| Line 1: |
Line 1: |
| − | this page described how to install onlyoffice '''document server''' as a docker container on SME10as '''server gateway'''. So we can use it from nextcloud.
| + | {{Languages}} |
| | + | <!-- here we define the contrib name variable --> |
| | + | <!-- we get the page title, remove suffix for translated version; if needed you can define there with the value you want--> |
| | + | {{#vardefine:contribname| {{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }} |
| | + | {{#vardefine:smecontribname| smeserver-{{lc: {{#titleparts: {{BASEPAGENAME}} |1}} }} }} |
| | + | <!-- we define the language --> |
| | + | {{#vardefine:lang| {{lc: {{#titleparts: {{PAGENAME}} | | -1}} }} |en }}{{Infobox contribs |
| | + | | name = {{#var:contribname}} |
| | + | | image = Onlyoffice.png |
| | + | | description_image = {{#var:contribname}} logo |
| | + | | maintainer = Unnilennium |
| | + | | licence = Mozilla Public License |
| | + | | url = https://www.onlyoffice.com |
| | + | | video = |
| | + | | category = Cloud |
| | + | | tags = Online Office,Nextcloud,Document Editor,Cloud |
| | + | }} |
| | + | This page describes how to install onlyoffice '''document server''' as a rpm contrib. This is of particular interest if you use [[Nextcloud]] |
| | | | |
| − | this is early beta.
| + | === Version === |
| | + | {{#smeversion: {{#var:smecontribname}} }} |
| | | | |
| − | == install == | + | === Install === |
| − | <syntaxhighlight lang="bash">
| + | before proceeding you should have [[Nextcloud]] installed, and having a dedicated domain pointing to your server. This domain should be different from nextcloud domain. |
| − | yum install smeserver-docker
| + | You should also consider isntalling and configuring [[Letsencrypt]] to have a dedicated cert per domain. |
| − | </syntaxhighlight>then do where you must replace 192.168.80.117 by your SME LAN IP
| + | In case you are limited in the use of extra domain you might use a dedicated port to use nginx externally, but this add some limit in term of ssl certificate, and we suggest to reconsider the dedicated domain. |
| | | | |
| − | <syntaxhighlight lang="bash"> | + | <tabs container=""> |
| − | docker run -i -t -d --name onlyoffice -p 8080:80 \
| + | <tab name="For SME 10"> |
| − | --dns=192.168.80.117 \
| + | yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm --enablerepo=smecontribs |
| − | -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
| + | yum install smeserver-extrarepositories-pgsql smeserver-extrarepositories-onlyoffice -y |
| − | -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
| + | db yum_repositories setprop pgsql13 status enabled |
| − | -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
| + | signal-event yum-modify |
| − | -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
| + | yum --enablerepo=smecontribs install {{#var:smecontribname}} |
| − | -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
| |
| − | -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
| |
| − | onlyoffice/documentserver
| |
| | | | |
| − | </syntaxhighlight>
| + | then, if you have dedicated subdomain and use let's Encrypt (or have trusted certs) |
| | + | MYDOMAIN="onlyoffice.mydomain.com" |
| | + | config setprop onlyoffice VirtualHost $MYDOMAIN RejectUnauthorized true access local |
| | + | db domains set $MYDOMAIN domain Content Primary Description onlyoffice Nameservers localhost letsencryptSSLcert enabled TemplatePath Onlyoffice |
| | + | signal-event domain-create $MYDOMAIN |
| | + | expand-template /etc/dehydrated/domains.txt |
| | + | dehydrated -c |
| | + | signal-event smeserver-onlyoffice-update |
| | | | |
| − | needed httpd templates<syntaxhighlight lang="bash">
| + | then, if you share one domain/subdomain and you have trusted certificate for it [will use dedicated port 8082, needs opening behind a firewall] |
| − | mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
