Skip to content

Deployment Overview of ONLYOFFICE Workspace on Server

Prerequisites and Basic Requirements

The deployment of ONLYOFFICE Workspace requires a Linux server running a Debian-based operating system. The following components and privileges are necessary for the installation and operation of the application:

  • Operating System: Debian-based distribution (e.g., Ubuntu, Debian).

  • Privileges: Root access or sudo privileges are required to install Docker, manage system packages, and configure network services.

  • Network Access: The server must have outbound internet access to download Docker images, Git repositories, and SSL certificates.

  • Ports: Ports 80 and 443 must be open on the firewall to allow HTTP and HTTPS traffic for the reverse proxy and SSL certificate validation.

FQDN of the Final Panel

The application is accessible via a Fully Qualified Domain Name (FQDN) on the hostkey.in domain. The format for the address is:

only-docwork<Server ID>.hostkey.in

Where <Server ID> is replaced by the specific identifier of the server instance. The service listens on port 80 for HTTP redirection and port 443 for secure HTTPS connections.

File and Directory Structure

The deployment utilizes specific directories for application code, configuration files, and data storage. The primary locations are:

  • Application Source: /opt/Docker-CommunityServer

  • Contains the Git repository for the ONLYOFFICE Docker-CommunityServer project.

  • Hosts the docker-compose.yml file used to orchestrate the containers.

  • Database Initialization: /opt/Docker-CommunityServer/config/mysql/docker-entrypoint-initdb.d/

  • Contains the onlyoffice-initdb.sql script for database setup.

  • Nginx Configuration: /data/nginx/user_conf.d/

  • Stores the virtual host configuration file named only-docwork<Server ID>.hostkey.in.conf.

  • Nginx Secrets and Environment: /data/nginx/

  • Contains the nginx-certbot.env file and the nginx_secrets volume for SSL certificates.

  • Nginx Deployment Directory: /root/nginx/

  • Contains the compose.yml file for the Nginx and Certbot stack.

Application Installation Process

The ONLYOFFICE Workspace is deployed using Docker containers orchestrated via Docker Compose. The installation process involves cloning the official Docker-CommunityServer repository and configuring it for the specific environment.

  1. Docker Installation: The system ensures Docker Engine, Docker CLI, and Docker Compose plugin are installed.

  2. Repository Cloning: The application source code is cloned from https://github.com/ONLYOFFICE/Docker-CommunityServer.git into /opt/Docker-CommunityServer.

  3. Configuration: A docker-compose.yml file is generated and placed in the repository root, defining the services and networks.

  4. Database Initialization: An SQL script is placed in the MySQL initialization directory to create the necessary databases and users upon first startup.

  5. Container Deployment: Docker Compose pulls the required images and starts the containers, ensuring the MySQL service initializes before the main application services.

Databases

The application uses a MySQL database for data storage. The database is hosted within a Docker container named onlyoffice-mysql-server.

  • Connection Method: Internal Docker network communication.

  • Storage Location: Data is persisted within the Docker container's volume.

  • Databases Created:

  • onlyoffice: Main application database.

  • onlyoffice_mailserver: Database for the mail server component.

  • Character Set: utf8 with utf8_general_ci collation.

  • Users and Privileges:

  • root: Full privileges on all databases.

  • onlyoffice_user: Full privileges on all databases.

  • mail_admin: Full privileges on all databases.

Docker Containers and Their Deployment

The application stack consists of multiple containers defined in the docker-compose.yml file located at /opt/Docker-CommunityServer/docker-compose.yml.

  • Deployment Tool: Docker Compose V2.

  • Project Source: /opt/Docker-CommunityServer.

  • Key Services:

  • onlyoffice-mysql-server: The database backend.

  • onlyoffice-community-server: The main application service.

  • Additional services required for the community server stack (e.g., mail, document server) as defined in the official repository.

  • Network: All containers communicate over an external Docker network named onlyoffice.

Proxy Servers

A reverse proxy is deployed to handle SSL termination and route traffic to the ONLYOFFICE application.

  • Proxy Software: Nginx (using the jonasal/nginx-certbot:latest image).

  • SSL Management: Certbot is integrated to automatically obtain and renew SSL certificates from Let's Encrypt.

  • Configuration:

  • The Nginx configuration is stored at /data/nginx/user_conf.d/only-docwork<Server ID>.hostkey.in.conf.

  • The proxy listens on ports 80 and 443.

  • HTTP traffic on port 80 is redirected to HTTPS.

  • HTTPS traffic is proxied to the onlyoffice-community-server container on port 80.

  • SSL Certificates: Stored in /etc/letsencrypt/live/only-docwork<Server ID>.hostkey.in/.

  • Headers: The proxy forwards Host, X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, and WebSocket upgrade headers to the backend.

Permission Settings

File and directory permissions are set to ensure security and proper operation of the services.

  • Docker Compose File: /opt/Docker-CommunityServer/docker-compose.yml is owned by root:root with mode 0600.

  • Database Init Script: /opt/Docker-CommunityServer/config/mysql/docker-entrypoint-initdb.d/onlyoffice-initdb.sql is owned by root:root with mode 0644.

  • Nginx Configuration: /data/nginx/user_conf.d/only-docwork<Server ID>.hostkey.in.conf is owned by root:root with mode 0644.

  • Nginx Compose File: /root/nginx/compose.yml is owned by root:root with mode 0644.

  • Nginx Directory: /root/nginx is owned by root:root with mode 0755.

Available Ports for Connection

The following ports are exposed and utilized by the deployment:

Port Protocol Service Description
80 TCP Nginx HTTP traffic (redirects to HTTPS) and ACME challenge validation.
443 TCP Nginx HTTPS traffic for secure access to the application.
80 TCP ONLYOFFICE Internal port used by the onlyoffice-community-server container (not exposed directly to the public).

Starting, Stopping, and Updating

The services are managed using Docker Compose commands executed from the project directory.

  • Start/Update Services: 

    cd /opt/Docker-CommunityServer
docker compose up -d

  • Stop Services: 

    cd /opt/Docker-CommunityServer
docker compose down

  • Restart Nginx Proxy: 

    cd /root/nginx
docker compose up -d

  • Check Container Status: 

    docker compose ps

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×