ONLYOFFICE

From SME Server
Jump to navigationJump to search

this page described how to install onlyoffice document server as a docker container on SME10as server gateway. So we can use it from nextcloud.

this is early beta.

install

yum install docker-ce docker-ce-cli containerd.io docker-compose --enablerepo=epel,extras
systemctl start docker
systemctl enable docker
cd ~ 
git clone --recursive https://github.com/ONLYOFFICE/docker-onlyoffice-nextcloud
cd docker-onlyoffice-nextcloud
docker-compose up -d

then do where you must replace 192.168.50.117 by your SME LAN IP

docker run -i -t -d --name onlyoffice -p 8080:80   \
      --dns=192.168.50.117   \
      -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
      -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
      -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
      -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
      -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
      -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
       onlyoffice/documentserver

docker update --restart always onlyoffice

needed httpd templates

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
# /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/80VirtualH-dehydrated
#Alias /.well-known/acme-challenge /var/www/html/.well-known/acme-challenge
Alias /.well-known/acme-challenge/ /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/

<Directory "/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/">
    order allow,deny
    allow from all
    deny from none  	
    AddDefaultCharset off
</Directory>

change DOMAIN.COM with you own domain (or docker.DOMAIN.COM and onlyoffice.DOMAIN.COM)

#/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98onlyoffice
<VirtualHost *:443>
    ServerName onlyoffice.DOMAIN.COM
    ServerAlias onlyoffice.DOMAIN.COM

    SSLEngine On
    SSLCertificateFile	/etc/dehydrated/certs/docker.DOMAIN.COM/cert.pem
    SSLCertificateKeyFile /etc/dehydrated/certs/docker.DOMAIN.COM/privkey.pem
    SSLCertificateChainFile /etc/dehydrated/certs/docker.DOMAIN.COM/chain.pem

    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
    SSLProtocol All -SSLv2 -SSLv3
    SSLCompression off
    SSLHonorCipherOrder on

    SetEnvIf Host "^(.*)$" THE_HOST=$1
    #needs apache 2.4.7
    #RequestHeader setifempty X-Forwarded-Proto https
    #RequestHeader setifempty X-Forwarded-Host %\{THE_HOST\}e
    #valid alternative :
    RequestHeader set X-Forwarded-Proto https
    RequestHeader set X-Forwarded-Host %\{THE_HOST\}e
    ProxyAddHeaders Off

    ProxyPass /.well-known/acme-challenge !
    ProxyPassMatch (.*)(\/websocket)$ "ws://localhost:8080/$1$2"
    ProxyPass / "http://localhost:8080/"
    ProxyPassReverse / "http://localhost:8080/"

</VirtualHost>

# PORT FORWARD FROM 80 TO: 443
<virtualhost *:80>
    ServerName onlyoffice.DOMAIN.COM
    ServerAlias onlyoffice.DOMAIN.COM
    SSLProxyEngine On
    RewriteEngine on
    RewriteCond %\{REQUEST_URI\} !^/.well-known/acme-challenge [NC]
    RewriteCond %\{HTTPS\} off
    RewriteRule ^/(.*) https://%\{HTTP_HOST\}/$1 [NC,R,L]
</virtualhost>

to allow access to your dns server add the docker network to your local networks (considering the docker network is the following):

db networks set 172.17.0.0 network Mask 255.255.0.0 Router 172.17.0.1 Removable no
signal-event network-create 172.17.0.0

update

docker pull onlyoffice/documentserver:latest

cp -a /app/onlyoffice/DocumentServer/ /backuponlyoffice

docker stop onlyoffice
docker rm onlyoffice
docker run -i -t -d --name onlyoffice -p 8080:80   \
      --dns=192.168.80.117   \
      -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
      -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
      -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
      -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
      -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
      -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
       onlyoffice/documentserver
#wait 5 min and then
docker restart onlyoffice

then you have to add back your secrets

docker
apt update
mcedit  /etc/onlyoffice/documentserver/local.json
exit
docker restart onlyoffice
docker update --restart always onlyoffice

useful commands

# stop onlyoffice
docker stop --name onlyoffice
#list containers
docker container ls -a
#list images
docker images
# access to the container 
docker exec -it onlyoffice bash

TODO and known issues

  1. we could add the certificate folder to the /app externally accessible folder, same thing for the configuration in /etc/onlyoffice/documentserver/local.json. Alternatively we could simply use the environement variable and the docker file to populate them.
  2. a smeserver-onlyoffice rpm.
  3. on reboot docker fails to load network if service is started before masq is relaoded, we would either need to create a specific template for that, or restart docker after masq

sources