Deployment Overview of ONLYOFFICE Document Server on Server¶

Prerequisites and Basic Requirements¶

The deployment requires a Linux-based operating system with Docker and Docker Compose installed. The following conditions must be met before initiating the installation:

• Root privileges or sudo access are required to manage system directories and Docker containers.
• The server must have network access to the internet for pulling Docker images and obtaining SSL certificates.
• Port 8080 must be available on the local interface (127.0.0.1) for the application service.
• Port 80 and 443 must be accessible for the Nginx proxy and SSL certificate validation.

File and Directory Structure¶

The deployment utilizes specific directories for configuration, data storage, and secrets management. The following paths are created and utilized during the setup:

• /root/nginx: The directory containing the Docker Compose configuration for the proxy server.
• /root/nginx/compose.yml: The Docker Compose file defining the Nginx and Certbot services.
• /data/nginx/user_conf.d: The directory storing custom Nginx configuration files for specific host keys.
• /data/nginx/nginx-certbot.env: The environment file containing configuration variables for the Nginx-Certbot service.
• /etc/letsencrypt: The mount point for SSL certificates and secrets managed by the nginx_secrets volume.

Application Installation Process¶

The application is deployed using Docker containers. The installation involves starting the ONLYOFFICE Document Server container and configuring the Nginx proxy with SSL support.

• The ONLYOFFICE Document Server is deployed using the image onlyoffice/documentserver:9.3.
• The container is named onlyoffice-docs and is configured to restart automatically.
• The Nginx proxy is deployed using the image jonasal/nginx-certbot:latest via a Docker Compose file.

Docker Containers and Their Deployment¶

Two primary Docker containers are deployed to run the application and handle traffic routing:

1. ONLYOFFICE Document Server

   • Image: onlyoffice/documentserver:9.3
   • Container Name: onlyoffice-docs
   • Port Mapping: 127.0.0.1:8080:80 (Internal access only)
   • Environment Variables:
     • JWT_ENABLED: Set to true
     • JWT_SECRET: Set to change_me
   • Restart Policy: always

2. Nginx Proxy with Certbot

   • Image: jonasal/nginx-certbot:latest
   • Network Mode: host
   • Volumes:
     • nginx_secrets mounted to /etc/letsencrypt
     • /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d
   • Environment:
     • CERTBOT_EMAIL: Set to [email protected]
   • Restart Policy: unless-stopped

Proxy Servers¶

The Nginx proxy server handles incoming traffic and manages SSL certificates using Certbot. The configuration is managed through a Docker Compose file located at /root/nginx/compose.yml.

• SSL Management: The jonasal/nginx-certbot image automatically handles SSL certificate generation and renewal via Let's Encrypt.
• Custom Configuration: Specific host configurations are stored in /data/nginx/user_conf.d.
• Proxy Pass: The Nginx configuration is updated to forward requests to the ONLYOFFICE container at http://127.0.0.1:8080.
• Configuration File: The proxy pass directive is added to the location block in the file /data/nginx/user_conf.d/{{ prefix }}{{ server_id }}.hostkey.in.conf.

Starting, Stopping, and Updating¶

The services are managed using Docker and Docker Compose commands.

• Starting the Proxy: The Nginx and Certbot services are started by running docker compose up -d from the /root/nginx directory.
• Starting the Application: The ONLYOFFICE container is started using the Docker container management command with the state: started parameter.
• Automatic Restart: Both containers are configured with restart policies (always for ONLYOFFICE, unless-stopped for Nginx) to ensure they restart automatically after a system reboot or crash.