penzoiders/onlyoffice_documentserver_centos7.sh

## onlyoffice_documentserver_centos7.sh
#!/bin/bash

# Install OnlyOffice Document Server on clean CentOS 7 base (may not work on non fresh systems) without asking anything
# HOW TO: just open a root terminal and brutally copy/paste this gist to your shell.
# SSL READY: featuring also a lazy-boy-style oneliner to get SSL cert from Let's Encrypt ( see bottom of this gist )

curl -sL https://rpm.nodesource.com/setup_8.x | bash -

cat << EOF > /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/\$basearch/
gpgcheck=0
enabled=1
EOF

yum install -y nginx epel-release postgresql postgresql-server firewalld

cat << EOF > /etc/nginx/nginx.conf
user                    nginx;
worker_processes      1;
error_log             /var/log/nginx/error.log warn;
pid                   /var/run/nginx.pid;
events {
  worker_connections  1024;
}
http {
  include             /etc/nginx/mime.types;
  default_type        application/octet-stream;
  log_format          main  '\$remote_addr - \$remote_user [\$time_local] "\$request" '
                            '\$status \$body_bytes_sent "\$http_referer" '
                            '"\$http_user_agent" "\$http_x_forwarded_for"';
  access_log          /var/log/nginx/access.log  main;
  sendfile            on;
  #tcp_nopush         on;
  keepalive_timeout   65;
  #gzip               on;
  include             /etc/nginx/conf.d/*.conf;
}
EOF

service postgresql initdb
systemctl enable postgresql
sed -i 's#host    all             all             127.0.0.1/32            ident#host    all             all             127.0.0.1/32            trust#;s#host    all             all             ::1/128                 ident#host    all             all             ::1/128                 trust#' /var/lib/pgsql/data/pg_hba.conf
systemctl restart postgresql

cd /tmp
sudo -u postgres psql -c "CREATE DATABASE onlyoffice;"
sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"

yum install -y redis rabbitmq-server
systemctl start redis
systemctl enable redis
systemctl start rabbitmq-server
systemctl enable rabbitmq-server

yum install -y http://download.onlyoffice.com/repo/centos/main/noarch/onlyoffice-repo.noarch.rpm
yum install -y onlyoffice-documentserver
systemctl start supervisord
systemctl enable supervisord
systemctl start nginx
systemctl enable nginx


cat /usr/bin/documentserver-configure.sh | sed 's/read -e/#read -e/' | sed 's/^read_saved_params$/DB_PWD=onlyoffice\nRABBITMQ_PWD=guest\nread_saved_params/' > /tmp/documentserver-configure-unattended.sh
bash /tmp/documentserver-configure-unattended.sh

systemctl start firewalld
systemctl enable firewalld

firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reload

yum update -y

reboot


# You can secure it using Let's Encrypt SSL certificates with this single line here.
# NOTE: do this after reboot, you'll need to have a proper DNS record and ports 80 and 443 reachable from public IP
# you also need a DNS record to be published for that IP before launching the following command

# firewall-cmd --zone=public --add-service=https --permanent && firewall-cmd --reload && yum install -y python2-certbot-nginx && certbot --nginx certonly && systemctl stop nginx && cat /etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver-ssl.conf.template |  sed 's#{{SSL_CERTIFICATE_PATH}}#/etc/letsencrypt/live/'$(ls /etc/letsencrypt/live | head -n 1)'/fullchain.pem#' | sed 's#{{SSL_KEY_PATH}}#/etc/letsencrypt/live/'$(ls /etc/letsencrypt/live | head -n 1)'/privkey.pem#' > /etc/nginx/conf.d/onlyoffice-documentserver.conf && systemctl start nginx
	#!/bin/bash

	# Install OnlyOffice Document Server on clean CentOS 7 base (may not work on non fresh systems) without asking anything
	# HOW TO: just open a root terminal and brutally copy/paste this gist to your shell.
	# SSL READY: featuring also a lazy-boy-style oneliner to get SSL cert from Let's Encrypt ( see bottom of this gist )

	curl -sL https://rpm.nodesource.com/setup_8.x \| bash -

	cat << EOF > /etc/yum.repos.d/nginx.repo
	[nginx]
	name=nginx repo
	baseurl=http://nginx.org/packages/centos/7/\$basearch/
	gpgcheck=0
	enabled=1
	EOF

	yum install -y nginx epel-release postgresql postgresql-server firewalld

	cat << EOF > /etc/nginx/nginx.conf
	user nginx;
	worker_processes 1;
	error_log /var/log/nginx/error.log warn;
	pid /var/run/nginx.pid;
	events {
	worker_connections 1024;
	}
	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;
	log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
	'\$status \$body_bytes_sent "\$http_referer" '
	'"\$http_user_agent" "\$http_x_forwarded_for"';
	access_log /var/log/nginx/access.log main;
	sendfile on;
	#tcp_nopush on;
	keepalive_timeout 65;
	#gzip on;
	include /etc/nginx/conf.d/*.conf;
	}
	EOF

	service postgresql initdb
	systemctl enable postgresql
	sed -i 's#host all all 127.0.0.1/32 ident#host all all 127.0.0.1/32 trust#;s#host all all ::1/128 ident#host all all ::1/128 trust#' /var/lib/pgsql/data/pg_hba.conf
	systemctl restart postgresql

	cd /tmp
	sudo -u postgres psql -c "CREATE DATABASE onlyoffice;"
	sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
	sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"

	yum install -y redis rabbitmq-server
	systemctl start redis
	systemctl enable redis
	systemctl start rabbitmq-server
	systemctl enable rabbitmq-server

	yum install -y http://download.onlyoffice.com/repo/centos/main/noarch/onlyoffice-repo.noarch.rpm
	yum install -y onlyoffice-documentserver
	systemctl start supervisord
	systemctl enable supervisord
	systemctl start nginx
	systemctl enable nginx


	cat /usr/bin/documentserver-configure.sh \| sed 's/read -e/#read -e/' \| sed 's/^read_saved_params$/DB_PWD=onlyoffice\nRABBITMQ_PWD=guest\nread_saved_params/' > /tmp/documentserver-configure-unattended.sh
	bash /tmp/documentserver-configure-unattended.sh

	systemctl start firewalld
	systemctl enable firewalld

	firewall-cmd --zone=public --add-service=http --permanent
	firewall-cmd --reload

	yum update -y

	reboot


	# You can secure it using Let's Encrypt SSL certificates with this single line here.
	# NOTE: do this after reboot, you'll need to have a proper DNS record and ports 80 and 443 reachable from public IP
	# you also need a DNS record to be published for that IP before launching the following command

	# firewall-cmd --zone=public --add-service=https --permanent && firewall-cmd --reload && yum install -y python2-certbot-nginx && certbot --nginx certonly && systemctl stop nginx && cat /etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver-ssl.conf.template \| sed 's#{{SSL_CERTIFICATE_PATH}}#/etc/letsencrypt/live/'$(ls /etc/letsencrypt/live \| head -n 1)'/fullchain.pem#' \| sed 's#{{SSL_KEY_PATH}}#/etc/letsencrypt/live/'$(ls /etc/letsencrypt/live \| head -n 1)'/privkey.pem#' > /etc/nginx/conf.d/onlyoffice-documentserver.conf && systemctl start nginx