How to install an OnlyOffice document server

In a previous post (Setup NextCloud in a FreeNAS Jail With SSL) I described how to install and set up a personal cloud server.  In this tutorial, I going to show you how to set up an OnlyOffice document server instance that will allow you to edit your documents online.

To find out more about OnlyOffice then why not watch the short video below.

Before you start you will require the following:

  • You are going to need a valid DNS entry. For the purposes of this tutorial, I will use No-IP as I already have an enhanced account with them An instance of Ubuntu server 16.04 as a virtual machine on your FreeNAS server.
  • You will also need a valid SSL certificate. Now you could go self-signed, however, I would suggest using Lets-Encrypt. It’s free and it does the job really well.
  • You are going to need a valid DNS entry. For the purposes of this tutorial, I will use No-IP as I already have an enhanced account with them.

Document server dependancies

OnlyOffice document server also has some dependencies which will need to be installed first, These being.

  • NODEjs
  • Postgresql Server
  • NGINX
  • A repo will also need to be configured for the ttf-mscorefonts-installer packages NODEjs

Install the repo for MS core fonts

To install the repo use the following commands:

echo "deb http://archive.ubuntu.com/ubuntu precise main universe multiverse" | sudo tee -a /etc/apt/sources.list curl -sL https://deb.nodesource.com/setup_6.x | sudo bash -

Install postgresql

Postgresql can be easily installed with the folowing command:

sudo apt-get install postgresql

For the purposes of this tutorial I will use the default database should be called onlyoffice. The username and password should also be onlyoffice.

Now you will have to create the database with the following commands:

sudo -u postgres psql -c "CREATE DATABASE onlyoffice;"
sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"

Install Redis

Redis is basically a database cache and can be installed with:

sudo apt-get install redis-server

Install Rabbitmq

Again installing rabbitmq is easy to install with a single command line:

sudo apt-get install rabbitmq-server

Install onlyoffice document server

The final steps of the install process are to install the document server. So you will need to install it’s repo and GPG key:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5 
sudo echo "deb http://download.onlyoffice.com/repo/debian squeeze main" | 
sudo tee /etc/apt/sources.list.d/onlyoffice.list

Once this is installed you can update the packages and install the document server with:

sudo apt-get update && apt-get install onlyoffice-documentserver

After the install is complete you can test the initial setup using the hostname that you setup when installing the ubuntu server at the beginning of this tutorial.

Enter the IP address of the document server into your browser and all things going well you should see the welcome screen.

Securing the server

That’s the document server setup to run over port 80 or port 8080, however, these ports are insecure. That’s fine if you are running the nextcloud server as HTTP either behind a reverse proxy or a VPN. However, if your nextcloud server is running as https (which is good practice) then the document server will have to run as https as well.

For the document server to run with NextCloud then both servers need to run with security certificates. Now if you followed the guides for either the FreeNAS Jail setup or the Apache VM setup then you already have half the job done as you will have applied certificates to these servers. What you need to do now is add a certificate to the document server.

To start the configuration to get the security certificates installed go to the following directory:

sudo nano /etc/nginx/conf.d/onlyoffice-documentserver.conf

You need to delete everything from this file and then add the following, make sure that you edit the areas in bold text so that they reflect your hostname and SSL certificate locations:

include /etc/nginx/includes/onlyoffice-http.conf; 
## Normal HTTP host
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name onlyoffice.yourdomain.tld;
server_tokens off;
## Redirects all traffic to the HTTPS host root /nowhere;
## root doesn't have to be a valid path since we are redirecting rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server
{
listen 127.0.0.1:80;
listen [::1]:80; server_name localhost;
server_tokens off;
include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}
## HTTPS host
server
{
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl default_server;
server_name onlyoffice.yourdomain.tld;
server_tokens off;
root /var/www/html;

ssl on;
ssl_certificate /etc/letsencrypt/live/onlyoffice.yourdomain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/onlyoffice.yourdomain.tld/privkey.pem;

ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES12$
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Content-Type-Options nosniff;

###### The lines below will allow LetsEncrypt and/or Certbot to obtain & renew SSL certificates
location ~ /.well-known/acme-challenge {
root /var/www/onlyoffice/;
allow all;
}
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}

Save and exit with CTRL and X and then restart the server with.

sudo systemctl restart nginx

Followed by:

sudo systemctl restart supervisor

Now browse to you server with https:// to your chosen domain name. That’s you setup the document server. The last piece of work is to enable the OnlyOffice plugin from inside NextCloud and add the hostname for the document server in the Document Editing Service Address field and you are good to go.