How I installed Onlyoffice Docs 5.6 (DocumentServer) into a Debian 10 Buster Proxmox LXC Container.
- https://helpcenter.onlyoffice.com/installation/docs-community-install-ubuntu.aspx
- https://helpcenter.onlyoffice.com/installation/docs-community-https-linux.aspx
- CPU dual core 2 GHz or better
- RAM 2 GB or more
- HDD at least 40 GB of free space
- Additional requirements at least 4 GB of swap
- OS 64-bit Debian, Ubuntu or other compatible distribution with kernel version 3.13 or later
- Additional requirements
- PostgreSQL: version 9.1 or later
- NGINX: version 1.3.13 or later
- libstdc++6: version 4.8.4 or later
- RabbitMQ
First update everything
# apt update && apt dist-upgrade
I like to install these
# apt install curl wget nano htop
You may want to have a local user to use instead of root
and also to add it to the sudo group
# apt install sudo
# adduser admin
# usermod -aG sudo admin
Let's add ssh capabilities
# apt install openssh-client openssh-server
# ssh admin@localhost # test it
Configure Locales properly I used pt_BR.UTF-8 as the default, but added support to other languages and encodings as well
# dpkg-reconfigure locales
# reboot # you may want to reboot to the new language
https://www.postgresql.org/download/linux/debian/
First we need lsb_release
# apt install lsb-release
Install Postgres SQL
# Create the file repository configuration:
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
# Import the repository signing key:
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
# Update the package lists:
sudo apt-get update
# Install the latest version of PostgreSQL.
# If you want a specific version, use 'postgresql-12' or similar instead of 'postgresql':
sudo apt-get -y install postgresqlCreate Database for Onlyoffice
sudo -i -u postgres psql -c "CREATE DATABASE onlyoffice;" ; sudo -i -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';" ; sudo -i -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
sudo apt-get install rabbitmq-server
sudo apt-get install nginx-extras
By default ONLYOFFICE Docs listens to the incoming connections using port 80. Starting with version 4.3 you can change the port for ONLYOFFICE Docs if you plan to use it instead of the default one.
I did not change this and I will also not run in HTTPS, because my CT will run through another nginx proxy.
echo onlyoffice-documentserver onlyoffice/ds-port select <PORT_NUMBER> | sudo debconf-set-selections
If you want to change the ONLYOFFICE Docs protocol to HTTPS, do not change the port to 443, but use this instruction instead.
Add GPG key
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
Add ONLYOFFICE Docs repository
sudo echo "deb https://download.onlyoffice.com/repo/debian squeeze main" | sudo tee /etc/apt/sources.list.d/onlyoffice.list
Install
sudo apt-get update
sudo apt-get install onlyoffice-documentserver
During the installation process, you will be asked to provide a password for the onlyoffice PostgreSQL user. Please enter the onlyoffice password that you have specified when configuring PostgreSQL.
After that ONLYOFFICE Docs will be run as a process.
At this point your DocumentServer instance is already usable
The package will be updated just like any other deb package.
Please note that the local.json may be reset during updates, resetting the JWT Token password.
Just make a copy of /etc/onlyoffice before updates to be sure.
You will probably want to install some extra Fonts, including the Microsoft Fonts.
Core Microsoft Fonts
sudo apt install ttf-mscorefonts-installer
Vista Fonts are not so easy
You could try this installer with
sudo apt install wget cabextract fontforge
wget https://gist.githubusercontent.com/tavinus/1a92c79d790657d5b66546996dd006b9/raw/ttf-vista-fonts-installer.sh -q -O - | sudo bash
Then you need to refresh the Onlyoffice cache
/usr/bin/documentserver-generate-allfonts.sh
Now you could refresh the browser to check the new fonts
We need to edit the file /etc/onlyoffice/documentserver/local.json
to secure our Document Server with a JWT token.
The chages are
- Change token boolean flags to true
- Change the secret string to a new random one
I cooked a one-liner script to make the changes easier.
Create a backup of the original config file in case something goes wrong.
sudo cp /etc/onlyoffice/documentserver/local.json /etc/onlyoffice/documentserver/local-json-backup
You can revert with
sudo cp /etc/onlyoffice/documentserver/local-json-backup /etc/onlyoffice/documentserver/local.json
Get a root sheel if not yet in one
sudo su -
Let's generate a random secret and apply it
OO_SECRET="$(< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c${1:-64})" && sed -i 's/: false/: true/g;s/"string": "secret"/"string": "'"$OO_SECRET"'"/g' /etc/onlyoffice/documentserver/local.json && echo "SECRET KEY: $OO_SECRET"
It will print the created secret.
If you forget/lose, you can retrieve from the local.json file.
You may want to check it anyways:
cat /etc/onlyoffice/documentserver/local.json
The final local.json file will look similar to this
{
"services": {
"CoAuthoring": {
"sql": {
"type": "postgres",
"dbHost": "localhost",
"dbPort": "5432",
"dbName": "onlyoffice",
"dbUser": "onlyoffice",
"dbPass": "onlyoffice"
},
"token": {
"enable": {
"request": {
"inbox": true,
"outbox": true
},
"browser": true
},
"inbox": {
"header": "Authorization"
},
"outbox": {
"header": "Authorization"
}
},
"secret": {
"inbox": {
"string": "eu94ESnlK-6BSjJKthifa7LS23hj6ugNDTO9U1yugQlRUSd-Xif2NfB1WOC5pwkC"
},
"outbox": {
"string": "eu94ESnlK-6BSjJKthifa7LS23hj6ugNDTO9U1yugQlRUSd-Xif2NfB1WOC5pwkC"
},
"session": {
"string": "eu94ESnlK-6BSjJKthifa7LS23hj6ugNDTO9U1yugQlRUSd-Xif2NfB1WOC5pwkC"
}
}
}
},
"rabbitmq": {
"url": "amqp://guest:guest@localhost"
}
}Restart the Document Server to apply the changes.
sudo supervisorctl restart all
You can now use the generated SECRET KEY to access your
DocumentServer instance.
As mentioned, I am routing traffic through another NGINX proxy instance.
The Proxy runs in HTTPS and redirects insecure traffic.
Things you need to change:
- ONLYOFFICE CONTAINER IP ADDRESS
eg. 10.0.1.45 - ONLYOFFICE DOMAIN
eg. office.mydomain.tld - CERTIFICATE FILES LOCATIONS
eg. /etc/ssl/localcerts/office.mydomain.tld-fullchain.cer
Please note that each of them occur in many places inside the file.
You need to change ALL OCCURRENCES.
Example office.mydomain.tld.conf file
server {
listen 80;
listen [::]:80;
server_name office.mydomain.tld;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name office.mydomain.tld;
ssl_certificate /etc/ssl/localcerts/office.mydomain.tld-fullchain.cer;
ssl_certificate_key /etc/ssl/localcerts/office.mydomain.tld.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/office.mydomain.tld.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix WebDav links
rewrite ^/\.well-known/carddav https://$server_name/remote.php/dav/ redirect;
rewrite ^/\.well-known/caldav https://$server_name/remote.php/dav/ redirect;
# Proxy target setup
proxy_pass http://10.0.1.45;
proxy_read_timeout 200;
# Fix the "It appears that your reverse proxy set up is broken" error
proxy_redirect http://10.0.1.45 https://$host;
}
}
I will not go into how to generate the certificates this time,
but I usually generate Let's Encrypt Certificates using
acme.sh with DNS challenges.