NextCloud and OnlyOffice via Docker: Difference between revisions

From WikiMLT
Spas (talk | contribs)
Spas (talk | contribs)
m Стадий: 6 [Фаза:Утвърждаване, Статус:Утвърден]; Категория:Web Servers
 
(8 intermediate revisions by the same user not shown)
Line 5: Line 5:
According to the Docker and Docker-compose installation read the guide '''[[Docker Basic Setup]]'''.
According to the Docker and Docker-compose installation read the guide '''[[Docker Basic Setup]]'''.
== Setup the OnlyOffice Docker Container ==
== Setup the OnlyOffice Docker Container ==
Create a directory where the configuration file <code>docker-compose.yaml</code> and the persistent volumes will live.<syntaxhighlight lang="shell" line="1">
Create a directory where the configuration file <code>docker-compose.yaml</code> and the persistent volumes will live.
<syntaxhighlight lang="shell" line="1" class="code-continue mlw-shell-gray">
mkdir /home/docker/onlyoffice
mkdir /home/docker/onlyoffice
cd /home/docker/onlyoffice
cd /home/docker/onlyoffice
Line 54: Line 55:
docker container prune
docker container prune
</syntaxhighlight>
</syntaxhighlight>
Now create new container and attach the directories with the configuration files as volumes.<syntaxhighlight lang="shell" line="1" class="mlw-shell-gray">
Now create new container and attach the directories with the configuration files as volumes.
<syntaxhighlight lang="shell" line="1" class="mlw-shell-gray">
sudo docker run -i -t -d -p 8081:80 --restart=always \
sudo docker run -i -t -d -p 8081:80 --restart=always \
-v "$PWD/DocumentServer/logs:/var/log/onlyoffice" \
-v "$PWD/DocumentServer/logs:/var/log/onlyoffice" \
Line 68: Line 70:
{{collapse/end}}
{{collapse/end}}


'''Starting from version 7.2, JWT (JSON Web Token) is enabled by default.''' A random secret is generated automatically if a custom secret has not been added during installation. To obtain the default secret, run this command:<syntaxhighlight lang="shell" line="1" class="">
'''Starting from version 7.2, JWT (JSON Web Token) is enabled by default.''' A random secret is generated automatically if a custom secret has not been added during installation. To obtain the default secret, run this command:
 
<syntaxhighlight lang="shell" line="1" class="">
docker exec onlyoffice-docs /var/www/onlyoffice/documentserver/npm/json \
docker exec onlyoffice-docs /var/www/onlyoffice/documentserver/npm/json \
-f /etc/onlyoffice/documentserver/local.json 'services.CoAuthoring.secret.session.string'
-f /etc/onlyoffice/documentserver/local.json 'services.CoAuthoring.secret.session.string'
</syntaxhighlight><syntaxhighlight lang="shell-session">
</syntaxhighlight>
<syntaxhighlight lang="shell-session">
xd4f2PO5hdHJHjpV1NdD
xd4f2PO5hdHJHjpV1NdD
</syntaxhighlight>You can replace the default secret with a custom key using Docker env. More information about JWT in the [https://api.onlyoffice.com/editors/signature/ documentation]. Once again, in order to make the JWT persistent you need to provide it via Docker as environment variable - this will be done within the next section.
</syntaxhighlight>


'''Finally.''' Stop and prune the container, because in the next section we will create a Docker-compose configuration file.<syntaxhighlight lang="shell" line="1" class="">
You can replace the default secret with a custom key using Docker env. More information about JWT in the [https://api.onlyoffice.com/editors/signature/ documentation]. Once again, in order to make the JWT persistent you need to provide it via Docker as environment variable - this will be done within the next section.
 
'''Finally.''' Stop and prune the container, because in the next section we will create a Docker-compose configuration file.
 
