Skip to content

Deployment Overview of OnlyOffice on Server

Prerequisites and Basic Requirements

To deploy OnlyOffice Document Server on the server, the following requirements must be met:

  • Operating System: Ubuntu (compatible with Docker engine).

  • Privileges: Root access or sudo privileges are required to manage Docker services and configure the proxy.

  • Domain Zone: The deployment utilizes the hostkey.in zone.

  • Ports:

  • Port 8080: Internal communication port for the OnlyOffice application.

  • Port 443: External port for HTTPS traffic managed by the Nginx proxy.

FQDN of the Final Panel

The application is accessible via the following Fully Qualified Domain Name (FQDN) format: only-docs{Server ID}.hostkey.in:443

In this format, {Server ID} represents the unique identifier assigned to the server instance.

File and Directory Structure

The deployment utilizes the following directory structure for configuration, data, and certificate management:

  • /root/nginx/: Contains the Docker Compose file for the proxy server.

  • compose.yml: The configuration file for the Nginx and Certbot containers.

  • /data/nginx/:

  • user_conf.d/: Stores the specific Nginx configuration files for the domain (e.g., only-docs{Server ID}.hostkey.in.conf).

  • nginx-certbot.env: Environment file containing settings for the Nginx-Certbot service.

  • /etc/letsencrypt/: Mount point for SSL certificates managed by the nginx_secrets volume.

Application Installation Process

The OnlyOffice Document Server is installed using Docker. The specific version deployed is 9.3, using the official image from the OnlyOffice registry.

  • Image Name: onlyoffice/documentserver:9.3

  • Container Name: onlyoffice-docs

  • Restart Policy: always

The container is configured with the following environment variables:

  • JWT_ENABLED: Set to true to enable JSON Web Token authentication.

  • JWT_SECRET: Set to a placeholder value (change_me) that should be updated with a secure secret key in production.

Docker Containers and Their Deployment

The deployment consists of two primary container groups managed via Docker.

OnlyOffice Document Server

The application container is launched using the docker_container module with the following specifications:

  • Name: onlyoffice-docs

  • Image: onlyoffice/documentserver:9.3

  • Port Mapping: 127.0.0.1:8080:80 (Bound to localhost on the host to prevent direct external access).

  • Environment: JWT authentication is enabled.

Nginx Proxy and Certbot

The reverse proxy is deployed using Docker Compose.

  • Compose File Location: /root/nginx/compose.yml

  • Service Name: nginx

  • Image: jonasal/nginx-certbot:latest

  • Network Mode: host

  • Volumes:

  • nginx_secrets (external volume) mapped to /etc/letsencrypt.

  • /data/nginx/user_conf.d mapped to /etc/nginx/user_conf.d for custom configuration.

  • Environment:

  • CERTBOT_EMAIL: Configured as [email protected].

  • Environment file: /data/nginx/nginx-certbot.env.

Proxy Servers

Nginx with Certbot integration is used as the reverse proxy to handle SSL termination and route traffic to the OnlyOffice application.

  • Configuration Location: /data/nginx/user_conf.d/only-docs{Server ID}.hostkey.in.conf

  • Proxy Pass: Traffic is forwarded from the external domain to http://127.0.0.1:8080.

  • SSL/Certificate: Managed automatically by the jonasal/nginx-certbot container. Certificates are stored in the nginx_secrets volume.

  • Custom Domain: The proxy is configured to accept traffic for the specific FQDN only-docs{Server ID}.hostkey.in.

Permission Settings

The following permissions are applied to critical directories:

  • /root/nginx/:

  • Owner: root

  • Group: root

  • Mode: 0755 (Read and execute for all, write for owner).

  • /root/nginx/compose.yml:

  • Owner: root

  • Group: root

  • Mode: 0644 (Read-only for group and others).

Location of Configuration Files and Data

Configuration files and data storage are located as follows:

  • Docker Compose for Proxy: /root/nginx/compose.yml

  • Nginx Virtual Host Config: /data/nginx/user_conf.d/only-docs{Server ID}.hostkey.in.conf

  • Certbot Environment: /data/nginx/nginx-certbot.env

  • SSL Certificates: /etc/letsencrypt (via Docker volume).

Available Ports for Connection

The server exposes the following ports for client connections:

  • Port 443: The only external port available for secure HTTPS access to the OnlyOffice interface.

  • Port 8080: Restricted to local loopback (127.0.0.1) and used internally by the Nginx proxy to communicate with the OnlyOffice container.

Starting, Stopping, and Updating

The services are managed using standard Docker commands.

Nginx Proxy Service

To start or restart the Nginx proxy and Certbot service: 

cd /root/nginx
docker compose up -d
To stop the service: 
cd /root/nginx
docker compose down

OnlyOffice Container

To stop the OnlyOffice container: 

docker stop onlyoffice-docs
To start the container: 
docker start onlyoffice-docs
To update the OnlyOffice image to a new version, pull the new image and recreate the container: 
docker pull onlyoffice/documentserver:<new-version>
docker stop onlyoffice-docs
docker rm onlyoffice-docs
Then run the installation command again with the new version tag.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×