Line 1: |
Line 1: |
− | this page described how to install onlyoffice '''document server''' as a docker container on SME10as '''server gateway'''. So we can use it from nextcloud.
| + | {{Languages}} |
| + | <!-- here we define the contrib name variable --> |
| + | <!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want--> |
| + | {{#vardefine:contribname| {{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }} |
| + | {{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }} |
| + | <!-- we define the language --> |
| + | {{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }}{{Infobox contribs |
| + | | name = {{#var:contribname}} |
| + | | image = Onlyoffice.png |
| + | | description_image = {{#var:contribname}} logo |
| + | | maintainer = Unnilennium |
| + | | licence = Mozilla Public License |
| + | | url = https://www.onlyoffice.com |
| + | | video = |
| + | | category = Cloud |
| + | | tags = Online Office,Nextcloud,Document Editor,Cloud |
| + | }} |
| + | This page describes how to install onlyoffice '''document server''' as a rpm contrib. This is of particular interest if you use [[Nextcloud]] |
| | | |
− | this is early beta.
| + | === Version === |
| + | {{#smeversion: {{#var:smecontribname}} }} |
| | | |
− | == install == | + | === Install === |
− | <syntaxhighlight lang="bash">
| + | before proceeding you should have [[Nextcloud]] installed, and having a dedicated domain pointing to your server. This domain should be different from nextcloud domain. |
− | yum install docker-ce docker-ce-cli containerd.io docker-compose --enablerepo=epel,extras
| + | You should also consider isntalling and configuring [[Letsencrypt]] to have a dedicated cert per domain. |
− | systemctl start docker
| + | In case you are limited in the use of extra domain you might use a dedicated port to use nginx externally, but this add some limit in term of ssl certificate, and we suggest to reconsider the dedicated domain. |
− | systemctl enable docker
| |
− | cd ~
| |
− | git clone --recursive https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud
| |
− | cd docker-onlyoffice-nextcloud
| |
− | docker-compose up -d
| |
− | </syntaxhighlight>then do where you must replace 192.168.50.117 by your SME LAN IP
| |
| | | |
− | <syntaxhighlight lang="bash"> | + | <tabs container=""> |
− | docker run -i -t -d --name onlyoffice -p 8080:80 \
| + | <tab name="For SME 10"> |
− | --dns=192.168.50.117 \
| + | yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm --enablerepo=smecontribs |
− | -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
| + | yum install smeserver-extrarepositories-pgsql smeserver-extrarepositories-onlyoffice -y |
− | -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
| + | db yum_repositories setprop pgsql13 status enabled |
− | -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
| + | signal-event yum-modify |
− | -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
| + | yum --enablerepo=smecontribs install {{#var:smecontribname}} |
− | -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
| |
− | -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
| |
− | onlyoffice/documentserver
| |
| | | |
− | </syntaxhighlight>
| + | then, if you have dedicated subdomain and use let's Encrypt (or have trusted certs) |
| + | MYDOMAIN="onlyoffice.mydomain.com" |
| + | config setprop onlyoffice VirtualHost $MYDOMAIN RejectUnauthorized true access local |
| + | db domains set $MYDOMAIN domain Content Primary Description onlyoffice Nameservers localhost letsencryptSSLcert enabled TemplatePath Onlyoffice |
| + | signal-event domain-create $MYDOMAIN |
| + | expand-template /etc/dehydrated/domains.txt |
| + | dehydrated -c |
| + | signal-event smeserver-onlyoffice-update |
| | | |
− | needed httpd templates<syntaxhighlight lang="bash">
| + | then, if you share one domain/subdomain and you have trusted certificate for it [will use dedicated port 8082, needs opening behind a firewall] |
− | mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
| + | config setprop onlyoffice RejectUnauthorized true access public |
| + | signal-event smeserver-onlyoffice-update |
| | | |
− | </syntaxhighlight><syntaxhighlight lang="perl">
| + | then, if you do not have trusted certs, but only self signed, and only one domain/subdomain [will use dedicated port 8082, needs opening behind a firewall] |
− | # /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/80VirtualH-dehydrated
| + | config setprop onlyoffice RejectUnauthorized false access public |
− | #Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
| + | signal-event smeserver-onlyoffice-update |
− | Alias /.well-known/acme-challenge/ /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/
| |
| | | |
− | <Directory "/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/">
| |
− | order allow,deny
| |
− | allow from all
| |
− | deny from none
| |
− | AddDefaultCharset off
| |
− | </Directory>
| |
| | | |
− | </syntaxhighlight>change DOMAIN.COM with you own domain (or docker.DOMAIN.COM and onlyoffice.DOMAIN.COM)<syntaxhighlight lang="perl">
| + | NB: in two last situations you could choose private if you only want it to be accessible from LAN. |
− | #/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98onlyoffice
| |
− | <VirtualHost *:443>
| |
− | ServerName onlyoffice.DOMAIN.COM
| |
− | ServerAlias onlyoffice.DOMAIN.COM
| |
| | | |
− | SSLEngine On
| + | </tab> |
− | SSLCertificateFile /etc/dehydrated/certs/docker.DOMAIN.COM/cert.pem
| + | </tabs> |
− | SSLCertificateKeyFile /etc/dehydrated/certs/docker.DOMAIN.COM/privkey.pem
| |
− | SSLCertificateChainFile /etc/dehydrated/certs/docker.DOMAIN.COM/chain.pem
| |
| | | |
− | SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
| |
− | SSLProtocol All -SSLv2 -SSLv3
| |
− | SSLCompression off
| |
− | SSLHonorCipherOrder on
| |
| | | |
− | SetEnvIf Host "^(.*)$" THE_HOST=$1
| |
− | #needs apache 2.4.7
| |
− | #RequestHeader setifempty X-Forwarded-Proto https
| |
− | #RequestHeader setifempty X-Forwarded-Host %\{THE_HOST\}e
| |
− | #valid alternative :
| |
− | RequestHeader set X-Forwarded-Proto https
| |
− | RequestHeader set X-Forwarded-Host %\{THE_HOST\}e
| |
− | ProxyAddHeaders Off
| |
| | | |
− | ProxyPass /.well-known/acme-challenge !
| + | ===Configuration=== |
− | ProxyPassMatch (.*)(\/websocket)$ "ws://localhost:8080/$1$2"
| + | you can list the available configuration with the following command : |
− | ProxyPass / "http://localhost:8080/"
| + | config show {{#var:contribname}} |
− | ProxyPassReverse / "http://localhost:8080/"
| + | Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values : |
| + | {| class="wikitable" |
| + | !property |
| + | !default |
| + | !values |
| + | ! |
| + | |- |
| + | |dbname |
| + | |onlyoffice |
| + | |string |
| + | |for pgsql |
| + | |- |
| + | |dbuser |
| + | |onlyoffice |
| + | |string |
| + | |for pgsql |
| + | |- |
| + | |dbpass |
| + | |**generated** |
| + | |string |
| + | |for pgsql |
| + | |- |
| + | |VirtualHost |
| + | | |
| + | |domain name |
| + | |e.g. onlyoffice.domain.com |
| + | |- |
| + | |TCPPort |
| + | |8082 |
| + | |port number |
| + | |port where https connection can be done |
| + | |- |
| + | |token |
| + | |*generated* |
| + | |string > 32 chars |
| + | |secret key to be able to use the service |
| + | |- |
| + | |RejectUnauthorized |
| + | | |
| + | |true/false |
| + | |true if empty; will reject the connection from untrusted ssl certs to the onlyoffice service. It is also used for nextcloud to reject non trusted cert from onlyoffice. |
| + | |- |
| + | |access |
| + | |local |
| + | |local,private, public |
| + | | |
| + | |- |
| + | |status |
| + | |enabled |
| + | |enabled,disabled |
| + | |} |
| | | |
− | </VirtualHost>
| + | ===Uninstall=== |
| + | yum remove {{#var:smecontribname}} {{#var:contribname}} |
| | | |
− | # PORT FORWARD FROM 80 TO: 443
| + | === Bugs=== |
− | <virtualhost *:80>
| + | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] |
− | ServerName onlyoffice.DOMAIN.COM
| + | and select the {{#var:smecontribname}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{#var:smecontribname}}|title=this link}} |
− | ServerAlias onlyoffice.DOMAIN.COM
| |
− | SSLProxyEngine On
| |
− | RewriteEngine on
| |
− | RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC]
| |
− | RewriteCond %\{HTTPS\} off
| |
− | RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L]
| |
− | </virtualhost>
| |
| | | |
− | </syntaxhighlight>
| + | Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{#var:smecontribname}} |noresultsmessage=No open bugs found.}} |
| | | |
− | to allow access to your dns server add the docker network to your local networks (considering the docker network is the following): <syntaxhighlight lang="bash">
| + | ===Changelog=== |
− | db networks set 172.17.0.0 network Mask 255.255.0.0 Router 172.17.0.1 Removable no
| + | Only released version in smecontrib are listed here. |
− | signal-event network-create 172.17.0.0
| + | {{#smechangelog: {{#var:smecontribname}} }} |
− | </syntaxhighlight>
| |
| | | |
− | == update ==
| |
− | <syntaxhighlight lang="bash">
| |
− | docker pull onlyoffice/documentserver:latest
| |
| | | |
− | cp -a /app/onlyoffice/DocumentServer/ /backuponlyoffice
| + | ===See Also=== |
| + | # https://helpcenter.onlyoffice.com/installation/docs-community-install-centos.aspx |
| + | # https://sourceforge.net/projects/mscorefonts2 |
| + | # https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx |
| + | # https://github.com/ONLYOFFICE/DocumentServer/releases |
| + | # https://helpcenter.onlyoffice.com/onlyoffice-editors/onlyoffice-document-editor/helpfulhints/advancedsettings.aspx |
| | | |
− | docker stop onlyoffice
| |
− | docker rm onlyoffice
| |
− | docker run -i -t -d --name onlyoffice -p 8080:80 \
| |
− | --dns=192.168.80.117 \
| |
− | -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
| |
− | -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
| |
− | -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
| |
− | -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
| |
− | -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
| |
− | -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
| |
− | onlyoffice/documentserver
| |
− | #wait 5 min and then
| |
− | docker restart onlyoffice
| |
− | </syntaxhighlight>then you have to add back your secrets<syntaxhighlight lang="bash">
| |
− | docker
| |
− | apt update
| |
− | mcedit /etc/onlyoffice/documentserver/local.json
| |
− | exit
| |
− | docker restart onlyoffice
| |
− | </syntaxhighlight>
| |
| | | |
− | == useful commands ==
| + | [[Category:Contrib]] |
− | <syntaxhighlight lang="bash">
| |
− | # stop onlyoffice
| |
− | docker stop --name onlyoffice
| |
− | #list containers
| |
− | docker container ls -a
| |
− | #list images
| |
− | docker images
| |
− | # access to the container
| |
− | docker exec -it onlyoffice bash
| |
− | </syntaxhighlight>
| |
− | | |
− | == TODO ==
| |
− | we could add the certificate folder to the /app externally accessible folder, same thing for the configuration in /etc/onlyoffice/documentserver/local.json. Alternatively we could simply use the environement variable and the docker file to populate them.
| |
− | | |
− | a smeserver-onlyoffice rpm.
| |
− | | |
− | == sources ==
| |
− | * https://hub.docker.com/r/onlyoffice/documentserver/
| |
− | * https://github.com/ONLYOFFICE/Docker-DocumentServer
| |
− | * https://ma.ttias.be/update-docker-container-latest-version/
| |
− | * https://www.howtoforge.com/tutorial/how-to-update-onlyoffice-to-version-95-with-docker/
| |
− | * https://docs.docker.com/config/containers/container-networking/
| |
− | * https://help.nextcloud.com/t/nextcloud-onlyoffice-integration-document-server-getconverteduri-on-check-error-error-while-downloading-the-document-file-to-be-converted/57393
| |