<syntaxhighlight lang="shell" line="1" class="">
docker stop onlyoffice-docs
docker stop onlyoffice-docs
docker container prune
docker container prune
Line 106: Line 115:
       - "./DocumentServer/lib:/var/lib/onlyoffice"
       - "./DocumentServer/lib:/var/lib/onlyoffice"
       - "./DocumentServer/db:/var/lib/postgresql"
       - "./DocumentServer/db:/var/lib/postgresql"
      - "./DocumentServer/usr/share/fonts:/usr/share/fonts"
       - "./DocumentServer/etc/onlyoffice:/etc/onlyoffice"
       - "./DocumentServer/etc/onlyoffice:/etc/onlyoffice"
       - "./DocumentServer/etc/supervisor:/etc/supervisor"
       - "./DocumentServer/etc/supervisor:/etc/supervisor"
Line 117: Line 127:
http://<host-ip>:8081/welcome/
http://<host-ip>:8081/welcome/
</syntaxhighlight>
</syntaxhighlight>
=== Add Custom Fonts ===
Here is how to install Microsoft Segoe UI font family, but after the first step the setup process is identical. <syntaxhighlight lang="shell" line="1" class="code-continue mlw-shell-gray">
cd /home/docker/onlyoffice
</syntaxhighlight><syntaxhighlight lang="shell" line="1">
FONTS_DIR="." FC_CACHE="false" \
bash <(curl -s https://raw.githubusercontent.com/metalevel-tech/segoe-ui-linux/update/install.sh)
</syntaxhighlight>
Here starts the actual deployment.
<syntaxhighlight lang="shell" line="1" class="code-continue">
sudo mv Microsoft/ DocumentServer/usr/share/fonts/
sudo chown -R root:root DocumentServer/usr/share/fonts/Microsoft/
docker exec -it onlyoffice-docs /usr/bin/documentserver-generate-allfonts.sh
</syntaxhighlight>
<syntaxhighlight lang="shell" line="1" class="code-continue mlw-shell-gray">
docker-compose down
docker-compose up -d
</syntaxhighlight>Then you need to flush the cache of your browser, at least the cached files and hard reload the window where your NextCloud is opened. Then try to edit some file and check the list of the available fonts.


== Apache2 HTTPS Reverse Proxy ==
== Apache2 HTTPS Reverse Proxy ==
Line 268: Line 296:
* Docker Guides: [https://docs.docker.com/storage/volumes/#use-a-volume-with-docker-compose Manage application data > Volumes > Use a volume with docker-compose]
* Docker Guides: [https://docs.docker.com/storage/volumes/#use-a-volume-with-docker-compose Manage application data > Volumes > Use a volume with docker-compose]
* Stack Overflow: [https://stackoverflow.com/a/22050116/6543935 Docker - Copying files from Docker container to host]
* Stack Overflow: [https://stackoverflow.com/a/22050116/6543935 Docker - Copying files from Docker container to host]
* OnlyOffice Forum:  [https://helpcenter.onlyoffice.com/installation/docs-community-install-fonts-linux.aspx Adding <u>'''fonts'''</u> to ONLYOFFICE Docs]
* OnlyOffice Forum: [https://forum.onlyoffice.com/t/adding-new-fonts-to-onlyoffice-docuserver-installed-from-snap/2137 Adding new <u>fonts</u> to ONLYOFFICE docuserver installed from Snap]
* GitHub: [https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/238 Fail to add new <u>fonts</u>]
<noinclude>
<noinclude>
<div id='devStage'>
<div id='devStage'>
Line 274: Line 305:
  | Прндл1 = Linux Server
  | Прндл1 = Linux Server
  | Прндл2 = Containers
  | Прндл2 = Containers
  | Стадий = 3
  | Стадий = 6
  | Фаза  = Разработване
  | Фаза  = Утвърждаване
  | Статус = Разутвърден
  | Статус = Утвърден
  | ИдтПт  = Spas
  | ИдтПт  = Spas
  | РзбПт  = {{REVISIONUSER}}
  | РзбПт  = Spas
  | АвтПт  = Spas
  | АвтПт  = Spas
  | УтвПт  = Spas
  | УтвПт  = {{REVISIONUSER}}
  | ИдтДт  = 1.08.2022
  | ИдтДт  = 1.08.2022
  | РзбДт  = {{Today}}
  | РзбДт  = 28.09.2022
  | АвтДт  = 25.09.2022
  | АвтДт  = 18.02.2023
  | УтвДт  = 25.09.2022
  | УтвДт  = {{Today}}
  | ИдтРв  = [[Special:Permalink/29570|29570]]
  | ИдтРв  = [[Special:Permalink/29570|29570]]
  | РзбРв  = {{REVISIONID}}
  | РзбРв  = [[Special:Permalink/32071|32071]]
  | АвтРв  =  
  | АвтРв  = [[Special:Permalink/32273|32273]]
  | РзАРв  = [[Special:Permalink/31868|31868]]
  | РзАРв  = [[Special:Permalink/31868|31868]]
  | УтвРв  =  
  | УтвРв  = {{REVISIONID}}
  | РзУРв  = [[Special:Permalink/31870|31870]]
  | РзУРв  = [[Special:Permalink/31870|31870]]
}}
}}
</div>
</div>
</noinclude>
</noinclude>

Latest revision as of 11:46, 18 February 2023

Here is a short step-by-step man­u­al: How to set­up On­ly­Of­fice Doc­u­ment Serv­er Dock­er con­tain­er and proxy it by Apache2 for us­age via NextCloud.