| + | config setprop onlyoffice RejectUnauthorized true access public |
| | + | signal-event smeserver-onlyoffice-update |
| | | | |
| − | </syntaxhighlight><syntaxhighlight lang="perl">
| + | then, if you do not have trusted certs, but only self signed, and only one domain/subdomain [will use dedicated port 8082, needs opening behind a firewall] |
| − | # /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/80VirtualH-dehydrated
| + | config setprop onlyoffice RejectUnauthorized false access public |
| − | #Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
| + | signal-event smeserver-onlyoffice-update |
| − | Alias /.well-known/acme-challenge/ /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/
| |
| | | | |
| − | <Directory "/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/">
| |
| − | order allow,deny
| |
| − | allow from all
| |
| − | deny from none
| |
| − | AddDefaultCharset off
| |
| − | </Directory>
| |
| | | | |
| − | </syntaxhighlight>change DOMAIN.COM with you own domain (or docker.DOMAIN.COM and onlyoffice.DOMAIN.COM)<syntaxhighlight lang="perl">
| + | NB: in two last situations you could choose private if you only want it to be accessible from LAN. |
| − | #/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98onlyoffice
| |
| − | <VirtualHost *:443>
| |
| − | ServerName onlyoffice.DOMAIN.COM
| |
| − | ServerAlias onlyoffice.DOMAIN.COM
| |
| | | | |
| − | SSLEngine On
| + | </tab> |
| − | SSLCertificateFile /etc/dehydrated/certs/docker.DOMAIN.COM/cert.pem
| + | </tabs> |
| − | SSLCertificateKeyFile /etc/dehydrated/certs/docker.DOMAIN.COM/privkey.pem
| |
| − | SSLCertificateChainFile /etc/dehydrated/certs/docker.DOMAIN.COM/chain.pem
| |
| | | | |
| − | SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
| |
| − | SSLProtocol All -SSLv2 -SSLv3
| |
| − | SSLCompression off
| |
| − | SSLHonorCipherOrder on
| |
| | | | |
| − | SetEnvIf Host "^(.*)$" THE_HOST=$1
| |
| − | #needs apache 2.4.7
| |
| − | #RequestHeader setifempty X-Forwarded-Proto https
| |
| − | #RequestHeader setifempty X-Forwarded-Host %\{THE_HOST\}e
| |
| − | #valid alternative :
| |
| − | RequestHeader set X-Forwarded-Proto https
| |
| − | RequestHeader set X-Forwarded-Host %\{THE_HOST\}e
| |
| − | ProxyAddHeaders Off
| |
| | | | |
| − | ProxyPass /.well-known/acme-challenge !
| + | ===Configuration=== |
| − | ProxyPassMatch (.*)(\/websocket)$ "ws://localhost:8080/$1$2"
| + | you can list the available configuration with the following command : |
| − | ProxyPass / "http://localhost:8080/"
| + | config show {{#var:contribname}} |
| − | ProxyPassReverse / "http://localhost:8080/"
| + | Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values : |
| | + | {| class="wikitable" |
| | + | !property |
| | + | !default |
| | + | !values |
| | + | ! |
| | + | |- |
| | + | |dbname |
| | + | |onlyoffice |
| | + | |string |
| | + | |for pgsql |
| | + | |- |
| | + | |dbuser |
| | + | |onlyoffice |
| | + | |string |
| | + | |for pgsql |
| | + | |- |
| | + | |dbpass |
| | + | |**generated** |
| | + | |string |
| | + | |for pgsql |
| | + | |- |
| | + | |VirtualHost |
| | + | | |
| | + | |domain name |
| | + | |e.g. onlyoffice.domain.com |
| | + | |- |
| | + | |TCPPort |
| | + | |8082 |
| | + | |port number |
| | + | |port where https connection can be done |
| | + | |- |
| | + | |token |
| | + | |*generated* |
| | + | |string > 32 chars |
| | + | |secret key to be able to use the service |
| | + | |- |
| | + | |RejectUnauthorized |
| | + | | |
| | + | |true/false |
| | + | |true if empty; will reject the connection from untrusted ssl certs to the onlyoffice service. It is also used for nextcloud to reject non trusted cert from onlyoffice. |
| | + | |- |
| | + | |access |
| | + | |local |
| | + | |local,private, public |
| | + | | |
| | + | |- |
| | + | |status |
| | + | |enabled |
| | + | |enabled,disabled |
| | + | |} |
| | | | |
| − | </VirtualHost>
| + | ===Uninstall=== |
| | + | yum remove {{#var:smecontribname}} {{#var:contribname}} |
