jiriks74/Docker-DocumentServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

version: 3.0

Browse Source
This commit is contained in:
Alexey Bannov 2015-04-17 15:25:41 +00:00
commit 395ce84911
4 changed files with 396 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Dockerfile Normal file
View File

@ -0,0 +1,31 @@
FROM ubuntu:14.04
MAINTAINER Ascensio System SIA <support@onlyoffice.com>
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
RUN apt-get update && apt-get -y -q install libreoffice
RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
echo "deb http://static.teamlab.com.s3.amazonaws.com/repo/debian/ squeeze main" >> /etc/apt/sources.list && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D9D0BF019CC8AC0D && \
echo "deb http://download.mono-project.com/repo/debian wheezy main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \
DEBIAN_FRONTEND=noninteractive && \
locale-gen en_US.UTF-8 && \
apt-get update && \
apt-get install --force-yes -yq onlyoffice-documentserver && \
rm -rf /var/lib/apt/lists/*
ADD config /app/onlyoffice/setup/config/
ADD run-document-server.sh /app/onlyoffice/run-document-server.sh
RUN chmod 755 /app/onlyoffice/*.sh
VOLUME ["/var/log/onlyoffice"]
VOLUME ["/var/www/onlyoffice/Data"]
EXPOSE 80
EXPOSE 443
CMD bash -C '/app/onlyoffice/run-document-server.sh';'bash'