In­stall Dock­er

Ac­cord­ing to the Dock­er and Dock­er-com­pose in­stal­la­tion read the guide Dock­er Ba­sic Set­up.

Set­up the On­ly­Of­fice Dock­er Con­tain­er

Cre­ate a di­rec­to­ry where the con­fig­u­ra­tion file docker-compose.yaml and the per­sis­tent vol­umes will live.

mkdir /home/docker/onlyoffice
cd /home/docker/onlyoffice

Pull the Dock­er im­ages and run an On­ly­Of­fice con­tain­er for a first time

sudo docker run -i -t -d -p 8081:80 --restart=always" \
-v "$PWD/DocumentServer/logs:/var/log/onlyoffice" \
-v "$PWD/DocumentServer/data:/var/www/onlyoffice/Data" \
-v "$PWD/DocumentServer/lib:/var/lib/onlyoffice" \
-v "$PWD/DocumentServer/db:/var/lib/postgresql" \
-v "$PWD/DocumentServer/usr/share/fonts:/usr/share/fonts" \
--hostname docs --name onlyoffice-docs \
onlyoffice/documentserver:latest

Test whether it works. At this point the On­ly­Of­fice doc­u­ment serv­er must be ac­ces­si­ble the brows­er, prob­a­bly you maybe need to wait about 10 sec­onds be­fore it be­come ac­ces­si­ble. Note the host port 8081 must be open (for you) with­in the host's fire­wall.

#De­tails
http://<host-ip>:8081/welcome/

En­able the in­te­grat­ed test ex­am­ples.

docker exec onlyoffice-docs supervisorctl start ds:example
docker exec onlyoffice-docs sed 's,autostart=false,autostart=true,' -i /etc/supervisor/conf.d/ds-example.conf

Now you can ac­cess the ex­am­ples at the fol­low­ing ad­dress.

http://<host-ip>:8081/example/

Ex­port the con­fig­u­ra­tion files. For some rea­son the con­fig­u­ra­tion files can­not be ex­port­ed via the vol­ume op­tion as this is done above for some oth­er di­rec­to­ries. So, if we need that, we need first to copy them man­u­al­ly.

#De­tails
sudo mkdir DocumentServer/etc
sudo docker cp onlyoffice-docs:/etc/onlyoffice DocumentServer/etc
sudo docker cp onlyoffice-docs:/etc/supervisor DocumentServer/etc

Now we can stop and prune the con­tain­er.

docker stop onlyoffice-docs
docker container prune

Now cre­ate new con­tain­er and at­tach the di­rec­to­ries with the con­fig­u­ra­tion files as vol­umes.

sudo docker run -i -t -d -p 8081:80 --restart=always \
-v "$PWD/DocumentServer/logs:/var/log/onlyoffice" \
-v "$PWD/DocumentServer/data:/var/www/onlyoffice/Data" \
-v "$PWD/DocumentServer/lib:/var/lib/onlyoffice" \
-v "$PWD/DocumentServer/db:/var/lib/postgresql" \
-v "$PWD/DocumentServer/usr/share/fonts:/usr/share/fonts" \
-v "$PWD/DocumentServer/etc/onlyoffice:/etc/onlyoffice" \
-v "$PWD/DocumentServer/etc/supervisor:/etc/supervisor" \
--hostname docs --name onlyoffice-docs \
onlyoffice/documentserver:latest

Start­ing from ver­sion 7.2, JWT (JSON Web To­ken) is en­abled by de­fault. A ran­dom se­cret is gen­er­at­ed au­to­mat­i­cal­ly if a cus­tom se­cret has not been added dur­ing in­stal­la­tion. To ob­tain the de­fault se­cret, run this com­mand:

docker exec onlyoffice-docs /var/www/onlyoffice/documentserver/npm/json \
-f /etc/onlyoffice/documentserver/local.json 'services.CoAuthoring.secret.session.string'
xd4f2PO5hdHJHjpV1NdD

You can re­place the de­fault se­cret with a cus­tom key us­ing Dock­er env. More in­for­ma­tion about JWT in the doc­u­men­ta­tion. Once again, in or­der to make the JWT per­sis­tent you need to pro­vide it via Dock­er as en­vi­ron­ment vari­able – this will be done with­in the next sec­tion.

Fi­nal­ly. Stop and prune the con­tain­er, be­cause in the next sec­tion we will cre­ate a Dock­er-com­pose con­fig­u­ra­tion file.

docker stop onlyoffice-docs
docker container prune

Man­age an On­ly­Of­fice con­tain­er by Dock­er-com­pose

Cre­ate the docker-compose.yaml file. Tweak the val­ue of the host port 8081, and the time zone TZ if it is need­ed. The most im­por­tant thing is to set an unique val­ue for JWT_SECRET, thus the JWT will be­come per­sis­tent.

nano docker-compose.yaml
# https://hub.docker.com/r/onlyoffice/documentserver/
# https://github.com/ONLYOFFICE/onlyoffice-owncloud/issues/108

version: "3.9"
services:
  onlyoffice-docs:
    container_name: onlyoffice-docs
    image: onlyoffice/documentserver:latest
    hostname: docs
    #network_mode: host
    ports:
      - "8081:80/tcp"
    environment:
      TZ: 'Europe/Sofia'
      JWT_SECRET: "xd4f2PO5hdHJHjpV1NdD"
    # Volumes store your data between container upgrades
    volumes:
      - "./DocumentServer/logs:/var/log/onlyoffice"
      - "./DocumentServer/data:/var/www/onlyoffice/Data"
      - "./DocumentServer/lib:/var/lib/onlyoffice"
      - "./DocumentServer/db:/var/lib/postgresql"
      - "./DocumentServer/usr/share/fonts:/usr/share/fonts"
      - "./DocumentServer/etc/onlyoffice:/etc/onlyoffice"
      - "./DocumentServer/etc/supervisor:/etc/supervisor"
    restart: unless-stopped

volumes:
    DocumentServer:

Down­load the Dock­er im­ages and run the con­tain­er in de­tached (per­sis­tent) mode.

docker-compose up -d

Open the On­ly­Of­fice doc­u­ment serv­er via the brows­er. Note the host port 8081 must be open (for you) with­in the host's fire­wall.

http://<host-ip>:8081/welcome/

Add Cus­tom Fonts

Here is how to in­stall Mi­crosoft Se­goe UI font fam­i­ly, but af­ter the first step the set­up process is iden­ti­cal.

cd /home/docker/onlyoffice
FONTS_DIR="." FC_CACHE="false" \
bash <(curl -s https://raw.githubusercontent.com/metalevel-tech/segoe-ui-linux/update/install.sh)

Here starts the ac­tu­al de­ploy­ment.

sudo mv Microsoft/ DocumentServer/usr/share/fonts/
sudo chown -R root:root DocumentServer/usr/share/fonts/Microsoft/
docker exec -it onlyoffice-docs /usr/bin/documentserver-generate-allfonts.sh
docker-compose down
docker-compose up -d

Then you need to flush the cache of your brows­er, at least the cached files and hard re­load the win­dow where your NextCloud is opened. Then try to ed­it some file and check the list of the avail­able fonts.

Apache2 HTTPS Re­verse Proxy

It is pos­si­ble to set-up On­ly­Of­fice to use HTTPS and cer­tain FQDN through its con­fig­u­ra­tion. How­ev­er in this sec­tion i de­scribed how to cre­ate Apache2 Re­verse proxy that will han­dle this.

First, test whether the nec­es­sary Apache2 mod­ules are en­abled. Be­low is show the list of the mod­ules re­tired for this set-up.

sudo apache2ctl -M | grep -E 'auth[nz]_core|unixd|proxy|headers|setenvif'
 unixd_module (static)          # Required
 authn_core_module (shared)     # Required
 authz_core_module (shared)     # Required
 headers_module (shared)        # Required
 proxy_module (shared)          # Required
 proxy_fcgi_module (shared)
 proxy_http_module (shared)     # Required
 proxy_http2_module (shared)
 proxy_wstunnel_module (shared) # Required
 setenvif_module (shared)       # Required

Then set­up a new vir­tu­al host as fol­low and restart Apache2. Note in this sce­nario you need a valid SSL/TLS cer­tifi­cate. In my case I'm us­ing Let's en­crypt wild­card cer­tifi­cate for the base do­main where the in­stances of NextCloud and On­ly­Of­fice are in­stalled.

sudo nano /etc/apache2/sites-enabled/docs.example.com.conf
Define docs_base_fqdn example.com
Define docs_fqdn docs.example.com
Define docs_srvr 127.0.0.1
Define docs_port 8081
Define docs_doc_root "/var/www/${docs_fqdn}"
 
