| Line 13: |
Line 13: |
| | | url = https://www.onlyoffice.com | | | url = https://www.onlyoffice.com |
| | | video = | | | video = |
| − | | category = Nextcloud | + | | category = Cloud |
| − | | tags = office,Nextcloud,Database,ONLYOFFICE | + | | tags = Online Office,Nextcloud,Document Editor,Cloud |
| | }} | | }} |
| − | this page described how to install onlyoffice '''document server''' as a docker container on SME10as '''server gateway'''. So we can use it from nextcloud.
| + | This page describes how to install onlyoffice '''document server''' as a rpm contrib. This is of particular interest if you use [[Nextcloud]] |
| − | | |
| − | this is early beta.
| |
| | | | |
| | === Version === | | === Version === |
| Line 25: |
Line 23: |
| | === Install === | | === Install === |
| | before proceeding you should have [[Nextcloud]] installed, and having a dedicated domain pointing to your server. This domain should be different from nextcloud domain. | | before proceeding you should have [[Nextcloud]] installed, and having a dedicated domain pointing to your server. This domain should be different from nextcloud domain. |
| − | You should also consider isntalling and configuring [[LetsEncrypt]] to have a dedicated cert per domain. | + | You should also consider isntalling and configuring [[Letsencrypt]] to have a dedicated cert per domain. |
| | In case you are limited in the use of extra domain you might use a dedicated port to use nginx externally, but this add some limit in term of ssl certificate, and we suggest to reconsider the dedicated domain. | | In case you are limited in the use of extra domain you might use a dedicated port to use nginx externally, but this add some limit in term of ssl certificate, and we suggest to reconsider the dedicated domain. |
| | | | |
| | <tabs container=""> | | <tabs container=""> |
| | <tab name="For SME 10"> | | <tab name="For SME 10"> |
| − | yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm | + | yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm --enablerepo=smecontribs |
| | yum install smeserver-extrarepositories-pgsql smeserver-extrarepositories-onlyoffice -y | | yum install smeserver-extrarepositories-pgsql smeserver-extrarepositories-onlyoffice -y |
| | db yum_repositories setprop pgsql13 status enabled | | db yum_repositories setprop pgsql13 status enabled |
| | signal-event yum-modify | | signal-event yum-modify |
| | yum --enablerepo=smecontribs install {{#var:smecontribname}} | | yum --enablerepo=smecontribs install {{#var:smecontribname}} |
| | + | |
| | + | then, if you have dedicated subdomain and use let's Encrypt (or have trusted certs) |
| | + | MYDOMAIN="onlyoffice.mydomain.com" |
| | + | config setprop onlyoffice VirtualHost $MYDOMAIN RejectUnauthorized true access local |
| | + | db domains set $MYDOMAIN domain Content Primary Description onlyoffice Nameservers localhost letsencryptSSLcert enabled TemplatePath Onlyoffice |
| | + | signal-event domain-create $MYDOMAIN |
| | + | expand-template /etc/dehydrated/domains.txt |
| | + | dehydrated -c |
| | + | signal-event smeserver-onlyoffice-update |
| | + | |
| | + | then, if you share one domain/subdomain and you have trusted certificate for it [will use dedicated port 8082, needs opening behind a firewall] |
| | + | config setprop onlyoffice RejectUnauthorized true access public |
| | + | signal-event smeserver-onlyoffice-update |
| | + | |
| | + | then, if you do not have trusted certs, but only self signed, and only one domain/subdomain [will use dedicated port 8082, needs opening behind a firewall] |
| | + | config setprop onlyoffice RejectUnauthorized false access public |
| | + | signal-event smeserver-onlyoffice-update |
| | + | |
| | + | |
| | + | NB: in two last situations you could choose private if you only want it to be accessible from LAN. |
| | | | |
| | </tab> | | </tab> |
| | </tabs> | | </tabs> |
| | | | |
| − | # https://helpcenter.onlyoffice.com/installation/docs-community-install-centos.aspx
| + | |
| − | # https://sourceforge.net/projects/mscorefonts2
| |
| − | # https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx
| |
| − | # https://github.com/ONLYOFFICE/DocumentServer/releases
| |
| | | | |
| | ===Configuration=== | | ===Configuration=== |
| Line 54: |
Line 69: |
| | ! | | ! |
| | |- | | |- |
| − | |host | + | |dbname |
| | + | |onlyoffice |
| | + | |string |
| | + | |for pgsql |
| | + | |- |
| | + | |dbuser |
| | + | |onlyoffice |
| | + | |string |
| | + | |for pgsql |
| | + | |- |
| | + | |dbpass |
| | + | |**generated** |
| | + | |string |
| | + | |for pgsql |
| | + | |- |
| | + | |VirtualHost |
| | | | | | |
| | |domain name | | |domain name |
| | |e.g. onlyoffice.domain.com | | |e.g. onlyoffice.domain.com |
| | |- | | |- |
| | + | |TCPPort |
| | + | |8082 |
| | + | |port number |
| | + | |port where https connection can be done |
| | + | |- |
| | + | |token |
| | + | |*generated* |
| | + | |string > 32 chars |
| | + | |secret key to be able to use the service |
| | + | |- |
| | + | |RejectUnauthorized |
| | + | | |
| | + | |true/false |
| | + | |true if empty; will reject the connection from untrusted ssl certs to the onlyoffice service. It is also used for nextcloud to reject non trusted cert from onlyoffice. |
| | + | |- |
| | |access | | |access |
| | |local | | |local |
| Line 71: |
Line 116: |
| | ===Uninstall=== | | ===Uninstall=== |
| | yum remove {{#var:smecontribname}} {{#var:contribname}} | | yum remove {{#var:smecontribname}} {{#var:contribname}} |
| | + | |
| | === Bugs=== | | === Bugs=== |
| | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] | | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] |
| Line 82: |
Line 128: |
| | | | |
| | | | |
| | + | ===See Also=== |
| | + | # https://helpcenter.onlyoffice.com/installation/docs-community-install-centos.aspx |
| | + | # https://sourceforge.net/projects/mscorefonts2 |
| | + | # https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx |
| | + | # https://github.com/ONLYOFFICE/DocumentServer/releases |
| | + | # https://helpcenter.onlyoffice.com/onlyoffice-editors/onlyoffice-document-editor/helpfulhints/advancedsettings.aspx |
| | | | |
| | | | |
| − | === Docker procedure ===
| + | [[Category:Contrib]] |
| − | | |
| − | ==== docker install ====
| |
| − | <syntaxhighlight lang="bash">
| |
| − | yum install docker-ce docker-ce-cli containerd.io docker-compose --enablerepo=epel,extras
| |
| − | systemctl start docker
| |
| − | systemctl enable docker
| |
| − | cd ~
| |
| − | git clone --recursive https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud
| |
| − | cd docker-onlyoffice-nextcloud
| |
| − | docker-compose up -d
| |
| − | </syntaxhighlight>then do where you must replace 192.168.50.117 by your SME LAN IP
| |
| − | | |
| − | <syntaxhighlight lang="bash">
| |
| − | docker run -i -t -d --name onlyoffice -p 8080:80 \
| |
| − | --dns=192.168.50.117 \
| |
| − | -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
| |
| − | -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
| |
| − | -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
| |
| − | -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
| |
| − | -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
| |
| − | -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
| |
| − | onlyoffice/documentserver
| |
| − | | |
| − | docker update --restart always onlyoffice
| |
| − | </syntaxhighlight>
| |
| − | | |
| − | needed httpd templates<syntaxhighlight lang="bash">
| |
| − | mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
| |
| − | | |
| − | </syntaxhighlight><syntaxhighlight lang="perl">
| |
| − | # /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/80VirtualH-dehydrated
| |
| − | #Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
| |
| − | Alias /.well-known/acme-challenge/ /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/
| |
| − | | |
| − | <Directory "/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/">
| |
| − | order allow,deny
| |
| − | allow from all
| |
| − | deny from none
| |
| − | AddDefaultCharset off
| |
| − | </Directory>
| |
| − | | |
| − | </syntaxhighlight>change DOMAIN.COM with you own domain (or docker.DOMAIN.COM and onlyoffice.DOMAIN.COM)<syntaxhighlight lang="perl">
| |
| − | #/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98onlyoffice
| |
| − | <VirtualHost *:443>
| |
| − | ServerName onlyoffice.DOMAIN.COM
| |
| − | ServerAlias onlyoffice.DOMAIN.COM
| |
| − | | |
| − | SSLEngine On
| |
| − | SSLCertificateFile /etc/dehydrated/certs/docker.DOMAIN.COM/cert.pem
| |
| − | SSLCertificateKeyFile /etc/dehydrated/certs/docker.DOMAIN.COM/privkey.pem
| |
| − | SSLCertificateChainFile /etc/dehydrated/certs/docker.DOMAIN.COM/chain.pem
| |
| − | | |
| − | SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
| |
| − | SSLProtocol All -SSLv2 -SSLv3
| |
| − | SSLCompression off
| |
| − | SSLHonorCipherOrder on
| |
| − | | |
| − | SetEnvIf Host "^(.*)$" THE_HOST=$1
| |
| − | #needs apache 2.4.7
| |
| − | #RequestHeader setifempty X-Forwarded-Proto https
| |
| − | #RequestHeader setifempty X-Forwarded-Host %\{THE_HOST\}e
| |
| − | #valid alternative :
| |
| − | RequestHeader set X-Forwarded-Proto https
| |
| − | RequestHeader set X-Forwarded-Host %\{THE_HOST\}e
| |
| − | ProxyAddHeaders Off
| |
| − | | |
| − | ProxyPass /.well-known/acme-challenge !
