Setting up Only Office using docker on Debian

System used: Docker: Debian Stretch/Buster

Recommended System Requirements for OnlyOffice DocumentServer

RAM: 4 GB or more
CPU: dual-core 2 GHz or higher
Swap: at least 2 GB
HDD: at least 2 GB of free space
Distribution: 64-bit Red Hat, CentOS or other compatible distributive with kernel version 3.8 or later, 64-bit Debian, Ubuntu or other compatible distributive with kernel version 3.8 or later
Docker: version 1.9.0 or later

Docker source: https://docs.docker.com/install/linux/docker-ce/debian/#install-using-the-repository

sudo apt-get update

sudo apt-get install
apt-transport-https
ca-certificates
curl
gnupg2
software-properties-common

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -

sudo add-apt-repository
“deb [arch=amd64] https://download.docker.com/linux/debian
$(lsb_release -cs)
stable”

sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io

Install OODocumentServer source: https://github.com/ONLYOFFICE/Docker-DocumentServer#installation-of-the-ssl-certificates

Running ONLYOFFICE Document Server on Different Port

To change the port, use the -p command. E.g.: to make your portal accessible via port 8080 execute the following command:

sudo docker run -i -t -d -p 8080:80 onlyoffice/documentserver

Running ONLYOFFICE Document Server using HTTPS

sudo docker run -i -t -d -p 443:443
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver

Access to the onlyoffice application can be secured using SSL so as to prevent unauthorized access. While a CA certified SSL certificate allows for verification of trust via the CA, a self signed certificates can also provide an equal level of trust verification as long as each client takes some additional steps to verify the identity of your website. Below the instructions on achieving this are provided.
To secure the application via SSL basically two things are needed:
Private key (.key)
SSL certificate (.crt)
So you need to create and install the following files:
/app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
/app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt

When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip the following section if you are have CA certified SSL certificates.

Generation of Self Signed Certificates

Generation of self-signed SSL certificates involves a simple 3 step procedure.
STEP 1: Create the server private key

openssl genrsa -out onlyoffice.key 2048

STEP 2: Create the certificate signing request (CSR)

openssl req -new -key onlyoffice.key -out onlyoffice.csr

STEP 3: Sign the certificate using the private key and CSR

openssl x509 -req -days 365 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt

You have now generated an SSL certificate that’s valid for 365 days.

To have Nextcloud ignore the selfsigned certificate add following to /var/www/nextcloud/config/config.php just before the last );

‘onlyoffice’ =>
array (
‘verify_peer_off’ =>TRUE,
),

You can now enable and configure the ONLYOFFICE app in Nextcloud and set it to the local server IP using https

Instead you can also run certbot to obtain a letsencrypt certificate, and copy the obtained /etc/letsencrypt/archive/oo.domain.tld/cert_key.pem to /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key and the /etc/letsencrypt/archive/oo.domain.tld/cert.pem to /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt