NextCloud and OnlyOffice via Docker: Difference between revisions
Line 94: | Line 94: | ||
{{collapse/end}} | {{collapse/end}} | ||
'''Starting from version 7.2, JWT (JSON Web Token) is enabled by default.''' A random secret is generated automatically if a custom secret has not been added during installation. To obtain the default secret, run this command:<syntaxhighlight lang="shell" line="1" class=""> | |||
'''Starting from version 7.2, JWT is enabled by default.''' A random secret is generated automatically if a custom secret has not been added during installation. To obtain the default secret, run this command:<syntaxhighlight lang="shell" line="1" class=""> | |||
docker exec onlyoffice-docs /var/www/onlyoffice/documentserver/npm/json \ | docker exec onlyoffice-docs /var/www/onlyoffice/documentserver/npm/json \ | ||
-f /etc/onlyoffice/documentserver/local.json 'services.CoAuthoring.secret.session.string' | -f /etc/onlyoffice/documentserver/local.json 'services.CoAuthoring.secret.session.string' | ||
</syntaxhighlight><syntaxhighlight lang="shell-session"> | </syntaxhighlight><syntaxhighlight lang="shell-session"> | ||
xd4f2PO5hdHJHjpV1NdD | xd4f2PO5hdHJHjpV1NdD | ||
</syntaxhighlight>You can replace the default secret with a custom key using Docker env. More information about JWT in the [https://api.onlyoffice.com/editors/signature/ documentation]. | </syntaxhighlight>You can replace the default secret with a custom key using Docker env. More information about JWT in the [https://api.onlyoffice.com/editors/signature/ documentation]. Once again, in order to make the JWT persistent you need to provide it via Docker as environment variable - this will be done within the next section. | ||
'''Finally.''' Stop and prune the container, because in the next section we will create a Docker-compose configuration file.<syntaxhighlight lang="shell" line="1" class=""> | '''Finally.''' Stop and prune the container, because in the next section we will create a Docker-compose configuration file.<syntaxhighlight lang="shell" line="1" class=""> | ||
Line 108: | Line 107: | ||
=== Manage an OnlyOffice container by Docker-compose === | === Manage an OnlyOffice container by Docker-compose === | ||
Create the <code>docker-compose.yaml</code> file. Tweak the value of the host port <code>8081</code>, and the time zone <code>TZ</code> if it is needed.<syntaxhighlight lang="shell" line="1"> | Create the <code>docker-compose.yaml</code> file. Tweak the value of the host port <code>8081</code>, and the time zone <code>TZ</code> if it is needed. The most important thing is to set an unique value for <code>JWT_SECRET</code>, thus the JWT will become persistent.<syntaxhighlight lang="shell" line="1"> | ||
nano docker-compose.yaml | nano docker-compose.yaml | ||
</syntaxhighlight><syntaxhighlight lang="yaml" line="1"> | </syntaxhighlight><syntaxhighlight lang="yaml" line="1"> | ||
# https://hub.docker.com/r/onlyoffice/documentserver/ | # https://hub.docker.com/r/onlyoffice/documentserver/ | ||
# https://github.com/ONLYOFFICE/onlyoffice-owncloud/issues/108 | # https://github.com/ONLYOFFICE/onlyoffice-owncloud/issues/108 | ||
version: "3.9" | version: "3.9" | ||
Line 125: | Line 125: | ||
environment: | environment: | ||
TZ: 'Europe/Sofia' | TZ: 'Europe/Sofia' | ||
JWT_SECRET: "xd4f2PO5hdHJHjpV1NdD" | |||
# Volumes store your data between container upgrades | # Volumes store your data between container upgrades | ||
volumes: | volumes: | ||
- "DocumentServer/logs:/var/log/onlyoffice" | - "./DocumentServer/logs:/var/log/onlyoffice" | ||
- "DocumentServer/data:/var/www/onlyoffice/Data" | - "./DocumentServer/data:/var/www/onlyoffice/Data" | ||
- "DocumentServer/lib:/var/lib/onlyoffice" | - "./DocumentServer/lib:/var/lib/onlyoffice" | ||
- "DocumentServer/db:/var/lib/postgresql" | - "./DocumentServer/db:/var/lib/postgresql" | ||
- "DocumentServer/etc/onlyoffice:/etc/onlyoffice" | - "./DocumentServer/etc/onlyoffice:/etc/onlyoffice" | ||
- "DocumentServer/etc/supervisor:/etc/supervisor" | - "./DocumentServer/etc/supervisor:/etc/supervisor" | ||
restart: unless-stopped | restart: unless-stopped | ||
Revision as of 17:04, 25 September 2022
Here is a short step-by-step manual: How to setup OnlyOffice Docker container and proxy it by Apache2 for NextCloud usage.
Install Docker
According to the Docker and Docker-compose installation, read the guide Docker Basic Setup. The rest part of this section is deprecated, but is leaved here as historical note :)
sudo apt update
sudo apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - && \
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt install docker-ce
docker --version
sudo systemctl start docker
sudo systemctl enable docker
$USER
without using sudo
.sudo groupadd docker
sudo usermod -aG docker $USER
su - $USER
id -nG
sudo crontab -l | grep -i 'docker'
0 2 * * 7 /usr/bin/docker container prune
sudo sed 's/^#DOCKER_OPTS/DOCKER_OPTS/' /etc/default/docker -i
sudo systemctl restart docker
Setup the OnlyOffice Docker Container
Create a directory where the configuration file docker-compose.yaml
and the persistent volumes will live.
mkdir /home/docker/onlyoffice
cd /home/docker/onlyoffice
Pull the Docker images and run an OnlyOffice container for a first time
sudo docker run -i -t -d -p 8081:80 --restart=always \
-v $PWD/DocumentServer/logs:/var/log/onlyoffice \
-v $PWD/DocumentServer/data:/var/www/onlyoffice/Data \
-v $PWD/DocumentServer/lib:/var/lib/onlyoffice \
-v $PWD/DocumentServer/db:/var/lib/postgresql \
--hostname docs --name onlyoffice-docs \
onlyoffice/documentserver:latest
Test whether it works. At this point the OnlyOffice document server must be accessible the browser, probably you maybe need to wait about 10 seconds before it become accessible. Note the host port 8081
must be open (for you) within the host's firewall.
http://<host-ip>:8081/welcome/
Enable the integrated test examples.
docker exec onlyoffice-docs supervisorctl start ds:example
docker exec onlyoffice-docs sed 's,autostart=false,autostart=true,' -i /etc/supervisor/conf.d/ds-example.conf
Now you can access the examples at the following address.
http://<host-ip>:8081/example/
Export the configuration files. For some reason the configuration files cannot be exported via the volume option as this is done above for some other directories. So, if we need that, we need first to copy them manually.
sudo mkdir DocumentServer/etc
sudo docker cp onlyoffice-docs:/etc/onlyoffice DocumentServer/etc
sudo docker cp onlyoffice-docs:/etc/supervisor DocumentServer/etc
Now we can stop and prune the container.
docker stop onlyoffice-docs
docker container prune
sudo docker run -i -t -d -p 8081:80 --restart=always \
-v "$PWD/DocumentServer/logs:/var/log/onlyoffice" \
-v "$PWD/DocumentServer/data:/var/www/onlyoffice/Data" \
-v "$PWD/DocumentServer/lib:/var/lib/onlyoffice" \
-v "$PWD/DocumentServer/db:/var/lib/postgresql" \
-v "$PWD/DocumentServer/etc/onlyoffice:/etc/onlyoffice" \
-v "$PWD/DocumentServer/etc/supervisor:/etc/supervisor" \
--hostname docs --name onlyoffice-docs \
onlyoffice/documentserver:latest
Starting from version 7.2, JWT (JSON Web Token) is enabled by default. A random secret is generated automatically if a custom secret has not been added during installation. To obtain the default secret, run this command:
docker exec onlyoffice-docs /var/www/onlyoffice/documentserver/npm/json \
-f /etc/onlyoffice/documentserver/local.json 'services.CoAuthoring.secret.session.string'
xd4f2PO5hdHJHjpV1NdD
You can replace the default secret with a custom key using Docker env. More information about JWT in the documentation. Once again, in order to make the JWT persistent you need to provide it via Docker as environment variable – this will be done within the next section. Finally. Stop and prune the container, because in the next section we will create a Docker-compose configuration file.
docker stop onlyoffice-docs
docker container prune
Manage an OnlyOffice container by Docker-compose
Create the docker-compose.yaml
file. Tweak the value of the host port 8081
, and the time zone TZ
if it is needed. The most important thing is to set an unique value for JWT_SECRET
, thus the JWT will become persistent.
