Difference between revisions of "ONLYOFFICE"

From SME Server
Jump to navigationJump to search
 
(19 intermediate revisions by the same user not shown)
Line 13: Line 13:
 
| url = https://www.onlyoffice.com
 
| url = https://www.onlyoffice.com
 
| video =  
 
| video =  
| category = Nextcloud
+
| category = Cloud
| tags = office,Nextcloud,Database,ONLYOFFICE
+
| tags = Online Office,Nextcloud,Document Editor,Cloud
 
}}
 
}}
this page described how to install onlyoffice '''document server''' as a docker container on SME10as '''server gateway'''. So we can use it from nextcloud.
+
This page describes how to install onlyoffice '''document server''' as a rpm contrib. This is of particular interest if you use [[Nextcloud]]
 
 
this is early beta.
 
  
 
=== Version ===
 
=== Version ===
Line 30: Line 28:
 
<tabs container="">
 
<tabs container="">
 
<tab name="For SME 10">
 
<tab name="For SME 10">
  yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm
+
  yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm --enablerepo=smecontribs
 
  yum install smeserver-extrarepositories-pgsql  smeserver-extrarepositories-onlyoffice -y
 
  yum install smeserver-extrarepositories-pgsql  smeserver-extrarepositories-onlyoffice -y
 
  db yum_repositories setprop pgsql13 status enabled
 
  db yum_repositories setprop pgsql13 status enabled
 
  signal-event yum-modify
 
  signal-event yum-modify
 
  yum --enablerepo=smecontribs install {{#var:smecontribname}}
 
  yum --enablerepo=smecontribs install {{#var:smecontribname}}
 +
 +
then, if you have dedicated subdomain and use let's Encrypt (or have trusted certs)
 +
MYDOMAIN="onlyoffice.mydomain.com"
 +
config setprop onlyoffice VirtualHost $MYDOMAIN RejectUnauthorized true access local
 +
db domains set $MYDOMAIN domain Content Primary Description onlyoffice Nameservers localhost letsencryptSSLcert enabled TemplatePath Onlyoffice
 +
signal-event domain-create $MYDOMAIN
 +
expand-template /etc/dehydrated/domains.txt
 +
dehydrated -c
 +
signal-event smeserver-onlyoffice-update
 +
 +
then, if you share one domain/subdomain and you have trusted certificate for it [will use dedicated port 8082, needs opening behind a firewall]
 +
config setprop onlyoffice RejectUnauthorized true access public
 +
signal-event smeserver-onlyoffice-update
 +
 +
then, if you do not have trusted certs, but only self signed, and only one domain/subdomain [will use dedicated port 8082, needs opening behind a firewall]
 +
config setprop onlyoffice RejectUnauthorized false access public
 +
signal-event smeserver-onlyoffice-update
 +
 +
 +
NB: in two last situations you could choose private if you only want it to be accessible from LAN.
  
 
</tab>
 
</tab>
 
</tabs>
 
</tabs>
  
# https://helpcenter.onlyoffice.com/installation/docs-community-install-centos.aspx
+
 
# https://sourceforge.net/projects/mscorefonts2
 
# https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx
 
# https://github.com/ONLYOFFICE/DocumentServer/releases
 
  
 
===Configuration===
 
===Configuration===
Line 54: Line 69:
 
!
 
!
 
|-
 
|-
|host
+
|dbname
 +
|onlyoffice
 +
|string
 +
|for pgsql
 +
|-
 +
|dbuser
 +
|onlyoffice
 +
|string
 +
|for pgsql
 +
|-
 +
|dbpass
 +
|**generated**
 +
|string
 +
|for pgsql
 +
|-
 +
|VirtualHost
 
|
 
|
 
|domain name
 
|domain name
 
|e.g. onlyoffice.domain.com
 
|e.g. onlyoffice.domain.com
 
|-
 
|-
 +
|TCPPort
 +
|8082
 +
|port number
 +
|port where https connection can be done
 +
|-
 +
|token
 +
|*generated*
 +
|string > 32 chars
 +
|secret key to be able to use the service
 +
|-
 +
|RejectUnauthorized
 +
|
 +
|true/false
 +
|true if empty; will reject the connection from untrusted ssl certs to the onlyoffice service. It is also used for nextcloud to reject non trusted cert from onlyoffice.
 +
|-
 
|access
 
|access
 
|local
 
|local
Line 71: Line 116:
 
