Install PostgreSQL from Ubuntu repository
sudo apt install postgresql
Then create the onlyoffice database.
sudo -u postgres psql -c âCREATE DATABASE onlyoffice;â
Create the onlyoffice user.
sudo -u postgres psql -c âCREATE USER onlyoffice WITH password âonlyofficeâ;â
Grant permission.
sudo -u postgres psql -c âGRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;â
Install NodeJS from official repository
OnlyOffice document server requires nodejs 6.9.1+, but the version in Ubuntu repository is outdated, so we will need to install the latest LTS version (6.10.0) of Node.js from upstream repository.
Add Node.js repostiory.
curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
Install Node.js.
sudo apt install nodejs
Check Node.js version.
node -v
Sample output:
v6.10.0
Install Redis server and Rabbitmq
sudo apt install redis-server rabbitmq-server
Check their status.
systemctl status redis-server
systemctl status rabbitmq-server
You should see they are active (running). If rabbitmq-server failed to start, thatâs mostly because of low memory on the machine or invalid hostname.
Install OnlyOffice document server
Add OnlyOffice repository with the following command.
echo âdeb http://download.onlyoffice.com/repo/debian squeeze mainâ | sudo tee /etc/apt/sources.list.d/onlyoffice.list
Import OnlyOffice public key.
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
Update local package index and install OnlyOffice document server. Note that Nginx will be installed as the web server so you might need to stop Apache if itâs running.
sudo apt update
sudo apt install onlyoffice-documentserver
During the installation process, you will be asked to enter PostgreSQL password for onlyoffice. Enter âonlyofficeâ (without double quotes).
You also need to accept the Microsoft license terms in order to install TrueType core fonts from Microsoft.
Once the installation is finished, enter your serverâs public IP address in web browser, you should see âDocument Server is runningâ
To connect NextCloud to OnlyOffice document server, the latter must be running in HTTPS mode. The following steps show how to obtain and install Letâs Encrypt TLS certificate.
Edit /etc/nginx/conf.d/onlyoffice-documentserver.conf file.
sudo nano /etc/nginx/conf.d/onlyoffice-documentserver.conf
Change the configuration like below. Donât forget to set an A record for onlyoffice.your-domain.com.
include /etc/nginx/includes/onlyoffice-http.conf;
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name onlyoffice.your-domain.com;
server_tokens off;
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
location ~ /.well-known/acme-challenge {
root /var/www/onlyoffice/;
allow all;
}
}
Save and close the file. Reload Nginx for the changes to take effect.
sudo systemctl reload nginx
Then install certbot (Letâs Encrypt) client.
sudo apt install letsencrypt
Next, run the following command to obtain a free TLS certificate using the webroot plugin.
sudo letsencrypt certonly --webroot --agree-tos --email your-email-address -d onlyoffice.your-domain.com -w /var/www/onlyoffice/
Within a few seconds, you shall see a message like below, which means the TLS certificate is successfully obtained.
Edit onlyoffice-documentserver.conf file.
sudo nano /etc/nginx/conf.d/onlyoffice-documentserver.conf
Delete everything in that file and paste the following text into the file. Change the red text accordingly.
include /etc/nginx/includes/onlyoffice-http.conf;
Normal HTTP host
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name onlyoffice.your-domain.com;
server_tokens off;
Redirects all traffic to the HTTPS host
root /nowhere; ## root doesnât have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
listen 127.0.0.1:80;
listen [::1]:80;
server_name localhost;
server_tokens off;
include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}
HTTPS host
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl default_server;
server_name onlyoffice.your-domain.com;
server_tokens off;
root /usr/share/nginx/html;
ssl_certificate /etc/letsencrypt/live/onlyoffice.your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/onlyoffice.your-domain.com/privkey.pem;
modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers âECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256â;
ssl_prefer_server_ciphers on;
HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
ssl_session_cache builtin:1000 shared:SSL:10m;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
resolver_timeout 10s;
[Optional] Generate a stronger DHE parameter:
cd /etc/ssl/certs
sudo openssl dhparam -out dhparam.pem 4096
#ssl_dhparam {{SSL_DHPARAM_PATH}};
location ~ /.well-known/acme-challenge {
root /var/www/onlyoffice/;
allow all;
}
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}
Save and close the file. Then test Nginx configuration and reload.
sudo nginx -t
sudo systemctl reload nginx
Visit https://onlyoffice.your-domain.com in web browser to verify OnlyOffice document server is running correctly in HTTPS mode.
Installing Nextcloud OnlyOffice Integration App
SSH into your Nextloud server, and then change directory to the Nextcloud apps directory.
cd /var/www/nextcloud/apps/
Next, download Nextcloud OnlyOffice integration app using the following command.
sudo git clone https://github.com/ONLYOFFICE/onlyoffice-owncloud.git onlyoffice
Then go to Nextcloud Apps page, click Not Enabled tab and enable the OnlyOffice app.
After that, go to Nextcloud admin page, select Additional Settings tab on the left pane and enter the domain name for OnlyOffice in Document Editing Service Address field.
After saving the above setting, you should be able to create documents, spreedsheets and presentation files within Nextcloud by clicking the plus (+) button. A separate tab will be opened for editing.
You will also see a new item called âOpen in OnlyOfficeâ in the context menu of office documents.
Installing OnlyOffice Document Server and Nextcloud on the Same Machine
The OnlyOffice Document server uses Nginx as web server.
If you have an existing Nextcloud server running with Nginx, then thereâs no damage to your Nextcloud server when installing OnlyOffice on the same machine. It will remove nginx-core and install nginx-extras package, so thereâll be a little downtime, but your configurations will be intact.
If you have an existing Nextcloud server running with Apache web server, and you want to install OnlyOffice on the same machine, then you have two choices:
Stop/remove Apache, install Nginx as the web server for both Nextcloud and OnlyOffice. You can use the Nextcloud Nginx config in this tutorial.
Configure Nginx as a reverse proxy for Apache.
Configuring Nginx as a Reverse Proxy for Apache
If you choose the second route, then you should first change the port number of Apache before you install OnlyOffice document server.
Edit the ports.conf file.
sudo nano /etc/apache2/ports.conf
Find the line:
Listen 80
Change it to a different port number like 8180. Note that you shouldnât use 8080 here because OnlyOffice document server needs port 8080 to start its docservice.
Listen 8180
You should also change the SSL port number because later Nginx will do the SSL termination. Find the line:
Listen 443
Change the port number to something like 4433.
Listen 4433
Save and close the file. Next, edit the virtual host file for Nextcloud.
sudo nano /etc/apache2/sites-enabled/nextcloud.conf
The first line should be like this:
<VirtualHost *:80>
Change the port number to 8180.
<VirtualHost *:8180>
We should also disable redirecting HTTP to HTTPS by adding comment characters before the following lines. (Your Nextcloud server is using HTTPS connection, right?)
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =nextcloud.your-domain.com
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
And change the SSL listening port.
<VirtualHost *:443>
Change the above port to 4433. Save and close the file. Reload Apache configuration.
sudo systemctl reload apache2
Now Apache listens on port 8180 and 4433. We can then follow the above instructions to install OnlyOffice document server, which will install Nginx in the process.
Once OnlyOffice document server and Nginx are installed, create an Nginx server block file to proxy requests to Apache.
sudo nano /etc/nginx/conf.d/nextcloud-proxy.conf
Add the following lines to the file. Replace the domain name with your own. The path for ssl_certificate and ssl_certificate_key is for Letâs Encrypt issued certificates. If you use a certificate issued by another CA, then you should enter your own path.
server {
listen 80;
server_name nextcloud.your-domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name nextcloud.your-domain.com;
ssl_certificate /etc/letsencrypt/live/nextcloud.your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nextcloud.your-domain.com/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security max-age=15768000;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8180;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
The location / {âŚ} section redirects all requests to Apache web server listening on port 8180. Save and close the file. Then test Nginx configuration.
sudo nginx -t
Reload Nginx if syntax is OK.
sudo systemctl reload nginx
Now you should be able to visit your Nextcloud server as usual, without adding a port number in the URL. If you use the following cURL command to fetch HTTP header, then you should see the front-end server is Nginx.
curl -I https://nextcloud.your-domain.com
Sample output:
HTTP/1.1 302 Found
Server: nginx/1.11.9
Date: Tue, 14 Mar 2017 08:55:30 GMT
Content-Type: text/html; charset=UTF-8
Thatâs it!
Maybe this will work for you.