Skip to content

Instantly share code, notes, and snippets.

@gear4s

gear4s/README.md

Last active September 29, 2022 21:16
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gear4s/0ef086fb94f5193ea826f9fa75d45f84 to your computer and use it in GitHub Desktop.
Save gear4s/0ef086fb94f5193ea826f9fa75d45f84 to your computer and use it in GitHub Desktop.
Download ZIP
Install NextCloud with OnlyOffice connectivity on GCP
Raw
README.md

Installation

Run this to create required files:

mkdir -p DocumentServer/{logs,data,lib}
touch gcp_service_account_credentials.json

Cloud configuration

This sets up some basic configuration

Open up docker-compose.yml and make the following changes

User-facing config:

  • Replace <cloudAdminUsername> and <cloudAdminPassword> with your desired admin username and password
  • Replace all instances of <cloudHostFQDN> with your domain name. If you don’t have a domain name that you want to use, you can also fill in the IP address of the server, so Nextcloud knows which requests to respond.
  • If you're using a IP address instead of a FQDN, please comment out line 53, and uncomment line 55

Back-end config:

  • Replace all instances of <s3AccessKey> and <s3SecretKey> with a random access and secret key respectively (only verified by the MinIO service)

Getting GCP credentials

Now we must connect MinIO to GCS (if you decided to use some other storage provider, have a look at the Minio documentation).

Generating credentials

Log into GCP

  • Go to GCP console
  • Create a GCP account if you don’t already have one ($300 credit for new accounts)
  • Search for “Storage”
  • Click on the corresponding result item

Create storage bucket for cloud storage

  • Click on Create New Bucket
  • Give it a name that's easy to remember
  • Select Multi-Region as the location type
  • Leave the remaining options as they are
  • Click Create to finish setup.

Create another storage bucket for PGSQL backups

Obtain credentials for MinIO

  • Search for Service accounts
  • Click on the corresponding result
  • Click on Create Service Account and fill in some service account name and description
  • Click on Continue
  • Select Storage Object Admin as its role
  • Create a key of type JSON and download it to your computer

Copy the contents of the file that you just downloaded, and paste it into the file gcp_service_account_credentials.json

Updating MinIO config

Open up docker-compose.yml and make the following changes

Back-end changes:

  • Replace <s3CloudStorage> with your cloud bucket's name you created
  • Replace <s3BackupBucket> with your backup bucket's name you created

Usage with IP address instead of domain

Change the traefik command from containing this:

      - --defaultentrypoints=https,http
      - --entryPoints=Name:http Address::80 Redirect.EntryPoint:https
      - --entryPoints=Name:https Address::443 TLS

To containing this:

      - --defaultentrypoints=http
      - --entryPoints=Name:http Address::80

Note that we removed the HTTPS entry point.

Read over the docker-compose to ensure that you've done everything correctly. No support is provided!

Seriously. It takes like... 5 minutes.

Bring containers up

  • Run docker-compose up -d
  • Run docker-compose logs -f to see logs while they are starting
  • Once everything’s settled you can close the logs using CTRL-C.

Open your browser and go to the domain or IP address of your server. You’ll now see the Nextcloud login screen, where you can use the admin credentials you set earlier.

Have fun with your selfhosted, regionally redundant Nextcloud + OnlyOffice instance!

