Nextcloud 15 and ONLYOFFICE (NGINX)


Nextcloud and ONLYOFFICE on one server


  1. Onlyoffice using the same domain as Nextcloud
  2. Onlyoffice using a different domain as Nextcloud

Start with the preparation of your router and open a TCP port in particular for ONLYOFFICE : 8443

Prepare your environment with docker…

apt remove docker docker-engine docker.io
apt install apt-transport-https ca-certificates curl software-properties-common

… on Ubuntu:

sed -i '$adeb https://download.docker.com/linux/ubuntu bionic stable' /etc/apt/sources.list
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

… on Debian:

sed -i '$deb [arch=amd64] https://download.docker.com/linux/debian stretch stable' /etc/apt/sources.list
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -

… on both:

apt update && apt install docker-ce -y

Please ensure, docker is now running properly e.g. by issuing

docker run hello-world

Then start downloading and install the ONLYOFFICE Documentserver:

docker pull onlyoffice/documentserver

Wait for about 650 MB of downloaded binaries and modify your NGINX configuration properly.

Make ammendments to your NGINX configuration:

vi /etc/nginx/nginx.conf

Copy/paste the upstream onlyoffice-docker or the entire nginx.conf file:

user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
server_names_hash_bucket_size 64;
upstream onlyoffice-docker {
server 127.0.0.1:8443;
}
upstream php-handler {
server unix:/run/php/php7.3-fpm.sock;
}
set_real_ip_from 127.0.0.1;
set_real_ip_from 192.168.2.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
include /etc/nginx/mime.types;
include /etc/nginx/proxy.conf;
include /etc/nginx/ssl.conf;
include /etc/nginx/header.conf;
include /etc/nginx/optimization.conf;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" '
'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status' ;
access_log /var/log/nginx/access.log main;
sendfile on;
send_timeout 3600;
tcp_nopush on;
tcp_nodelay on;
open_file_cache max=500 inactive=10m;
open_file_cache_errors on;
keepalive_timeout 65;
reset_timedout_connection on;
server_tokens off;
resolver 208.67.222.222 208.67.220.220 valid=30s;
resolver_timeout 5s;
include /etc/nginx/conf.d/*.conf;
}

 

HINT (for self signed ssl environments only!):
Enhance your Nextcloud config.php by issuing
sudo -u www-data vi /var/www/nextcloud/config/config.php
and paste the following rows before the last );
...
'onlyoffice' =>
array (
'verify_peer_off' => TRUE,
),
);

Restart your PHP and Webserver by issuing

service php7.3-fpm restart && service nginx restart

Create a folder and copy your ssl data:

mkdir -p /app/onlyoffice/DocumentServer/data/certs
cp /etc/letsencrypt/live/your.dedyn.io/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
cp /etc/letsencrypt/live/your.dedyn.io/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
cp /etc/ssl/certs/dhparam.pem /app/onlyoffice/DocumentServer/data/certs/dhparam.pem
chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key

 

HINT (for Let's Encrypt renewals only!):
If your Let's Encrypt ssl certificates will be renewed you have to copy the new certificates again and restart your docker or use this renewal.sh to embed in your crontab:

#!/bin/bash
cd /etc/letsencrypt
letsencrypt renew
result=$(find /etc/letsencrypt/live/ -type l -mtime -1 )
if [ -n "$result" ]; then
/usr/sbin/service nginx stop
cp /etc/letsencrypt/live/your.dedyn.io/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
cp /etc/letsencrypt/live/your.dedyn.io/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
/usr/sbin/service mysql restart
/usr/sbin/service redis-server restart
/usr/sbin/service php7.3-fpm restart
docker restart ONLYOFFICEDOCKER
/usr/sbin/service nginx restart 
fi
exit 0

Then start the docker image by issuing the following statement (1 row):

docker run --name=ONLYOFFICEDOCKER -i -t -d -p 8443:443 -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -e JWT_ENABLED='true' -e JWT_SECRET='yoursecret' --restart=always onlyoffice/documentserver

Call your server and enjoy your ONLYOFFICE Documentserver response:

https://your.dedyn.io:8443

Logon to your Nextcloud as your administrator and enable the ONLYOFFICE app.

Switch to the Settings and fill in your Nextcloud domain and the port 8443 (https://your.dedyn.io:8443) as shown examplarily. Add your yoursecret in the advanced section of the ONLYOFFICE configuration panel:

From now, you can create and edit office documents directly in your Nextcloud instance.


ONLYOFFICE is now part of your awesome Nextcloudserver! If you want to operate ONLYOFFICE on a dedicated server, just follow these ONLYOFFICE instructions


From my perspective, a more stable and reliable scenario would be to enhance your certificate with a further (sub-)domain

letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt --rsa-key-size 4096 -d YOUR.DEDYN.IO -d YOUR2.DEDYN.IO

and create a separate virtual host for onlyoffice

vi /etc/nginx/conf.d/onlyoffice.conf

Paste all the following rows

server {
listen 443 ssl http2;
server_name your2.dedyn.io;
location / {
proxy_pass https://127.0.0.1:8443;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

and restart nginx

service nginx restart

Switch to the Nextcloud settings for Onlyoffice. Fill in your new created domain without any port (https://your2.dedyn.io) and  keep/add your yoursecret in the advanced section of the ONLYOFFICE configuration panel as shown

The docker statements remains the same.

docker run --name=ONLYOFFICEDOCKER -i -t -d -p 8443:443 -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -e JWT_ENABLED='true' -e JWT_SECRET='yoursecret' --restart=always onlyoffice/documentserver

Following this scenario you neither need any portforwarding in your router for Onlyoffice nor the upstream statement

upstream onlyoffice-docker {
server 127.0.0.1:8443;
}

in the /etc/nginx/nginx.conf any longer. So please remove the port forwarding (8443) within your router if you follow this second scenario. Onlyoffice will listen on port 443 (default) using your second (sub-)domain only.


Enjoy your personal data in your secured and hardened Nextcloud-Server!


Don’t forget to backup your Nextcloud

Find more instructions here: Nextcloud backup and restore



Carsten Rieger


Usefull docker-things:

Status of docker container:

docker ps
docker image list

Issuing updates for ONLYOFFICE:

docker ps
docker stop <id from "docker ps">
docker pull onlyoffice/documentserver
docker rm <id from "docker ps">
docker run -i -t -d -p 8443:443 --restart=always -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver
service nginx restart

Amount of used docker space:

docker system df

Reclaim space:

docker system prune

This will remove:
– all stopped containers
– all networks not used by at least one container
– all dangling images
– all build cache


Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 13 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 7 years.

62 Responses

  1. Anon says:

    Hey Carsten. I have followed your tutorial and I have NC and OO both running on one server, working quite well. When working on Part 2, however, I have one problem. It no longer works when I try to remove the “8443” port number from the “Document Editing Service address” in the OnlyOffice administration page in Nextcloud. I am using NGINX and I have domain.tld as the server name for Nextcloud and office.domain.tld as the server name for OnlyOffice. The office.domain.tld has its own certificate which is working fine and I have commented out the upstream block in the NGINX configuration file. If I go to “office.domain.tld” in my web browser, I get the webpage that says the document server is running (as well as if I go to domain.tld:8443 on my internal network). So, the separate server and certificate are working and the document server is working without the port number. What am I missing?

    server {
    listen 443 ssl;
    server_name office.domain.tld;
    server_tokens off;

    ##### SSL Directives
    ssl_certificate /etc/letsencrypt/live/office.domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/office.domain.tld/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers ‘EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH’;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    ## Headers
    add_header Referrer-Policy “no-referrer”;
    add_header X-Frame-Options “ALLOW-FROM https://office.domain.tld/” always;
    add_header X-XSS-Protection “1; mode=block”;
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;

    location / {
    proxy_pass https://127.0.0.1:8443;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Proto $scheme;
    }
    }

