ONLYOFFICE Setup Guide
We recommend using the Docker Version, since it is the easiest way to repair or upgrade an existing installation.
Install Docker
apt-get install docker.io
Supported ONLYOFFICE version with PowerFolder Server
Server Type
ONLYOFFICE Docs™ Enterprise Edition (EE) is compatible with PFS, the licence can be purchased directly from PowerFolder Sales.
Latest tested version ONLYOFFICE Docs™ Enterprise Edition v8.X
We recommend not to use any newer version until it's marked here as "tested" as we can not support versions, which have not been tested by us with the current PowerFolder-Server version.
Compatibility
Due to API and other backend changes, this version is compatible with PFS v20.1.100 and onwards.
ONLYOFFICE Changelog: https://helpcenter.onlyoffice.com/installation/docs-changelog.aspx
ONLYOFFICE Roadmap: https://helpcenter.onlyoffice.com/installation/docs-roadmap.aspx
Minimum version
Due to various security fixes from the side of ONLYOFFICE, we recommend using a minimum version v7.2 with PowerFolder Server, versions older than minimum support versions are not supported.
https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md?plain=1#L1182
Supported Formats
ONLYOFFICE server does not support DOC / XLS / PPT (MS Office 2003) file types, so please make sure that the file formats are updated to the new ones.
Quality Assurance and Test Cases
On the basis of test cases we will mark the ONLYOFFICE version compatible and ready to use with PowerFolder Server, the test cases are available under: /wiki/spaces/EDUDE/pages/1007288321
Updating from version 4.x.x
When updating from version 4 a re-installation of OnlyOffice is needed. It is not possible to upgrade the version. Additionally, a new license key file is needed to run the latest version. The old license key for version 4.x is invalid for all version above 5.x
ONLYOFFICE Docker installation
The Docker version installation is relatively easy to perform. Just follow the guide in the ONLYOFFICE help centre: https://helpcenter.onlyoffice.com/server/integration-edition/docker/docker-installation.aspx
Place the key file in this path: /app/onlyoffice/DocumentServer/data/
PowerFolder Server configuration
After the successful installation of ONLYOFFICE server, the Admin has to give manually the URL in the PowerFolder server with the help of web portal. The steps for doing that are given below;
- As admin, click on Preferences.
- Click on web on the top drop-down menu.
- Under open files in web, There is an option of providing the URL of installed ONLYOFFICE server.
Prepare ONLYOFFICE certificate and license
mkdir -p /app/onlyoffice/DocumentServer/data/certs
cp onlyoffice.key /app/onlyoffice/DocumentServer/data/certs/
cp onlyoffice.crt /app/onlyoffice/DocumentServer/data/certs/ (Please provide the complete SSL-Chain in the following order "End-User Certificate > Intermediate Certificate (s) > Root Certificate)
cp license.lic /app/onlyoffice/DocumentServer/data/
chmod 600 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
Info
The files should be named as "onlyoffice.key" and "onlyoffice.crt", any individual selected naming is not allowed.
ONLYOFFICE Auto-Save Function
To have ONLYOFFICE save the opened document automatically every minute:
docker container list
docker exec -it <container_id> /bin/bash
vi /etc/onlyoffice/documentserver/default.json
- Search for
autoAssembly
and setenabled
totrue
as well asinterval
to1m
in that section. supervisorctl restart all
exit
This has to be done after every update of the ONLYOFFICE Docker container!
ONLYOFFICE Licence Info Page
On the ONLYOFFICE Document Server info page you can check the statistics about the maximum and average number of connections for the last hour, twenty-four hours, week or month to estimate the number of concurrent connection you need for the licence renewal.
ONLYOFFICE provides a PDF on how to check/receive the info page:
In case you get any access denied or similar error message when trying to open the URL, it may be necessary to modify the Nginx component configuration of the ONLYOFFICE installation:
- Check your "docker id" using
docker ps
- Navigate in the docker
docker exec -it <container_id> bash
Change the following config /etc/nginx/includes/ds-docservice.conf
Find the section below and comment out the two configurations:
# Allow server info only from 127.0.0.1 location ~* ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(info|internal)(\/.*)$ { # allow 127.0.0.1; # deny all; proxy_pass http://docservice; }
Reload Nginx service with the command inside the docker container:
service nginx restart
- Open your browser and enter the address of the Document Server and add /info/ to the end of the address. Example: https://documentserver_address/info/
Forcefull stop all running sessions
To stop all of the running sessions before update, please use:documentserver-prepare4shutdown.sh
Update ONLYOFFICE IE Docker
Please grab the info page with the statistics before upgrading the Docker container as the stats will be lost afterwards!
docker container list
docker container stop <container_id>
docker container rm <container_id>
docker image list
docker rmi -f <image_id>
docker system prune
Install and start the latest the docker image available from ONLYOFFICE using only HTTPS
sudo docker run -i -t -d -p 443:443 --restart=always \ -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver-ee
Troubleshooting: Updating Docker Daemon
After an update of the docker daemon, the container is not working any longer reliably. To resolve this issue the whole server has to get restarted.
Restarting only the docker container or daemon is not fixing this problem.
Downgrade ONLYOFFICE IE Docker
Please grab the info page with the statistics before upgrading the Docker container, as the stats will be lost afterwards!
docker container list
docker container stop <container_id>
docker container rm <container_id>
docker image list
docker rmi -f <image_id>
docker system prune
- Downgrade and start the desired ONLYOFFICE version using only HTTPS
sudo docker run -i -t -d -p 443:443 --restart=always \ -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver-ee:<required ONLYOFFICE version>
Changing ONLOFFICE Default File Size
The default size of the files that can be opened in the ONLOFFICE-Server is 100 MB
To change it, navigate to ​/etc/onlyoffice/documentserver/default.json
"FileConverter": { "converter": { "maxDownloadBytes": 104857600, "downloadTimeout": { "connectionAndInactivity": "10s", "wholeCycle": "2m"
You need to change the value of "maxDownloadBytes" to make it match the size of your file"IN BYTES"
After that, restart Document server services : supervisorctl restart all
Restricting ONLYOFFICE to desired Domains
To change or sert the ipfilter it navigate to ​/etc/onlyoffice/documentserver/default.json
"ipfilter": { "rules": [{"address": "produktiv@domain.de", "allowed": true},{"address": "testsrv@domain.de", "allowed": true},{"address": "*", "allowed": false}], "useforrequest": false, "errorcode": 403
Disable JWT
Since version 7.2 of the Document Server JWT is enabled by default, please see the change log https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#all-editors-2.
If you do not use JWT in your integration, please do the following:
1. Enter the Document Server container with sudo docker exec -it [container_id] bash
2. Open the file /etc/onlyoffice/documentserver/local.json
3. Find section below:
"token": { "enable": { "request": { "inbox": true, "outbox": true }, "browser": true
4. Replace true
values with false
, so the section looks like this:
"token": { "enable": { "request": { "inbox": false, "outbox": false }, "browser": false
5. Close the config and restart all though the using command:
docker run -e JWT_ENABLED=false -i -t -d -p 443:443 --restart=always \ -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver-ee
Disable Plugins
To disable the plugins in the ONLYOFFICE server, please use the following script:
cd /var/www/onlyoffice/documentserver/sdkjs-plugins sudo mkdir -v plugin_backup sudo cp -av highlightcode macros marketplace mendeley ocr photoeditor speech thesaurus translator youtube zotero plugin_backup sudo rm -rf highlightcode macros marketplace mendeley ocr photoeditor speech thesaurus translator youtube zotero sudo systemctl restart ds-docservice.service && systemctl status ds-docservice.service
Disable Macros
docker container list
docker exec -it <container_id> /bin/bash (For Windows - %ProgramFiles%\ONLYOFFICE\DocumentServer\config\local.json)
cd /var/www/onlyoffice/documentserver/sdkjs-plugins/
