Nextcloud 15 and ONLYOFFICE (NGINX)

Please verify your config.php – in previous versions of this guide i had a typo!


Last Updates:

October, 10thth 2018:
– added a new nginx.conf and made ammendments to the version series


Guides for Onlyoffice…

  1. on a separate server (not the Nextcloud one) or lxc using one shell script only
  2. or using docker on the Nextcloud server

1. Onlyoffice on a separate (NOT the Nextcloud one) server or lxc using one shell script only

If you are on Ubuntu 18.04 LTS:

sudo -s
apt install git -y
cd /usr/local/src
git clone https://github.com/riegercloud/install-onlyoffice.git
cd install-onlyoffice/
chmod +x install-onlyoffice.sh
./install-onlyoffice.sh

The script will perform the installation fully automated except one question regarding the PostgreSQL password:

Please enter

onlyoffice

and enter to go ahead with the script. Be patient and if your prompt is back just call your Onlyoffice in your browser:

https://192.168.2.234

If the Onlyoffice welcome page appears

we will enhance the config.php

sudo -u www-data vi /var/www/nexcloud/config/config.php

and add

'onlyoffice' => array ( 'verify_peer_off' => TRUE, ),

before the last row of the config.php.

... 
'onlyoffice' =>
array (
'verify_peer_off' => TRUE,
),
);

Enable the Onlyoffice app within Nextclouds Appstore and set the proper URL to your new Onlyoffice server(https://192.168.234/) as exemplarily shown

From now your office documents can be created, reviewed or edited within your own and secure Nextcloud.


2. Alternatively (using docker on the same server) start with the preparation of …

(1) … your router

Open a fourth TCP port in particular for OnlyOffice: 8443 in your router.

(2) … your ufw firewall

ufw allow 8443/tcp

(3) … your docker environment

apt remove docker docker-engine docker.io
apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sed -i '$adeb https://download.docker.com/linux/ubuntu bionic stable' /etc/apt/sources.list
apt update && apt install docker-ce -y

Please ensure, docker is now running properly e.g. by issuing

docker run hello-world

Then start downloading and install the ONLYOFFICE Documentserver:

docker pull onlyoffice/documentserver

Wait for about 650 MB of downloaded binaries and modify your NGINX configuration properly.

Make ammendments to your NGINX configuration:

vi /etc/nginx/nginx.conf

Copy/paste the upstream onlyoffice-docker or the entire nginx.conf file:

user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
server_names_hash_bucket_size 64;
upstream onlyoffice-docker {
server 127.0.0.1:8443;
}
upstream php-handler {
server unix:/run/php/php7.2-fpm.sock;
}
set_real_ip_from 127.0.0.1;
set_real_ip_from 192.168.2.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
include /etc/nginx/mime.types;
include /etc/nginx/proxy.conf;
include /etc/nginx/ssl.conf;
include /etc/nginx/header.conf;
include /etc/nginx/optimization.conf;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'"$host" sn="$server_name" '
'rt=$request_time '
'ua="$upstream_addr" us="$upstream_status" '
'ut="$upstream_response_time" ul="$upstream_response_length" '
'cs=$upstream_cache_status' ;
access_log /var/log/nginx/access.log main;
sendfile on;
send_timeout 3600;
tcp_nopush on;
tcp_nodelay on;
open_file_cache max=500 inactive=10m;
open_file_cache_errors on;
keepalive_timeout 65;
reset_timedout_connection on;
server_tokens off;
resolver 208.67.222.222 valid=30s;
resolver_timeout 5s;
include /etc/nginx/conf.d/*.conf;
}

HINT (for self signed ssl environments only!):
Enhance your Nextcloud config.php by issuing
sudo -u www-data vi /var/www/nextcloud/config/config.php
and paste the following rows before the last );
...
'onlyoffice' =>
array (
'verify_peer_off' => TRUE,
),
);

Restart your PHP and Webserver by issuing

service php7.2-fpm restart && service nginx restart

Create a folder and copy your ssl data:

mkdir -p /app/onlyoffice/DocumentServer/data/certs
cp /etc/letsencrypt/live/your.dedyn.io/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
cp /etc/letsencrypt/live/your.dedyn.io/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
cp /etc/ssl/certs/dhparam.pem /app/onlyoffice/DocumentServer/data/certs/dhparam.pem
chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
HINT (for Let's Encrypt renewals only!):
If your Let's Encrypt ssl certificates will be renewed you have to copy the new certificates again and restart your docker or use this renewal.sh to embed in your crontab:

