Install Debian 12 VirtualMachine or Direct Hardware
during install set up your user in my example its called âYourUserNameâ
since this is just running onlyoffice, we do minimal install, no desktop or gnome
just SSH Server and standard system utilities
once the install is done and rebooted:
NOTE THE TWO LINES BELOW OF JUST HASH SYMBOLS - WHEN EDTING CONFIG FILES
THE CONTENTS OF THOSE CONFIG FILES ARE FROM TEXT INSIDE OF THESE HASH LINES
YOU DO NOT NEED THE ACTUAL HASH LINES - I USE THESE AS A SEPERATOR
CONFIG TEXT FALLS BETWEEN THE SEPERATOR HASH LINES
########################################################################################################
########################################################################################################
START by ssh to IP address as YourUserName then change to root using the switch user command: su)
su
First we want to backup the apt repo source.list so that if we do something wrong, we can revert back.
cp /etc/apt/sources.list /etc/apt/sources.list.bak
Now we will used the SED command to find and replace text in the apt repo source config files
first disabling the CDROM/DVD Repo and then adding the contrib (needed to get fonts) repo from debian
sed -i âs/deb cdrom/#deb cdrom/gâ /etc/apt/sources.list
sed -i âs/bookworm main/bookworm main contrib/gâ /etc/apt/sources.list
sed -i âs/bookworm-updates main/bookworm-updates main contrib/gâ /etc/apt/sources.list
Now we check repos with update, then upgrade everything that has updated since the ISO image launch
apt update && apt upgrade -y
Debian doesnt come with sudo and curl installed
apt install sudo curl
First up, add our user to the sudo group and then reboot so that the system starts with any new kernel
and updated utils all fresh and ready to go, plus our user will now be part of the sudo group
/sbin/usermod -aG sudo YourUserName
/sbin/reboot
[REBOOT]
from here we can run everything as YourUserName
we will install the basics, plus postgresql and nginx-extras
then we will setup the Database and associated user
sudo apt install gnupg2 postgresql nginx-extras wget apt-transport-https software-properties-common
sudo -i -u postgres psql -c âCREATE USER YourUserName WITH PASSWORD ây0urRand0mPassw0rdâ;â
sudo -i -u postgres psql -c âCREATE DATABASE onlyoffice OWNER YourUserName;â
Now setting up rabbitmq-server (For deb12)
OnlyOffice needs the errlang version of rabbitmq - there are some nice setup scripts for this
we use curl to download the scrips and send via a pipe to a bash shell to run which checks
and adds appropriate repositories for erlang and rabbitmq, we then simply use apt to install them
curl -1sLf 'https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-erlang/setup.deb.shâ| sudo -E bash
sudo apt update
sudo apt install erlang erlang-nox
curl -1sLf âhttps://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/setup.deb.shâ | sudo -E bash
sudo apt update
sudo apt install rabbitmq-server
now we use the rabbit control tool to add a new user, set their tag to admin and then
grant all permissions to the root vhost to gives our user full access
sudo rabbitmqctl add_user admin y0urRand0mPassw0rd
sudo rabbitmqctl set_user_tags admin administrator
sudo rabbitmqctl set_permissions -p / admin â." ".â â.*â
sudo rabbitmqctl add_vhost office.somedomain.com
sudo rabbitmq-plugins enable rabbitmq_management
##open browser and login as admin using your password that you set to view the management console
http://your_IP_ADDRESS:15672/#/
Now we need the force rabbit to use the ports and erlang options that onlyoffice requires
create a new config file for rabbitmq that it automatically recognizes.
sudo nano /etc/rabbitmq/rabbitmq-env.conf
########################################################################################################
Defaults to 5672.
NODE_PORT=5672
SERVER_ADDITIONAL_ERL_ARGS=â+S 1:1â
#########################################################################################################
sudo apt install redis redis-server redis-tools libstdc++6
sudo nano /etc/redis/redis.conf
Before the Change
#########################################################################################################
#supervised no
#########################################################################################################
Change to (basically we are adding a line of new text under supervised no)
#########################################################################################################
#supervised no
supervised systemd
#########################################################################################################
#[Now restart redis and rabbitmq]
sudo systemctl restart redis rabbitmq-server
With the prerequisites and dependencies all done
its finally time to setup OnlyOffice
OnlyOffice installed with apt from the repo will create a directory and a user âdsâ
the script does not work as it is out-of-order
so we preempt the promblem by creating the directory and user manually ourselves
sudo mkdir -p /var/www/onlyoffice/
adding the ds user as a system account (-r)
sudo useradd -r ds
change the ownership of the new folder to belong to ds
sudo chown -R ds:ds /var/www/onlyoffice/
make ds user unable to login and then set the users home directory as the new folder
these are required by the onlyoffice install package
sudo usermod -s /usr/sbin/nologin ds
sudo usermod -d /var/www/onlyoffice ds