| |
| − | ProxyPassMatch (.*)(\/websocket)$ "ws://localhost:8080/$1$2"
| |
| − | ProxyPass / "http://localhost:8080/"
| |
| − | ProxyPassReverse / "http://localhost:8080/"
| |
| − | | |
| − | </VirtualHost>
| |
| − | | |
| − | # PORT FORWARD FROM 80 TO: 443
| |
| − | <virtualhost *:80>
| |
| − | ServerName onlyoffice.DOMAIN.COM
| |
| − | ServerAlias onlyoffice.DOMAIN.COM
| |
| − | SSLProxyEngine On
| |
| − | RewriteEngine on
| |
| − | RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC]
| |
| − | RewriteCond %\{HTTPS\} off
| |
| − | RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L]
| |
| − | </virtualhost>
| |
| − | | |
| − | </syntaxhighlight>
| |
| − | | |
| − | to allow access to your dns server add the docker network to your local networks (considering the docker network is the following): <syntaxhighlight lang="bash">
| |
| − | db networks set 172.17.0.0 network Mask 255.255.0.0 Router 172.17.0.1 Removable no
| |
| − | signal-event network-create 172.17.0.0
| |
| − | </syntaxhighlight>
| |
| − | | |
| − | === update ===
| |
| − | <syntaxhighlight lang="bash">
| |
| − | docker pull onlyoffice/documentserver:latest
| |
| − | | |
| − | cp -a /app/onlyoffice/DocumentServer/ /backuponlyoffice
| |
| − | | |
| − | docker stop onlyoffice
| |
| − | docker rm onlyoffice
| |
| − | docker run -i -t -d --name onlyoffice -p 8080:80 \
| |
| − | --dns=192.168.80.117 \
| |
| − | -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
| |
| − | -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
| |
| − | -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
| |
| − | -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
| |
| − | -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
| |
| − | -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
| |
| − | onlyoffice/documentserver
| |
| − | #wait 5 min and then
| |
| − | docker restart onlyoffice
| |
| − | </syntaxhighlight>then you have to add back your secrets<syntaxhighlight lang="bash">
| |
| − | docker
| |
| − | apt update
| |
| − | mcedit /etc/onlyoffice/documentserver/local.json
| |
| − | exit
| |
| − | docker restart onlyoffice
| |
| − | docker update --restart always onlyoffice
| |
| − | </syntaxhighlight>
| |
| − | | |
| − | ==== useful commands ====
| |
| − | <syntaxhighlight lang="bash">
| |
| − | # stop onlyoffice
| |
| − | docker stop --name onlyoffice
| |
| − | #list containers
| |
| − | docker container ls -a
| |
| − | #list images
| |
| − | docker images
| |
| − | # access to the container
| |
| − | docker exec -it onlyoffice bash
| |
| − | </syntaxhighlight>
| |
| − | | |
| − | ==== TODO and known issues ====
| |
| − | # we could add the certificate folder to the /app externally accessible folder, same thing for the configuration in /etc/onlyoffice/documentserver/local.json. Alternatively we could simply use the environement variable and the docker file to populate them.
| |
| − | # a smeserver-onlyoffice rpm.
| |
| − | # on reboot docker fails to load network if service is started before masq is relaoded, we would either need to create a specific template for that, or restart docker after masq
| |
| − | | |
| − | == sources ==
| |
| − | * https://hub.docker.com/r/onlyoffice/documentserver/
| |
| − | * https://github.com/ONLYOFFICE/Docker-DocumentServer
| |
| − | * https://ma.ttias.be/update-docker-container-latest-version/
| |
| − | * https://www.howtoforge.com/tutorial/how-to-update-onlyoffice-to-version-95-with-docker/
| |
| − | * https://docs.docker.com/config/containers/container-networking/
| |
| − | * https://help.nextcloud.com/t/nextcloud-onlyoffice-integration-document-server-getconverteduri-on-check-error-error-while-downloading-the-document-file-to-be-converted/57393
| |
| − | [[Category:Howto]] | |