#!/bin/bash
cd /etc/letsencrypt
letsencrypt renew
result=$(find /etc/letsencrypt/live/ -type l -mtime -1 )
if [ -n "$result" ]; then
/usr/sbin/service nginx stop
cp /etc/letsencrypt/live/your.dedyn.io/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
cp /etc/letsencrypt/live/your.dedyn.io/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
/usr/sbin/service mysql restart
/usr/sbin/service redis-server restart
/usr/sbin/service php7.2-fpm restart
docker restart ONLYOFFICEDOCKER
/usr/sbin/service nginx restart 
fi
exit 0

Then start the docker image by issuing the following statement (1 row):

docker run --name=ONLYOFFICEDOCKER -i -t -d -p 8443:443 -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -e JWT_ENABLED='true' -e JWT_SECRET='yoursecret' --restart=always onlyoffice/documentserver

Call your server and enjoy your ONLYOFFICE Documentserver response:

https://your.dedyn.io:8443

Logon to your Nextcloud as your administrator and enable the ONLYOFFICE app.

Switch to the Settings and fill in your Nextcloud domain and the port 8443 (https://your.dedyn.io:8443) as shown examplarily. Add your yoursecret in the advanced section of the ONLYOFFICE configuration panel:

From now, you can create and edit office documents directly in your Nextcloud instance.

 

Enjoy your ONLYOFFICE documents in your secured and hardened Nextcloud-Server!


Enjoy your personal data in your secured and hardened Nextcloud-Server!

Don’t forget to backup your Nextcloud

Find more instructions here: Nextcloud Backup and Restore



Carsten Rieger


Usefull docker-things:

Status of docker container:

docker ps
docker image list

Issuing updates for ONLYOFFICE:

docker ps
docker stop <id from "docker ps">
docker pull onlyoffice/documentserver
docker rm <id from "docker ps">
docker run -i -t -d -p 8443:443 --restart=always -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver
service nginx restart

Amount of used docker space:

docker system df

Reclaim space:

docker system prune

This will remove:
– all stopped containers
– all networks not used by at least one container
– all dangling images
– all build cache


Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 13 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 6 years.

52 Responses

  1. Jeff Gregory says:

    Hello Carsten,

    I ran your script to install Onlyoffice but ran into this problam once it finished:

    Dec 13 18:24:16 onlyoffice systemd[1]: Starting A high performance web server and a reverse proxy server…
    Dec 13 18:24:16 onlyoffice nginx[30714]: nginx: [emerg] a duplicate default server for [::]:80 in /etc/nginx/sites-enabled/default:23
    Dec 13 18:24:16 onlyoffice nginx[30714]: nginx: configuration file /etc/nginx/nginx.conf test failed
    Dec 13 18:24:16 onlyoffice systemd[1]: nginx.service: Control process exited, code=exited status=1
    Dec 13 18:24:16 onlyoffice systemd[1]: nginx.service: Failed with result ‘exit-code’.
    Dec 13 18:24:16 onlyoffice systemd[1]: Failed to start A high performance web server and a reverse proxy server.

    nginx fails on restart and I cannot reach the document server, obviously because it couldn’t restart.

  2. Chito says:

    Hi Carsten,

    Can we use this guide on and odroidc2 also? or is this only for amd64 architecture?

    Thank you for all your superbly wonderful guides….

  3. Karsten says:

    Hallo Carsten,

    vielen Dank für Deine tollen Tutorials. Für einen absoluten Linux Anfänger (halt in der Win Welt aufgewachsen) waren bis zu einem erreichbaren OnlyOffice einige Hürden zu überwinden, man sagt ja nicht umsonst, dass es “cut & past” statt “copy and I don’t understand” heißt.

    Eine Anmerkung habe ich noch.

    Wer erstmalig einen Linux Server aufsetzt muss sich mit einigen Eigenheiten auseinandersetzen, die Schlimmste in diesem Zusammenhang war das Verhalten des lokalen DNS in Verbindindung mit dem systemd, der lauscht nämlich auf 127.0.0.53:53 und liefert nicht die in dem von mir mittels bind9 konfigurierten forward lookup Zonen. Alle normalen Tests klappen, nur der OnlyOffice Container erhält über den systemd Teil die öffentliche IP der Domain. Durch eine DMZ mit NAT wird dann Nextcloud nicht mehr erreicht.

    Viele Grüße

    Karsten

  4. Vlad says:

    Hello!

    Real thank you for all manuals you share here. They are excellent.

    But I tried to make NC + OO (docker version) . Everything alrigth through installation but I have an error ERR_CONNECTION_REFUSED in every browser in local and from another place with another external ip.

    Looked into iptables -L -n – there are no entrys for any ip
    tried another port (ex: 1501) and have the same situation..

  5. Roman says:

    Hallo Carsten,
    super Scripte. Vielen Dank, hat bestens funktioniert.

    Eine Frage habe ich aber noch.
    Ich möchte die Subdomain ändern unter der Nextcloud + Onlyoffice erreichbar sind.
    Als absoluter Linuxnoob dachte ich, dass es reicht, wenn ich:

    – eine neue Subdomain anlege
    – nochmal /usr/local/src/install-nextcloud/ssl-certificate.sh starte
    – die oben beschrieben Copy&Paste Schritte nochmal durchführe
    – und dann tuts hoffentlich – was nicht der Fall war.

    Beim Versuch Onlyoffice über die neue Subdomain zu verbinden kommt trotz erreichbarer Welcomepage folgender Fehler:
    ” Fehler aufgetreten: Error while downloading the document file to be converted.”

    Nach einem Neustart des Servers behauptet Firefox, dass das Zertifikat unsicher sein und lässt mich nichmal eine Ausnahme anlegen.

    Wie macht man das richtig?

    Grüßle
    Roman

    • Sofern der NGINX korrekt eingerichtet wurde, so muss man nur diesen LetsEncrypt-Befehl um die Domäne ergänzen:
      letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt --rsa-key-size 4096 -d YOUR.DEDYN.IO -d YOURSECOND.DEDYVM.IO
      LetsEncrypt erkennt das existierende Zertifikat und fragt, ob dieses erweitert werden soll: (E)xpand

      • Roman says:

        Danke, funktioniert. Habe noch eine kleine Änderung an der Domain vorgenommen und das DynDNS durch einen CNAME auf die erste Domain ersetzt. Spiel für das Zertifikat aber keine Rolle. Das grüne Schloss ist da 😉

  6. Roland Andersson says:

    Sorry for my earlier post. There was an odd letternot visible in front of the *onlyoffice’
    Forget it.

  7. Roland Andersson says:

    I revised the config.php file according to the description. I copy and pasted the lines. Now I get an error in NC logg.
    “Error PHP Unexpected character in input: ‘’ (ASCII=127) state=0 at /var/www/nextcloud/config/config.php#81”
    Line 81 is ‘onlyoffice’ =>
    ??

  8. Ludgerus says:

    Hallo Carsten,

    super Anleitung wie immer alles vom feinsten 🙂

    Onlyoffice läuft nach der Installation einwandfrei, Docker zeigt auch keine Fehler.
    Jedoch erscheint folgende Fehlermeldung nach Neustart des Servers:

    ONLYOFFICE cannot be reached. Please contact admin

    Alle üblichen Verdächtigen hab ich im Rahmen meiner beschiedenen Fähigkeiten schon kontrolliert.
    Nach Neuinstallation vom Docker Container läuft es wieder bis zum Nächsten Neustart.

    Kannst du helfen?

    Danke Ludgerus

    • Ludgerus says:

      Hallo Carsten,

      ich habe mein Problem gelöst (hoffentlich 🙂 ).

      1. Im Router Ipv6 ausgeschaltet.
      2. nach Anleitung den lokalen DNS Server angegeben.

      https://helpcenter.onlyoffice.com/server/docker/document/docker-installation.aspx

      Docker specifies Google DNS servers by default. If your Document Server is not going to have access to the Internet, we recommend that you change the default Docker DNS address to the address
      of your local DNS server. To do that go to the /etc/default/docker file and change the IP address in the following line to the IP address of a DNS server in your local network:

      docker_OPTS=”–dns 192.168.x.x”

      Danach ist OnlyOffice neustart stabil erreichbar.

      Gibt es eine Möglichkeit das Docker Image so zustarten das Ipv4 und Ipv6 parallel funktionieren?

      MfG Ludgerus

      • Jens says:

        Hallo,

        ich habe das ohne Änderung an IP und Docker so gelöst:

        nano /root/startdocker.sh

        docker stop ONLYOFFICEDOCKER
        docker rm ONLYOFFICEDOCKER
        service php7.2-fpm restart && service nginx restart
        docker run –name=ONLYOFFICEDOCKER -i -t -d -p 8443:443 -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data -e JWT_ENABLED=’true’ -e JWT_SECRET=’PASSWORT’ –restart=always onlyoffice/documentserver

        chmod +x /root/startdocker.sh

        crontab -e
        @reboot /root/startdocker.sh > /dev/null 2>&1

        reboot

  9. Bhavin Patel says:

    I tired to install only office with this guide. I have done installation on basis of 2. Alternatively (using docker on the same server) start with the preparation of …

    While running below command

    cp /etc/ssl/certs/dhparam.pem /app/onlyoffice/DocumentServer/data/certs/dhparam.pem

    I get error as below:

    cp: cannot stat ‘/etc/ssl/certs/dhparam.pem’: No such file or directory

    To give background I have installed next cloud on server with help of below guide which is also prepared by you

    https://www.c-rieger.de/spawn-your-nextcloud-server-using-one-shell-script/

    • no worries: create the dhparam file
      screen -S dhparam
      openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096

      as described here. But please be patient – this will take a few minutes!

      • Bhavin Patel says:

        Thanks for reply..

        I got things worked out..

        Just one question. .

        In nginx config file is it necessary to keep same resolver iP as given in script above?

        I tired with different iP but then document server at 8443 port not work but next cloud works

  10. Franko says:

    Hallo Carsten

    ich habe Onlyoffice in einer VM unter Proxmox, leider läuft sie dort mit hoher CPU last!? 1x CPU 95% mit 2x CPU 50%, in der “Echten CPU” macht da ca 4-6 % im Leerlauf aus. Google hat mir hier nicht weiter geholfen 🙁
    Hat hier noch einer eine Idee?

    MfG Franko

    • Hallo Franko. Du bist der Zweite, den ich mit diesem Phänomen kenne. Bitte öffne ein Ticket bei OnlyOffice und sei so nett, hier die Ticket-Nr. anzugeben. Das wird vermutlich mehreren so gehen und somit auch interessieren?! Danke und Grüße, Carsten

      • Franko says:

        Hallo Carsten

        es gab Grade ein update -> squeeze 5.2.0-195 amd64 [upgradable from: 5.1.5-59] seitdem läuft es in lxc unter Proxmox mit 2 Vcpu und 6 GB Ram mit 0.35 -1.20% CPU Auslastung im Leerlauf.

        • Franko says:

          ein Problem hab ich noch 😉

          Wenn ich Onlyoffice im Heimnetzwerk verwende Funktioniert das ohne Probleme, wenn ich es außerhalb (Arbeit) verwende bekomme ich folgen Fehlermeldung:

          ONLYOFFICE cannot be reached. Please contact admin

          PS seit dem Update auf 5.2 ist die CPU last OK

          MfG Franko

  11. Markus says:

    Hallo Carsten,

    vorab danke für deine tollen Anleitungen.

    Da ich NextCloud in einer virt. Umgebung laufen habe, habe ich für OnlyOffice “install-onlyoffice.git” laut deiner Anleitung verwendet. Das hat auch sofort funktioniert, aber nur intern.
    Der DocumentServer wird jetzt unter 192.x.x.x gesucht und ist von außen nicht erreichbar.
    Muß ich den Documentserver per Portforwarding zugänglich machen, oder was ist hier sonst noch zu tun?

    sG
    Markus

  12. Reiner says:

    Hi Carsten,

    maybe it’s not necessary to copy the certificates. You could provide them as a docker volume and use the SSL_-environment variables of the onlyoffice docker container to point at them.
    You have to put the dhparam.pem into another folder then /etc/ssl/certs because onlyoffice requires a snake-oil-cert to run. Such a file might not be the standard OS folder.

    “`
    openssl dhparam -out /etc/nextcloud/dhparam.pem 4096

    docker run –name=ONLYOFFICEDOCKER -i -t -d -p 8443:443
    -v /etc/letsencrypt:/etc/letsencrypt:ro
    -v /etc/nextcloud:/etc/nextcloud:ro’
    -e JWT_ENABLED=’true’
    -e JWT_SECRET=’yoursecret’
    -e SSL_CERTIFICATE_PATH=/etc/letsencrypt/live/your.dedyn.io/fullchain.pem
    -e SSL_KEY_PATH=/etc/letsencrypt/live/your.dedyn.io/privkey.pem
    -e eSSL_DHPARAM_PATH=’/etc/nextcloud/dhparam.pem’
    –restart=always onlyoffice/documentserver
    “`

  13. Claudio Gonzales says:

    Hi

    Really nice tutorial.

    Having a small issue on my mature Ubuntu16.04/Nextcloud/ Setup. Nextcloud has been and still running properly.

    Docker is working, Nginx is working properly when restarted. (It is installed alongside Apache)

    I do have letsencrypt certs working properly, but I cannot open the “https://mysebsite.com:8443”, Chrome returning “ERR_SSL_PROTOCOL_ERROR” & “This site can’t provide a secure connection” error.

    Cannot connect using the ONLYOFFICE app within Nextoffice as well, returning a “Error when trying to connect (Bad Request or timeout error)”

    UFW has been opened for 8443. But I am getting through because of cert error. not connection error, I think.

    Am I missing something?

  14. Michael Leitner says:

    Hallo Carsten,

    herzlichen dank für die großartigen Tutorials!

    Ich habe nextcloud 13 auf Ubuntu 16 nach Ihrer Anleitung installiert und bin damit sehr glücklich. 🙂
    Vor kurzem habe ich Onlyoffice (lokal) installiert und bekomme leider immer nur folgende Meldung:
    “502 Bad Gateway nginx”. Bei einer meinenr vorherigen nextcloud installationen konnte ich die Verbindung
    problemlos herstellen.

    Über einen Tipp würde ich mich sehr freuen.

    Vielen Dank & mfG
    Michael

  15. Franko says:

    Hi Carsten

    ich habe mal versucht onlyoffice unter Debian zu installieren, aber leider klappt das nur bis zum er ersten reboot. danach ist onlyoffice von nextcloud nicht mehr erreichbar. Entweder liegt das an Docker oder an der nextloud conf ???

    MfG Franko

  16. kresh says:

    Hi,
    As before, onlyneoffice: 8443 does not open. When you create a new document(doc,and others), the site header opens, and there is no web form of the document
    error
    tail -f /var/log/nginx/nextcloud.error.log
    [error] 1333#1333: *58 access forbidden by rule, client: 192.168.0.1, server: cloud.dom.ru, request: “GET /data/.ocdata?t=1530530270351 HTTP/2.0”, host: “cloud.dom.ru”
    cat /var/lib/docker/…/out.log
    [WARN] nodeJS – update cluster with 1 workers
    [WARN] nodeJS – worker 663 started.

  17. olivier says:

    Hi Carsten,
    Like Allessandro i have the same issue when i reboot my VM nextcloud.
    docker log MYCONTAINER say :

    “Starting redis-server: redis-server.
    Starting supervisor: supervisord.
    * Starting nginx nginx [ OK ]
    Generating AllFonts.js, please wait…Done
    onlyoffice-documentserver:docservice: stopped
    onlyoffice-documentserver:docservice: started
    onlyoffice-documentserver:converter: stopped
    onlyoffice-documentserver:converter: started
    * Reloading nginx configuration nginx [ OK ]
    root@fde0b2213e09:/# * Starting PostgreSQL 9.5 database server [ OK ]
    * Starting RabbitMQ Messaging Server rabbitmq-server * FAILED – check /var/log/rabbitmq/startup_{log, _err}
    [fail]
    Starting redis-server: redis-server.
    Waiting for connection to the localhost host on port 5672
    Waiting for connection to the localhost host on port 5672

    The problem is that /var/log/rabitmg… don’t exist

    and If i restart de docker container it’s ok, onlyoffice is working.

    I founded this solution, but i don’t understand how to do (https://github.com/ONLYOFFICE/Docker-DocumentServer/issues/92#issuecomment-381528225)

    Thanks,
    Olivier

  18. kresh says:

    According to your manual, I installed and successfully launched nextcloud, installed onlyoffice, but the welcome page onlyoffice does not open in the web browser, I get an error in the applet for connection. An error occurred while trying to connect (Query error or timeout)

    • how did you call the welcome-page – please provide the url. Did you configure self-signed certificates or e.g. LE certificates to the ONLYOFFICE docker?