| | | | |
| − | # PORT FORWARD FROM 80 TO: 443
| + | === Bugs=== |
| − | <virtualhost *:80>
| + | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] |
| − | ServerName onlyoffice.DOMAIN.COM
| + | and select the {{#var:smecontribname}} component or use {{BugzillaFileBug|product=SME%20Contribs|component={{#var:smecontribname}}|title=this link}} |
| − | ServerAlias onlyoffice.DOMAIN.COM
| |
| − | SSLProxyEngine On
| |
| − | RewriteEngine on
| |
| − | RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC]
| |
| − | RewriteCond %\{HTTPS\} off
| |
| − | RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L]
| |
| − | </virtualhost>
| |
| | | | |
| − | </syntaxhighlight>
| + | Below is an overview of the current issues for this contrib:{{#bugzilla:columns=id,product,version,status,summary|sort=id|order=desc|component={{#var:smecontribname}} |noresultsmessage=No open bugs found.}} |
| | | | |
| − | to allow access to your dns server add the docker network to your local networks (considering the docker network is the following): <syntaxhighlight lang="bash">
| + | ===Changelog=== |
| − | db networks set 172.17.0.0 network Mask 255.255.0.0 Router 172.17.0.1 Removable no
| + | Only released version in smecontrib are listed here. |
| − | signal-event network-create 172.17.0.0
| + | {{#smechangelog: {{#var:smecontribname}} }} |
| − | </syntaxhighlight>
| |
| | | | |
| − | == update ==
| |
| − | <syntaxhighlight lang="bash">
| |
| − | docker pull onlyoffice/documentserver:latest
| |
| | | | |
| − | cp -a /app/onlyoffice/DocumentServer/ /backuponlyoffice
| + | ===See Also=== |
| | + | # https://helpcenter.onlyoffice.com/installation/docs-community-install-centos.aspx |
| | + | # https://sourceforge.net/projects/mscorefonts2 |
| | + | # https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx |
| | + | # https://github.com/ONLYOFFICE/DocumentServer/releases |
| | + | # https://helpcenter.onlyoffice.com/onlyoffice-editors/onlyoffice-document-editor/helpfulhints/advancedsettings.aspx |
| | | | |
| − | docker stop onlyoffice
| |
| − | docker rm onlyoffice
| |
| − | docker run -i -t -d --name onlyoffice -p 8080:80 \
| |
| − | --dns=192.168.80.117 \
| |
| − | -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
| |
| − | -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
| |
| − | -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
| |
| − | -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
| |
| − | -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
| |
| − | -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
| |
| − | onlyoffice/documentserver
| |
| − | #wait 5 min and then
| |
| − | docker restart onlyoffice
| |
| − | </syntaxhighlight>then you have to add back your secrets<syntaxhighlight lang="bash">
| |
| − | docker
| |
| − | apt update
| |
| − | mcedit /etc/onlyoffice/documentserver/local.json
| |
| − | exit
| |
| − | docker restart onlyoffice
| |
| − | </syntaxhighlight>
| |
| | | | |
| − | == useful commands ==
| + | [[Category:Contrib]] |
| − | <syntaxhighlight lang="bash">
| |
| − | # stop onlyoffice
| |
| − | docker stop --name onlyoffice
| |
| − | #list containers
| |
| − | docker container ls -a
| |
| − | #list images
| |
| − | docker images
| |
| − | # access to the container
| |
| − | docker exec -it onlyoffice bash
| |
| − | </syntaxhighlight>
| |
| − | | |
| − | == sources ==
| |
| − | * https://hub.docker.com/r/onlyoffice/documentserver/
| |
| − | * https://github.com/ONLYOFFICE/Docker-DocumentServer
| |
| − | * https://ma.ttias.be/update-docker-container-latest-version/
| |
| − | * https://www.howtoforge.com/tutorial/how-to-update-onlyoffice-to-version-95-with-docker/
| |
| − | * https://docs.docker.com/config/containers/container-networking/
| |
| − | * https://help.nextcloud.com/t/nextcloud-onlyoffice-integration-document-server-getconverteduri-on-check-error-error-while-downloading-the-document-file-to-be-converted/57393
| |
