OnlyOffice Document Server: Difference between revisions
Jump to navigation
Jump to search
m Made TOC float left |
Moved PostgreSQL Database Setup and Reverse Proxy Setup to be under Binary Installation. |
||
| (One intermediate revision by the same user not shown) | |||
| Line 6: | Line 6: | ||
: For the Docker version | : For the Docker version | ||
; [[PostgreSQL]] | ; [[PostgreSQL]] | ||
: For the | : For the Binary versions | ||
; [[RabbitMQ]] | ; [[RabbitMQ]] | ||
: For the | : For the Binary versions | ||
; [[Redis]] | ; [[Redis]] | ||
: For the | : For the Binary versions | ||
; [[Snap]] | ; [[Snap]] | ||
: For the Snap version | : For the Snap version | ||
= | = Container Installation = | ||
Installation via containerization is the simplest way to go. The containers have the database, RabbitMQ, and Redis services already set up. | |||
== Docker == | == Docker == | ||
| Line 40: | Line 28: | ||
{{bc|<nowiki> | {{bc|<nowiki> | ||
sudo docker run -i -t -d -p [port]:80 --restart=always \ | sudo docker run -i -t -d -p [port]:80 --restart=always \ | ||
-v / | -v /var/log/onlyoffice:/var/log/onlyoffice \ | ||
-v / | -v /var/lib/onlyoffice:/var/lib/onlyoffice \ | ||
-v / | -v /usr/share/fonts:/usr/share/fonts/truetype/custom onlyoffice/documentserver | ||
</nowiki>}} | </nowiki>}} | ||
| Line 49: | Line 37: | ||
{{bc|sudo snap install onlyoffice-ds}} | {{bc|sudo snap install onlyoffice-ds}} | ||
= Reverse Proxy Setup = | = Binary Installation = | ||
{{bc|yay -Syu onlyoffice-documentserver}} | |||
== PostgreSQL Database Setup == | |||
Database setup only needs to be done for Docker and Binary versions, which use the system's database server. The Snap version uses a built-in MariaDB database server. | |||
{{bc| | |||
sudo -u postgres psql -c "CREATE DATABASE onlyoffice;" | |||
sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';" | |||
sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;" | |||
}} | |||
== Reverse Proxy Setup == | |||
== Nginx == | === Nginx === | ||
Configure nginx to act as a proxy | Configure nginx to act as a proxy | ||
| Line 132: | Line 134: | ||
After [[Arch_Post-Installation_Checklist#Finalization|finalizing]], you should now be able to navigate to {{ic|<nowiki>https://<domain></nowiki>}} and see the OnlyOffice Document Server welcome page with a green checkmark indicating everything is running properly. | After [[Arch_Post-Installation_Checklist#Finalization|finalizing]], you should now be able to navigate to {{ic|<nowiki>https://<domain></nowiki>}} and see the OnlyOffice Document Server welcome page with a green checkmark indicating everything is running properly. | ||
== Apache == | === Apache === | ||
{{bc|1=<nowiki> | {{bc|1=<nowiki> | ||
Latest revision as of 06:12, 21 December 2019
Prequisites
- Docker
- For the Docker version
- PostgreSQL
- For the Binary versions
- RabbitMQ
- For the Binary versions
- Redis
- For the Binary versions
- Snap
- For the Snap version
Container Installation
Installation via containerization is the simplest way to go. The containers have the database, RabbitMQ, and Redis services already set up.
Docker
Create the following directories.
sudo mkdir /var/{lib,log}/onlyoffice
Issue one command to download and start the Docker instance.
sudo docker run -i -t -d -p [port]:80 --restart=always \ -v /var/log/onlyoffice:/var/log/onlyoffice \ -v /var/lib/onlyoffice:/var/lib/onlyoffice \ -v /usr/share/fonts:/usr/share/fonts/truetype/custom onlyoffice/documentserver
Snap
sudo snap install onlyoffice-ds
Binary Installation
yay -Syu onlyoffice-documentserver
PostgreSQL Database Setup
Database setup only needs to be done for Docker and Binary versions, which use the system's database server. The Snap version uses a built-in MariaDB database server.
sudo -u postgres psql -c "CREATE DATABASE onlyoffice;" sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';" sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
Reverse Proxy Setup
Nginx
Configure nginx to act as a proxy
/etc/nginx/sites-available/<domain>
upstream docservice {
server <docker-ip>:8888;
}
map $http_host $this_host {
"" $host;
default $http_host;
}
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $this_host;
}
map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $the_host;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
server {
listen 80;
listen [::]:80;
server_name <domain>;
server_tokens off;
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ods.bwt.com.de;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/<domain>/chain.pem;
add_header Strict-Transport-Security max-age=31536000;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
access_log /var/log/nginx/access.log main buffer=32k;
error_log /var/log/nginx/error.log error;
limit_req zone=gulag burst=200 nodelay;
# ACME challenge
location ^~ /.well-known {
allow all;
alias /var/lib/letsencrypt/$host/.well-known;
default_type "text/plain";
try_files $uri =404;
}
location / {
proxy_pass http://docservice;
proxy_http_version 1.1;
}
}
After finalizing, you should now be able to navigate to https://<domain> and see the OnlyOffice Document Server welcome page with a green checkmark indicating everything is running properly.
Apache
Listen 80
Listen 443
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
<IfModule unixd_module>
User daemon
Group daemon
</IfModule>
SSLEngine on
SSLCertificateFile "{{SSL_CERTIFICATE_PATH}}"
SSLCertificateKeyFile "{{SSL_KEY_PATH}}"
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
SSLProtocol All -SSLv2 -SSLv3
SSLCompression off
SSLHonorCipherOrder on
## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs
## sudo openssl dhparam -out dhparam.pem 4096
##
# SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
SetEnvIf Host "^(.*)$" THE_HOST=$1
RequestHeader setifempty X-Forwarded-Proto https
RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
ProxyAddHeaders Off
ProxyPassMatch (.*)(\/websocket)$ "ws://backendserver-address/$1$2"
ProxyPass / "http://backendserver-address/"
ProxyPassReverse / "http://backendserver-address/"
