (or docker.DOMAIN.COM and onlyoffice.DOMAIN.COM)

#/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98onlyoffice
<VirtualHost *:443>
    ServerName onlyoffice.DOMAIN.COM
    ServerAlias onlyoffice.DOMAIN.COM

    SSLEngine On
    SSLCertificateFile	/etc/dehydrated/certs/docker.DOMAIN.COM/cert.pem
    SSLCertificateKeyFile /etc/dehydrated/certs/docker.DOMAIN.COM/privkey.pem
    SSLCertificateChainFile /etc/dehydrated/certs/docker.DOMAIN.COM/chain.pem

    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
    SSLProtocol All -SSLv2 -SSLv3
    SSLCompression off
    SSLHonorCipherOrder on

    SetEnvIf Host "^(.*)$" THE_HOST=$1
    #needs apache 2.4.7
    #RequestHeader setifempty X-Forwarded-Proto https
    #RequestHeader setifempty X-Forwarded-Host %\{THE_HOST\}e
    #valid alternative :
    RequestHeader set X-Forwarded-Proto https
    RequestHeader set X-Forwarded-Host %\{THE_HOST\}e
    ProxyAddHeaders Off

    ProxyPass /.well-known/acme-challenge !
    ProxyPassMatch (.*)(\/websocket)$ "ws://localhost:8080/$1$2"
    ProxyPass / "http://localhost:8080/"
    ProxyPassReverse / "http://localhost:8080/"

</VirtualHost>

# PORT FORWARD FROM 80 TO: 443
<virtualhost *:80>
    ServerName onlyoffice.DOMAIN.COM
    ServerAlias onlyoffice.DOMAIN.COM
    SSLProxyEngine On
    RewriteEngine on
    RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC]
    RewriteCond %\{HTTPS\} off
    RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L]
</virtualhost>

to allow access to your dns server add the docker network to your local networks (considering the docker network is the following):

db networks set 172.17.0.0 network Mask 255.255.0.0 Router 172.17.0.1 Removable no
signal-event network-create 172.17.0.0

update

docker pull onlyoffice/documentserver:latest

cp -a /app/onlyoffice/DocumentServer/ /backuponlyoffice

docker stop onlyoffice
docker rm onlyoffice
docker run -i -t -d --name onlyoffice -p 8080:80   \
      --dns=192.168.80.117   \
      -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
      -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
      -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
      -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
      -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
      -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
       onlyoffice/documentserver
#wait 5 min and then
docker restart onlyoffice

then you have to add back your secrets

docker
apt update
mcedit  /etc/onlyoffice/documentserver/local.json
exit
docker restart onlyoffice
docker update --restart always onlyoffice

useful commands

# stop onlyoffice
docker stop --name onlyoffice
#list containers
docker container ls -a
#list images
docker images
# access to the container 
docker exec -it onlyoffice bash

TODO and known issues

  1. we could add the certificate folder to the /app externally accessible folder, same thing for the configuration in /etc/onlyoffice/documentserver/local.json. Alternatively we could simply use the environement variable and the docker file to populate them.
  2. a smeserver-onlyoffice rpm.
  3. on reboot docker fails to load network if service is started before masq is relaoded, we would either need to create a specific template for that, or restart docker after masq

sources