ONLYOFFICE Setup Guide

(lightbulb)We recommend using the Docker Version, since it is the easiest way to repair or upgrade an existing installation.

Install Docker

apt-get install docker.io

Supported ONLYOFFICE version with PowerFolder Server


Server Type

ONLYOFFICE Docs™ Enterprise Edition (EE) is compatible with PFS, the licence can be purchased directly from PowerFolder Sales.

Latest tested version ONLYOFFICE Docs™ Enterprise Edition v8.X

(warning) We recommend not to use any newer version until it's marked here as "tested" as we can not support versions, which have not been tested by us with the current PowerFolder-Server version.


Compatibility

(info) Due to API and other backend changes, this version is compatible with PFS v20.1.100 and onwards. 


ONLYOFFICE Changelog: https://helpcenter.onlyoffice.com/installation/docs-changelog.aspx

ONLYOFFICE Roadmaphttps://helpcenter.onlyoffice.com/installation/docs-roadmap.aspx

Minimum version

(warning) Due to various security fixes from the side of ONLYOFFICE, we recommend using a minimum version v7.2 with PowerFolder Server, versions older than minimum support versions are not supported.

https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md?plain=1#L1182

Supported Formats

ONLYOFFICE server does not support DOC / XLS / PPT (MS Office 2003) file types, so please make sure that the file formats are updated to the new ones.

Quality Assurance and Test Cases 

On the basis of test cases we will mark the ONLYOFFICE version compatible and ready to use with PowerFolder Server, the test cases are available under: /wiki/spaces/EDUDE/pages/1007288321

Updating from version 4.x.x

(warning)When updating from version 4 a re-installation of OnlyOffice is needed. It is not possible to upgrade the version. Additionally, a new license key file is needed to run the latest version. The old license key for version 4.x is invalid for all version above 5.x

ONLYOFFICE Docker installation

The Docker version installation is relatively easy to perform. Just follow the guide in the ONLYOFFICE help centre: https://helpcenter.onlyoffice.com/server/integration-edition/docker/docker-installation.aspx

Place the key file in this path: /app/onlyoffice/DocumentServer/data/

PowerFolder Server configuration

After the successful installation of ONLYOFFICE server, the Admin has to give manually the URL in the PowerFolder server with the help of web portal. The steps for doing that are given below;

  1.  As admin, click on Preferences.
  2. Click on web on the top drop-down menu.
  3. Under open files in web, There is an option of providing the URL of installed ONLYOFFICE server.

Prepare ONLYOFFICE certificate and license

  • mkdir -p /app/onlyoffice/DocumentServer/data/certs
  • cp onlyoffice.key /app/onlyoffice/DocumentServer/data/certs/
  • cp onlyoffice.crt /app/onlyoffice/DocumentServer/data/certs/ (Please provide the complete SSL-Chain in the following order "End-User Certificate > Intermediate Certificate (s) > Root Certificate)
  • cp license.lic /app/onlyoffice/DocumentServer/data/
  • chmod 600 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key

Info

The files should be named as "onlyoffice.key" and "onlyoffice.crt", any individual selected naming is not allowed.

ONLYOFFICE Auto-Save Function

To have ONLYOFFICE save the opened document automatically every minute:

  1. docker container list
  2. docker exec -it <container_id> /bin/bash
  3. vi /etc/onlyoffice/documentserver/default.json
  4. Search for autoAssembly and set enabled to true as well as interval to 1m in that section.
  5. supervisorctl restart all
  6. exit

(warning) This has to be done after every update of the ONLYOFFICE Docker container!

ONLYOFFICE Licence Info Page

On the ONLYOFFICE Document Server info page you can check the statistics about the maximum and average number of connections for the last hour, twenty-four hours, week or month to estimate the number of concurrent connection you need for the licence renewal.

