How to run everything on a single Debian install
This guide was compiled from the notes and logs of two re-installs
I made on Debian 8 (Jessie) servers running Owncloud on Apache.
I have basically removed and reinstalled everything except the database
contents and the users files, while also migrating from owncloud to nextcloud.
You should reference the Nextcloud/Owncloud (version) manual for installing,
migrating or upgrading it. We add the nginx config to their apache install guide.
- This guide is provided as is, it may or may not work for you.
- Some linux skills are required.
- Some parts of the guide can and/or should be ignored if not relevant to your setup.
- This guide uses non-standard repositories to get newer versions of some packages (eg. PHP7).
$ apt-get update
$ apt-get upgrade
You may want to make a backup of your current config files for Apache before proceeding.
$ apt-get remove apache2 apache2-utils
$ apt-get autoremove
You may want to make a backup of your current config files for Nginx before proceeding.
$ sudo systemctl stop nginx.service
$ apt-get remove nginx nginx-extras
$ apt-get autoremove
List PHP packages (example)
$ sudo dpkg --get-selections | grep php | awk '{ print $1 }'
php5-cli
php5-common
php5-fpm
php5-json
php5-mysql
php5-readline
Remove packages (example)
$ sudo apt-get remove php5-cli php5-common php5-fpm php5-json php5-mysql php5-readline
This will provide us with more recent packages, like PHP7 and nginx 1.12.2
$ wget -qO - http://www.dotdeb.org/dotdeb.gpg | sudo apt-key add -
$ echo "deb http://packages.dotdeb.org jessie all" | sudo tee -a /etc/apt/sources.list.d/dotdeb.list
$ echo "deb-src http://packages.dotdeb.org jessie all" | sudo tee -a /etc/apt/sources.list.d/dotdeb.list
Update cache
$ sudo apt-get update
Install nginx
$ sudo apt-get install nginx nginx-extras
Adjust the packages names if you want another PHP version (not tested).
sudo apt-get install imagemagick php7.0-cli php7.0-curl php7.0-dev php7.0-zip php7.0-fpm php7.0-gd \
php7.0-xml php7.0-mysql php7.0-mcrypt php7.0-mbstring php7.0-opcache php7.0-json php7.0-intl \
php7.0-imagick php7.0-bcmath php7.0-bz2 php7.0-gmp php7.0-apcu php7.0-redis
$ sudo nano /etc/php/7.0/fpm/php.ini
Check if items are not already enabled
(adjust time zone to yours)
date.timezone = America/Sao_Paulo
upload_max_filesize = 4G
max_execution_time = 1200
max_input_vars = 5000
memory_limit = 256M
$ sudo nano /etc/php/7.0/fpm/pool.d/www.conf
Reference on how to adjust the values for the variables below
pm.max_children = 10
pm.max_requests = 200
Same file as last step
$ sudo nano /etc/php/7.0/fpm/pool.d/www.conf
Remove semicolons (;) to uncomment, towards the end of the file
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
sudo systemctl restart php7.0-fpm.service
Add a config file to nginx
$ sudo nano /etc/nginx/conf.d/upstream-php.conf
Use the appropriate handler for your PHP config
upstream php-handler {
#server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
server unix:/run/php/php7.0-fpm.sock;
}
If your PHP scripts still don't execute after restarting nginx and php,
try adding this config to the default site /etc/nginx/sites-enabled/default
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
You could test it with PHP Info.
<?php
phpinfo();
?>$ sudo apt-get install redis-server
You may need to run autoremove
$ sudo apt-get autoremove
$ sudo apt-get install rabbitmq-server
You may need to add your local IP to your hostname on your local hosts file for rabbitmq to work properly
$ sudo nano /etc/hosts
Example
10.0.20.10 cloud.example.com
10.0.20.10 office.example.com
I had to update this package, can't remember why, sorry.
If anyone can confirm this is needed or not, please post below
$ sudo apt-get install libgudev-1.0-0
The log is weird, says it is gonna install libudev0, but update libgudev-1.0-0 on doing so.
Set a nice root password during installation and take note of it (we will need it).
$ sudo apt-get install mariadb-server mariadb-client
Open mysql with the root password you created during the install
$ mysql -uroot -p
Change 'v2N7HfiK26X9A0S3sdkJEUR63s' to your Nextcloud DB password (not the root passwd)
Optional: Change 'nextclouduser' and nextcloud (database name)
CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'v2N7HfiK26X9A0S3sdkJEUR63s';
CREATE DATABASE IF NOT EXISTS nextcloud;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost' IDENTIFIED BY 'v2N7HfiK26X9A0S3sdkJEUR63s';
FLUSH PRIVILEGES;
You will need the DB username and password when configuring Nextcloud.