Raw
docker-compose.yml
version: "3.7"
services:
# Database used by all services
postgres:
image: postgres:latest
restart: unless-stopped
environment:
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: pgpassword
POSTGRES_DB: nextcloud
# MQTT used by OnlyOffice
rabbitmq:
image: rabbitmq
restart: always
# Memory storage used by OnlyOffice and nextcloud
redis:
restart: unless-stopped
image: redis:5.0.6
# Backups for our Postgres database
pgbackup:
image: skn0tt/postgres-backup-s3:11.5
depends_on:
- postgres
environment:
SCHEDULE: '@hourly'
# Set up S3 connectivity information
# I use MinIO to convert S3 storage calls to GCP storage calls
S3_REGION: local
S3_ACCESS_KEY_ID: <s3AccessKey> # set in MinIO config
S3_SECRET_ACCESS_KEY: <s3SecretKey> # set in MinIO config
S3_BUCKET: <s3BackupBucket> # cloud storage bucket name
S3_ENDPOINT: http://minio:9000
# Set up Postgres information
POSTGRES_HOST: postgres
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: pgpassword
POSTGRES_DATABASE: nextcloud
# The primary cloud software
nextcloud:
restart: unless-stopped
image: nextcloud:latest
# Install OnlyOffice connector
command:
- php occ app:install onlyoffice
# Comment this if you use an IP address
- php occ config:app:set onlyoffice DocumentServerUrl --value https://<cloudHostFQDN>/onlyoffice/
# Unomment this if you use an IP address
#- php occ config:app:set onlyoffice DocumentServerUrl --value http://<cloudHostFQDN>/onlyoffice/
- php occ onlyoffice:documentserver --check
depends_on:
- minio
- postgres
- redis
environment:
# Your admin user
NEXTCLOUD_ADMIN_USER: <cloudAdminUsername>
NEXTCLOUD_ADMIN_PASSWORD: <cloudAdminPassword>
# Add your domain name here
NEXTCLOUD_TRUSTED_DOMAINS: <cloudHostFQDN>
# Redis and Postgres config
REDIS_HOST: redis
POSTGRES_HOST: postgres
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: pgpassword
# Set up S3 connectivity information
# I use MinIO to convert S3 storage calls to GCP storage calls
OBJECTSTORE_S3_BUCKET: <s3CloudStorage>
OBJECTSTORE_S3_KEY: <s3AccessKey>
OBJECTSTORE_S3_SECRET: <s3SecretKey>
OBJECTSTORE_S3_HOST: minio
OBJECTSTORE_S3_PORT: 9000
OBJECTSTORE_S3_SSL: "false"
OBJECTSTORE_S3_REGION: optional
OBJECTSTORE_S3_USEPATH_STYLE: "true"
# Instruct traefik to expose container on <host>/
labels:
- "traefik.port=80"
- "traefik.frontend.rule=Host:<cloudHostFQDN>"
- "traefik.enable=true"
# OnlyOffice document server (essentially, Word, Excel, and Powerpoint)
onlyoffice:
restart: unless-stopped
image: onlyoffice/documentserver:latest
depends_on:
- minio
- rabbitmq
- postgres
- redis
environment:
# Disable OnlyOffice's internal HTTPS
ONLYOFFICE_HTTPS_HSTS_ENABLED: "false"
# Postgres connectivity
DB_TYPE: postgres
DB_HOST: postgres
DB_NAME: nextcloud
DB_USER: nextcloud
DB_PWD: pgpassword
# AMQP URI uses rabbitmq for host
AMQP_URI: amqp://guest:guest@rabbitmq
REDIS_SERVER_HOST: redis
volumes:
- ./DocumentServer/logs:/var/log/onlyoffice
- ./DocumentServer/data:/var/www/onlyoffice/Data
- ./DocumentServer/lib:/var/lib/onlyoffice
# Instruct traefik to expose container on <host>/onlyoffice
labels:
- "traefik.port=80"
- "traefik.frontend.rule=Host:<cloudHostFQDN>;PathPrefixStrip:/onlyoffice"
- "traefik.frontend.headers.customRequestHeaders=X-Forwarded-Host:<cloudHostFQDN>/onlyoffice"
- "traefik.enable=true"
# MinIO is used to convert AWS S3 storage calls to GCP storage calls
minio:
image: minio/minio:latest
restart: unless-stopped
command: gateway gcs
volumes:
- ./gcp_service_account_credentials.json:/credentials.json
environment:
GOOGLE_APPLICATION_CREDENTIALS: /credentials.json
MINIO_ACCESS_KEY: <s3AccessKey>
MINIO_SECRET_KEY: <s3SecretKey>
# Instruct traefik to expose container on <host>/minio
labels:
- "traefik.frontend.rule=Host:<cloudHostFQDN>;PathPrefix:/minio"
- "traefik.enable=false" # Disable this expose
- "traefik.port=9000"
traefik:
image: traefik:v1.7.19
command:
- --api
- --docker
- --docker.exposedbydefault=false
- --retry
- --defaultentrypoints=https,http
- --entryPoints=Name:http Address::80 Redirect.EntryPoint:https
- --entryPoints=Name:https Address::443 TLS
- --acme.email=<yourPrimaryEmail>
- --acme.entryPoint=https
- --acme.storage=acme.json
- --acme.onHostRule=true
- --acme.httpchallenge.entrypoint=http
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/acme:/etc/traefik/acme
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment