Nextcloud 13 and ONLYOFFICE (NGINX)


Following this guide, you will get your own ONLYOFFICE Documentserver within your own Nextcloud, based on your existing NGINX Webserver. You don’t have to configure a second domain, just use your existing one e.g. your.dedyn.io and ammend your current configuration.

Prerequirement: NGINX ≥ 1.15 on Ubuntu 16.04.04 LTS or Ubuntu 18.04 LTS on an AMD64 infrastructure (not ARM64)

You just have to substitute or paste the red ones to your requirements.


Let’s start with the preparation of …

(1) … your router

Open a fourth TCP port in particular for OnlyOffice: 8443 in your router.

(2) … your ufw firewall

ufw allow 8443/tcp

(3) … your docker environment

apt remove docker docker-engine docker.io
apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
UBUNTU 16.04.4 LTS:
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
UBUNTU 18.04 LTS:
sed -i '$adeb https://download.docker.com/linux/ubuntu artful stable' /etc/apt/sources.list
apt update && apt install docker-ce

Please ensure, docker is now running properly e.g. by issuing

docker run hello-world

Then start downloading and install the ONLYOFFICE Documentserver:

docker pull onlyoffice/documentserver

Wait for about 650 MB of downloaded binaries and modify your NGINX configuration properly.

Make ammendments to your NGINX configuration:

vi /etc/nginx/nginx.conf

Copy/paste the upstream onlyoffice-docker or the entire nginx.conf file:

user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
server_names_hash_bucket_size 64;
upstream onlyoffice-docker {
server 192.168.2.118:8443; #your local server ip
}
upstream php-handler {
server unix:/run/php/php7.2-fpm.sock;
}
set_real_ip_from 127.0.0.1;
set_real_ip_from 192.168.2.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
include /etc/nginx/mime.types;
include /etc/nginx/proxy.conf;
include /etc/nginx/ssl.conf;
include /etc/nginx/header.conf;
include /etc/nginx/optimization.conf;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" '
'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status' ;
access_log /var/log/nginx/access.log main;
sendfile on;
send_timeout 3600;
tcp_nopush on;
tcp_nodelay on;
open_file_cache max=500 inactive=10m;
open_file_cache_errors on;
keepalive_timeout 65;
reset_timedout_connection on;
server_tokens off;
resolver 192.168.2.1;
resolver_timeout 10s;
include /etc/nginx/conf.d/*.conf;
}

Enhance your Nextcloud config.php by issuing

sudo -u www-data vi /var/www/nextcloud/config/config.php

and paste the following rows before the last );

...
array (
'verify_peer_off' => true,
),
);

Restart your PHP and Webserver by issuing

service php7.2-fpm restart && service nginx restart

Create a folder and copy your ssl data:

mkdir -p /app/onlyoffice/DocumentServer/data/certs
cp /etc/letsencrypt/live/your.dedyn.io/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
cp /etc/letsencrypt/live/your.dedyn.io/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
cp /etc/ssl/certs/dhparam.pem /app/onlyoffice/DocumentServer/data/certs/dhparam.pem
chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
! HINT !
If your ssl certificates will be renewed you have to copy the new certificates again and restart your docker or use this renewal.sh to embed in your crontab:

#!/bin/bash
cd /etc/letsencrypt
letsencrypt renew
result=$(find /etc/letsencrypt/live/ -type l -mtime -1 )
if [ -n "$result" ]; then
/usr/sbin/service nginx stop
cp /etc/letsencrypt/live/your.dedyn.io/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
cp /etc/letsencrypt/live/your.dedyn.io/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
/usr/sbin/service mysql restart
/usr/sbin/service redis-server restart
/usr/sbin/service php7.2-fpm restart
docker restart ONLYOFFICEDOCKER
/usr/sbin/service nginx restart 
fi
exit 0

Then start the docker image by issuing

docker run --name=ONLYOFFICEDOCKER -i -t -d -p 8443:443 --restart=always -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver

Call your server and enjoy your ONLYOFFICE Documentserver response:

https://your.dedyn.io:8443

Logon to your Nextcloud as your administrator and enable the ONLYOFFICE app.

Switch to the Settings and fill in your Nextcloud domain and the port 8443 (https://your.dedyn.io:8443) as shown examplarily:

From now, you can create and edit office documents directly in your Nextcloud instance.

 

Enjoy your ONLYOFFICE documents in your secured and hardened Nextcloud-Server!



Carsten Rieger


Usefull docker-things:

Status of docker container:

docker ps
docker image list

Issuing updates for Collabora Office:

docker ps
docker stop <id from "docker ps">
docker pull onlyoffice/documentserver
docker rm <id from "docker ps">
docker run -i -t -d -p 8443:443 --restart=always -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver
service nginx restart

Amount of used docker space:

docker system df

Reclaim space:

docker system prune

This will remove:
– all stopped containers
– all networks not used by at least one container
– all dangling images
– all build cache


2 Responses

  1. olivier says:

    Hi Carsten,
    So nice your tuto !
    is it possible to put the lines “copy/paste ssl certs” in the renewal.sh (https://www.c-rieger.de/nextcloud-installation-guide-advanced/#c11) ?
    Thanks,
    Olivier

    • Yes, you find the modified script below:
      #!/bin/bash
      cd /etc/letsencrypt
      letsencrypt renew
      result=$(find /etc/letsencrypt/live/ -type l -mtime -1 )
      if [ -n "$result" ]; then
      /usr/sbin/service nginx stop
      cp /etc/letsencrypt/live/your.dedyn.io/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
      cp /etc/letsencrypt/live/your.dedyn.io/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
      chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
      /usr/sbin/service mysql restart
      /usr/sbin/service redis-server restart
      /usr/sbin/service php7.2-fpm restart
      /usr/sbin/service nginx restart
      alias oo='docker ps -l -q'
      docker restart `oo`
      fi
      exit 0

      You only have to substitute “your.dedyn.io” with your ddns. I added the script to this blog yet.

Leave a Reply

Your email address will not be published. Required fields are marked *