Skip to content

Instantly share code, notes, and snippets.

@ebta
Last active January 5, 2022 06:44
Show Gist options
  • Save ebta/08a1f5ef17c3437ff7ae3a4a3ec2466f to your computer and use it in GitHub Desktop.
Save ebta/08a1f5ef17c3437ff7ae3a4a3ec2466f to your computer and use it in GitHub Desktop.
Install LetsEncrypt https certificate on OnlyOffice Docker Community Server

How to configure HTTPS with a LetsEncrypt Certificate on OnlyOffice Community Server for Docker

  1. Install OnlyOffice (if you have not already done that) Follow the steps here https://helpcenter.onlyoffice.com/server/docker/community/docker-installation.aspx

  2. Connect to your machine with SSH, and Switch to the super-user with the command: sudo -i

  3. Create your OnlyOffice certificate folder with the command: mkdir -p /app/onlyoffice/CommunityServer/data/certs

  4. Create your Diffie-Hellman params with the command: openssl dhparam -out /app/onlyoffice/CommunityServer/data/certs/dhparam.pem 2048

  5. Now, install Certbot with the command (for Ubuntu/Debian): apt-get install certbot python-certbot-nginx

  6. We will use the « standalone » mode of Certbot, which will use the 80 port of your machine. In order to avoid any conflict with OnlyOffice, we need to stop your OnlyOffice instances. The easiest way is to stop Docker with the command: systemctl stop docker

  7. Now we will generate the Let’s Encrypt certificate with CertBot and this command (replace the <YOUR_DOMAIN> parameter by your domain name): certbot certonly --standalone -d <YOUR_DOMAIN>

  8. Complete the LetsEncrypt procedure

  9. Restart Docker systemctl start docker

  10. Find the ID of your OnlyOffice Community Server container onlyofficecs_container_id=$(docker ps -f name=onlyoffice-community-server -q)

  11. Copy your certificate to the OnlyOffice certificate folder with the command (replace the <YOUR_DOMAIN> parameter by your domain name):

cp /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.key &&
cp /etc/letsencrypt/live/<YOUR_DOMAIN>/fullchain.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.crt
  1. Restart your OnlyOffice Community Server container with the command:
docker restart "$onlyofficecs_container_id" #it reuses the ID found at step 11

You should now be able to access to your OnlyOffice Community server over HTTPS at https://<YOUR_DOMAIN> (replace the <YOUR_DOMAIN> parameter by your domain name).

For your certificate renewal, it is way easier as it can be fully automated. You can use the script below for this, just set properly the YOURDOMAIN variable to your domain name.

#!/bin/bash

YOURDOMAIN="TYPE_YOUR_DOMAIN_NAME_HERE"

echo "Stopping Docker..." &&
systemctl stop docker &&
echo "Registering / Renewing certificate" &&
certbot certonly --standalone -d $YOURDOMAIN &&
echo "Starting Docker..." &&
systemctl start docker &&
onlyofficecs_container_id=$(docker ps -f name=onlyoffice-community-server -q) &&
if [ -z "$onlyofficecs_container_id" ]
then
    echo "ERROR: Cannot find a valid OnlyOffice Community Server container. Please check that OnlyOffice is running."
    exit 1
else
    echo "Copying certificates files in the OnlyOffice folder" &&
    cp /etc/letsencrypt/live/$YOURDOMAIN/privkey.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.key &&
    cp /etc/letsencrypt/live/$YOURDOMAIN/fullchain.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.crt &&
    docker restart "$onlyofficecs_container_id"
    echo "Certificate configured successfully for OnlyOffice Community Server!"
fi

Reference: https://alayeddine.fr/2020/05/21/how-to-configure-https-with-a-letsencrypt-certificate-on-onlyoffice-community-server-for-docker/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment