Table of Contents
ONLYOFFICE
Setup
Dependencies
apt install rabbitmq-server curl gpg default-mysql-client libcurl4 libxml2 fonts-dejavu fonts-liberation ttf-mscorefonts-installer fonts-crosextra-carlito fonts-takao-gothic fonts-opensymbol nginx nginx-extras redis-server redis-tools
Keyring
mkdir -p -m 755 /etc/apt/keyrings curl -fsSL https://download.onlyoffice.com/GPG-KEY-ONLYOFFICE | gpg --dearmor -o /etc/apt/keyrings/onlyoffice.gpg
Packages
echo "deb [signed-by=/etc/apt/keyrings/onlyoffice.gpg] https://download.onlyoffice.com/repo/debian squeeze main" | sudo tee /etc/apt/sources.list.d/onlyoffice.list
Install
apt update apt full-upgrade apt install onlyoffice-documentserver
MySQL
Server
CREATE DATABASE IF NOT EXISTS onlyoffice CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_520_ci; CREATE USER IF NOT EXISTS 'onlyoffice'@'X.X.X.X' IDENTIFIED BY 'PASSWORD'; GRANT ALL ON onlyoffice.* TO 'onlyoffice'@'X.X.X.X' WITH GRANT OPTION; FLUSH PRIVILEGES;
Client
mysql -uonlyoffice -p -hX.X.X.X onlyoffice < /var/www/onlyoffice/documentserver/server/schema/mysql/createdb.sql
Document server
Secret key
openssl rand -hex 32
Config
Backup
cd /etc/onlyoffice/documentserver cp local.json local.json.dist
Local
cd /etc/onlyoffice
local.json.sh
#! /bin/bash
cat << 'EOF' > /etc/onlyoffice/documentserver/local.json
{
"services": {
"CoAuthoring": {
"sql": {
"type": "mysql",
"dbHost": "X.X.X.X",
"dbPort": "3306",
"dbName": "onlyoffice",
"dbUser": "onlyoffice",
"dbPass": "SECRET"
},
"token": {
"enable": {
"request": {
"inbox": true,
"outbox": true
},
"browser": true
}
},
"secret": {
"inbox": { "string": "SECRET" },
"outbox": { "string": "SECRET" },
"session": { "string": "SECRET" }
}
}
},
"storage": {
"fs": {
"secretString": "SECRET"
}
},
"rejectUnauthorized": true
}
EOF
chown ds:ds /etc/onlyoffice/documentserver/local.json
chmod 640 /etc/onlyoffice/documentserver/local.json
chmod +x /etc/onlyoffice/local.json.sh
service
mkdir -p /etc/systemd/system/ds-docservice.service.d cd /etc/systemd/system/ds-docservice.service.d
override.conf
[Service] PermissionsStartOnly=true ExecStartPre=/etc/onlyoffice/local.json.sh
systemd
systemctl daemon-reload systemctl restart ds-docservice ds-converter
NGINX
usermod -aG ds www-data
include /etc/nginx/includes/http-common.conf;
server {
listen 127.0.0.1:80;
listen [::1]:80;
server_name localhost;
server_tokens off;
set $secure_link_secret "SECRET";
include /etc/nginx/includes/ds-common.conf;
include /etc/nginx/includes/ds-docservice.conf;
}
server {
listen [XXX::]:443 ssl;
http2 on;
server_name office.example.com;
server_tokens off;
set $secure_link_secret "SECRET";
root /usr/share/nginx/html;
access_log /var/log/nginx/office.example.com/access.log;
error_log /var/log/nginx/office.example.com/error.log;
ssl_certificate /var/www/ssl/office.example.com/fullchain.pem;
ssl_certificate_key /var/www/ssl/office.example.com/key.pem;
ssl_verify_client off;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Content-Type-Options nosniff;
include /etc/nginx/includes/ds-*.conf;
}
Nextcloud
sudo -u www-data php occ app:disable richdocuments richdocuments 10.1.3 disabled sudo -u www-data php occ app:enable onlyoffice onlyoffice 10.0.0 enabled