lets preselect all the package variables so that things are installed correctly
echo onlyoffice-documentserver onlyoffice/db-user string YourUserName | sudo debconf-set-selections
echo onlyoffice-documentserver onlyoffice/jwt-enabled boolean true | sudo debconf-set-selections
echo onlyoffice-documentserver onlyoffice/jwt-secret password somedomain2023nexcloudofficepass | sudo debconf-set-selections
echo onlyoffice-documentserver onlyoffice/rabbitmq-user string admin | sudo debconf-set-selections
echo onlyoffice-documentserver onlyoffice/rabbitmq-pwd password y0urRand0mPassw0rd | sudo debconf-set-selections
now lets setup the onlyoffice repo, update and install onlyoffice
mkdir -p -m 700 ~/.gnupg
curl -fsSL https://download.onlyoffice.com/GPG-KEY-ONLYOFFICE | gpg --no-default-keyring --keyring gnupg-ring:/tmp/onlyoffice.gpg --import
chmod 644 /tmp/onlyoffice.gpg
sudo chown root:root /tmp/onlyoffice.gpg
sudo mv /tmp/onlyoffice.gpg /usr/share/keyrings/onlyoffice.gpg
echo âdeb [signed-by=/usr/share/keyrings/onlyoffice.gpg] https://download.onlyoffice.com/repo/debian squeeze mainâ | sudo tee /etc/apt/sources.list.d/onlyoffice.list
sudo apt update
sudo apt install ttf-mscorefonts-installer
sudo apt install onlyoffice-documentserver
#Now on my systems, every time I install this it takes an hour or so to finish the PLUGINS portion of the install
- you just need to be patient and let it finish - go do some other things
#Great thats all done, now we just need to add letsencrypt certificates to secure the connection
sudo apt install certbot python3-certbot-nginx
#[*you need to ensure all forwarding is correct and DNS settings are correct for this to work]
sudo certbot certonly --dry-run --nginx -d office.somedomain.com --email slippery.duck@somedomain.com --agree-tos
#[if it passes the dry-run you can then run the full cert collection]
sudo certbot certonly --nginx -d office.somedomain.com --email slippery.duck@somedomain.com --agree-tos
Now we want to amend the ds.conf that runs the document server to force upgrade to https
and then use our LetsEncrypt certificates, but first backup the ds.conf file.
sudo cp /etc/onlyoffice/documentserver/nginx/ds.conf /etc/onlyoffice/documentserver/nginx/ds.conf.bak
sudo nano /etc/onlyoffice/documentserver/nginx/ds.conf
#[BELOW is more or less how your new ds.conf should look **bite your secure_link_secret and domains will be different]
###########################################################################################################################
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name office.somedomain.com;
server_tokens off;
set $secure_link_secret Bx6JNnmmqll227FmRJ51;
Redirects all traffic to the HTTPS host
return 301 https://$server_name:443$request_uri;
}
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl default_server;
server_name office.somedomain.com;
server_tokens off;
set $secure_link_secret Bx6JNnmmqll227FmRJ51;
Setting the LetsEncrypt Certificates
ssl_certificate /etc/letsencrypt/live/office.somedomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/office.somedomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_verify_client off;
ssl_session_cache builtin:1000 shared:SSL:10m;
add_header X-Content-Type-Options nosniff;
include /etc/nginx/includes/ds-*.conf;
access_log /var/log/nginx/onlyoffice.access_log;
error_log /var/log/nginx/onlyoffice.error_log info;
}
###########################################################################################################################
tell nginx to test all config files
sudo nginx -t
if there are no errors then restart nginx
sudo systemctl restart nginx.service
#Now we need to add a few things to the local.json of the onlyoffice installation to play nice with things like nextcloud
- disable inbody jwt
- disable rejectunauthorized
here is my local.json
sudo nano /etc/onlyoffice/documentserver/local.json
###########################################################################################################################
{
âservicesâ: {
âCoAuthoringâ: {
âsqlâ: {
âtypeâ: âpostgresâ,
âdbHostâ: âlocalhostâ,
âdbPortâ: â5432â,
âdbNameâ: âonlyofficeâ,
âdbUserâ: âYourUserNameâ,
âdbPassâ: ây0urRand0mPassw0rdâ
},
âtokenâ: {
âenableâ: {
ârequestâ: {
âinboxâ: true,
âoutboxâ: true
},
âbrowserâ: true
},
âinboxâ: {
âheaderâ: âAuthorizationJwtâ,
âinBodyâ: false
},
âoutboxâ: {
âheaderâ: âAuthorizationJwtâ,
âinBodyâ: false
}
},
âsecretâ: {
âinboxâ: {
âstringâ: âsomedomain2023nexcloudofficepassâ
},
âoutboxâ: {
âstringâ: âsomedomain2023nexcloudofficepassâ
},
âsessionâ: {
âstringâ: âsomedomain2023nexcloudofficepassâ
}
},
ârequestDefaultsâ: {
ârejectUnauthorizedâ: false
}
}
},
ârabbitmqâ: {
âurlâ: âamqp://admin:y0urRand0mPassw0rd@localhostâ
},
âstorageâ: {
âfsâ: {
âsecretStringâ: âBx6JNnmmqll227FmRJ51â
}
}
}
###########################################################################################################################
Last we need to set requestdefaults rejectUnauthorized to false in the defaults
sudo nano /etc/onlyoffice/documentserver/default.json
Find the section and set true â false
###########################################################################################################################
"requestDefaults": {
"headers": {
"User-Agent": "Node.js/6.13",
"Connection": "Keep-Alive"
},
"gzip": true,
"rejectUnauthorized": false
},
###########################################################################################################################