<VirtualHost *:80>
    ServerName ${docs_fqdn}
    ServerAdmin admin@${docs_base_fqdn}

    ErrorLog ${APACHE_LOG_DIR}/${docs_fqdn}.error.log
    CustomLog ${APACHE_LOG_DIR}/${docs_fqdn}.access.log combined

    # Redirect Requests to HTTPS
    Redirect permanent "/" "https://${docs_fqdn}/"
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
    ServerName ${docs_fqdn}
    ServerAdmin admin@${docs_base_fqdn}

    ErrorLog ${APACHE_LOG_DIR}/${docs_fqdn}.error.log
    CustomLog ${APACHE_LOG_DIR}/${docs_fqdn}.access.log combined

    <IfModule http2_module>
        # https://httpd.apache.org/docs/2.4/mod/mod_http2.html
        # https://httpd.apache.org/docs/2.4/howto/http2.html

        Protocols h2 h2c http/1.1
        #ProtocolsHonorOrder Off
        #H2Direct on
        H2Upgrade on

        H2Push on
        # Default Priority Rule:
        # H2PushPriority *                      After 16 
        # More complex ruleset:
        H2PushPriority *                        after
        H2PushPriority text/css                 before
        H2PushPriority image/jpg                after 32
        H2PushPriority image/jpeg               after 32
        H2PushPriority image/png                after 32
        H2PushPriority application/javascript   interleaved
        <LocationMatch "^.*$">
            # Header add Link "</example.png>; rel=preload; as=image"
            # Header add Link "</style.css>; rel=preload; as=style"
            # Header add Link "</script.js>; rel=preload; as=script"
        </LocationMatch>

        # From apache2/mods-available/http2.conf
        # Since mod_http2 doesn't support the mod_logio module (which provide the %O format),
        # you may want to change your LogFormat directive as follow:
		LogFormat "%v:%p %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
        LogFormat "%h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %B" common
    </IfModule>

    SSLEngine on
    #SSLCertificateFile /etc/letsencrypt/live/${docs_base_fqdn}/cert.pem
    #SSLCertificateKeyFile /etc/letsencrypt/live/${docs_base_fqdn}/privkey.pem
    #SSLCertificateChainFile /etc/letsencrypt/live/${docs_base_fqdn}/chain.pem
    SSLCertificateFile /etc/letsencrypt/live/${docs_base_fqdn}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/${docs_base_fqdn}/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    SetEnvIf Host "^(.*)$" THE_HOST=$1

    Header edit Set-Cookie ^(.*)$ "$1; HttpOnly; Secure"
    RequestHeader setifempty X-Forwarded-Proto https
    RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e

    # Reference about OnlyOffice Proxy settings
    # https://github.com/ONLYOFFICE/onlyoffice-owncloud/issues/108
    ProxyAddHeaders Off
    <Location "/">
        ProxyPass "http://${docs_srvr}:${docs_port}/"
        ProxyPassReverse "http://${docs_srvr}:${docs_port}/"
    </Location>

    ProxyPassMatch (.*)(\/websocket)$ "ws://${docs_srvr}:${docs_port}/$1$2"
    
    # DocumentRoot "${docs_doc_root}"
    # <Directory "${docs_doc_root}">
    #     DirectoryIndex index.php index.html hello.html
    #     Require all granted
    #     #Options None FollowSymLinks MultiViews
    #     Options None FollowSymLinks
    #     # AllowOverride None
    #     AllowOverride All
    #     <IfModule security2_module>
    #         #SecRuleEngine Off
    #     </IfModule>
    # </Directory>

    # Limit the acces to the URIs  /, /welcome, /example, /healthcheck
    <ifModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond "%{REMOTE_ADDR}" "!^(172\.16\.[0-9]{1,3}\.[0-9]{1,3}|0\.0\.0\.0|127\.0\.0\.[0-9]{1,3})$"
        RewriteCond "%{REQUEST_URI}" "^/(welcome.*$|example.*$|healthcheck.*$|$)"
        RewriteRule "^(.*)$" https://cloud.example.com/? [L,R=307]
    </ifModule>
</VirtualHost>
</IfModule>

Set­up NextCloud On­ly­Of­fice App

As it is shown at Screen 1, with­in the NextCloud On­ly­Of­fice App we need to pro­vide 1 the ad­dress of the doc­u­ment serv­er and 2 the JWT key.

Screen 1. Set­up NextCloud On­ly­Of­fice App. Screen 1. Setup NextCloud OnlyOffice App.

Ref­er­ences