If you are migrating your installation, you may want to perform a backup and restore of the Database.
Example of SQL backup
mysqldump --single-transaction -h localhost -u "nextclouduser" -p"v2N7HfiK26X9A0S3sdkJEUR63s" "nextcloud" > "/path/to/backup/nextcloud-backup.sql"
Example of SQL restore
mysql -h localhost -u "nextclouduser" -p"v2N7HfiK26X9A0S3sdkJEUR63s" "nextcloud" < "/path/to/backup/nextcloud-backup.sql"
You WILL NEED valid certificates for everything to work (self-signed do not work).
And you will need certificates for both subdomains.
You can use certbot if you prefer that.
I also usually run acme.sh as root ( sudo su - ).
This guide will use cloud.example.com and office.example.com as the domains for each service.
I usualy use DNS challenges to create certificates, which ends up being easier since you just need to comunicate with your DNS provider to generate the certificates.
You may use any method that works for you, as long as you get the 2 certificates needed (office and cloud).
For example, after installing and configuring acme.sh
(and adding my DNS provider API keys to the config file)
# get root shell
sudo su -
# Relocate if needed
cd /root/.acme.sh
# Test issue (staging server)
./acme.sh --test --debug --issue --dns dns_dynu -d cloud.example.com -d office.example.com
# Force reissue on production server if all fine
acme.sh --force --debug --issue --dns dns_dynu -d cloud.example.com -d office.example.comThe most common method to issue certificates is by exposing the chalenges on port 80 of your webserver.
That is out of scope for this guide though (there are plenty of guides about that).
Please refer to acme.sh's manual for more info.
Let's create a folder for our certificates
Feel free to change it, but adjust later
# mkdir -p /etc/ssl/localcerts
One of the nice things about acme.sh is that it remembers your actions and then
will redo everything later to renew the certs (it sets a cron job).
We will use acme.sh to install the certs and restart nginx,
which will also be saved by acme.sh for later use.
# cd /root/.acme.sh
# ./acme.sh --debug --installcert -d cloud.example.com -d office.example.com --certpath /etc/ssl/localcerts/cloud.pem --keypath /etc/ssl/localcerts/cloud.key --fullchainpath /etc/ssl/localcerts/cloud-ca.crt --reloadcmd "systemctl restart nginx.service"
The above call would create the certificate files containning both domains,
so we could use the same files for both the cloud and office webservers
If you want to use a dhparam with the certificates, you can run (as root)
This WILL take a long time!
# cd /etc/ssl/certs
# openssl dhparam -out dhparam.pem 4096
This is not a requirement!
Some times we don't have ports 80/443 available (home connections),
so we NEED to use higher ports on those cases.
If you can use ports 80/443, that would be better and you SHOULD ignore this step!
Please note that your nginx port 80 on /etc/nginx/conf.d/onlyoffice-documentserver.conf will change automatically if you change this, but port 443 will not, you can just edit/change it to 4443 (or something else) yourself after installing
From the Document Server manual
By default Document Server listens to the incoming connections using port 80.
Starting with version 4.3 you can change the port for Document Server if you plan to use it instead of the default one.If you are going to change the default port, make sure that it is open for the incoming/outgoing connections.
See the complete list of the ports used by Document Server.
To do that you will need to change the default port for the debconf system, running the command:
echo onlyoffice-documentserver onlyoffice/ds-port select <PORT_NUMBER> | sudo debconf-set-selections
Example on port 9988
echo onlyoffice-documentserver onlyoffice/ds-port select 9988 | sudo debconf-set-selections
This MUST be done BEFORE installing document server, but only if you need it!
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
$ echo "deb http://download.onlyoffice.com/repo/debian squeeze main" | sudo tee /etc/apt/sources.list.d/onlyoffice.list
$ sudo apt-get update
$ sudo apt-get install onlyoffice-documentserver
We will change the template to the SSL one and open it for editing
$ cd /etc/nginx/conf.d
$ sudo mv onlyoffice-documentserver.conf onlyoffice-documentserver-old.conf.template
$ sudo cp onlyoffice-documentserver-ssl.conf.template onlyoffice-documentserver.conf
$ sudo nano onlyoffice-documentserver.conf
- Add your certificates
- Add or comment the dhparam file
Example of /etc/nginx/conf.d/onlyoffice-documentserver.conf
(full file, compare with your template if you have problems)
include /etc/nginx/includes/onlyoffice-http.conf;
## Normal HTTP host
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name _;
server_tokens off;
## Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
listen 127.0.0.1:80;
listen [::1]:80;
server_name localhost;
server_tokens off;
include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}
## HTTPS host
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl default_server;
server_tokens off;
root /usr/share/nginx/html;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate /etc/ssl/localcerts/cloud-ca.crt;
ssl_certificate_key /etc/ssl/localcerts/cloud.key;
#ssl_verify_client on;
#ssl_verify_depth 3;
#ssl_client_certificate /etc/ssl/localcerts/cloud.crt;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
## Replace with your ssl_trusted_certificate. For more info see:
## - https://medium.com/devops-programming/4445f4862461
## - https://www.ruby-forum.com/topic/4419319
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 10s;
## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs
## sudo openssl dhparam -out dhparam.pem 4096
##
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_dhparam /etc/ssl/localcerts/dhparam.pem;
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}
Restart nginx and test your https://office.example.com link on any web browser
(should show a page with a message saying that the Document Server is running)
$ sudo systemctl restart nginx.service
The office domain will be the default domain for nginx,
so no need to configure its domain name at this config file.
As mentioned before, refer to nextcloud's manual for installing or upgrading.
The main catch is that they use Apache by default, instead of nginx.
But here is where I would download the install of a new instance with something like
cd # go to home directory
# download
wget https://download.nextcloud.com/server/releases/nextcloud-13.0.6.zip
# extract
unzip nextcloud-13.0.6.zip
# move
sudo mv ./nextcloud /var/www/nextcloud
# set owner
sudo chown -R www-data:www-data /var/www/nextcloud
# create data dir
sudo mkdir -p /var/nc-data
# set owner
sudo chown -R www-data:www-data /var/nc-dataBe sure to use the created data dir when installing
(changing the data dir after installing is not supported)
Nextcloud: Manual Installation Reference
Nextcloud: Installing from command line
Nextcloud: Installation on Linux
I have then removed the default (and any other) symlink from the /etc/nginx/sites-enabled folder,
basically disabling any site on nginx, except for the document server, which uses a config file on another folder.
Create nextcloud config file
$ sudo nano /etc/nginx/sites-available/nextcloud
Change
- cloud.example.com on port 80
- cloud.example.com on port 443
- ssl_certificate /etc/ssl/localcerts/cloud-ca.crt;
- ssl_certificate_key /etc/ssl/localcerts/cloud.key;
- root /var/www/nextcloud;
server {
#listen 0.0.0.0:80;
#listen [::]:80 default_server;
listen 80;
server_name cloud.example.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
#listen 0.0.0.0:443 ssl;
#listen [::]:443 ssl default_server;
listen 443 ssl http2;
server_name cloud.example.com;
ssl_certificate /etc/ssl/localcerts/cloud-ca.crt;
ssl_certificate_key /etc/ssl/localcerts/cloud.key;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/nextcloud;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff|svg|gif)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
#
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
Enable the nextcloud config by symlinking it
$ cd /etc/nginx/sites-enabled/
$ sudo ln -s ../sites-available/nextcloud nextcloud
Restart services
$ sudo systemctl restart php7.0-fpm.service nginx.service
You should now be able to open https://cloud.example.com and
proceed with the installation from the web browser.
You should enter the data folder location, database name, database address, database password.
If you are performing a manual update, please refer to your new Nextcloud
version's manual on how to properly manually upgrade to your version.
You should tune your config.php file now.
$ sudo -u www-data nano /var/www/nextcloud/config/config.php
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' => array (
'host' => '/var/run/redis/redis.sock',
'port' => 0,
'timeout' => 0.0,
),You may need to enable unix sockets manualy on /etc/redis/redis.conf by uncommenting/adding
unixsocket /var/run/redis/redis.sock
unixsocketperm 775
'redis' => array (
'host' => 'localhost',
'port' => 6379,
),You can use the following example as a reference on how to populate the fields.
Don't just copy/paste this, it will NOT work
Example config.php
<?php
$CONFIG = array (
'instanceid' => 'randomStuff',
'passwordsalt' => 'moreRandomStuff',
'secret' => 'EvenMoreRandomStuff',
'trusted_domains' =>
array (
0 => 'localname',
1 => 'localname.local',
2 => '10.0.1.10',
3 => 'cloud.example.com',
),
'datadirectory' => '/var/nc_data',
'overwrite.cli.url' => 'https://cloud.example.com',
'dbtype' => 'mysql',
'version' => '13.0.4.0',
'dbname' => 'nextcloud',
'dbhost' => 'localhost',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextclouduser',
'dbpassword' => 'v2N7HfiK26X9A0S3sdkJEUR63s',
'logtimezone' => 'America/Sao_Paulo',
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => 'true',
'redis' => array (
'host' => '/var/run/redis/redis.sock',
'port' => 0,
'timeout' => 0.0,
),
'loglevel' => 0,
'maintenance' => false,
'skeletondirectory' => '',
'mail_from_address' => 'contact',
'mail_smtpmode' => 'smtp',
'mail_domain' => 'example.com',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpauth' => 1,
'mail_smtphost' => 'smtp.example.com',
'mail_smtpport' => '465',
'mail_smtpsecure' => 'ssl',
'mail_smtpname' => 'contact@example.com',
'mail_smtppassword' => 'myEmailPassword',
'onlyoffice' => array (
'verify_peer_off' => true,
'jwt_secret' => 'uASow982M3D8sj20565dSwe72sK8X67C4R5sJ2zIeJ72LSK',
'jwt_header' => 'AuthorizationJwt',
),
'updater.release.channel' => 'stable',
'app.mail.imaplog.enabled' => true,
'app.mail.smtplog.enabled' => true,
'app.mail.imap.timeout' => 30,
'app.mail.smtp.timeout' => 10,
'app.mail.transport' => 'smtp-mail',
'integrity.check.disabled' => true,
'preview_max_x' => 2048,
'preview_max_y' => 2048,
'preview_max_scale_factor' => 2,
'log_rotate_size' => 10485760,
);Please note the config for the OnlyOffice token, which also needs to be added
to the OnlyOffice config, otherwise anyone can use your onlyoffice instance.
The secret can be added from the Nextcloud configuration as well, but don't
add it before making sure your onlyoffice document server works without it.
First we make sure Nextcloud is still working.
Then install the OnlyOffice application from the Nextcloud's app store.
Then open Configuration > OnlyOffice and add the domains to be used.
Document Editing Service address >
https://office.example.com/
Document Editing Service address for internal requests from the server >
https://office.example.com/
Server address for internal requests from the Document Editing Service >
https://cloud.example.com/
Leave Secret Blank for now.
Hit Save!
By now we should have everything working already.
Open Nextcloud's Files App, hit the Plus (+) and create an onlyoffice file
(document, spreadsheet or presentation).
The file should open for editing in OnlyOffice if everything is fine.
In order to restrict the use of your document server, you need to add a token to it and then use the same token to access it from your own/nextcloud instances. Yes, you can use it with several cloud instances.
Edit your document server config file
$ sudo nano /etc/onlyoffice/documentserver/default.json
You should make a copy of your Document Server configuration file, since this may be replaced on updates
To add secret, create a long token string and insert it on 4 places
Example for token "uASow982M3D8sj20565dSwe72sK8X67C4R5sJ2zIeJ72LSK"
Added to secret > browser, inbox, outbox, session
"secret": {
"browser": {
"string": "uASow982M3D8sj20565dSwe72sK8X67C4R5sJ2zIeJ72LSK",
"file": "",
"tenants": {}
},
"inbox": {
"string": "uASow982M3D8sj20565dSwe72sK8X67C4R5sJ2zIeJ72LSK",
"file": "",
"tenants": {}
},
"outbox": {
"string": "uASow982M3D8sj20565dSwe72sK8X67C4R5sJ2zIeJ72LSK",
"file": ""
},
"session": {
"string": "uASow982M3D8sj20565dSwe72sK8X67C4R5sJ2zIeJ72LSK",
"file": ""
}
},
Restart document server
$ sudo supervisorctl restart all
Now add the same token to your Cloud config and check if everything is still working.
If you have problems after setting the token, check your nextcloud/config/config.php file again.
I think I remember adding 'jwt_header' => 'AuthorizationJwt', manually there back in the time.
Not sure if the nextcloud app should add it and does not (or if that is an old issue).
'onlyoffice' => array (
'verify_peer_off' => true,
'jwt_secret' => 'uASow982M3D8sj20565dSwe72sK8X67C4R5sJ2zIeJ72LSK',
'jwt_header' => 'AuthorizationJwt',
),
You should take extra care with the ports you expose on the internet for this machine.
Exposing the postgres port 5432 for example is a bad idea, since the onlyoffice installer uses some default username/password for its postgres database. So if you open that to the internet, your document server postgres database would be at risk.
This guide may not be perfect, but tries to be as complete as possible.
I hope this can be usefull to other people that are trying this setup.
This has been my default setup for a couple of years, but I will probably
run Nextcloud and OnlyOffice in separate LXC containers from now on.
I will probably use this guide as a basis to create the containers when
I am ready to deploy that. (I will link it here)
This setup is a lot faster because of a few reasons:
- nginx
- redis
- php7 + cache
I have obviously changed any password that appear on this guide to something random.
Cheers!
Gus
NEW TUTORIAL ON INSTALLING ONLYOFFICE INTO DEBIAN BUSTER HERE
https://gist.github.com/tavinus/4cd108fa6a76c2a11da81a0e5c552bd0
I install it into an LXC container, but any Debian 10 should work fine