      • kresh says:

        link to my cloud resource https://cloud.hldns.ru/ .
        self-signed certificates for OO I did not configure, indicated the certificate nexcloud as described in your article

        • kresh says:

          Create a folder and copy your ssl data:
          Full path to certificates ОО
          /app/onlyoffice/DocumentServer/data or /var/www/nextcloud/apps/onlyoffice/DocumentServer/data/certs ???

          • Create the folder as root:
            mkdir -p /app/onlyoffice/DocumentServer/data/certs

            copy your lets encrypt certificates or self signed certificates:
            cp /etc/letsencrypt/live/your.dedyn.io/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
            cp /etc/letsencrypt/live/your.dedyn.io/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt

            copy your diff.-h.- key:
            cp /etc/ssl/certs/dhparam.pem /app/onlyoffice/DocumentServer/data/certs/dhparam.pem

            Change permissions:
            chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key

          • kresh says:

            I checked the certificate files in the settings nextcloud of the OO add-on, connected by specifying the address of the document server and the key. Proliferation has occurred. But 1. when creating a new document, a blank page opens. The document server is still not available from the browser by the name of the site: 8443

  19. kresh says:

    Configured Nexcloud-works, installed onlyoffice-errors with no logs. When accessing the site name in the browser: https: // name: 8443 -I can not access the site. If you specify the Address of the document editing service, an error occurs: “An error occurred while trying to connect (Request or timeout error)
    ONLYOFFICE “

  20. Jan says:

    Hi Carsten,

    first of all: thanks for this guide.

    Only two notes:
    1. The stable branch of Docker is now available for 18.04, so you now can use: sed -i ‘$adeb https://download.docker.com/linux/ubuntu bionic stable’ /etc/apt/sources.list
    2. What about the security? It seems that your OnlyOffice instance is reachable from the internet (https://your.dedyn.io:8443). When someone finds out the actual URL, then he could use your OO instance. To avoid this, you should use the parameters JWT_ENABLED and JWT_SECRET. This way, no one could use your OO instance without knowledge of the JWT secret (you’ll receive an error message when trying to add the OO connection in the Nextcloud app). On the other hand: When adding “‘verify_peer_off’ => true,” to the Nextcloud config, the certificate of the OO server can also be a self signed certificate. After applying a self signed cert, you could also use the URL https://192.168.2.118:8443 when adding OO to Nextcloud. This way, all the traffic to the OO instance would the limited to your local network and there should be no need to apply a port forwarding in your router.

    Best regards,
    Jan

  21. Alessandro says:

    Hi, after a reboot docker is restarted automatically, but the server is not reachable to port 8443, i have to remove and recreate the container. any hints?

    Thanks

    • To be honest: no! Any other tool that established a connection to 8443? UFW configured properly (ufw allow 8443/tcp)? I assume you start the docker as i described?

      • Alessandro says:

        yes, followed the guide step by step. Clean install of Ubuntu 18.04, next installed with your 2 script (nextcloud and let’s encrypt) and next this guide. UFW configured properly. fail2ban not listing any ip.

  22. olivier says:

    Hi Carsten,
    So nice your tuto !
    is it possible to put the lines “copy/paste ssl certs” in the renewal.sh (https://www.c-rieger.de/nextcloud-installation-guide-advanced/#c11) ?
    Thanks,
    Olivier

    • Yes, you find the modified script below:
      #!/bin/bash
      cd /etc/letsencrypt
      letsencrypt renew
      result=$(find /etc/letsencrypt/live/ -type l -mtime -1 )
      if [ -n "$result" ]; then
      /usr/sbin/service nginx stop
      cp /etc/letsencrypt/live/your.dedyn.io/privkey.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
      cp /etc/letsencrypt/live/your.dedyn.io/fullchain.pem /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
      chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
      /usr/sbin/service mysql restart
      /usr/sbin/service redis-server restart
      /usr/sbin/service php7.2-fpm restart
      /usr/sbin/service nginx restart
      alias oo='docker ps -l -q'
      docker restart `oo`
      fi
      exit 0

      You only have to substitute “your.dedyn.io” with your ddns. I added the script to this blog yet.

Leave a Reply

Your email address will not be published. Required fields are marked *