191
README.md Normal file
View File

@ -0,0 +1,191 @@
* [Overview](#overview)
* [Functionality](#functionality)
* [Recommended System Requirements](#recommended-system-requirements)
* [Running Docker Image](#running-docker-image)
* [Configuring Docker Image](#configuring-docker-image)
- [Running ONLYOFFICE Document Server on Different Port](#running-onlyoffice-document-server-on-different-port)
- [Running ONLYOFFICE Document Server using HTTPS](#running-onlyoffice-document-server-using-https)
+ [Generation of Self Signed Certificates](#generation-of-self-signed-certificates)
+ [Strengthening the Server Security](#strengthening-the-server-security)
+ [Installation of the SSL Certificates](#installation-of-the-ssl-certificates)
+ [Available Configuration Parameters](#available-configuration-parameters)
* [Installing ONLYOFFICE Document Server integrated with Community and Mail Servers](#installing-onlyoffice-document-server-integrated-with-community-and-mail-servers)
* [Project Information](#project-information)
* [User Feedback and Support](#user-feedback-and-support)
## Overview
ONLYOFFICE Document Server is an online office suite comprising viewers and editors for texts, spreadsheets and presentations, fully compatible with Office Open XML formats: .docx, .xlsx, .pptx and enabling collaborative editing in real time.
## Functionality ##
* ONLYOFFICE Document Editor
* ONLYOFFICE Spreadsheet Editor
* ONLYOFFICE Presentation Editor
* ONLYOFFICE Documents application for iOS
* Collaborative editing
* Hieroglyph support
* Support for all the popular formats: DOC, DOCX, TXT, ODT, RTF, ODP, EPUB, ODS, XLS, XLSX, CSV, PPTX, HTML
Integrating it with ONLYOFFICE Community Server you will be able to:
* view and edit files stored on Drive, Box, Dropbox, OneDrive, OwnCloud connected to ONLYOFFICE;
* share files;
* embed documents on a website;
* manage access rights to documents.
## Recommended System Requirements
* **RAM**: 4 GB or more
* **CPU**: dual-core 2 GHz or higher
* **Swap file**: at least 2 GB
* **HDD**: at least 2 GB of free space
* **Distributive**: 64-bit Red Hat, CentOS or other compatible distributive with kernel version 3.8 or later, 64-bit Debian, Ubuntu or other compatible distributive with kernel version 3.8 or later
* **Docker**: version 1.4.1 or later
## Running Docker Image
sudo docker run -i -t -d -p 80:80 onlyoffice/documentserver
Use this command if you wish to install ONLYOFFICE Document Server separately. To install ONLYOFFICE Document Server integrated with Community and Mail Servers, refer to the corresponding instructions below.
## Configuring Docker Image
### Running ONLYOFFICE Document Server on Different Port
To change the port, use the -p command. E.g.: to make your portal accessible via port 8080 execute the following command:
sudo docker run -i -t -d -p 8080:80 onlyoffice/documentserver
### Running ONLYOFFICE Document Server using HTTPS
sudo docker run -i -t -d -p 443:443 \
-v /opt/onlyoffice/Data:/var/www/onlyoffice/Data onlyoffice/documentserver
Access to the onlyoffice application can be secured using SSL so as to prevent unauthorized access. While a CA certified SSL certificate allows for verification of trust via the CA, a self signed certificates can also provide an equal level of trust verification as long as each client takes some additional steps to verify the identity of your website. Below the instructions on achieving this are provided.
To secure the application via SSL basically two things are needed:
- **Private key (.key)**
- **SSL certificate (.crt)**
So you need to create and install the following files:
/opt/onlyoffice/Data/certs/onlyoffice.key
/opt/onlyoffice/Data/certs/onlyoffice.crt
When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip the following section if you are have CA certified SSL certificates.
#### Generation of Self Signed Certificates
Generation of self-signed SSL certificates involves a simple 3 step procedure.
**STEP 1**: Create the server private key
```bash
openssl genrsa -out onlyoffice.key 2048
```
**STEP 2**: Create the certificate signing request (CSR)
```bash
openssl req -new -key onlyoffice.key -out onlyoffice.csr
```
**STEP 3**: Sign the certificate using the private key and CSR
```bash
openssl x509 -req -days 365 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt
```
You have now generated an SSL certificate that's valid for 365 days.
#### Strengthening the server security
This section provides you with instructions to [strengthen your server security](https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html).
To achieve this you need to generate stronger DHE parameters.
```bash
openssl dhparam -out dhparam.pem 2048
```
#### Installation of the SSL Certificates
Out of the four files generated above, you need to install the `onlyoffice.key`, `onlyoffice.crt` and `dhparam.pem` files at the onlyoffice server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).
The default path that the onlyoffice application is configured to look for the SSL certificates is at `/var/www/onlyoffice/Data/certs`, this can however be changed using the `SSL_KEY_PATH`, `SSL_CERTIFICATE_PATH` and `SSL_DHPARAM_PATH` configuration options.
The `/var/www/onlyoffice/Data/` path is the path of the data store, which means that you have to create a folder named certs inside `/opt/onlyoffice/Data/` and copy the files into it and as a measure of security you will update the permission on the `onlyoffice.key` file to only be readable by the owner.
```bash
mkdir -p /opt/onlyoffice/Data/certs
cp onlyoffice.key /opt/onlyoffice/Data/certs/
cp onlyoffice.crt /opt/onlyoffice/Data/certs/
cp dhparam.pem /opt/onlyoffice/Data/certs/
chmod 400 /opt/onlyoffice/Data/certs/onlyoffice.key
```
You are now just one step away from having our application secured.
#### Available Configuration Parameters
*Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command.*
Below is the complete list of parameters that can be set using environment variables.
- **ONLYOFFICE_HTTPS_HSTS_ENABLED**: Advanced configuration option for turning off the HSTS configuration. Applicable only when SSL is in use. Defaults to `true`.
- **ONLYOFFICE_HTTPS_HSTS_MAXAGE**: Advanced configuration option for setting the HSTS max-age in the onlyoffice nginx vHost configuration. Applicable only when SSL is in use. Defaults to `31536000`.
- **SSL_CERTIFICATE_PATH**: The path to the SSL certificate to use. Defaults to `/var/www/onlyoffice/Data/certs/onlyoffice.crt`.
- **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/onlyoffice.key`.
- **SSL_DHPARAM_PATH**: The path to the Diffie-Hellman parameter. Defaults to `/var/www/onlyoffice/Data/certs/dhparam.pem`.
- **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `CA_CERTIFICATES_PATH` file. Defaults to `false`
## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
ONLYOFFICE Document Server is a part of ONLYOFFICE Free Edition that comprises also Community Server and Mail Server. To install them, follow these easy steps:
**STEP 1**: Install ONLYOFFICE Document Server.
```bash
sudo docker run -i -t -d --name onlyoffice-document-server onlyoffice/documentserver
```
**STEP 2**: Install ONLYOFFICE Mail Server.
For the mail server correct work you need to specify its hostname 'yourdomain.com'.
To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/MailServer "ONLYOFFICE Mail Server documentation").
```bash
sudo docker run --privileged -i -t -d --name onlyoffice-mail-server -p 25:25 -p 143:143 -p 587:587 \
-h yourdomain.com onlyoffice/mailserver
```
**STEP 3**: Install ONLYOFFICE Community Server
```bash
sudo docker run -i -t -d -p 80:80 -p 443:443 onlyoffice/communityserver \
--link onlyoffice-mail-server:mail_server \
--link onlyoffice-document-server:document_server
```
Alternatively, you can use [docker-compose](https://docs.docker.com/compose/install "docker-compose") to install the whole ONLYOFFICE Free Edition at once. For the mail server correct work you need to specify its hostname 'yourdomain.com'. Assuming you have docker-compose installed, execute the following command:
```bash
wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.yml
docker-compose up -d
```
## Project Information
Official website: [http://www.onlyoffice.org](http://onlyoffice.org "http://www.onlyoffice.org")
Code repository: [https://github.com/ONLYOFFICE/DocumentServer](https://github.com/ONLYOFFICE/DocumentServer "https://github.com/ONLYOFFICE/DocumentServer")
License: [Apache based license](http://www.gnu.org/licenses/agpl.html "Apache based license")
SaaS version: [http://www.onlyoffice.com](http://www.onlyoffice.com "http://www.onlyoffice.com")
## User Feedback and Support
If you have any problems with or questions about this image, please contact us through a [dev.onlyoffice.org][1].
[1]: http://dev.onlyoffice.org

110
config/nginx/onlyoffice-ssl Normal file
View File

@ -0,0 +1,110 @@
## Normal HTTP host
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name _;
server_tokens off;
## Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
upstream fastcgi_backend {
server 127.0.0.1:9001;
keepalive 32;
}
## HTTPS host
server {
listen 0.0.0.0:443 ssl spdy;
listen [::]:443 ssl spdy default_server;
server_tokens off;
root /usr/share/nginx/html;
## Increase this if you want to upload large attachments
client_max_body_size 100m;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate {{SSL_CERTIFICATE_PATH}};
ssl_certificate_key {{SSL_KEY_PATH}};
ssl_verify_client {{SSL_VERIFY_CLIENT}};
ssl_client_certificate {{CA_CERTIFICATES_PATH}};
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}};
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
## Replace with your ssl_trusted_certificate. For more info see:
## - https://medium.com/devops-programming/4445f4862461
## - https://www.ruby-forum.com/topic/4419319
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 10s;
## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs
## sudo openssl dhparam -out dhparam.pem 4096
##
ssl_dhparam {{SSL_DHPARAM_PATH}};
gzip on;
gzip_types text/plain
text/xml
text/css
text/csv
application/xml
application/javascript
application/x-javascript
application/json
application/octet-stream
application/pdf
application/rtf
application/msword
application/vnd.ms-excel
application/vnd.ms-powerpoint;
#application/vnd.oasis.opendocument.text
#application/vnd.oasis.opendocument.spreadsheet
#application/vnd.oasis.opendocument.presentation
#application/vnd.openxmlformats-officedocument.wordprocessingml.document
#application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
#application/vnd.openxmlformats-officedocument.presentationml.presentation;
location / {
root /var/www/onlyoffice/documentserver/DocService/;
index index.html index.htm default.aspx Default.aspx;
fastcgi_index Default.aspx;
fastcgi_keep_conn on;
fastcgi_pass fastcgi_backend;
include /var/www/onlyoffice/documentserver/fastcgi_params;
}
location /coauthoring/ {
proxy_pass http://localhost:8000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /spellchecker/ {
proxy_pass http://localhost:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

64
run-document-server.sh Normal file
View File

@ -0,0 +1,64 @@
#!/bin/bash
sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/CoAuthoringService.conf
sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/DocService.conf
sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/FileConverterService.conf
sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/LibreOfficeService.conf
sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/SpellCheckerService.conf
chown root /var/www/onlyoffice
chown root /var/lib/onlyoffice
DATA_DIR="/var/www/onlyoffice/Data"
LOG_DIR="/var/log/onlyoffice"
ONLYOFFICE_HTTPS=${ONLYOFFICE_HTTPS:-false}
SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.crt}
SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000}
SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
NGINX_ONLYOFFICE_PATH="/etc/nginx/sites-enabled/onlyoffice-documentserver";
# setup HTTPS
if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-ssl ${NGINX_ONLYOFFICE_PATH}
mkdir ${DATA_DIR}
mkdir ${LOG_DIR}/nginx
# configure nginx
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
# if dhparam path is valid, add to the config, otherwise remove the option
if [ -r "${SSL_DHPARAM_PATH}" ]; then
sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
else
sed '/ssl_dhparam {{SSL_DHPARAM_PATH}};/d' -i ${NGINX_ONLYOFFICE_PATH}
fi
sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i ${NGINX_ONLYOFFICE_PATH}
if [ -f /usr/local/share/ca-certificates/ca.crt ]; then
sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
else
sed '/{{CA_CERTIFICATES_PATH}}/d' -i ${NGINX_ONLYOFFICE_PATH}
fi
if [ "${ONLYOFFICE_HTTPS_HSTS_ENABLED}" == "true" ]; then
sed 's/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/'"${ONLYOFFICE_HTTPS_HSTS_MAXAGE}"'/' -i ${NGINX_ONLYOFFICE_PATH}
else
sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
fi
fi
service mysql start
service nginx start
service supervisor start