In this setup we show how to setup OnlyOffice using nginx
as a reverse proxy, docker-compose to run and configure the OnlyOffice image and systemd
to automatically start and restart the OnlyOffice instance. Running it in a reverse proxy configuration allows you to have other domains listening on the same IP address and have a central management of Let’s Encrypt SSL certificates.
We will setup the instance in /opt/onlyoffice
on port 2291
.
Save this file as /opt/onlyoffice/docker-compose.yml
and don’t forget to change JWT_SECRET
to a random password!
version: '3' services: onlyoffice-documentserver: image: onlyoffice/documentserver:latest restart: always environment: - JWT_ENABLED=true - JWT_SECRET=Shei9AifuZ4ze7udahG2seb3aa6ool ports: - 2291:80 volumes: - ./onlyoffice/data:/var/www/onlyoffice/Data - ./onlyoffice/lib:/var/lib/onlyoffice - ./onlyoffice/logs:/var/log/onlyoffice - ./onlyoffice/db:/var/lib/postgresql
Now we can create the systemd
service. I created it using TechOverflow’s docker-compose systemd .service generator. Save it in /etc/systemd/system/OnlyOffice.service
:
[Unit] Description=OnlyOffice Requires=docker.service After=docker.service [Service] Restart=always User=root Group=docker # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/onlyoffice/docker-compose.yml down # Start container when unit is started ExecStart=/usr/local/bin/docker-compose -f /opt/onlyoffice/docker-compose.yml up # Stop container when unit is stopped ExecStop=/usr/local/bin/docker-compose -f /opt/onlyoffice/docker-compose.yml down [Install] WantedBy=multi-user.target
Now we can enable & start the service using
sudo systemctl enable OnlyOffice.service sudo systemctl start OnlyOffice.service
Now let’s create the nginx
config in /etc/nginx/sites-enabled/OnlyOffice.conf
. Obviously, you’ll have to modify at least the
server { server_name onlyoffice.mydomain.com; access_log /var/log/nginx/onlyoffice.access_log; error_log /var/log/nginx/onlyoffice.error_log info; location / { proxy_pass http://127.0.0.1:2291; proxy_http_version 1.1; proxy_read_timeout 3600s; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; add_header X-Frontend-Host $host; } listen 80; }
Check the validity of the nginx
config using
sudo nginx -t
and unless it fails, reload nginx
using
sudo service nginx reload
Now I recommend to use certbot
to enable TLS encryption on your domain. You should be familiar with these steps already ; my approach is to sudo apt -y install python-certbot-nginx
, then certbot --nginx --staging
to first obtain a staging certificate to avoid being blocked if there are any issues and after you have obtained the staging certificate use certbot --nginx
and Renew & replace cert
. After that, run sudo service nginx reload
and check if you domain works with HTTPS. You should always choose redirection to HTTPS if certbot
asks you.