===Uninstall===
 
===Uninstall===
 
  yum remove {{#var:smecontribname}}  {{#var:contribname}}
 
  yum remove {{#var:smecontribname}}  {{#var:contribname}}
 +
 
=== Bugs===
 
=== Bugs===
 
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
 
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
Line 82: Line 128:
  
  
 +
===See Also===
 +
# https://helpcenter.onlyoffice.com/installation/docs-community-install-centos.aspx
 +
# https://sourceforge.net/projects/mscorefonts2
 +
# https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx
 +
# https://github.com/ONLYOFFICE/DocumentServer/releases
 +
# https://helpcenter.onlyoffice.com/onlyoffice-editors/onlyoffice-document-editor/helpfulhints/advancedsettings.aspx
  
  
=== Docker procedure ===
+
[[Category:Contrib]]
 
 
==== docker install ====
 
<syntaxhighlight lang="bash">
 
yum install docker-ce docker-ce-cli containerd.io docker-compose --enablerepo=epel,extras
 
systemctl start docker
 
systemctl enable docker
 
cd ~
 
git clone --recursive https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud
 
cd docker-onlyoffice-nextcloud
 
docker-compose up -d
 
</syntaxhighlight>then do where you must replace 192.168.50.117 by your SME LAN IP
 
 
 
<syntaxhighlight lang="bash">
 
docker run -i -t -d --name onlyoffice -p 8080:80  \
 
      --dns=192.168.50.117  \
 
      -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
 
      -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
 
      -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
 
      -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
 
      -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
 
      -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
 
      onlyoffice/documentserver
 
 
 
docker update --restart always onlyoffice
 
</syntaxhighlight>
 
 
 
needed httpd templates<syntaxhighlight lang="bash">
 
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
 
 
 
</syntaxhighlight><syntaxhighlight lang="perl">
 
# /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/80VirtualH-dehydrated
 
#Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
 
Alias /.well-known/acme-challenge/ /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/
 
 
 
<Directory "/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/">
 
    order allow,deny
 
    allow from all
 
    deny from none 
 
    AddDefaultCharset off
 
</Directory>
 
 
 
</syntaxhighlight>change DOMAIN.COM with you own domain (or docker.DOMAIN.COM and onlyoffice.DOMAIN.COM)<syntaxhighlight lang="perl">
 
#/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98onlyoffice
 
<VirtualHost *:443>
 
    ServerName onlyoffice.DOMAIN.COM
 
    ServerAlias onlyoffice.DOMAIN.COM
 
 
 
    SSLEngine On
 
    SSLCertificateFile /etc/dehydrated/certs/docker.DOMAIN.COM/cert.pem
 
    SSLCertificateKeyFile /etc/dehydrated/certs/docker.DOMAIN.COM/privkey.pem
 
    SSLCertificateChainFile /etc/dehydrated/certs/docker.DOMAIN.COM/chain.pem
 
 
 
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
 
    SSLProtocol All -SSLv2 -SSLv3
 
    SSLCompression off
 
    SSLHonorCipherOrder on
 
 
 
    SetEnvIf Host "^(.*)$" THE_HOST=$1
 
    #needs apache 2.4.7
 
    #RequestHeader setifempty X-Forwarded-Proto https
 
    #RequestHeader setifempty X-Forwarded-Host %\{THE_HOST\}e
 
    #valid alternative :
 
    RequestHeader set X-Forwarded-Proto https
 
    RequestHeader set X-Forwarded-Host %\{THE_HOST\}e
 
    ProxyAddHeaders Off
 
 
 
    ProxyPass /.well-known/acme-challenge !
 
    ProxyPassMatch (.*)(\/websocket)$ "ws://localhost:8080/$1$2"
 
    ProxyPass / "http://localhost:8080/"
 
    ProxyPassReverse / "http://localhost:8080/"
 
 
 
</VirtualHost>
 
 
 
# PORT FORWARD FROM 80 TO: 443
 
<virtualhost *:80>
 
    ServerName onlyoffice.DOMAIN.COM
 
    ServerAlias onlyoffice.DOMAIN.COM
 
    SSLProxyEngine On
 
    RewriteEngine on
 
    RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC]
 
    RewriteCond %\{HTTPS\} off
 
    RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L]
 
</virtualhost>
 
 
 
</syntaxhighlight>
 
 
 
to allow access to your dns server add the docker network to your local networks  (considering the docker network is the following): <syntaxhighlight lang="bash">
 
db networks set 172.17.0.0 network Mask 255.255.0.0 Router 172.17.0.1 Removable no
 
signal-event network-create 172.17.0.0
 
</syntaxhighlight>
 
 
 
=== update ===
 
<syntaxhighlight lang="bash">
 
docker pull onlyoffice/documentserver:latest
 
 
 
cp -a /app/onlyoffice/DocumentServer/ /backuponlyoffice
 
 
 
docker stop onlyoffice
 
docker rm onlyoffice
 
docker run -i -t -d --name onlyoffice -p 8080:80  \
 
      --dns=192.168.80.117  \
 
      -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
 
      -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
 
      -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
 
      -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
 
      -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
 
      -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
 
      onlyoffice/documentserver
 
#wait 5 min and then
 
docker restart onlyoffice
 
</syntaxhighlight>then you have to add back your secrets<syntaxhighlight lang="bash">
 
docker
 
apt update
 
mcedit  /etc/onlyoffice/documentserver/local.json
 
exit
 
docker restart onlyoffice
 
docker update --restart always onlyoffice
 
</syntaxhighlight>
 
 
 
==== useful commands ====
 
<syntaxhighlight lang="bash">
 
# stop onlyoffice
 
docker stop --name onlyoffice
 
#list containers
 
docker container ls -a
 
#list images
 
docker images
 
# access to the container
 
docker exec -it onlyoffice bash
 
</syntaxhighlight>
 
 
 
==== TODO and known issues ====
 
# we could add the certificate folder to the /app externally accessible folder, same thing for the configuration in /etc/onlyoffice/documentserver/local.json. Alternatively we could simply use the environement variable and the docker file to populate them.
 
# a smeserver-onlyoffice rpm.
 
# on reboot docker fails to load network if service is started before masq is relaoded, we would either need to create a specific template for that, or restart docker after masq
 
 
 
== sources ==
 
* https://hub.docker.com/r/onlyoffice/documentserver/
 
* https://github.com/ONLYOFFICE/Docker-DocumentServer
 
* https://ma.ttias.be/update-docker-container-latest-version/
 
* https://www.howtoforge.com/tutorial/how-to-update-onlyoffice-to-version-95-with-docker/
 
* https://docs.docker.com/config/containers/container-networking/
 
* https://help.nextcloud.com/t/nextcloud-onlyoffice-integration-document-server-getconverteduri-on-check-error-error-while-downloading-the-document-file-to-be-converted/57393
 
[[Category:Howto]]
 

Latest revision as of 03:08, 8 July 2022

Geographylogo.png Languages: 

English




onlyoffice
Onlyoffice.png
onlyoffice logo
MaintainerUnnilennium
Urlhttps://www.onlyoffice.com
LicenceMozilla Public License
Category

Cloud

Tags Online OfficeNextcloudDocument EditorCloud


This page describes how to install onlyoffice document server as a rpm contrib. This is of particular interest if you use Nextcloud

Version

Contrib 10:
smeserver-onlyoffice
The latest version of smeserver-onlyoffice is available in the SME repository, click on the version number(s) for more information.


Install

before proceeding you should have Nextcloud installed, and having a dedicated domain pointing to your server. This domain should be different from nextcloud domain. You should also consider isntalling and configuring Letsencrypt to have a dedicated cert per domain. In case you are limited in the use of extra domain you might use a dedicated port to use nginx externally, but this add some limit in term of ssl certificate, and we suggest to reconsider the dedicated domain. 

yum -y install https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm --enablerepo=smecontribs
yum install smeserver-extrarepositories-pgsql  smeserver-extrarepositories-onlyoffice -y
db yum_repositories setprop pgsql13 status enabled
signal-event yum-modify
yum --enablerepo=smecontribs install smeserver-onlyoffice

then, if you have dedicated subdomain and use let's Encrypt (or have trusted certs) 

MYDOMAIN="onlyoffice.mydomain.com"
config setprop onlyoffice VirtualHost $MYDOMAIN RejectUnauthorized true access local
db domains set $MYDOMAIN domain Content Primary Description onlyoffice Nameservers localhost letsencryptSSLcert enabled TemplatePath Onlyoffice
signal-event domain-create $MYDOMAIN
expand-template /etc/dehydrated/domains.txt
dehydrated -c
signal-event smeserver-onlyoffice-update

then, if you share one domain/subdomain and you have trusted certificate for it [will use dedicated port 8082, needs opening behind a firewall] 

config setprop onlyoffice RejectUnauthorized true access public
signal-event smeserver-onlyoffice-update

then, if you do not have trusted certs, but only self signed, and only one domain/subdomain [will use dedicated port 8082, needs opening behind a firewall] 

config setprop onlyoffice RejectUnauthorized false access public
signal-event smeserver-onlyoffice-update


NB: in two last situations you could choose private if you only want it to be accessible from LAN.


Configuration

you can list the available configuration with the following command : 

config show onlyoffice

Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :

property default values
dbname onlyoffice string for pgsql
dbuser onlyoffice string for pgsql
dbpass **generated** string for pgsql
VirtualHost domain name e.g. onlyoffice.domain.com
TCPPort 8082 port number port where https connection can be done
token *generated* string > 32 chars secret key to be able to use the service
RejectUnauthorized true/false true if empty; will reject the connection from untrusted ssl certs to the onlyoffice service. It is also used for nextcloud to reject non trusted cert from onlyoffice.
access local local,private, public
status enabled enabled,disabled

Uninstall

yum remove smeserver-onlyoffice  onlyoffice

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-onlyoffice component or use this link


Below is an overview of the current issues for this contrib:

No open bugs found.

Changelog

Only released version in smecontrib are listed here.

smeserver-onlyoffice Changelog: SME 10 (smecontribs)
2023/02/08 Jean-Philippe Pialasse 0.0.5-8.sme
- adapt for onlyoffice 7.3 with systemd services [SME: 12177]

2023/02/07 Jean-Philippe Pialasse 0.0.5-7.sme
- requires documentserver < 7.3 as using supervisord
- fix path to pgsql [SME: 12317]

- redirect to welcome uri
2022/12/26 Jean-Philippe Pialasse 0.0.5-5.sme
- fix httpd failure on onlyoffice-documentserver rpm update [SME: 12289]
2022/11/22 Jean-Philippe Pialasse 0.0.5-4.sme
- fix path to postgresql-13 [SME: 12238]
2022/11/21 Jean-Philippe Pialasse 0.0.5-3.sme
- fix nginx not starting with onlyoffice 7.2 [SME: 12234]


See Also

  1. https://helpcenter.onlyoffice.com/installation/docs-community-install-centos.aspx
  2. https://sourceforge.net/projects/mscorefonts2
  3. https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx
  4. https://github.com/ONLYOFFICE/DocumentServer/releases
  5. https://helpcenter.onlyoffice.com/onlyoffice-editors/onlyoffice-document-editor/helpfulhints/advancedsettings.aspx
Retrieved from "https://wiki.koozali.org/index.php?title=ONLYOFFICE&oldid=41317"