Skip to content

Deployment Overview of ONLYOFFICE Docs on Server

Prerequisites and Basic Requirements

The deployment requires a Linux server running Ubuntu with root privileges. The system must have Docker and Docker Compose installed to manage the containerized application and the reverse proxy. The server must be accessible via the internet to allow the SSL certificate issuance process to complete successfully.

FQDN of the Final Panel

The application is accessible via the following Fully Qualified Domain Name (FQDN) format:

  • only-docs<Server ID>.hostkey.in:443

Replace <Server ID> with the specific identifier assigned to the server instance.

File and Directory Structure

The deployment utilizes the following directory structure for configuration files, data storage, and certificates:

  • /root/nginx: Contains the Docker Compose configuration for the reverse proxy.

  • /root/nginx/compose.yml: The Docker Compose file defining the Nginx and Certbot services.

  • /data/nginx/user_conf.d: Directory containing custom Nginx configuration files for the application.

  • /data/nginx/user_conf.d/only-docs<Server ID>.hostkey.in.conf: Specific Nginx configuration file for the ONLYOFFICE Docs instance.

  • /data/nginx/nginx-certbot.env: Environment file containing settings for the Nginx-Certbot container.

  • /etc/letsencrypt: Volume mount point for SSL certificates managed by Certbot.

Application Installation Process

The application is deployed using Docker containers. The core application is the ONLYOFFICE Document Server, version 9.3. The installation involves starting the application container and configuring a reverse proxy with SSL termination.

The application container is configured with the following parameters:

  • Image: onlyoffice/documentserver:9.3

  • Container Name: onlyoffice-docs

  • Restart Policy: always

  • Port Binding: 127.0.0.1:8080:80 (Internal only)

  • Environment Variables:

  • JWT_ENABLED: true

  • JWT_SECRET: change_me

Docker Containers and Their Deployment

The deployment consists of two primary containerized components: the application server and the reverse proxy.

ONLYOFFICE Docs Container

The application container is managed directly via Docker commands. It listens on port 80 internally and is bound to port 8080 on the localhost interface of the host machine.

Nginx and Certbot Container

The reverse proxy and SSL certificate management are handled by a Docker Compose stack located in /root/nginx. The stack includes:

  • Service: nginx

  • Image: jonasal/nginx-certbot:latest

  • Restart Policy: unless-stopped

  • Network Mode: host

  • Volumes:

  • nginx_secrets mounted to /etc/letsencrypt for certificate storage.

  • /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d for custom configurations.

  • Environment:

  • CERTBOT_EMAIL: [email protected]

  • Configuration loaded from /data/nginx/nginx-certbot.env.

Proxy Servers

The deployment utilizes Nginx as a reverse proxy to handle external traffic and SSL termination. The proxy is configured to forward requests to the internal ONLYOFFICE Docs container.

  • Proxy Target: http://127.0.0.1:8080

  • Configuration File: /data/nginx/user_conf.d/only-docs<Server ID>.hostkey.in.conf

  • SSL Management: Automated via the jonasal/nginx-certbot container using Let's Encrypt.

  • External Port: 443 (HTTPS)

  • Internal Path: /

  • External Path: /

Access Rights and Security

The application is secured through the following measures:

  • The ONLYOFFICE Docs container is bound only to the localhost interface (127.0.0.1), preventing direct external access to the application port.

  • All external traffic is routed through the Nginx reverse proxy, which enforces HTTPS on port 443.

  • JWT authentication is enabled within the application container (JWT_ENABLED: true).

  • The Nginx configuration directory and Compose files are owned by the root user with restricted permissions.

Available Ports for Connection

The following ports are utilized in the deployment:

  • Port 443: External HTTPS access via the Nginx reverse proxy.

  • Port 8080: Internal HTTP access for the ONLYOFFICE Docs container (bound to 127.0.0.1 only).

  • Port 80: Internal port within the ONLYOFFICE Docs container (mapped to host port 8080).

Starting, Stopping, and Updating

Service management is performed using Docker and Docker Compose commands.

Managing the ONLYOFFICE Docs Container

  • Start/Restart: docker start onlyoffice-docs or docker restart onlyoffice-docs

  • Stop: docker stop onlyoffice-docs

  • Update: Pull the new image and recreate the container: 

    docker pull onlyoffice/documentserver:9.3
docker stop onlyoffice-docs
docker rm onlyoffice-docs
docker run -d --name onlyoffice-docs --restart always -p 127.0.0.1:8080:80 -e JWT_ENABLED=true -e JWT_SECRET=change_me onlyoffice/documentserver:9.3

Managing the Nginx Proxy Stack

  • Start/Restart: 

    cd /root/nginx
docker compose up -d

  • Stop: 

    cd /root/nginx
docker compose down

  • Update: Pull the latest image and restart the stack: 

    cd /root/nginx
docker compose pull
docker compose up -d

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×