Hey Habr! I present to your attention the translation of the article .
It's hard to underestimate the value of online office suites like Google Docs and cloud storage in the lives of tech-oriented people. Technology has become so widespread that even Microsoft, which has long dominated the office applications market, has recently focused on developing the Office 365 web application and persuading users to switch to a subscription model for using their own services. We invite those who are interested in the process of installing and configuring their own storage under cat.
Some time ago we looked at cloud storage solutions and open source web office suites that could easily be deployed for use in a micro-enterprise. The main motivation for keeping all documentation online is to keep paperwork to a minimum and implement good business practices despite the low volume of transactions. The flip side of the coin is that renting a cloud server to provide this service is less secure than storing it directly on the premises of the enterprise, since you do not have any means of auditing physical access to your server or traffic. Therefore, end-to-end encryption and open source software are also required.
Taking into account all available information about open source solutions, we found two active projects (with commits in the git repository for the past 12 months) developed for cloud storage: NextCloud and OwnCloud, and the only active ONLYOFFICE office suite. Both cloud storage tools have roughly the same functionality, and the decision to choose NextCloud was based on the existence of evidence that it can be integrated with ONLYOFFICE for a comfortable user interaction with the software. However, when we started deploying the services, the lack of information on integrating the above services became apparent. We found 3 tutorial videos on how to integrate:
None of the three videos answered the question of installing the ONLYOFFICE document service on the same physical server as NextCloud with a shared nginx. Instead, they used separation techniques such as using separate ports for the document service api. Another suggested option was to deploy a separate server for Document Service, manually configuring the nginx instance built into Document Service to install an access key (a pre-known access key that confirms the right to access the data cloud) and TLS certificates. The above approaches were considered not safe and not effective enough, so we integrated NextCloud, ONLYOFFICE and a common nginx, which separates requests by domain names, using docker-compose. Here is step by step information on how to do it.
Step 1: nginx container
This is a very simple setup, but this step requires the most work to configure the reverse proxy server. We first created the docker-compose configuration for the nginx:stable image.
version: '2'
services:
nginx:
image : nginx:stable
restart: always
volumes:
- ./nginx/nginx-vhost.conf:/etc/nginx/conf.d/default.conf:ro
- ./nginx/certificates:/mycerts
ports:
- 443:443
- 80:80
This creates a container with ports 80 and 443 open to the public, maps the configuration to nginx/nginx-vhost.conf , and defines a store for certificates generated as self-signed certificates or using Let's encrypt's certbot in /nginx/certificates. This location should contain folders for office.yourdomain.com and cloud.yourdomain.com, with fullchain1.pem and privkey1.pem files in each for the certificate chain and server private key, respectively. You can read more about how to generate a self-signed certificate here. (renaming .key and .crt to .pem works without converting the file structure for nginx).
After that, we defined the vhost file. We first define the behavior of port 80 as a simple redirect to https, because we don't want to allow any http traffic
server {
listen 80;
location / {
return 301
https://$host$request_uri;
}
}
We then created two virtual servers on port 443 for our services:
server {
listen 443 ssl;
server_name cloud.yourdomain.com ;
root /var/www/html;
ssl_certificate /mycerts/cloud.yourdomain.com/fullchain1.pem;
ssl_certificate_key /mycerts/cloud.yourdomain.com/privkey1.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app:80;
}
}
server {
listen 443 ssl;
server_name office.yourdomain.com;
root /var/www/html;
ssl_certificate /mycerts/office.yourdomain.com/fullchain1.pem;
ssl_certificate_key /mycerts/office.yourdomain.com/privkey1.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://onlyoffice:80;
}
}
Step 2: document service
Now we need to add the document service container to our docker-compose.yml. There is nothing special to configure here.
services:
...
onlyoffice:
image: onlyoffice/documentserver
restart: always
But don't forget to link the nginx container to the document service:
services:
...
nginx:
...
depends_on:
- onlyoffice
Step 3: NextCloud
First, add new services:
services:
...
db:
image: mariadb
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
restart: always
volumes:
- /data/nextcloud_db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=#put some password here
- MYSQL_PASSWORD=#put some other password here
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
app:
image: nextcloud
depends_on:
- db
- onlyoffice
restart: always
and add a link to nginx:
services:
...
nginx:
...
depends_on:
- app
Now it's time to load the containers.
docker-compose up -d
After a while, nginx will start redirecting you to the NextCloud front end, which is the default configuration page. You will need to enter the username and password for your first administrative user and the database credentials you provided in docker-compose.yml Once the setup is complete, you will be able to login. In our case, the wait took almost a minute and required an additional refresh of the login page before we could log into the cloud service.
NextCloud service settings window
Step 4: Connecting NextCloud and ONLYOFFICE
At this step, you will need to install the application for NextCloud, which connects the ONLYOFFICE functionality. Let's start with the application control panel in the upper right corner of the menu. Find the ONLYOFFICE app (under Office & text or using search), install and activate it.
After that head to Settings via the menu in the top right corner and you should find the ONLYOFFICE item in the left menu. Go into it. You will need to register the addresses as indicated below.
Integration application settings
The first address is used to link to some js and css files directly from the application running in the browser (this is what we need to open access to the ONLYOFFICE service through nginx). The secret key is not used because we trust the Docker isolation layer more than the persistent authentication key. The third address is used by the NextCloud container to connect directly to the ONLYOFFICE API, and it uses the default internal hostname from Docker. Well, the last field is used so that ONLYOFFICE can make requests back to the NextCloud API using an external IP address or an internal Docker address if you are using Docker networks, but this is not used in our case. Make sure your firewall settings allow these kinds of interactions.
After saving, NextCloud will test the connection and, if everything is correct, will show you settings related to the integration - for example, what types of files can be edited by this integration. Customize as you see fit.
The final step: where to find the editor
If you go back to your cloud storage folders and click on the “+” to create a new file, then you will have a new option to create a document, spreadsheet or presentation. With their help, you will create and immediately be able to edit these types of files using ONLYOFFICE.
File creation menu
1 add-on
The full content of docker-compose.yml can be found here:
Source: habr.com