rm -rf E6978D28-0441-4BD7-8346-82FAD68BCA3B (ID of the Macros plugin)
supervisorctl restart all
exit
Enabling WOPI in OO Docs 7.X
To enable WOPI in your OO docker, please follow the following steps:
docker container list
docker exec -it <container_id> /bin/bash (For Windows - %ProgramFiles%\ONLYOFFICE\DocumentServer\config\local.json)
vi /etc/onlyoffice/documentserver/local.json
- Add:
"wopi": { "enable": true },
supervisorctl restart all
exit
More Infos: ONLYOFFICE Api Documentation - Overview
Enabling WOPI in OO Docs 8.X
To enable WOPI in your OO Docker please follow the following steps:
docker container list
docker exec -it <container_id> /bin/bash (For Windows - %ProgramFiles%\ONLYOFFICE\DocumentServer\config\local.json)
vi /etc/onlyoffice/documentserver/default.json
Change
:
"wopi": { "enable": true,
supervisorctl restart all
exit
Or you can start the docker container directky through the following comand without making any change in the configuration:
docker run -e JWT_ENABLED=false -e WOPI_ENABLED=true -i -t -d -p 443:443 --restart=always \ -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver-ee
Test WOPI URL
To test your WOPI, please use the following code:
https://ONLYOFFICE-URL/example/wopi?userid=uid-1&lang=en
Activate WOPI Server in PFS
Please provide the WOPI-Server URL in the PowerFolder Settings as server admin:
Read-only Document File Links with WOPI
In order to use the read-only filelinks using WOPI please add the changes in the editor-wopi.ejs file inside the docker, please follow the steps:
docker container list
docker exec -it <container_id> /bin/bash (For Windows - %ProgramFiles%\ONLYOFFICE\DocumentServer\config\local.json)
vi /var/www/onlyoffice/documentserver/web-apps/apps/api/wopi/editor-wopi.ejs
Add
the following to "permissions":
"permissions": { "print": !fileInfo.DisablePrint && !fileInfo.HidePrintOption && !fileInfo.ReadOnly && fileInfo.UserCanWrite, "download": !fileInfo.ReadOnly && fileInfo.UserCanWrite, } },
supervisorctl restart all
exit
Using ONLYOFFICE with nginx
ONLYOFFICE docker can be used with external reverse proxy, the SSL offloading in this case is done through the nginx.
Start the OO docker with the following command on port 80, you can also use any other TCP port:
docker run -e JWT_ENABLED=false -i -t -d -p 80:80 --restart=always \ -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver-ee
Following is the example configuration for the OO docker using nginx:
upstream docservice { server 10.0.0.0:80; } map $http_host $this_host { "" $host; default $http_host; } map $http_x_forwarded_proto $the_scheme { default $http_x_forwarded_proto; "" $scheme; } map $http_x_forwarded_host $the_host { default $http_x_forwarded_host; "" $this_host; } map $http_upgrade $proxy_connection { default upgrade; "" close; } proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $proxy_connection; proxy_set_header X-Forwarded-Host $the_host; proxy_set_header X-Forwarded-Proto $the_scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #Normal HTTP host server { listen 10.0.0.0:80; # listen [::]:80 default_server; server_name oo.pf.com; server_tokens off; ## Redirects all traffic to the HTTPS host return 301 https://$server_name:443$request_uri; } server { listen 443 ssl; # listen [::]:443 ssl default_server; server_name oo.pf.com; server_tokens off; root /usr/share/nginx/html; ## Strong SSL Security ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ssl_certificate path to fullchain.pem; ssl_certificate_key path to privkey.pem; ssl_verify_client off; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_prefer_server_ciphers on; ## [Optional] Before enabling Strict-Transport-Security headers, ensure your server is properly configured for SSL. ## This directive informs the browser to always use HTTPS. For more info see: ## - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. ## Replace with your ssl_trusted_certificate. For more info see: ## - https://medium.com/devops-programming/4445f4862461 ## - https://www.ruby-forum.com/topic/4419319 ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx # ssl_stapling on; # ssl_stapling_verify on; # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired # resolver_timeout 10s; ## [Optional] Generate a stronger DHE parameter: ## cd /etc/ssl/certs ## sudo openssl dhparam -out dhparam.pem 4096 ## # ssl_dhparam /etc/ssl/certs/dhparam.pem; location / { proxy_pass http://docservice; proxy_http_version 1.1; } }
Above is only an example nginx configuration, this should be modified depending on your infrastructure.
More infos under: https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx
For Apache please consult: https://github.com/ONLYOFFICE/document-server-proxy/blob/master/apache/proxy-https-to-http.conf