    • Hi Anon,
      please follow my guide in detail. If you decided to operate on a subdomain for office, just create a further vhost (e.g. office.conf) with the following content:
      server {
      listen 443 ssl http2;
      server_name your2.dedyn.io;
      location / {
      proxy_pass https://127.0.0.1:8443;
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Host $server_name;
      proxy_set_header X-Forwarded-Proto $scheme;
      }
      }

      Substitute your2dedyn.io to your environment properly and restart nginx. cheers, Carsten

      • Anon says:

        I followed your guide very closely. I’m not sure what else in your setup is different than mine (you have some nginx configuration files that are not shown, like for your SSL configuration (include /etc/nginx/ssl.conf). Overall I think everything I have done is very similar. I mean, it all works until I remove the port number from the Document Editing Service address field. If I go to https://office.mydomain.tld OR https://office.mydomain.tld:8443, they both say the document server is running. The certificate for the https://office.mydomain.tld is the proper one (and I get a warning if I point it to my other domain’s certificate), so the proper server block is being entered (side note: how is your server block for your2.dedyn.io using the proper certificate if the ssl_certificate field is not listed in the server block?). Anyways, I think the issue is something inside the location block with the proxy commands, but I can’t figure it out.

        • did you expand your existing certificate or did you create a second certificate? if you followed my guide as you said, you don’t have to include the ssl certificate in particular because the ssl.conf is included in the nginx.conf already and points to your enhanced ssl certificate. I can’t see anything wrong with the location neither.

  2. Wim says:

    Hello Carsten,

    Great tutorial, thanks.
    I think I got it ALMOST working… hope you can help me out 🙂

    I followed al the instructions, and https://mydomain.lol:8443 gives me the welcome message.
    Configuring the Nextcloud app, I get this error:
    “Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted.)”

    So… what to do next?
    I Googled a lot and thinks it has something to do with my Letsencrypt certificate, but all seems fine…

    Do you have any idea?
    Thanks in advance! Wim

    • Are you running NGINX or Apache – when trying to connect your cloud told me APACHE?! Did you follow all instructions?
      mkdir -p /app/onlyoffice/DocumentServer/data/certs
      cp /etc/letsencrypt/live/your.dedyn.io/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
      cp /etc/letsencrypt/live/your.dedyn.io/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
      cp /etc/ssl/certs/dhparam.pem /app/onlyoffice/DocumentServer/data/certs/dhparam.pem
      chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key

      • Alex says:

        Hallo Carsten,

        bin gerade in die selbe Fehlermeldung gelaufen.
        Die von dir beschriebenen Schritte habe ich durchgeführt und nginx und php7.3-fpm neugestartet.

        Fehler in der nextcloud.log
        {“reqId”:”gZ1IlkjxNqCOOUjDlbS0″,”level”:3,”time”:”2019-01-20T21:59:09+01:00″,”remoteAddr”:”178.201.240.155″,”user”:”alex”,”app”:”onlyoffice”,”method”:”PUT”,”url”:”\/apps\/onlyoffice\/ajax\/settings”,”message”:”GetConvertedUri on check error: Im Dokumentenservice ist ein Fehler aufgetreten: Error while downloading the document file to be converted.”,”userAgent”:”Mozilla\/5.0 (X11; Linux x86_64; rv:64.0) Gecko\/20100101 Firefox\/64.0″,”version”:”15.0.2.0″}

        Danke für deine Antwort im Voraus und viele Grüße

        Alex

  3. VmcHJLi447 says:

    Dude. I have been fiddling with trying to get OnlyOffice and Nextcloud to work on my server for a while. I finally stumbled on this post and it’s working great! First try! I wish I had found this earlier (although it looks like you posted it December 19). Anyways, thanks a lot for this help! You are a lifesaver.

  4. Matthias says:

    Hi,
    thanks for the tutorial.
    I’d like to run Onlyoffice under mydomain.dedyn.io/onlyoffice but port 443
    Is that possible? I can’t get the proxy to work properly

  5. Jeff Gregory says:

    Hello Carsten,

    I ran your script to install Onlyoffice but ran into this problam once it finished:

    Dec 13 18:24:16 onlyoffice systemd[1]: Starting A high performance web server and a reverse proxy server…
    Dec 13 18:24:16 onlyoffice nginx[30714]: nginx: [emerg] a duplicate default server for [::]:80 in /etc/nginx/sites-enabled/default:23
    Dec 13 18:24:16 onlyoffice nginx[30714]: nginx: configuration file /etc/nginx/nginx.conf test failed
    Dec 13 18:24:16 onlyoffice systemd[1]: nginx.service: Control process exited, code=exited status=1
    Dec 13 18:24:16 onlyoffice systemd[1]: nginx.service: Failed with result ‘exit-code’.
    Dec 13 18:24:16 onlyoffice systemd[1]: Failed to start A high performance web server and a reverse proxy server.

    nginx fails on restart and I cannot reach the document server, obviously because it couldn’t restart.

  6. Chito says:

    Hi Carsten,

    Can we use this guide on and odroidc2 also? or is this only for amd64 architecture?

    Thank you for all your superbly wonderful guides….

  7. Karsten says:

    Hallo Carsten,

    vielen Dank für Deine tollen Tutorials. Für einen absoluten Linux Anfänger (halt in der Win Welt aufgewachsen) waren bis zu einem erreichbaren OnlyOffice einige Hürden zu überwinden, man sagt ja nicht umsonst, dass es “cut & past” statt “copy and I don’t understand” heißt.

    Eine Anmerkung habe ich noch.

    Wer erstmalig einen Linux Server aufsetzt muss sich mit einigen Eigenheiten auseinandersetzen, die Schlimmste in diesem Zusammenhang war das Verhalten des lokalen DNS in Verbindindung mit dem systemd, der lauscht nämlich auf 127.0.0.53:53 und liefert nicht die in dem von mir mittels bind9 konfigurierten forward lookup Zonen. Alle normalen Tests klappen, nur der OnlyOffice Container erhält über den systemd Teil die öffentliche IP der Domain. Durch eine DMZ mit NAT wird dann Nextcloud nicht mehr erreicht.

    Viele Grüße

    Karsten

  8. Vlad says:

    Hello!

    Real thank you for all manuals you share here. They are excellent.

    But I tried to make NC + OO (docker version) . Everything alrigth through installation but I have an error ERR_CONNECTION_REFUSED in every browser in local and from another place with another external ip.

    Looked into iptables -L -n – there are no entrys for any ip
    tried another port (ex: 1501) and have the same situation..

  9. Roman says:

    Hallo Carsten,
    super Scripte. Vielen Dank, hat bestens funktioniert.

    Eine Frage habe ich aber noch.
    Ich möchte die Subdomain ändern unter der Nextcloud + Onlyoffice erreichbar sind.
    Als absoluter Linuxnoob dachte ich, dass es reicht, wenn ich:

    – eine neue Subdomain anlege
    – nochmal /usr/local/src/install-nextcloud/ssl-certificate.sh starte
    – die oben beschrieben Copy&Paste Schritte nochmal durchführe
    – und dann tuts hoffentlich – was nicht der Fall war.

    Beim Versuch Onlyoffice über die neue Subdomain zu verbinden kommt trotz erreichbarer Welcomepage folgender Fehler:
    ” Fehler aufgetreten: Error while downloading the document file to be converted.”

    Nach einem Neustart des Servers behauptet Firefox, dass das Zertifikat unsicher sein und lässt mich nichmal eine Ausnahme anlegen.

    Wie macht man das richtig?

    Grüßle
    Roman

    • Sofern der NGINX korrekt eingerichtet wurde, so muss man nur diesen LetsEncrypt-Befehl um die Domäne ergänzen:
      letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt --rsa-key-size 4096 -d YOUR.DEDYN.IO -d YOURSECOND.DEDYVM.IO
      LetsEncrypt erkennt das existierende Zertifikat und fragt, ob dieses erweitert werden soll: (E)xpand

      • Roman says:

        Danke, funktioniert. Habe noch eine kleine Änderung an der Domain vorgenommen und das DynDNS durch einen CNAME auf die erste Domain ersetzt. Spiel für das Zertifikat aber keine Rolle. Das grüne Schloss ist da 😉

  10. Roland Andersson says:

    Sorry for my earlier post. There was an odd letternot visible in front of the *onlyoffice’
    Forget it.

  11. Roland Andersson says:

    I revised the config.php file according to the description. I copy and pasted the lines. Now I get an error in NC logg.
    “Error PHP Unexpected character in input: ‘’ (ASCII=127) state=0 at /var/www/nextcloud/config/config.php#81”
    Line 81 is ‘onlyoffice’ =>
    ??

  12. Ludgerus says:

    Hallo Carsten,

    super Anleitung wie immer alles vom feinsten 🙂

    Onlyoffice läuft nach der Installation einwandfrei, Docker zeigt auch keine Fehler.
    Jedoch erscheint folgende Fehlermeldung nach Neustart des Servers:

    ONLYOFFICE cannot be reached. Please contact admin

    Alle üblichen Verdächtigen hab ich im Rahmen meiner beschiedenen Fähigkeiten schon kontrolliert.
    Nach Neuinstallation vom Docker Container läuft es wieder bis zum Nächsten Neustart.

    Kannst du helfen?

    Danke Ludgerus

    • Ludgerus says:

      Hallo Carsten,

      ich habe mein Problem gelöst (hoffentlich 🙂 ).

      1. Im Router Ipv6 ausgeschaltet.
      2. nach Anleitung den lokalen DNS Server angegeben.

      https://helpcenter.onlyoffice.com/server/docker/document/docker-installation.aspx

      Docker specifies Google DNS servers by default. If your Document Server is not going to have access to the Internet, we recommend that you change the default Docker DNS address to the address
      of your local DNS server. To do that go to the /etc/default/docker file and change the IP address in the following line to the IP address of a DNS server in your local network:

      docker_OPTS=”–dns 192.168.x.x”

      Danach ist OnlyOffice neustart stabil erreichbar.

      Gibt es eine Möglichkeit das Docker Image so zustarten das Ipv4 und Ipv6 parallel funktionieren?

      MfG Ludgerus

      • Jens says:

        Hallo,

        ich habe das ohne Änderung an IP und Docker so gelöst:

        nano /root/startdocker.sh

        docker stop ONLYOFFICEDOCKER
        docker rm ONLYOFFICEDOCKER
        service php7.2-fpm restart && service nginx restart
        docker run –name=ONLYOFFICEDOCKER -i -t -d -p 8443:443 -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -e JWT_ENABLED=’true’ -e JWT_SECRET=’PASSWORT’ –restart=always onlyoffice/documentserver

        chmod +x /root/startdocker.sh

        crontab -e
        @reboot /root/startdocker.sh > /dev/null 2>&1

        reboot

  13. Bhavin Patel says:

    I tired to install only office with this guide. I have done installation on basis of 2. Alternatively (using docker on the same server) start with the preparation of …

    While running below command

    cp /etc/ssl/certs/dhparam.pem /app/onlyoffice/DocumentServer/data/certs/dhparam.pem

    I get error as below:

    cp: cannot stat ‘/etc/ssl/certs/dhparam.pem’: No such file or directory

    To give background I have installed next cloud on server with help of below guide which is also prepared by you

    https://www.c-rieger.de/spawn-your-nextcloud-server-using-one-shell-script/

    • no worries: create the dhparam file
      screen -S dhparam
      openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096

      as described here. But please be patient – this will take a few minutes!

      • Bhavin Patel says:

        Thanks for reply..

        I got things worked out..

        Just one question. .

        In nginx config file is it necessary to keep same resolver iP as given in script above?

        I tired with different iP but then document server at 8443 port not work but next cloud works

  14. Franko says:

    Hallo Carsten

    ich habe Onlyoffice in einer VM unter Proxmox, leider läuft sie dort mit hoher CPU last!? 1x CPU 95% mit 2x CPU 50%, in der “Echten CPU” macht da ca 4-6 % im Leerlauf aus. Google hat mir hier nicht weiter geholfen 🙁
    Hat hier noch einer eine Idee?

    MfG Franko

    • Hallo Franko. Du bist der Zweite, den ich mit diesem Phänomen kenne. Bitte öffne ein Ticket bei OnlyOffice und sei so nett, hier die Ticket-Nr. anzugeben. Das wird vermutlich mehreren so gehen und somit auch interessieren?! Danke und Grüße, Carsten

      • Franko says:

        Hallo Carsten

        es gab Grade ein update -> squeeze 5.2.0-195 amd64 [upgradable from: 5.1.5-59] seitdem läuft es in lxc unter Proxmox mit 2 Vcpu und 6 GB Ram mit 0.35 -1.20% CPU Auslastung im Leerlauf.

        • Franko says:

          ein Problem hab ich noch 😉

          Wenn ich Onlyoffice im Heimnetzwerk verwende Funktioniert das ohne Probleme, wenn ich es außerhalb (Arbeit) verwende bekomme ich folgen Fehlermeldung:

          ONLYOFFICE cannot be reached. Please contact admin

          PS seit dem Update auf 5.2 ist die CPU last OK

          MfG Franko

  15. Markus says:

    Hallo Carsten,

    vorab danke für deine tollen Anleitungen.

    Da ich NextCloud in einer virt. Umgebung laufen habe, habe ich für OnlyOffice “install-onlyoffice.git” laut deiner Anleitung verwendet. Das hat auch sofort funktioniert, aber nur intern.
    Der DocumentServer wird jetzt unter 192.x.x.x gesucht und ist von außen nicht erreichbar.
    Muß ich den Documentserver per Portforwarding zugänglich machen, oder was ist hier sonst noch zu tun?

    sG
    Markus

  16. Reiner says:

    Hi Carsten,

    maybe it’s not necessary to copy the certificates. You could provide them as a docker volume and use the SSL_-environment variables of the onlyoffice docker container to point at them.
    You have to put the dhparam.pem into another folder then /etc/ssl/certs because onlyoffice requires a snake-oil-cert to run. Such a file might not be the standard OS folder.

    “`
    openssl dhparam -out /etc/nextcloud/dhparam.pem 4096

    docker run –name=ONLYOFFICEDOCKER -i -t -d -p 8443:443
    -v /etc/letsencrypt:/etc/letsencrypt:ro
    -v /etc/nextcloud:/etc/nextcloud:ro’
    -e JWT_ENABLED=’true’
    -e JWT_SECRET=’yoursecret’
    -e SSL_CERTIFICATE_PATH=/etc/letsencrypt/live/your.dedyn.io/fullchain.pem
    -e SSL_KEY_PATH=/etc/letsencrypt/live/your.dedyn.io/privkey.pem
    -e eSSL_DHPARAM_PATH=’/etc/nextcloud/dhparam.pem’
    –restart=always onlyoffice/documentserver
    “`

  17. Claudio Gonzales says:

    Hi

    Really nice tutorial.

    Having a small issue on my mature Ubuntu16.04/Nextcloud/ Setup. Nextcloud has been and still running properly.

    Docker is working, Nginx is working properly when restarted. (It is installed alongside Apache)

    I do have letsencrypt certs working properly, but I cannot open the “https://mysebsite.com:8443”, Chrome returning “ERR_SSL_PROTOCOL_ERROR” & “This site can’t provide a secure connection” error.

    Cannot connect using the ONLYOFFICE app within Nextoffice as well, returning a “Error when trying to connect (Bad Request or timeout error)”

    UFW has been opened for 8443. But I am getting through because of cert error. not connection error, I think.

    Am I missing something?

  18. Michael Leitner says:

    Hallo Carsten,

    herzlichen dank für die großartigen Tutorials!

    Ich habe nextcloud 13 auf Ubuntu 16 nach Ihrer Anleitung installiert und bin damit sehr glücklich. 🙂
    Vor kurzem habe ich Onlyoffice (lokal) installiert und bekomme leider immer nur folgende Meldung:
    “502 Bad Gateway nginx”. Bei einer meinenr vorherigen nextcloud installationen konnte ich die Verbindung
    problemlos herstellen.

    Über einen Tipp würde ich mich sehr freuen.

    Vielen Dank & mfG
    Michael

  19. Franko says:

    Hi Carsten

    ich habe mal versucht onlyoffice unter Debian zu installieren, aber leider klappt das nur bis zum er ersten reboot. danach ist onlyoffice von nextcloud nicht mehr erreichbar. Entweder liegt das an Docker oder an der nextloud conf ???

    MfG Franko

  20. kresh says:

    Hi,
    As before, onlyneoffice: 8443 does not open. When you create a new document(doc,and others), the site header opens, and there is no web form of the document
    error
    tail -f /var/log/nginx/nextcloud.error.log
    [error] 1333#1333: *58 access forbidden by rule, client: 192.168.0.1, server: cloud.dom.ru, request: “GET /data/.ocdata?t=1530530270351 HTTP/2.0”, host: “cloud.dom.ru”
    cat /var/lib/docker/…/out.log
    [WARN] nodeJS – update cluster with 1 workers
    [WARN] nodeJS – worker 663 started.

  21. olivier says:

    Hi Carsten,
    Like Allessandro i have the same issue when i reboot my VM nextcloud.
    docker log MYCONTAINER say :

    “Starting redis-server: redis-server.
    Starting supervisor: supervisord.
    * Starting nginx nginx [ OK ]
    Generating AllFonts.js, please wait…Done
    onlyoffice-documentserver:docservice: stopped
    onlyoffice-documentserver:docservice: started
    onlyoffice-documentserver:converter: stopped
    onlyoffice-documentserver:converter: started
    * Reloading nginx configuration nginx [ OK ]
    root@fde0b2213e09:/# * Starting PostgreSQL 9.5 database server [ OK ]
    * Starting RabbitMQ Messaging Server rabbitmq-server * FAILED – check /var/log/rabbitmq/startup_{log, _err}
    [fail]
    Starting redis-server: redis-server.
    Waiting for connection to the localhost host on port 5672
    Waiting for connection to the localhost host on port 5672

    The problem is that /var/log/rabitmg… don’t exist

    and If i restart de docker container it’s ok, onlyoffice is working.

    I founded this solution, but i don’t understand how to do (https://github.com/ONLYOFFICE/Docker-DocumentServer/issues/92#issuecomment-381528225)

    Thanks,
    Olivier

  22. kresh says:

    According to your manual, I installed and successfully launched nextcloud, installed onlyoffice, but the welcome page onlyoffice does not open in the web browser, I get an error in the applet for connection. An error occurred while trying to connect (Query error or timeout)

    • how did you call the welcome-page – please provide the url. Did you configure self-signed certificates or e.g. LE certificates to the ONLYOFFICE docker?

      • kresh says:

        link to my cloud resource https://cloud.hldns.ru/ .
        self-signed certificates for OO I did not configure, indicated the certificate nexcloud as described in your article

        • kresh says:

          Create a folder and copy your ssl data:
          Full path to certificates ОО
          /app/onlyoffice/DocumentServer/data or /var/www/nextcloud/apps/onlyoffice/DocumentServer/data/certs ???