nano docker-compose.yaml
# https://hub.docker.com/r/onlyoffice/documentserver/
# https://github.com/ONLYOFFICE/onlyoffice-owncloud/issues/108
version: "3.9"
services:
onlyoffice-docs:
container_name: onlyoffice-docs
image: onlyoffice/documentserver:latest
hostname: docs
#network_mode: host
ports:
- "8081:80/tcp"
environment:
TZ: 'Europe/Sofia'
JWT_SECRET: "xd4f2PO5hdHJHjpV1NdD"
# Volumes store your data between container upgrades
volumes:
- "./DocumentServer/logs:/var/log/onlyoffice"
- "./DocumentServer/data:/var/www/onlyoffice/Data"
- "./DocumentServer/lib:/var/lib/onlyoffice"
- "./DocumentServer/db:/var/lib/postgresql"
- "./DocumentServer/etc/onlyoffice:/etc/onlyoffice"
- "./DocumentServer/etc/supervisor:/etc/supervisor"
restart: unless-stopped
volumes:
DocumentServer:
Download the Docker images and run the container in detached (persistent) mode.
docker-compose up -d
Open the OnlyOffice document server via the browser. Note the host port 8081
must be open (for you) within the host's firewall.
http://<host-ip>:8081/welcome/
The rest part of this section is deprecated, but is leaved here as historical note :)
wget -q https://registry.hub.docker.com/v1/repositories/onlyoffice/documentserver/tags -O - | jq -r '.[].name'
81
of 127.0.0.1 localhost
.# docker pull onlyoffice/documentserver
docker run -i -t -d -p 81:80 --restart=always onlyoffice/documentserver:latest
- Note the option
–restart=always
means the container will run automatically when Docker is started/restarted. - Docker will pull the image automatically when it is not available locally.
Apache2 Proxy Virtual Host
Test Whether the cesessary Apache2 modules are enabled.
sudo apache2ctl -M | grep -E 'auth[nz]_core|unixd|proxy|headers|setenvif'
unixd_module (static) # Required
authn_core_module (shared) # Required
authz_core_module (shared) # Required
headers_module (shared) # Required
proxy_module (shared) # Required
proxy_fcgi_module (shared)
proxy_http_module (shared) # Required
proxy_http2_module (shared)
proxy_wstunnel_module (shared) # Required
setenvif_module (shared) # Required
Setup a new virtual host as follow and restart Apache2. Note in this scenariou you need a valid SSL/TLS certivicate.
sudo nano /etc/apache2/sites-enabled/docs.example.com.conf
<VirtualHost *:80>
ServerName docs.example.com
ServerAdmin admin@example.com
Redirect permanent "/" "https://docs.example.com/"
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName docs.example.com
ServerAdmin admin@example.com
ErrorLog ${APACHE_LOG_DIR}/docs.example.com.error.log
CustomLog ${APACHE_LOG_DIR}/docs.example.com.access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
<IfModule pagespeed_module>
ModPagespeed off
</IfModule>
<IfModule security2_module>
# SecRuleEngine Off
</IfModule>
# ProxyPreserveHost On
# ProxyRequests Off
SetEnvIf Host "^(.*)$" THE_HOST=$1
Header edit Set-Cookie ^(.*)$ "$1; HttpOnly; Secure"
RequestHeader setifempty X-Forwarded-Proto https
RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
ProxyAddHeaders Off
ProxyPassMatch (.*)(\/websocket)$ "ws://localhost:81/$1$2"
ProxyPass / "http://localhost:81/"
ProxyPassReverse / "http://localhost:81/"
</VirtualHost>
</IfModule>
References
- OnlyOffice Help Center: Installing ONLYOFFICE Docs Community Edition for Docker on a local server
- Docker Hub: onlyoffice/documentserver
- GitHub: ONLYOFFICE/onlyoffice-nextcloud
- GitHub: ONLYOFFICE/onlyoffice-nextcloud/releases
- OnlyOffice Api Docs: Nextcloud ONLYOFFICE integration app
- GitHub: ONLYOFFICE/onlyoffice-nextcloud/issues/[Can't connect do document server after update to NC19 #297]
- PhoenixNAP: How To Install and Use Docker on Ubuntu 20.04