ONLYOFFICE provides a PDF on how to check/receive the info page:



In case you get any access denied or similar error message when trying to open the URL, it may be necessary to modify the Nginx component configuration of the ONLYOFFICE installation:

  1. Check your "docker id" using docker ps
  2. Navigate in the docker docker exec -it <container_id> bash
  3. Change the following config  /etc/nginx/includes/ds-docservice.conf

  4. Find the section below and comment out the two configurations:

    # Allow server info only from 127.0.0.1
    location ~* ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(info|internal)(\/.*)$ {
    #  allow 127.0.0.1;
    #  deny all;
      proxy_pass http://docservice;
    }
  5. Reload Nginx service with the command inside the docker container: service nginx restart

  6. Open your browser and enter the address of the Document Server and add /info/ to the end of the address. Example: https://documentserver_address/info/

Forcefull stop all running sessions

To stop all of the running sessions before update, please use:
documentserver-prepare4shutdown.sh

Update ONLYOFFICE IE Docker

(warning)  Please grab the info page with the statistics before upgrading the Docker container as the stats will be lost afterwards!

  1. docker container list
  2. docker container stop <container_id>
  3. docker container rm <container_id>
  4. docker image list
  5. docker rmi -f <image_id>
  6. docker system prune
  7. Install and start the latest the docker image available from ONLYOFFICE using only HTTPS
OO Document Server update
sudo docker run -i -t -d -p 443:443 --restart=always \
    -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
    -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
    -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
    -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver-ee

Troubleshooting: Updating Docker Daemon

After an update of the docker daemon, the container is not working any longer reliably. To resolve this issue the whole server has to get restarted.
Restarting only the docker container or daemon is not fixing this problem.

Downgrade ONLYOFFICE IE Docker

(warning)  Please grab the info page with the statistics before upgrading the Docker container, as the stats will be lost afterwards!

  1. docker container list
  2. docker container stop <container_id>
  3. docker container rm <container_id>
  4. docker image list
  5. docker rmi -f <image_id>
  6. docker system prune
  7. Downgrade and start the desired ONLYOFFICE version using only HTTPS
OO Document Server update
sudo docker run -i -t -d -p 443:443 --restart=always \
    -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
    -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
    -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
    -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver-ee:<required ONLYOFFICE version>

Changing ONLOFFICE Default File Size

(warning) The default size of the files that can be opened in the ONLOFFICE-Server is 100 MB

To change it, navigate to â€‹/etc/onlyoffice/documentserver/default.json

Changing Default File Size
 "FileConverter": {
                "converter": {
                        "maxDownloadBytes": 104857600,
                        "downloadTimeout": {
                                "connectionAndInactivity": "10s",
                                "wholeCycle": "2m"

You need to change the value of "maxDownloadBytes" to make it match the size of your file"IN BYTES"

After that, restart Document server services : 
supervisorctl restart all

Restricting ONLYOFFICE to desired Domains

To change or sert the ipfilter it navigate to â€‹/etc/onlyoffice/documentserver/default.json

ipfilter
"ipfilter": {
    "rules": [{"address": "produktiv@domain.de", "allowed": true},{"address": "testsrv@domain.de", "allowed": true},{"address": "*", "allowed": false}],
    "useforrequest": false,
    "errorcode": 403

Disable JWT 

Since version 7.2 of the Document Server JWT is enabled by default, please see the change log https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#all-editors-2.
 
If you do not use JWT in your integration, please do the following: 
 
1. Enter the Document Server container with sudo docker exec -it [container_id] bash
2. Open the file /etc/onlyoffice/documentserver/local.json
3. Find section below: 

ipfilter
      "token": {
        "enable": {
          "request": {
            "inbox": true,
            "outbox": true
          },
          "browser": true

4. Replace true values with false, so the section looks like this: 

ipfilter
      "token": {
        "enable": {
          "request": {
            "inbox": false,
            "outbox": false
          },
          "browser": false

5. Close the config and restart all though the using command:

Disable JWT
docker run  -e JWT_ENABLED=false -i -t -d -p 443:443 --restart=always \
    -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
    -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
    -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
    -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver-ee

Disable Plugins 

To disable the plugins in the ONLYOFFICE server, please use the following script:

Disable Plugins
cd /var/www/onlyoffice/documentserver/sdkjs-plugins
sudo mkdir -v plugin_backup
sudo cp -av highlightcode macros marketplace mendeley ocr photoeditor speech thesaurus translator youtube zotero plugin_backup
sudo rm -rf highlightcode macros marketplace mendeley ocr photoeditor speech thesaurus translator youtube zotero
sudo systemctl restart ds-docservice.service && systemctl status ds-docservice.service