          • Create the folder as root:
            mkdir -p /app/onlyoffice/DocumentServer/data/certs

            copy your lets encrypt certificates or self signed certificates:
            cp /etc/letsencrypt/live/your.dedyn.io/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
            cp /etc/letsencrypt/live/your.dedyn.io/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt

            copy your diff.-h.- key:
            cp /etc/ssl/certs/dhparam.pem /app/onlyoffice/DocumentServer/data/certs/dhparam.pem

            Change permissions:
            chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key

          • kresh says:

            I checked the certificate files in the settings nextcloud of the OO add-on, connected by specifying the address of the document server and the key. Proliferation has occurred. But 1. when creating a new document, a blank page opens. The document server is still not available from the browser by the name of the site: 8443

  23. kresh says:

    Configured Nexcloud-works, installed onlyoffice-errors with no logs. When accessing the site name in the browser: https: // name: 8443 -I can not access the site. If you specify the Address of the document editing service, an error occurs: “An error occurred while trying to connect (Request or timeout error)
    ONLYOFFICE “

  24. Jan says:

    Hi Carsten,

    first of all: thanks for this guide.

    Only two notes:
    1. The stable branch of Docker is now available for 18.04, so you now can use: sed -i ‘$adeb https://download.docker.com/linux/ubuntu bionic stable’ /etc/apt/sources.list
    2. What about the security? It seems that your OnlyOffice instance is reachable from the internet (https://your.dedyn.io:8443). When someone finds out the actual URL, then he could use your OO instance. To avoid this, you should use the parameters JWT_ENABLED and JWT_SECRET. This way, no one could use your OO instance without knowledge of the JWT secret (you’ll receive an error message when trying to add the OO connection in the Nextcloud app). On the other hand: When adding “‘verify_peer_off’ => true,” to the Nextcloud config, the certificate of the OO server can also be a self signed certificate. After applying a self signed cert, you could also use the URL https://192.168.2.118:8443 when adding OO to Nextcloud. This way, all the traffic to the OO instance would the limited to your local network and there should be no need to apply a port forwarding in your router.

    Best regards,
    Jan

  25. Alessandro says:

    Hi, after a reboot docker is restarted automatically, but the server is not reachable to port 8443, i have to remove and recreate the container. any hints?

    Thanks

    • To be honest: no! Any other tool that established a connection to 8443? UFW configured properly (ufw allow 8443/tcp)? I assume you start the docker as i described?

      • Alessandro says:

        yes, followed the guide step by step. Clean install of Ubuntu 18.04, next installed with your 2 script (nextcloud and let’s encrypt) and next this guide. UFW configured properly. fail2ban not listing any ip.

  26. olivier says:

    Hi Carsten,
    So nice your tuto !
    is it possible to put the lines “copy/paste ssl certs” in the renewal.sh (https://www.c-rieger.de/nextcloud-installation-guide-advanced/#c11) ?
    Thanks,
    Olivier

    • Yes, you find the modified script below:
      #!/bin/bash
      cd /etc/letsencrypt
      letsencrypt renew
      result=$(find /etc/letsencrypt/live/ -type l -mtime -1 )
      if [ -n "$result" ]; then
      /usr/sbin/service nginx stop
      cp /etc/letsencrypt/live/your.dedyn.io/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
      cp /etc/letsencrypt/live/your.dedyn.io/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
      chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
      /usr/sbin/service mysql restart
      /usr/sbin/service redis-server restart
      /usr/sbin/service php7.2-fpm restart
      /usr/sbin/service nginx restart
      alias oo='docker ps -l -q'
      docker restart `oo`
      fi
      exit 0

      You only have to substitute “your.dedyn.io” with your ddns. I added the script to this blog yet.

Leave a Reply

Your email address will not be published. Required fields are marked *