OnlyOffice Document Server: Difference between revisions
Jump to navigation
Jump to search
m Made TOC float left |
m →Prequisites: Fixed prerequisistes |
||
| Line 6: | Line 6: | ||
: For the Docker version | : For the Docker version | ||
; [[PostgreSQL]] | ; [[PostgreSQL]] | ||
: For the | : For the Binary versions | ||
; [[RabbitMQ]] | ; [[RabbitMQ]] | ||
: For the | : For the Binary versions | ||
; [[Redis]] | ; [[Redis]] | ||
: For the | : For the Binary versions | ||
; [[Snap]] | ; [[Snap]] | ||
: For the Snap version | : For the Snap version | ||
Revision as of 05:35, 21 December 2019
Prequisites
- Docker
- For the Docker version
- PostgreSQL
- For the Binary versions
- RabbitMQ
- For the Binary versions
- Redis
- For the Binary versions
- Snap
- For the Snap version
PostgreSQL Database Setup
Database setup only needs to be done for Docker and Binary versions, which use the system's database server. The Snap version uses a built-in MariaDB database server.
sudo -u postgres psql -c "CREATE DATABASE onlyoffice;" sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';" sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
Installation
Binary
yay -Syu onlyoffice-documentserver
Docker
Create the following directories.
sudo mkdir /var/{lib,log}/onlyoffice
Issue one command to download and start the Docker instance.
sudo docker run -i -t -d -p [port]:80 --restart=always \ -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ -v /app/onlyoffice/DocumentServer/db:/srv/psql onlyoffice/documentserver
Snap
sudo snap install onlyoffice-ds
Reverse Proxy Setup
Nginx
Configure nginx to act as a proxy
/etc/nginx/sites-available/<domain>
upstream docservice {
server <docker-ip>:8888;
}
map $http_host $this_host {
"" $host;
default $http_host;
}
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $this_host;
}
map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $the_host;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
server {
listen 80;
listen [::]:80;
server_name <domain>;
server_tokens off;
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ods.bwt.com.de;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/<domain>/chain.pem;
add_header Strict-Transport-Security max-age=31536000;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
access_log /var/log/nginx/access.log main buffer=32k;
error_log /var/log/nginx/error.log error;
limit_req zone=gulag burst=200 nodelay;
# ACME challenge
location ^~ /.well-known {
allow all;
alias /var/lib/letsencrypt/$host/.well-known;
default_type "text/plain";
try_files $uri =404;
}
location / {
proxy_pass http://docservice;
proxy_http_version 1.1;
}
}
After finalizing, you should now be able to navigate to https://<domain> and see the OnlyOffice Document Server welcome page with a green checkmark indicating everything is running properly.
Apache
Listen 80
Listen 443
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
<IfModule unixd_module>
User daemon
Group daemon
</IfModule>
SSLEngine on
SSLCertificateFile "{{SSL_CERTIFICATE_PATH}}"
SSLCertificateKeyFile "{{SSL_KEY_PATH}}"
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
SSLProtocol All -SSLv2 -SSLv3
SSLCompression off
SSLHonorCipherOrder on
## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs
## sudo openssl dhparam -out dhparam.pem 4096
##
# SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
SetEnvIf Host "^(.*)$" THE_HOST=$1
RequestHeader setifempty X-Forwarded-Proto https
RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
ProxyAddHeaders Off
ProxyPassMatch (.*)(\/websocket)$ "ws://backendserver-address/$1$2"
ProxyPass / "http://backendserver-address/"
ProxyPassReverse / "http://backendserver-address/"