Disable Macros 

  • docker container list
  • docker exec -it <container_id> /bin/bash (For Windows - %ProgramFiles%\ONLYOFFICE\DocumentServer\config\local.json)
  • cd /var/www/onlyoffice/documentserver/sdkjs-plugins/
  • rm -rf E6978D28-0441-4BD7-8346-82FAD68BCA3B (ID of the Macros plugin)
  • supervisorctl restart all
  • exit

Enabling WOPI in OO Docs 7.X 

To enable WOPI in your OO docker, please follow the following steps:

  • docker container list
  • docker exec -it <container_id> /bin/bash (For Windows - %ProgramFiles%\ONLYOFFICE\DocumentServer\config\local.json)
  • vi /etc/onlyoffice/documentserver/local.json
  • Add:
WOPI
  "wopi": {
    "enable": true
  },
  • supervisorctl restart all
  • exit

More Infos: ONLYOFFICE Api Documentation - Overview

Enabling WOPI in OO Docs 8.X

To enable WOPI in your OO Docker please follow the following steps:

  • docker container list
  • docker exec -it <container_id> /bin/bash (For Windows - %ProgramFiles%\ONLYOFFICE\DocumentServer\config\local.json)
  • vi /etc/onlyoffice/documentserver/default.json
  • Change:
WOPI
"wopi": {
          "enable": true,
  • supervisorctl restart all
  • exit

Or you can start the docker container directky through the following comand without making any change in the configuration:

OO with WOPI
docker run  -e JWT_ENABLED=false -e WOPI_ENABLED=true -i -t -d -p 443:443 --restart=always \
    -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
    -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
    -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
    -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver-ee

Test WOPI URL

To test your WOPI, please use the following code:

WOPI URL
https://ONLYOFFICE-URL/example/wopi?userid=uid-1&lang=en

Activate WOPI Server in PFS

Please provide the WOPI-Server URL in the PowerFolder Settings as server admin:

Using ONLYOFFICE with nginx

ONLYOFFICE docker can be used with external reverse proxy, the SSL offloading in this case is done through the nginx.

Start the OO docker with the following command on port 80, you can also use any other TCP port:

OO without SSL
docker run  -e JWT_ENABLED=false -i -t -d -p 80:80 --restart=always \
    -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
    -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
    -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
    -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver-ee

Following is the example configuration for the OO docker using nginx:

nginx configuration
upstream docservice {
server 10.0.0.0:80;
}

map $http_host $this_host {
"" $host;
default $http_host;
}

map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}

map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $this_host;
}

map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $the_host;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

#Normal HTTP host
server {
listen 10.0.0.0:80;
# listen [::]:80 default_server;
server_name oo.pf.com;
server_tokens off;

## Redirects all traffic to the HTTPS host
return 301 https://$server_name:443$request_uri;
}

server {
listen 443 ssl;
# listen [::]:443 ssl default_server;
server_name oo.pf.com;
server_tokens off;
root /usr/share/nginx/html;

## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_certificate path to fullchain.pem;
ssl_certificate_key path to privkey.pem;
ssl_verify_client off;

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;

ssl_prefer_server_ciphers on;

## [Optional] Before enabling Strict-Transport-Security headers, ensure your server is properly configured for SSL.
## This directive informs the browser to always use HTTPS. For more info see:
## - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
## Replace with your ssl_trusted_certificate. For more info see:
## - https://medium.com/devops-programming/4445f4862461
## - https://www.ruby-forum.com/topic/4419319
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 10s;

## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs
## sudo openssl dhparam -out dhparam.pem 4096
##
# ssl_dhparam /etc/ssl/certs/dhparam.pem;

location / {
proxy_pass http://docservice;
proxy_http_version 1.1;
}
}

(lightbulb) Above is only an example nginx configuration, this should be modified depending on your infrastructure.

More infos under: https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx

For Apache please consult: https://github.com/ONLYOFFICE/document-server-proxy/blob/master/apache/proxy-https-to-http.conf

Overview: