In this setup we show how to setup OnlyOffice using nginx as a reverse proxy, docker-compose to run and configure the OnlyOffice image and systemd to automatically start and restart the OnlyOffice instance. Running it in a reverse proxy configuration allows you to have other domains listening on the same IP address and have a central management of Let’s Encrypt SSL certificates.
We will setup the instance in /opt/onlyoffice on port 2291.
Save this file as /opt/onlyoffice/docker-compose.yml and don’t forget to change JWT_SECRET to a random password!
version: '3'
services:
onlyoffice-documentserver:
image: onlyoffice/documentserver:latest
restart: always
environment:
- JWT_ENABLED=true
- JWT_SECRET=Shei9AifuZ4ze7udahG2seb3aa6ool
ports:
- 2291:80
volumes:
- ./onlyoffice/data:/var/www/onlyoffice/Data
- ./onlyoffice/lib:/var/lib/onlyoffice
- ./onlyoffice/logs:/var/log/onlyoffice
- ./onlyoffice/db:/var/lib/postgresql
Now we can create the systemd service. I created it using TechOverflow’s docker-compose systemd .service generator. Save it in /etc/systemd/system/OnlyOffice.service:
[Unit] Description=OnlyOffice Requires=docker.service After=docker.service [Service] Restart=always User=root Group=docker # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/onlyoffice/docker-compose.yml down # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/onlyoffice/docker-compose.yml up # Stop container when unit is stopped ExecStop=/usr/local/bin/docker-compose -f /opt/onlyoffice/docker-compose.yml down [Install] WantedBy=multi-user.target
Now we can enable & start the service using
sudo systemctl enable OnlyOffice.service sudo systemctl start OnlyOffice.service
Now let’s create the nginx config in /etc/nginx/sites-enabled/OnlyOffice.conf. Obviously, you’ll have to modify at least the
server {
server_name onlyoffice.mydomain.com;
access_log /var/log/nginx/onlyoffice.access_log;
error_log /var/log/nginx/onlyoffice.error_log info;
location / {
proxy_pass http://127.0.0.1:2291;
proxy_http_version 1.1;
proxy_read_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
add_header X-Frontend-Host $host;
}
listen 80;
}
Check the validity of the nginx config using
sudo nginx -t
and unless it fails, reload nginx using
sudo service nginx reload
Now I recommend to use certbot to enable TLS encryption on your domain. You should be familiar with these steps already ; my approach is to sudo apt -y install python-certbot-nginx, then certbot --nginx --staging to first obtain a staging certificate to avoid being blocked if there are any issues and after you have obtained the staging certificate use certbot --nginx and Renew & replace cert. After that, run sudo service nginx reload and check if you domain works with HTTPS. You should always choose redirection to HTTPS if certbot asks you.