OnlyOffice

最後更新: 2019-08-26

介紹

fully compatible with Office Open XML formats

enabling collaborative editing in real time

Edit: .docx, .xlsx, .pptx

HomePage: https://github.com/ONLYOFFICE/Docker-DocumentServer

System Requirement Specification

  • RAM: 4 GB or more
  • HDD: 20 GB of free space
  • Swap: at least 2 GB
     

原理

Document Server includes the

document editor
document editing service
document command service
document conversion service

The document manager and document storage service are either included to Community Server
or must be implemented by the software integrators

The client side includes:

Document manager - the list of the documents displayed in the user browser

Document editor - the document viewing and editing interface with all the most known document editing features available,
used as a medium between the user and the document editing service.

Document storage service - the server service which stores all the documents available to the users

The server side includes:

Document editing service

allows to perform the document viewing and editing
(document editor --> document editing service)

Document command service

allows to perfom additional commands with document editing service

Document conversion service

convert the document file into the appropriate Office Open XML format for their editing or downloading

 


Install

 

Docker IMage OS: Ubuntu 16.04.6 LTS@20190823 (IMAGE ID: 7d85705b29d8)

docker run -dit -p 88:80 --restart always --name oods onlyoffice/documentserver

docker run -dit --restart unless-stopped oods

Storing Data

/var/log/onlyoffice                    # for ONLYOFFICE Document Server logs
/var/www/onlyoffice/Data      #  for certificates
/var/lib/onlyoffice                     # for file cache
/var/lib/postgresql                   # for database

mkdir -p /data/onlyoffice
cd /data/onlyoffice
mkdir logs data lib db

docker run --name=oods -i -t -d -p 80:80 \
    -v /data/onlyoffice/logs:/var/log/onlyoffice  \
    -v /data/onlyoffice/data:/var/www/onlyoffice/Data  \
    -v /data/onlyoffice/lib:/var/lib/onlyoffice \
    -v /data/onlyoffice/db:/var/lib/postgresql  \
    onlyoffice/documentserver
    

startup.sh

docker run --name=oods -i -t -d -p 443:443 \
    -v /data/onlyoffice/logs:/var/log/onlyoffice  \
    -v /data/onlyoffice/data:/var/www/onlyoffice/Data  \
    -v /data/onlyoffice/lib:/var/lib/onlyoffice \
    -v /data/onlyoffice/db:/var/lib/postgresql  \
    onlyoffice/documentserver

Cert. & Key 位置

# be changed using the SSL_KEY_PATH, SSL_CERTIFICATE_PATH and SSL_DHPARAM_PATH configuration options.

/data/onlyoffice/data/certs/onlyoffice.key

/data/onlyoffice/data/certs/onlyoffice.crt

/data/onlyoffice/data/certs/dhparam.pem      # openssl dhparam -out dhparam.pem 2048

Docker Environment Variables

它們是修改 /etc/onlyoffice/documentserver/local.json

ONLYOFFICE_HTTPS_HSTS_ENABLED:

Applicable only when SSL is in use. Defaults to true.

Advanced configuration option for turning off the HSTS configuration.

ONLYOFFICE_HTTPS_HSTS_MAXAGE:

Advanced configuration option for setting the HSTS max-age in the onlyoffice nginx vHost configuration.

Applicable only when SSL is in use. Defaults to 31536000.

JWT_ENABLED:

Defaults: false

Specifies the enabling the JSON Web Token(RFC 7519) validation by the ONLYOFFICE Document Server.

JWT_SECRET:

Defaults to "secret"

Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server.

JWT_HEADER:

Defaults: "Authorization"

Defines the http header that will be used to send the JSON Web Token.

Reboot

Document Server saves a document only after the document has been closed by all the users who edited it.
To avoid data loss, you must forcefully disconnect the Document Server users
when you need to stop Document Server in cases of the application update, server reboot etc.

sudo docker exec <CONTAINER> documentserver-prepare4shutdown.sh

 


Restrict access to the ONLYOFFICE editors

 

 * Default: publicly accessible

設定方式

  • JWT token
  • IP Filter

# Configure File

/etc/onlyoffice/documentserver/default.json

OR

/etc/onlyoffice/documentserver/local.json

IP Filter

/etc/onlyoffice/documentserver/local.json

"ipfilter": {
 "rules": [
 {
 "address": "ip_address",
 "allowed": true
 },
 {
 "address": "*",
 "allowed": false
 }
 ],
 "useforrequest": true,
 "errorcode": 403
}

supervisorctl restart all

JWT token

/etc/onlyoffice/documentserver/local.json

{
    "services": {
        "CoAuthoring": {
            "secret": {
                "inbox": {
                    "string": "secret"
                },
                "outbox": {
                    "string": "secret"
                },
            },
            "token": {
                "enable": {
                    "browser": true,
                    "request": {
                        "inbox": true,
                        "outbox": true
                    }
                }
            }
        }
    }
}

supervisorctl restart all

enable.browser

document editor opening and calling the methods

enable.request.outbox:

document editing service -> document storage service

enable.request.inbox

in the requests to the document command service and document conversion service.

secret.inbox.string

browser -> document command service and document conversion service

secret.outbox.string

document editing service -> "callbackUrl" address

 


Security

 

To prevent the substitution of important parameters in ONLYOFFICE Document Server
requests an encrypted signature is added to it in the form of token.

The token is added in the configuration when initializing Document Editor
and during the exchange of commands between document storage service and document editing service,
document command service and document conversion service.

The token is generated using the JWT (JSON Web Tokens) standard.

The tokens are signed by the server's key, so the client is able to verify that the token is legitimate.