Skip to content

Deployment Overview of Onlyoffice Workspace on Server

Prerequisites and Basic Requirements

To successfully deploy the Onlyoffice Workspace, the host server must meet the following operating system and security configuration requirements:

  • Operating System: Debian-based distributions (e.g., Ubuntu) are required for the provided installation scripts.

  • Privileges: root access is necessary to install Docker, manage system services, and configure the network stack.

  • Kernel Configuration: The kernel parameter vsyscall=emulate must be set in /etc/default/grub under GRUB_CMDLINE_LINUX_DEFAULT. The deployment process validates the presence of [vsyscall] in /proc/self/maps.

  • Package Requirements: The installation process requires git, curl, ca-certificates, and Docker components (docker-ce, docker-ce-cli, containerd.io, docker-buildx-plugin, docker-compose-plugin).

FQDN of the Final Panel

The application is accessible via a specific Fully Qualified Domain Name (FQDN) on the hostkey.in domain. The format follows the prefix only-docwork followed by the server identifier.

  • Domain Zone: hostkey.in

  • Prefix: only-docwork

  • FQDN Format: only-docwork<Server ID>.hostkey.in

  • Access Ports: Port 80 (HTTP) and Port 443 (HTTPS) are utilized via the Nginx proxy.

File and Directory Structure

The deployment organizes configuration files, data, and binaries into specific directories on the host system:

  • Application Source: /opt/Docker-CommunityServer

    • Contains the cloned repository and the main docker-compose.yml file.

  • Nginx Configuration:

    • Proxy configuration: /data/nginx/user_conf.d/only-docwork<Server ID>.hostkey.in.conf

    • Compose definition for the proxy: /root/nginx/compose.yml

  • SSL Certificates: Managed by Let's Encrypt and stored at /etc/letsencrypt/live/<FQDN>.

  • Database Initialization Scripts: /opt/Docker-CommunityServer/config/mysql/docker-entrypoint-initdb.d/onlyoffice-initdb.sql

  • Nginx Data Directory: /root/nginx

Application Installation Process

The application is deployed using Docker and Docker Compose. The process involves cloning the official Docker-CommunityServer repository from GitHub and configuring the environment.

  • Repository: https://github.com/ONLYOFFICE/Docker-CommunityServer.git

  • Target Directory: /opt/Docker-CommunityServer

  • Deployment Method:

    1. Docker is installed if not present.

    2. The repository is cloned to /opt/Docker-CommunityServer.

    3. A docker-compose.yml file is generated and placed in the repository root with permissions 0600 owned by root.

    4. A database initialization script is placed in the MySQL configuration directory with permissions 0644 owned by root.

    5. Containers are pulled and started using Docker Compose.

Access Rights and Security

The deployment enforces specific security checks and password requirements to ensure the system is not running with default credentials.

  • Default Password Enforcement: The installation process asserts that the following secrets are changed from their defaults:

    • workspace_mysql_root_password (Default: my-secret-pw)

    • workspace_mysql_onlyoffice_user_password (Default: onlyoffice_pass)

    • workspace_mysql_mail_admin_password (Default: Isadmin123)

    • workspace_core_machine_key (Default: core_secret)

    • workspace_jwt_secret (Default: jwt_secret)

  • User Privileges: The root user is created in the database with full privileges on all databases. Dedicated users onlyoffice_user and mail_admin are also created with full privileges.

  • Container Security: The deployment ensures the latest versions of Docker images are used by querying the Docker Hub API and validating tags against the latest available versions for MySQL, Elasticsearch, Document Server, Mail Server, Community Server, and Control Panel.

Databases

The application utilizes MySQL for data storage. The database is hosted within a Docker container named onlyoffice-mysql-server.

  • Database Names:

    • onlyoffice

    • onlyoffice_mailserver

  • Character Set: utf8

  • Collation: utf8_general_ci

  • Connection Method: Internal Docker networking is used. External access is not directly exposed; traffic is routed through the application containers.

  • Initialization: A custom SQL script (onlyoffice-initdb.sql) runs during the first startup to create databases and users.

Docker Containers and Their Deployment

The system orchestrates multiple Docker containers using Docker Compose. The following services are deployed:

  • onlyoffice-mysql-server: The primary database engine.

  • onlyoffice-elasticsearch: Search engine service (image: onlyoffice/elasticsearch).

  • onlyoffice-documentserver-ee: Document processing service (image: onlyoffice/documentserver-ee).

  • onlyoffice-mailserver: Email service (image: onlyoffice/mailserver).

  • onlyoffice-community-server: The core workspace application (image: onlyoffice/communityserver).

  • onlyoffice-controlpanel: Administrative panel (image: onlyoffice/controlpanel).

All containers are managed via the docker-compose.yml file located at /opt/Docker-CommunityServer/docker-compose.yml.

Proxy Servers

An Nginx proxy is deployed to handle incoming HTTP/HTTPS traffic, SSL termination, and routing to the internal Onlyoffice containers.

  • Proxy Image: jonasal/nginx-certbot:latest

  • Configuration:

    • HTTP (Port 80): Redirects all traffic to HTTPS.

    • HTTPS (Port 443): Terminates SSL and proxies requests to http://onlyoffice-community-server:80.

    • SSL Provider: Let's Encrypt via Certbot.

    • Certificate Path: /etc/letsencrypt/live/<FQDN>/

  • Network: The proxy is connected to the onlyoffice external network.

  • Timeouts:

    • proxy_read_timeout: 3600s

    • proxy_send_timeout: 3600s

    • proxy_connect_timeout: 60s

  • Headers: The proxy sets Host, X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, Upgrade, and Connection headers to ensure proper functionality of web sockets and client identification.

Permission Settings

The deployment script sets specific file permissions to ensure security and proper operation of the services:

  • Docker Compose File: /opt/Docker-CommunityServer/docker-compose.yml

    • Owner: root:root

    • Mode: 0600

  • Database Init Script: /opt/Docker-CommunityServer/config/mysql/docker-entrypoint-initdb.d/onlyoffice-initdb.sql

    • Owner: root:root

    • Mode: 0644

  • Nginx Directory: /root/nginx

    • Owner: root:root

    • Mode: 0755

  • Nginx Compose: /root/nginx/compose.yml

    • Owner: root:root

    • Mode: 0644

  • Nginx Config: /data/nginx/user_conf.d/only-docwork<Server ID>.hostkey.in.conf

    • Owner: root:root

    • Mode: 0644

Available Ports for Connection

The server exposes the following ports to the network:

Port Protocol Service Description
80 TCP Nginx HTTP entry point, redirects to HTTPS
443 TCP Nginx HTTPS entry point, SSL termination

Starting, Stopping, and Updating

The lifecycle of the application containers is managed through Docker Compose commands executed in the project directory.

  • Project Directory: /opt/Docker-CommunityServer

  • Starting Services: 

    docker compose up -d

  • Stopping Services: 

    docker compose down

  • Pulling Latest Images: 

    docker compose pull

  • Database Initialization Check: The system verifies database creation by executing the following command inside the MySQL container: 

    docker exec onlyoffice-mysql-server /bin/bash -c 'mysql -uroot -p"PASSWORD" -BNe "show databases"'

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×